Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 23.280  Word version:  19.0.1

Top   Top   Up   Prev   Next
1…   5…   5.2.8…   6   7…   7.3.2   7.4…   7.4.3…   7.5…   8…   9…   9.2.2…   9.2.2.2…   9.3…   10…   10.1.2…   10.1.3…   10.1.4.3…   10.1.4.5…   10.1.5…   10.1.6…   10.2…   10.2.3…   10.2.4.2…   10.2.4.3…   10.2.5…   10.2.7…   10.3…   10.6…   10.7…   10.7.3…   10.7.3.4…   10.7.3.7…   10.7.3.7.3   10.7.3.8…   10.7.3.10…   10.8…   10.8.4…   10.8.5…   10.9…   10.9.3…   10.9.3.5…   10.9.3.8…   10.9.3.9…   10.9.3.9.3…   10.9.3.9.4…   10.9.3.10…   10.9.3.10.4…   10.9.3.10.6…   10.10…   10.10.1.2.3…   10.10.2…   10.10.3…   10.10.3.3…   10.10.3.4…   10.11…   10.11.5…   10.12…   10.13…   10.13.3…   10.13.7…   10.13.10…   10.14…   10.15…   10.15.3…   10.15.3.3…   10.15.3.4…   10.16…   10.16.3…   11…   11.3…   11.5…   11.5.2…   11.5.3…   11.5.3.3.2A…   11.5.4…   A…   B…   C…

 

9.2.2  Deployment scenariosp. 57

9.2.2.1  Administration of MC service, SIP core and EPSp. 57

9.2.2.1.1  Generalp. 57
This subclause describes five different deployment scenarios in which different administration of MC service, SIP core and EPS are described, together with the sensitivities of identities and other forms of signalling in those scenarios.
In each of these scenarios, the owner of the devices at each plane may be different from the organisation that administers these devices. For example, the MC service provider may own some RAN components within the EPS even when the EPS is administered by the PLMN operator, and the MC service UE may be owned by an organisation that is independent from PLMN and MC service providers.
Up
9.2.2.1.2  Common administration of all planesp. 57
In this scenario, all planes (application services layer, SIP core and EPS) are administered by the same party. This is illustrated in Figure 9.2.2.1.2-1 below.
Reproduction of 3GPP TS 23.280, Fig. 9.2.2.1.2-1: Common administration of all services by one operator
Up
Although the identities in each plane are separate according to clause 8, there is no particular sensitivity of identities and other information at the application plane, and these may be exposed to the SIP core and the EPS.
All authorisation and authentication mechanisms at each plane, i.e. the application services layer, SIP core and EPS, shall be separate, but there may be no need for any restrictions in how these are stored and managed; for example the same entity could provide services to each of the application services layer, SIP core and EPS.
Up
9.2.2.1.3  MC service provider separate from SIP core and EPSp. 58
In this scenario, as illustrated in Figure 9.2.2.1.3-1, the MC service provider is separate and independent from the PLMN operator, and the MC service is administered independently of the EPS and SIP core. The PLMN operator administers the EPS and the SIP core.
Reproduction of 3GPP TS 23.280, Fig. 9.2.2.1.3-1: MC service provider administers MC service separately from SIP core and EPS
Up
The MC service provider may require that all application services layer identities and other sensitive information are hidden both from the SIP core and the EPS.
When required by the MC service provider, all authentication and authorisation mechanisms, including security roots, at the application services layer are hidden from and not available to the PLMN operator.
9.2.2.1.4  MC service provider administers SIP core, separate from EPSp. 59
In this scenario, as illustrated in Figure 9.2.2.1.4-1, the MC service provider administers the SIP core, and the MC services and SIP core are independent of the PLMN operator.
Reproduction of 3GPP TS 23.280, Fig. 9.2.2.1.4-1: MC service provider provision of SIP core, separate domain from EPS
Up
The MC service provider may require that all identities and other sensitive information at the application services layer are hidden from the EPS. The MC service provider need not hide the identities and signalling at the application services layer from the SIP core. However the MC service provider may require that identities and other sensitive information between SIP core and SIP client in the MC service UE are also hidden from the EPS.
All authentication and authorisation mechanisms, including security roots, at both application services layer and at SIP signalling plane may need to be hidden from, and not available to, the PLMN operator.
Up
9.2.2.1.5  SIP core partially administered by both PLMN operator and MC service providerp. 59
In this scenario, as illustrated in Figure 9.2.2.1.5-1, the SIP core is partially administered by both parties, for example when the SIP core registrar is administered by the MC service provider, but the SIP core registrar finder and proxy is administered by the PLMN operator.
Reproduction of 3GPP TS 23.280, Fig. 9.2.2.1.5-1: MC service provider partial provision of SIP core, separate domain from EPS
Up
The MC service provider may require that all identities and signalling at the application services layer are hidden from the EPS, and may require identities and other sensitive information to be hidden from the PLMN operator administered part of the SIP core.
All authentication and authorisation mechanisms, including security roots, at the application services layer may need to be hidden from, and not available to, the PLMN operator.
9.2.2.1.6  PLMN operator administers SIP core with SIP identities administered by MC service providerp. 60
In this scenario, the PLMN operator administers the SIP core. However, the identities used by the SIP core (IMPI and IMPU) for MC service UEs served by the MC service provider are provided from the SIP database of the MC service provider.
Reproduction of 3GPP TS 23.280, Fig. 9.2.2.1.6-1: MC service provider provides identities to PLMN operator SIP core
Up
The MC service provider may require that all identities and signalling at the application services layer are hidden from the SIP core and EPS.
When required by the MC service provider, all authentication and authorisation mechanisms, including security roots, at the application services layer may need to be hidden from, and not available to, the PLMN operator.
The security roots (authentication keys) required for access to the signalling control plane are not available to the PLMN operator as these are held in the MC service provider's SIP database. However, derived parameters e.g. authentication vectors are provided to the SIP core to allow signalling control plane authentication to take place.
Up

Up   Top   ToC