Tech-invite  3GPPspecsRELsGlossariesSIP
Info21222324252627282931323334353637384‑5x

full Contents for  TS 23.222  Word version:   17.0.0

Top   Up   Prev   Next
0…   4…   5   6…   6.3…   7…   8…   8.5…   8.9…   8.13…   8.17…   8.21…   8.25…   9…   10…   11…   A   B…   B.2   B.3   C…   D…

 

8.21  Monitoring service API invocationWord-p. 67
8.21.1  General
The procedure in this subclause corresponds to the architectural requirements for monitoring service API invocation.
8.21.2  Information flows
8.21.2.1  Monitoring service API event notification
The information flow for the monitoring service API event notification from the CAPIF core function to the API management function is same as the event notification from the CAPIF core function to the subscribing entity. Table 8.8.2.3-1 describes the information elements which are included in the monitoring service API event notification.
8.21.2.2  Monitoring service API event notification acknowledgement
The information flow for the monitoring service API event notification acknowledgement from the API management function to the CAPIF core function is same as the event notification acknowledgement from subscribing entity to the CAPIF core function. Table 8.8.2.4-1 describes the information elements which are included in the monitoring service API event notification acknowledgement.
8.21.3  Procedure
Figure 8.21.3-1 illustrates the procedure for monitoring service API invocation.
Pre-conditions:
  1. The API management function has subscribed to monitoring event including filters such as invoker's ID and IP address, service API name and version, input parameters, and invocation result.
Up
  1. The CAPIF core function monitors the service API invocations applying the monitoring filters specified before.
  2. Detection of a monitoring event by the CAPIF core function triggers notification to the API management function with the details of the monitored event.
  3. NOTE:
    API provider action subsequent to monitoring service API notification is out-of-scope of this specification.
  4. The API management function sends a monitoring service API event notification acknowledgement to the CAPIF core function for the notification received.
Up
8.22  Auditing service API invocationWord-p. 68
8.22.1  General
The procedure in this subclause corresponds to the architectural requirements for auditing service API invocation. This procedure can be used for auditing of other CAPIF interactions i.e. service API invocation events, API invoker onboarding events and API invoker interactions with the CAPIF (e.g. authentication, authorization, discover service APIs) as well. The API management function can be within PLMN trust domain or within 3rd party trust domain.
8.22.2  Information flows
8.22.2.1  Query service API log request
Table 8.22.2.1-1 describes the information flow query service API log request from the API management function to the CAPIF core function.
Information element
Status
Description

Identity information
M
Identity information of the entity querying service API log request
Query information
M
List of query filters such as invoker's ID and IP address, service API name and version, input parameters, and invocation result

8.22.2.2  Query service API log response
Table 8.22.2.2-1 describes the information flow query service API log response from the CAPIF core function to the API management function.
Information element
Status
Description

Result
M
Indicates the success or failure of query service API log request
API invocation log information
O (see NOTE)
API invocation log information such as API invoker's ID, IP address, service API name, version, invoked operation, input parameters, invocation result, time stamp information

NOTE:
Information element shall be present when result indicates success.

8.22.3  Procedure
Figure 8.22.3-1 illustrates the procedure for auditing service API invocation.
Pre-conditions:
  1. Service API invocation logs are available at the CAPIF core function.
  2. Authorization details of the AMF are available with the CAPIF core function.
Up
  1. For auditing service API invocations, the API management function triggers query service API log request to the CAPIF core function.
  2. Upon receiving the query service API log request, the CAPIF core function accesses the necessary service API log information for auditing purposes.
  3. The CAPIF core function returns the log information to the API management function in the query service API log response.
NOTE:
The API management function detecting abuse of the service API invocation and actions, subsequent to query service API log response, are out-of-scope of this specification.
Up
8.23  CAPIF revoking API invoker authorizationWord-p. 69
8.23.1  General
The CAPIF controls the access of service API by the API invoker based on policy or usage limits. If the usage limits have exceeded, the authorization of the API invoker for accessing the service APIs is revoked. The decision to revoke the API invoker authorization may be triggered by the AEF or the CAPIF core function. The AEF can be within PLMN trust domain or within 3rd party trust domain.
8.23.2  Information flows
8.23.2.1  Revoke API invoker authorization request
Table 8.23.2.1-1 describes the information flow revoke API invoker authorization request from the API exposing function to the CAPIF core function or from the CAPIF core function to the API exposing function.
Information element
Status
Description

API invoker identity information
M
The information that determines the identity of the API invoker
Service API identification
M
The identification information of the service API for which the authorization is revoked.
Cause
M
The cause for revoking the API invoker authorization

8.23.2.2  Revoke API invoker authorization responseWord-p. 70
Table 8.23.2.2-1 describes the information flow revoke API invoker authorization response from the CAPIF core function to the API exposing function or from the API exposing function to the CAPIF core function.
Information element
Status
Description

Result
M
Indicates the success or failure of revoke API invoker authorization.

8.23.2.3  Revoke API invoker authorization notify
Table 8.23.2.3-1 describes the information flow revoke API invoker authorization notify from the CAPIF core function to the API invoker.
Information element
Status
Description

API invoker identity information
M
The information that determines the identity of the API invoker whose authorizatio has been revoked
Service API identification
M
The identification information of the service API for which the authorization is revoked.
Cause
M
The cause for revoking the API invoker authorization

8.23.3  Procedure for CAPIF revoking API invoker authorization initiated by AEF
Figure 8.23.3-1 illustrates the procedure for revoking API invoker authorization to access service API initiated by the AEF.
Pre-conditions:
  1. The API invoker is authenticated and authorized to use the service API.
  2. The AEF in the CAPIF is configured with the access policy to be applied to the service API invocation corresponding to the API invoker and the service API.
  3. Authorization details of the AEF are available with the CAPIF core function.
Up
  1. The AEF triggers the revocation of the API invoker authorization.
  2. The AEF sends revoke API invoker authorization request to the CAPIF core function with the details of the API invoker and the service API.
  3. Upon receiving the information to revoke the API invoker's authorization for service API invocation, the CAPIF core function invalidates the API invoker authorization corresponding to the service API.
  4. The CAPIF core function sends a revoke API invoker authorization response to the AEF.
  5. Upon successful revocation of API invoker authorization corresponding to the service API at the CAPIF core function, the AEF invalidates the API invoker authorization corresponding to the service API.
  6. The CAPIF core function sends a revoke API invoker authorization notify to the API invoker whose authorization to access the service API has been revoked.
Up
8.23.4  Procedure for CAPIF revoking API invoker authorization initiated by CAPIF core functionWord-p. 71
Figure 8.23.4-1 illustrates the procedure for revoking API invoker authorization to access service API initiated by the CAPIF core function.
Pre-conditions:
  1. The API invoker is authenticated and authorized to use the service API.
  2. The AEF in the CAPIF is configured with the access policy to be applied to the service API invocation corresponding to the API invoker and the service API.
Up
  1. The CAPIF core function triggers the revocation of the API invoker authorization.
  2. The CAPIF core function sends revoke API invoker authorization request to the AEF with the details of the API invoker and the service API.
  3. Upon receiving the information to revoke the API invoker's authorization for service API invocation, the AEF invalidates the API invoker authorization corresponding to the service API.
  4. The AEF sends a revoke API invoker authorization response to the CAPIF core function.
  5. The CAPIF core function invalidates the API invoker authorization corresponding to the service API.
  6. The CAPIF core function sends a revoke API invoker authorization notify to the API invoker whose authorization to access the service API has been revoked.
Up
8.24  API topology hiding management [R16]Word-p. 72
8.24.1  General
The following procedure in this subclause corresponds to the architectural requirements on API topology hiding. The procedure in this subclause supports API topology hiding by dynamically configuring the address of the AEF providing the Service API to the AEF entry point providing the topology hiding. The API publishing function and the API exposing function can be within PLMN trust domain or within 3rd party trust domain.
8.24.2  Information flows
8.24.2.1  API topology hiding notify
Table 8.24.2.1-1 describes the information flow API topology hiding notify from the CAPIF core function to the API exposing function.
Information element
Status
Description

Service API identification
M
The identification information of the service API with the API topology hiding
API exposing function identity
M
Indicate the AEF which provides the service API to apply the topology hiding

8.24.3  ProcedureWord-p. 73
Figure 8.24.3-1 illustrates the procedure for API topology hiding management by API publish function.
Pre-condition:
  1. Authorization details of the APF are available with the CAPIF core function.
Up
  1. The API publishing function sends a service API publish request with the details of the service API to the CAPIF core function.
  2. Upon receiving the service API publish request, the CAPIF core function checks whether the API publishing function is authorized to perform the service API publish. If authorized, based on the service APIs and policy, the CCF applies the topology hiding by selecting an AEF providing the topology hiding as the entry point for service API invocation. The selected AEF information is stored with the service API information received from API publish function at the CAPIF core function (API registry).
  3. The CCF sends the API topology notify to the AEF selected as the entry point for service API invocation. The service API identification and the AEF which provides the service API are included.
  4. Upon receiving the notification, the AEF stores the received information for further service API invocation request forwarding.
  5. The CCF sends an API publish response to the API publish function.
Up

Up   Top   ToC