Tech-invite3GPPspaceIETF RFCsSIP
Quick21222324252627282931323334353637384‑5x

Content for  TS 23.434  Word version:  18.1.0

Top   Top   Up   Prev   Next
0…   4…   6…   6.4…   6.5…   7…   8…   8.2.2…   9…   9.3…   9.3.6…   9.4…   10…   10.3…   10.3.2.22…   10.3.3…   10.3.7…   10.4…   11…   11.3…   12…   13…   14…   14.3…   14.3.3…   14.3.3.3…   14.3.4…   14.3.4.6…   14.4…   15…   A…

 

12  Identity managementp. 114

12.1  Generalp. 114

The identity management is a SEAL service that offers the identity management related capabilities to one or more vertical applications.

12.2  Functional model for identity managementp. 114

12.2.1  Generalp. 114

The functional model for the identity management is based on the generic functional model specified in clause 6. It is organized into functional entities to describe a functional architecture which addresses the support for identity management aspects for vertical applications. The on-network and off-network functional model is specified in this clause.

12.2.2  On-network functional model descriptionp. 115

Figure 12.2.2-1 illustrates the generic on-network functional model for identity management.
Reproduction of 3GPP TS 23.434, Fig. 12.2.2-1: On-network functional model for identity management
Up
The identity management client communicates with the identity management server over the IM-UU reference point. The identity management client provides the support for identity management functions to the VAL client(s) over IM C reference point. The VAL server(s) communicate with the identity management server over the IM-S reference point.

12.2.3  Off-network functional model descriptionp. 115

Figure 12.2.3-1 illustrates the off-network functional model for identity management.
Reproduction of 3GPP TS 23.434, Fig. 12.2.3-1: Off-network functional model for identity management
Up
The identity management client of the UE1 communicates with the identity management client of the UE2 over the IM PC5 reference point.

12.2.4  Functional entities descriptionp. 115

12.2.4.1  Generalp. 115

The functional entities for identity management SEAL service are described in the following subclauses.

12.2.4.2  Identity management clientp. 116

The identity management client functional entity acts as the application client for vertical applications layer user identity related transactions. The identity management client interacts with the identity management server. The identity management client also supports interactions with the corresponding identity management client between the two UEs.

12.2.4.3  Identity management serverp. 116

The identity management server is a functional entity that authenticates the vertical application layer user identity. The authentication is performed by verifying the credentials provided by the vertical applications' user. The identity management server acts as CAPIF's API exposing function as specified in TS 23.222. The identity management server also supports interactions with the corresponding identity management server in distributed SEAL deployments.
Up

12.2.5  Reference points descriptionp. 116

12.2.5.1  Generalp. 116

The reference points for the functional model for identity management are described in the following subclauses.

12.2.5.2  IM-UUp. 116

The interactions related to identity management functions between the identity management client and the identity management server are supported by IM-UU reference point. This reference point utilizes Uu reference point as described in TS 23.401 and TS 23.501.

12.2.5.3  IM-PC5p. 116

The interactions related to identity management functions between the identity management clients located in different VAL UEs are supported by IM-PC5 reference point. This reference point utilizes PC5 reference point as described in TS 23.303.

12.2.5.4  IM-Cp. 116

The interactions related to identity management functions between the VAL client(s) and the identity management client within a VAL UE are supported by IM-C reference point.

12.2.5.5  IM-Sp. 116

The interactions related to identity management functions between the VAL server(s) and the identity management server are supported by IM-S reference point. This reference point is an instance of CAPIF-2 reference point as specified in TS 23.222.

12.2.5.6  IM-Ep. 116

The interactions related to identity management functions between the identity management servers in a distributed deployment are supported by IM-E reference point.

12.3  Procedures and information flows for identity managementp. 116

12.3.1  Generalp. 116

The procedures related to the identity management are described in the following subclauses.

12.3.2  Information flowsp. 117

12.3.3  General user authentication and authorization for VAL servicesp. 117

12.3.3.1  Generalp. 117

The high level user authentication and authorization procedure is described in the following subclause.

12.3.3.2  Primary VAL systemp. 117

Figure 12.3.3.2-1 is a high level user authentication and authorization flow.
The user authentication process shown in Figure 12.3.3.2-1 may take place in some scenarios as a separate step independently from a SIP registration phase, for example if the SIP core is outside the domain of the VAL server.
A procedure for user authentication is illustrated in Figure 12.3.3.2-1. Other alternatives may be possible, such as authenticating the user within the SIP registration phase.
Reproduction of 3GPP TS 23.434, Fig. 12.3.3.2-1: VAL user authentication and registration with Primary VAL system, single domain
Up
Step 1.
In this step the identity management client begins the user authorization procedure. The VAL user supplies the user credentials (e.g. biometrics, secureID, username/password) for verification with the identity management server. This step may occur before or after step 3. In a VAL system with multiple VAL services, a single user authentication as in step 1 can be used for multiple VAL service authorizations for the user.
Step 2.
The signalling user agent establishes a secure connection to the SIP core for the purpose of SIP level authentication and registration.
Step 3.
The signalling user agent completes the SIP level registration with the SIP core (and an optional third-party registration with the VAL service server(s)).
Up

12.3.3.3  Interconnection partner VAL systemp. 118

Where communications with a partner VAL system using interconnection are required, user authorization takes place in the serving VAL system of the VAL service user, using the VAL user service authorization procedure specified in subclauses 5.2.5 and 5.2.6 of TS 33.434.

12.4  SEAL APIs for identity managementp. 118

12.4.1  Generalp. 118

There are no APIs defined for SEAL Identity Management.

12.4.2Void


Up   Top   ToC