Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 23.222  Word version:  19.7.0

Top   Top   Up   Prev   Next
0…   4…   5…   6…   6.3…   6.4…   7…   8…   8.5…   8.8…   8.9…   8.13…   8.17…   8.21…   8.25…   8.26…   8.28…   8.30…   8.33…   8.36…   9…   10…   10.4…   10.7…   11…   A   B…   B.2…   B.3…   C…   D…
8.25 Support for CAPIF interconnection8.25.1 General8.25.2 Information flows8.25.2.1 Interconnection API publish request8.25.2.2 Interconnection API publish response8.25.2.3 Interconnection service API discover request8.25.2.4 Interconnection service API discover response8.25.2.5 Interconnection API unpublish request8.25.2.6 Interconnection API unpublish response8.25.2.7 Interconnection get service API request8.25.2.8 Interconnection get service API response8.25.2.9 Interconnection update service API request8.25.2.10 Interconnection update service API response8.25.2.11 Interconnection revoke API invoker authorization request8.25.2.12 Interconnection revoke API invoker authorization response8.25.2.13 Interconnection revoke API invoker authorization notify8.25.2.14 Interconnection obtain access control policy request8.25.2.15 Interconnection obtain access control policy response8.25.2.16 Interconnection API invoker obtaining authorization to access service API8.25.2.17 Interconnection Authentication and authorization between the API invoker and the AEF8.25.3 Procedure8.25.3.1 Service API publish for CAPIF interconnection8.25.3.2 Service API discovery involving multiple CCFs8.25.3.3 Service API discovery for CAPIF interconnection8.25.3.4 Service API unpublish for CAPIF interconnection8.25.3.5 Retrieve service APIs for CAPIF interconnection8.25.3.6 Update service APIs for CAPIF interconnection8.25.3.7 API invoker obtaining authorization for service API access in CAPIF interconnection8.25.3.8 Procedure for CAPIF revoking API invoker authorization in CAPIF interconnection8.25.3.9 Procedure for obtaining access control policy in CAPIF interconnection8.25.3.10 Procedure for obtaining security information in CAPIF interconnection
...

 

8.25  Support for CAPIF interconnection |R16|p. 83

8.25.1  Generalp. 83

The procedures in this subclause corresponds to the architectural requirements on CAPIF interconnection.

8.25.2  Information flowsp. 83

8.25.2.1  Interconnection API publish requestp. 83

Table 8.25.2.1-1 describes the information flow interconnection API publish request from CAPIF core function to CAPIF core function.
Information element Status Description
CCF informationMThe information of the CAPIF core function which publishes APIs, may include identity, authentication and authorization information
Service API informationO
(see NOTE 1)		 The service API information as specified in Table 8.3.2.1-1.
Service API categoryOService API category.
Shareable informationO
(see NOTE 2)		Indicates whether the service API information or the service API category can be published to other CCFs. And if sharing, a list of CAPIF provider domain information where the service API information or the service API category can be published is contained.
NOTE 1:
Either the Service API information or Service API category shall be present.
NOTE 2:
If the shareable information is not present, the service API information is not allowed to be shared. There is one and only one CAPIF provider domain information sharable via the CAPIF-6e interface.
Up

8.25.2.2  Interconnection API publish responsep. 84

Table 8.25.2.2-1 describes the information flow interconnection API publish response from CAPIF core function to CAPIF core function.
Information element Status Description
ResultMIndicates the success or failure of publishing the service API information
CauseOThe cause for the request failure.
Service API published information referenceO
(see NOTE)		The information which can be used for referencing the information (set) about the published service API by the CCF which publishes service APIs
NOTE:
This information element is included when the Result indicates success.
Up

8.25.2.3  Interconnection service API discover requestp. 84

Table 8.25.2.3-1 describes the information flow interconnection service API discover request from one CAPIF core function to another CAPIF core function.
Information element Status Description
CAPIF core function identity informationMIdentity information of the CAPIF core function discovering service APIs
Query informationMCriteria for discovering matching service APIs or CAPIF core function (e.g. service API category, Serving Area Information (optional), UE IP address (optional), preferred AEF location (optional), required API provider name (optional), interfaces, protocols, Service KPIs (optional), and Network Slice Info (optional))
NOTE:
It should be possible to discover all the service APIs.
Up

8.25.2.4  Interconnection service API discover responsep. 84

Table 8.25.2.4-1 describes the information flow interconnection service API discover response from one CAPIF core function to another CAPIF core function.
Information element Status Description
ResultMIndicates the success or failure of the discovery of the service API information
CauseOThe cause for the request failure.
Service API informationO
(see NOTE)		 List of service APIs corresponding to the request, including service API information as specified in Table 8.7.2.2-1.
CAPIF core function identity informationO
(see NOTE)		Indicates the CAPIF core function matching the query criteria.
NOTE:
The service API information or the CAPIF core function identity information or both shall be present, if the Result information element indicates that the interconnection service API discover operation is successful. Otherwise, both shall not be present.
Up

8.25.2.5  Interconnection API unpublish request |R19|p. 85

Table 8.25.2.5-1 describes the information flow interconnection API unpublish request from a CAPIF core function to another CAPIF core function.
Information element Status Description
CCF informationMThe information of the CAPIF core function which unpublishes service APIs, may include identity, authentication and authorization information
Service API published information reference
(see NOTE)		MThe information which can be used for referencing the information (set) about the published service API by the CCF which publishes service APIs.
NOTE:
Obtained during the interconnection API publish procedure in clause 8.25.3.1.
Up

8.25.2.6  Interconnection API unpublish response |R19|p. 85

Table 8.25.2.6-1 describes the information flow interconnection API unpublish response from a CAPIF core function to another CAPIF core function.
Information element Status Description
ResultMIndicates the success or failure of unpublishing the service API information
CauseOThe cause for the request failure.
Up

8.25.2.7  Interconnection get service API request |R19|p. 85

Table 8.25.2.7-1 describes the information flow interconnection get service API request from a CAPIF core function to another CAPIF core function.
Information element Status Description
CCF informationMThe information of the CAPIF core function that wants to retrieve service APIs information. It may include identity, authentication and authorization information
Service API published information reference
(see NOTE)		MThe information which can be used for referencing the information (set) about the published service API by the CCF which publishes service APIs
NOTE:
Obtained during the interconnection API publish procedure in clause 8.25.3.1.
Up

8.25.2.8  Interconnection get service API response |R19|p. 86

Table 8.25.2.8-1 describes the information flow interconnection get service API response from a CAPIF core function to another CAPIF core function.
Information element Status Description
ResultMIndicates the success or failure of getting the service API information.
CauseOThe cause for the request failure.
Service API informationO
(see NOTE)		 The service API information as specified in Table 8.3.2.1-1.
NOTE:
Shall be present if the Result information element indicates that the interconnection get service API request is successful. Otherwise, service API information shall not be present.
Up

8.25.2.9  Interconnection update service API request |R19|p. 86

Table 8.25.2.9-1 describes the information flow interconnection update service API request from a CAPIF core function to another CAPIF core function.
Information element Status Description
CCF informationMThe information of the CCF requesting the update operation. It may include identity, authentication and authorization information.
Service API informationO
(see NOTE 1)		 The service API information as specified in Table 8.3.2.1-1.
Service API categoryO
(see NOTE 1)		The category of the service APIs to be published, (e.g. V2X, IoT).
Shareable informationO
(see NOTE 2)		Indicates whether the service API information or the service API category can be published to other CCFs. And if sharing, a list of CAPIF provider domain information where the service API information or the service API category can be published is contained.
NOTE 1:
Either the Service API information or Service API category shall be present.
NOTE 2:
If the shareable information is not present, the service API information is not allowed to be shared. There is one and only one CAPIF provider domain information sharable via the CAPIF-6e interface.
Up

8.25.2.10  Interconnection update service API response |R19|p. 86

Table 8.25.2.10-1 describes the information flow interconnection update service API response from a CAPIF core function to another CAPIF core function.
Information element Status Description
ResultMIndicates the success or failure of updating the service API information
CauseOThe cause for the request failure.
Service API informationO The authorized service API information during update, applicable when the update result is success. This can be a subset or the full set, of the Service API information as specified in Table 8.3.2.1-1.
Up

8.25.2.11  Interconnection revoke API invoker authorization request |R19|p. 87

Table 8.25.2.11-1 describes the information flow interconnection revoke API invoker authorization request from one CCF to another CCF.
Information element Status Description
CCF informationMThe information of the requesting CAPIF core function, may include identity, authentication and authorization information.
API invoker related informationMInformation related to the API invoker, e.g. information that determines the identity of the API invoker.
Service API identification listMThe identification information of the service API(s) for which the authorization is revoked.
Security informationO
(NOTE 1,2)		Security information (as specified in TS 33.122) for authorization revocation.
CauseMThe cause for revoking the API invoker authorization.
NOTE 1:
The security information may be included in the Interconnect Revoke API invoker authorization request from the CAPIF core function to which the API invoker is onboarded to the CAPIF Core Function where the API exposing function is registered (i.e., it is not used in the request from the CAPIF Core Function where the API exposing function is registered).
NOTE 2:
If the security information is not included, the revocation applies to all the permissions granted for the service API.
Up

8.25.2.12  Interconnection revoke API invoker authorization response |R19|p. 87

Table 8.25.2.12-1 describes the information flow interconnection revoke API invoker authorization response from one CCF to another CCF.
Information element Status Description
ResultMIndicates the success or failure of interconnection revoke API invoker authorization.
CauseOThe cause for the request failure.
Up

8.25.2.13  Interconnection revoke API invoker authorization notify |R19|p. 87

Table 8.25.2.13-1 describes the information flow interconnection revoke API invoker authorization notify from one CCF to another CCF.
Information element Status Description
CCF informationMThe information of the notifying CAPIF core function, may include identity, authentication and authorization information.
API invoker related informationMInformation related to the API invoker, e.g. information that determines the identity of the API invoker.
Service API identification listMThe identification information of the service API(s) for which the authorization is revoked.
Security informationO
(NOTE)		Security information (as specified in TS 33.122) for authorization revocation.
CauseMThe cause for revoking the API invoker authorization.
NOTE:
If the security information is not included, the revocation applies to all the permissions granted for the service API.
Up

8.25.2.14  Interconnection obtain access control policy request |R19|p. 88

Table 8.25.2.14-1 describes the information flow interconnection obtain access control policy request from one CCF to another CCF.
Information element Status Description
Identity informationMIdentity information of the entity requesting the access control policy.
Service API identificationMThe identification information of the service API for which the access control policy is being requested.
Up

8.25.2.15  Interconnection obtain access control policy response |R19|p. 88

Table 8.25.2.15-1 describes the information flow interconnection obtain access control policy response from one CCF to another CCF.
Information element Status Description
ResultMIndicates the success or failure of the obtain access control policy operation.
CauseOThe cause for the request failure.
Access control policy informationO
(see NOTE)		 The access control policy information corresponding to the requested service API. (See Table E-1).
NOTE:
Shall be present if the Result information element indicates that the obtain access control policy operation is successful. Otherwise access control policy information shall not be present.
Up

8.25.2.16  Interconnection API invoker obtaining authorization to access service API |R19|p. 88

8.25.2.17  Interconnection Authentication and authorization between the API invoker and the AEF |R19|p. 88

8.25.3  Procedurep. 89

8.25.3.1  Service API publish for CAPIF interconnectionp. 89

This subclause describes the procedure for service API publish for CAPIF interoperation.
Pre-conditions:
  1. CCF-A and CCF-B connect to each other, and either belong to the single trust domain of the same CAPIF provider or trust domains of different CAPIF providers.
  2. CCF-B is configured as the designated CAPIF core function in the trust domain of CAPIF provider A.
  3. When CCF-A and CCF-B belong to trust domains of different CAPIF providers, the two CAPIF providers have business agreement for service API sharing.
Reproduction of 3GPP TS 23.222, Fig. 8.25.3.1-1: Interconnection API publish
Figure 8.25.3.1-1: Interconnection API publish
Up
Step 1.
CCF-A gets the service APIs to be shared with CCF-B from the API publish function which is in the same CAPIF provider domain of CCF-A as described in subclause 8.3.3, or from another CCF as described in this procedure.
Step 2.
Based on the shareable information for the service API or the service API category information, the CCF-A determines to publish the service API or the service API category information to the CCF-B. The CCF-A sends the interconnection API publish request to CCF-B with the details of at least one of service APIs or the category information of the service APIs, along with the identity information of CCF-A, shareable information and CAPIF provider domain information if allowed to share. The API topology hiding may be enabled.
Step 3.
CCF-B stores the service API information or service API category provided by the CCF-A.
Step 4.
CCF-B provides an interconnection API publish response to the CCF-A indicating success or failure result and triggers notifications to subscribed API invokers as described in subclause 8.8.4.
Up

8.25.3.2  Service API discovery involving multiple CCFsp. 89

This subclause describes a procedure for service API discovery involving multiple CCFs
Pre-conditions:
  1. CCF-A and CCF-B connect to each other, and either belong to the single trust domain of the same CAPIF provider or trust domains of different CAPIF providers.
  2. When CCF-A and CCF-B belong to trust domains of different CAPIF providers, the two CAPIF providers have business agreement for service API sharing.
Reproduction of 3GPP TS 23.222, Fig. 8.25.3.2-1: Service API discovery involving multiple CCFs
Figure 8.25.3.2-1: Service API discovery involving multiple CCFs
Up
Step 1.
The API invoker sends a service API discover request to the CCF-A. It includes the API invoker identity and query information.
Step 2.
The CCF-A verifies the identity of the API invoker and retrieves the stored service API(s) information. The information of CCF-B matching the discovery criteria is returned to API invoker in the service API discover response.
Step 3.
The API invoker sends an service API discover request to the CCF-B. The identity of API invoker is included. The query information is also provided.
Step 4.
Upon receiving the service API discover request, the CCF-B verifies the identity of the API invoker. The CCF-B retrieves the stored service API(s) information as per the query information in the service API discover request. Further, the CCF-B applies the discovery policy and performs filtering of service APIs information which matches the discovery criteria.
Step 5.
The CCF-B sends an service API discover response to the API invoker with the list of service API information for which the API invoker has the required authorization.
Up

8.25.3.3  Service API discovery for CAPIF interconnectionp. 90

This subclause describes a procedure for service API discovery for CAPIF interconnection. The CCF-A and the CCF-B may belong to the same CAPIF provider domain or different CAPIF provider domains. When the CCF-A and the CCF-B belong to different CAPIF provider domains, the two CAPIF providers shall have business agreement for service API discovery.
Pre-conditions:
  1. The CCF-A is configured with the CCF-B information.
  2. The CCF-B is configured with the CCF-A information.
  3. The CCF-A is triggered (e.g. API invoker service API discovery, periodic service API discovery) to perform service API discovery with the CCF-B.
Reproduction of 3GPP TS 23.222, Fig. 8.25.3.3-1: Service API discovery for CAPIF interconnection
Figure 8.25.3.3-1: Service API discovery for CAPIF interconnection
Up
Step 1.
The CCF-A sends the interconnection service API discover request to the CCF-B. The identity of the CCF-A and the query information are included.
Step 2.
The CCF-B upon receiving the interconnection service API discover request verifies the identity of the CCF-A. The CCF-B retrieves the stored service API(s) or the CCF(s) information as per the query information in the interconnection service API discover request. Further, the CCF-B applies the discovery policy and performs the filtering of service APIs or the CCF(s) information. The topology hiding policy may be applied to the retrieved list of service API information.
Step 3.
The CCF-B sends the interconnection service API discover response to the CCF-A with the list of service API information for which the CCF-A has the required authorization or the CCF(s) information that matches the discovery criteria.
Up

8.25.3.4  Service API unpublish for CAPIF interconnection |R19|p. 91

This clause describes the procedure for service API unpublish for CAPIF interconnection.
Pre-condition:
  1. CCF-A sends an interconnection API unpublish request to CCF-B. The request includes a service API published information reference. If the shareable information IE was present in the interconnection API publish request (see clause 8.25.2.1), the API unpublish request should be forwarded to the provided list of CAPIF provider domain information during the publish procedure.
  2. CCF-B is configured as the designated CAPIF core function in the trust domain of CAPIF provider A.
  3. CCF-A has successfully published service APIs to the designated CCF (i.e., CCF-B) using the procedure in clause 8.25.3.1.
Reproduction of 3GPP TS 23.222, Fig. 8.25.3.4-1: Interconnection API unpublish
Figure 8.25.3.4-1: Interconnection API unpublish
Up
Step 1.
CCF-A sends an interconnection API unpublish request to CCF-B. The request may include a set of (previously published) service API information. If the shareable information IE was present in the interconnection API publish request (see clause 8.25.2.1), the API unpublish request should be forwarded to the provided list of CAPIF provider domain information during the publish procedure.
Step 2.
Upon receiving the interconnection API unpublish request, the CCF-B checks whether the CCF-A is authorized to unpublish service APIs. If the check is successful, CCF-B will remove the requested service API information from the API registry.
Step 3.
CCF-B sends an interconnection API unpublish response to CCF-A containing the operation result and triggers notifications to subscribed API invokers (if any) as described in subclause 8.8.4.
Up

8.25.3.5  Retrieve service APIs for CAPIF interconnection |R19|p. 92

This clause describes the procedure to retrieve service APIs information in a CAPIF interconnection scenario.
Pre-condition:
  1. CCF-A and CCF-B connect to each other, and either belong to the single trust domain of the same CAPIF provider or trust domains of different CAPIF providers. When CCF-A and CCF-B belong to trust domains of different CAPIF providers, the two CAPIF providers have business agreement for service API sharing.
  2. CCF-B is configured as the designated CAPIF core function in the trust domain of CAPIF provider A.
Reproduction of 3GPP TS 23.222, Fig. 8.25.3.5-1: Retrieve service APIs for CAPIF interconnection
Figure 8.25.3.5-1: Retrieve service APIs for CAPIF interconnection
Up
Step 1.
CCF-A sends an interconnection get service API request to CCF-B with service API published information reference provided by the CAPIF core function when the service API was published.
Step 2.
Upon receiving interconnection get service API request, CCF-B checks whether CCF-A is authorized to get the published service APIs information. If the check is successful, the corresponding service API information is retrieved from the CAPIF core function (API registry).
Step 3.
CCF-B sends an interconnection get service API response to CCF-A which includes the requested service API information if the retrieval operation was successful.
Up

8.25.3.6  Update service APIs for CAPIF interconnection |R19|p. 93

Figure 8.25.3.6-1 illustrates the procedure for updating the published service APIs information by a CAPIF core function.
Pre-conditions:
  1. CCF-A and CCF-B connect to each other, and either belong to the single trust domain of the same CAPIF provider or trust domains of different CAPIF providers. When CCF-A and CCF-B belong to trust domains of different CAPIF providers, the two CAPIF providers have business agreement for service API sharing.
  2. CCF-B is configured as the designated CAPIF core function in the trust domain of CAPIF provider A.
Reproduction of 3GPP TS 23.222, Fig. 8.25.3.6-1: Update service APIs for CAPIF interconnection
Figure 8.25.3.6-1: Update service APIs for CAPIF interconnection
Up
Step 1.
The CCF-A sends an interconnection update service API request to the CCF-B, including the information in Table 8.25.2.9-1.
Step 2.
Upon receiving the interconnection update service API request, the CCF-B checks whether the CCF-A is authorized to update the published service APIs information. If the check is successful, the service API information provided by the CCF-A is updated at the CCF-B (API registry).
Step 3.
The CCF-B provides an interconnection update service API response to the CCF-A containing the result of the update operation and triggers notifications to subscribed API invokers (if any) as described in subclause 8.8.4.
Up

8.25.3.7  API invoker obtaining authorization for service API access in CAPIF interconnection |R19|p. 94

Pre-condition:
  1. The API invoker has discovered service APIs provided by an AEF via procedure defined in step 1 and 2 of clause 8.25.3.2.
  2. The API invoker and the CCF-B are in the same trusted domain.
  3. The AEF and the CCF-A are in the same trusted domain.
  4. The CCF-A and the CCF-B are connected to each other, and they have business agreement for service API authorization.
  5. The CCF-A is the authorization function for service API access on the AEF.
Reproduction of 3GPP TS 23.222, Fig. 8.25.3.7-1: Procedure for the API invoker obtaining authorization for service API access
Figure 8.25.3.7-1: Procedure for the API invoker obtaining authorization for service API access
Up
Step 1.
The API invoker sends an obtain service API authorization request to the CCF-B for obtaining permission to access the service API by including the API invoker identity information and any information required for authentication of the API invoker.
Step 2.
After successful authentication validation of the API invoker, if the CCF-B determines that the service API access authorization cannot be done by itself alone, then the CCF-B obtains service API authorization from the CCF-A, as specified in clause 8.25.2.16.
Step 3.
The authorization information to access the service APIs is sent to the API invoker in the obtain service API authorization response.
Up

8.25.3.8  Procedure for CAPIF revoking API invoker authorization in CAPIF interconnection |R19|p. 95

Pre-conditions:
  1. The API invoker is authenticated by CCF-B and authorized by CCF-B and CCF-A to use the service API. The API invoker has obtained authorization to use the service API as specified in clause 8.25.3.7.
  2. The CCF-B may have available access control policies corresponding to the service API.
  3. The CCF-A is triggered to revoke API invoker authorization for service API access, e.g. AEF requested the revocation of API invoker authorization.
Reproduction of 3GPP TS 23.222, Fig. 8.25.3.8-1: Procedure for revoking API invoker authorization in CAPIF interconnection
Figure 8.25.3.8-1: Procedure for revoking API invoker authorization in CAPIF interconnection
Up
Step 1.
If the CCF-B keeps service API authorization information for the API invoker, and the CCF-A is triggered to revoke API invoker authorization information for service API access, the CCF-A sends an interconnection revoke API invoker authorization request to the CCF-B with the details of the API invoker, the AEF and the service API.
Step 2.
Upon receiving the information to revoke the API invoker's authorization for service API invocation, the CCF-B invalidates the API invoker authorization corresponding to the service API.
Step 3.
The CCF-B sends an interconnection revoke API invoker authorization response to the CCF-A. The CCF-B sends the Revoke API invoker authorization notify described in step 6.
Step 4.
Instead of step 1 to 3, if the CCF-A keeps service API authorization information for the API invoker, and the authorization information is revoked, the CCF-A sends an interconnection revoke API invoker authorization notify to the CCF-B.
Step 5.
The CCF-A invalidates the API invoker authorization corresponding to the service API.
Step 6.
The CCF-B sends a revoke API invoker authorization notify to the API invoker whose authorization to access the service API has been revoked.
Up

8.25.3.9  Procedure for obtaining access control policy in CAPIF interconnection |R19|p. 96

Pre-condition:
  1. The AEF is hosting the service API but the policy to perform access control is not available with AEF.
  2. The CCF-B has available access control policies corresponding to one or more service APIs.
  3. The AEF and the CCF-A are in the same trusted domain.
Reproduction of 3GPP TS 23.222, Fig. 8.25.3.9-1: Procedure for obtaining access control policy in CAPIF interconnection
Figure 8.25.3.9-1: Procedure for obtaining access control policy in CAPIF interconnection
Up
Step 1.
The AEF sends an obtain access control policy request to the CCF-A for obtaining the policy to perform the access control on service API invocations by including the details of the hosted service API.
Step 2.
After successful authentication validation of the AEF, if the CCF-A determines that the service API access control policy authorization cannot be done by itself alone, then the CCF-A sends an interconnection obtain access control policy request to the CCF-B.
Step 3-4.
The CCF-B determines appropriate access control policy for service APIs upon the request sent by the CCF-A. The access control policy information is sent to the AEF (via the CCF-A) in the (interconnection) obtain access control policy response.
Up

8.25.3.10  Procedure for obtaining security information in CAPIF interconnection |R19|p. 96

Pre-condition:
  1. The AEF has no security information available for authentication and/or authorization.
  2. The CCF-B has security information available for authentication and/or authorization corresponding to one or more service APIs.
  3. The AEF and the CCF-A are in the same trusted domain.
Reproduction of 3GPP TS 23.222, Fig. 8.25.3.10-1: Procedure for obtaining security information in CAPIF interconnection
Figure 8.25.3.10-1: Procedure for obtaining security information in CAPIF interconnection
Up
Step 1.
The AEF obtains the API invoker information required for authentication and/or authorization by the AEF from the CCF-A by including the details of the API invoker and hosted service API. After successful authentication validation of AEF, if the CCF-A determines that it has no security information, then the CCF-A obtains security information from the CCF-B. Then the security information required for service API invocations is sent to the AEF.
Up

Up   Top   ToC