Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 24.501  Word version:  18.7.0

Top   Top   Up   Prev   Next
1…   3…   4…   4.4…   4.4.3…   4.5…   4.5.3…   4.6…   4.7…   4.9…   4.15…   5…   5.2…   5.3…   5.3.2…   5.3.7…   5.3.19…   5.4…   5.4.1.3…   5.4.2…   5.4.4…   5.4.5…   5.4.6…   5.5…   5.5.1.2.4   5.5.1.2.5…   5.5.1.3…   5.5.1.3.4   5.5.1.3.5…   5.5.2…   5.6…   5.6.2…   6…   6.1.4…   6.2…   6.3…   6.3.2…   6.3.3…   6.4…   6.4.1.4…   6.4.2…   6.5…   7…   8…   8.2.9…   8.3…   9…   9.11.2…   9.11.2.10…   9.11.3…   9.11.3.4…   9.11.3.8…   9.11.3.14…   9.11.3.18C…   9.11.3.29…   9.11.3.33…   9.11.3.39…   9.11.3.45…   9.11.3.50…   9.11.3.53A…   9.11.3.68…   9.11.3.75…   9.11.4…   9.11.4.10…   9.11.4.13…   9.11.4.16…   9.11.4.30…   9.12   10…   A…   B…   C…   D…   D.6…   D.6.3…   D.6.8   D.7…

 

5.4.6  5GMM status procedurep. 326

5.4.6.1  Generalp. 326

The purpose of the 5GMM status procedure is to report at any time in the 5GMM STATUS message certain error conditions detected upon receipt of 5GMM protocol data in the AMF or in the UE. The 5GMM STATUS message can be sent by both the AMF and the UE (see example in Figure 5.4.6.1).
Reproduction of 3GPP TS 24.501, Fig. 5.4.6.1: 5GMM status procedure
Up

5.4.6.2  5GMM status received in the UEp. 326

On receipt of a 5GMM STATUS message, no state transition and no specific action shall be taken as seen from the radio interface, i.e. local actions are possible. The local actions to be taken by UE on receipt of a 5GMM STATUS message are implementation dependent.

5.4.6.3  5GMM status received in the networkp. 327

On receipt of a 5GMM STATUS message in the AMF, no state transition and no specific action shall be taken as seen from the radio interface, i.e. local actions are possible. The local actions to be taken by the AMF on receipt of a 5GMM STATUS message are implementation dependent.

5.4.7  Network slice-specific authentication and authorization procedure |R16|p. 327

5.4.7.1  Generalp. 327

The purpose of the network slice-specific authentication and authorization procedure is to enable the authentication, authorization and accounting server (AAA-S) via the Network Slice Specific and SNPN Authentication and Authorization Function (NSSAAF) to (re-)authenticate or (re-)authorize the upper layers of the UE.
The network slice-specific authentication and authorization procedure can be invoked for a UE supporting network slice-specific authentication and authorization procedure and for a HPLMN S-NSSAI or an SNPN S-NSSAI (see subclauses 5.15.10 and 5.30.2.9 in TS 23.501 and subclause 4.2.9.2 of TS 23.502).
The network (re-)authenticates the UE using the EAP as specified in RFC 3748.
EAP has defined four types of EAP messages:
  1. an EAP-request message;
  2. an EAP-response message;
  3. an EAP-success message; and
  4. an EAP-failure message.
The EAP-request message is transported from the network to the UE using the NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message of the network slice-specific EAP message reliable transport procedure.
The EAP-response message to the EAP-request message is transported from the UE to the network using the NETWORK SLICE-SPECIFIC AUTHENTICATION COMPLETE message of the network slice-specific EAP message reliable transport procedure.
If the (re-)authentication of the UE completes successfully or unsuccessfully, the EAP-success message or the EAP-failure message, respectively, is transported from the network to the UE using the NETWORK SLICE-SPECIFIC AUTHENTICATION RESULT message of the network slice-specific result message transport procedure.
There can be several rounds of exchange of an EAP-request message and a related EAP-response message for the AAA-S via the NSSAAF to complete the (re-)authentication and (re-)authorization of the request for an S-NSSAI (see example in Figure 5.4.7.1.1).
The AMF shall set the authenticator retransmission timer specified in Section 4.3 of RFC 3748 to infinite value.
Reproduction of 3GPP TS 24.501, Fig. 5.4.7.1.1: Network slice-specific authentication and authorization procedure
Up

5.4.7.2  Network slice-specific EAP message reliable transport procedurep. 328

5.4.7.2.1  Network slice-specific EAP message reliable transport procedure initiationp. 328
In order to initiate the network slice-specific EAP message reliable transport procedure, the AMF shall create a NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message.
The AMF shall set the EAP message IE of the NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message to the EAP-request message which is generated by the AMF or provided by the AAA-S via the NSSAAF.
The AMF shall set the S-NSSAI IE of the NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message to the HPLMN S-NSSAI or the SNPN S-NSSAI to which the EAP-request message is related.
The AMF shall send the NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message and start timer T3575 per S-NSSAI (see example in Figure 5.4.7.1.1).
Upon receipt of a NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message, the UE shall stop timer T3346 if running. The UE shall pass:
  1. the EAP-request message received in the EAP message IE; and
  2. the HPLMN S-NSSAI or the SNPN S-NSSAI in the S-NSSAI IE;
to the upper layers. Apart from this action, the network slice-specific authentication and authorization procedure is transparent to the 5GMM layer of the UE.
Up
5.4.7.2.2  Network slice-specific EAP message reliable transport procedure accepted by the UEp. 329
When the upper layers provide an EAP-response message associated with the HPLMN S-NSSAI or the SNPN S-NSSAI, the UE shall create a NETWORK SLICE-SPECIFIC AUTHENTICATION COMPLETE message.
The UE shall set the EAP message IE of the NETWORK SLICE-SPECIFIC AUTHENTICATION COMPLETE message to the EAP-response message.
The UE shall set the S-NSSAI IE of the NETWORK SLICE-SPECIFIC AUTHENTICATION COMPLETE message to the HPLMN S-NSSAI or the SNPN S-NSSAI associated with the EAP-response message.
The UE shall send the NETWORK SLICE-SPECIFIC AUTHENTICATION COMPLETE message. Apart from this action, the network slice-specific authentication and authorization procedure is transparent to the 5GMM layer of the UE.
Upon receipt of a NETWORK SLICE-SPECIFIC AUTHENTICATION COMPLETE message, the AMF shall stop timer T3575 and:
  1. pass the EAP-response message received in the EAP message IE of the NETWORK SLICE-SPECIFIC AUTHENTICATION COMPLETE message associated with the HPLMN S-NSSAI or the SNPN S-NSSAI in the S-NSSAI IE to the upper layers; or
  2. provide the EAP-response message received in the EAP message IE of the NETWORK SLICE-SPECIFIC AUTHENTICATION COMPLETE message associated with the HPLMN S-NSSAI or the SNPN S-NSSAI in the S-NSSAI IE to the AAA-S via the NSSAAF.
Up
5.4.7.2.3  Abnormal cases on the network sidep. 329
The following abnormal cases can be identified:
  1. T3575 expiry
    The AMF shall, on the first expiry of the timer T3575, retransmit the NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message and shall reset and start timer T3575. This retransmission is repeated four times, i.e. on the fifth expiry of timer T3575, the AMF shall abort the network slice-specific authentication and authorization procedure for the S-NSSAI. The AMF shall consider that the network slice-specific authentication and authorization procedure for the S-NSSAI is completed as a failure.
  2. Lower layers indication of non-delivered NAS PDU due to handover
    If the NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message could not be delivered due to an intra AMF handover and the target TAI is included in the TAI list, then upon successful completion of the intra AMF handover the AMF shall retransmit the NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message. If a failure of handover procedure is reported by the lower layer and the N1 NAS signalling connection exists, the AMF shall retransmit the NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message.
  3. Network slice-specific authentication and authorization procedure and de-registration procedure collision
    If the network receives a DEREGISTRATION REQUEST message before the ongoing network slice-specific authentication and authorization procedure has been completed and the access type included in the DEREGISTRATION REQUEST message is the same as the one for which the network slice-specific authentication and authorization procedure is ongoing, the network shall abort the network slice-specific authentication and authorization procedure and shall progress the UE-initiated de-registration procedure. The AMF may initiate the network slice-specific authentication and authorization procedure for the S-NSSAI which is completed as a failure, if available. If the access type included in the DEREGISTRATION REQUEST message is different from the one for which the network slice-specific authentication and authorization procedure is ongoing, the network shall proceed with both procedures.
  4. Network slice-specific authentication and authorization procedure and service request procedure collision
    If the network receives a SERVICE REQUEST message or a CONTROL PLANE SERVICE REQUEST message before the ongoing network slice-specific authentication and authorization procedure has been completed and the SERVICE REQUEST message or the CONTROL PLANE SERVICE REQUEST message includes the UE request type IE with the Request type value set to "NAS signalling connection release", the network shall abort the network slice-specific authentication and authorization procedure and shall progress the service request procedure.
    If the network receives a SERVICE REQUEST message or a CONTROL PLANE SERVICE REQUEST message before the ongoing network slice-specific authentication and authorization procedure has been completed and the SERVICE REQUEST message or the CONTROL PLANE SERVICE REQUEST message does not include UE request type IE with the Request type value set to "NAS signalling connection release", both procedures shall be progressed.
  5. Network slice-specific authentication and authorization procedure and registration procedure for mobility and periodic registration update collision
    If the network receives a REGISTRATION REQUEST message before the ongoing network slice-specific authentication and authorization procedure has been completed and the REGISTRATION REQUEST message includes the Unavailability information IE without start of the unavailability period, the network shall abort the network slice-specific authentication and authorization procedure and shall progress the registration procedure for mobility and periodic registration update procedure.
    If the network receives a REGISTRATION REQUEST message before the ongoing network slice-specific authentication and authorization procedure has been completed and the REGISTRATION REQUEST message does not include the Unavailability information IE, both procedures shall be progressed.
Up
5.4.7.2.4  Abnormal cases in the UEp. 330
The following abnormal cases can be identified:
  1. Transmission failure of the NETWORK SLICE-SPECIFIC AUTHENTICATION COMPLETE message with change in the current TAI
    If the current TAI is not in the TAI list, the network slice-specific authentication and authorization procedure shall be aborted and:
    • if the UE is in 5GMM-REGISTERED state, a registration procedure for mobility and periodic registration update indicating "mobility registration updating" in the 5GS registration type IE of the REGISTRATION REQUEST message shall be initiated; and
    • otherwise a registration procedure for initial registration shall be initiated.
  2. Transmission failure of NETWORK SLICE-SPECIFIC AUTHENTICATION COMPLETE message indication without change in the current TAI
    It is up to the UE implementation how to re-run the ongoing procedure that triggered the network slice-specific authentication and authorization procedure.
  3. Network slice-specific authentication and authorization procedure and de-registration procedure collision
    If the UE receives NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message after sending a DEREGISTRATION REQUEST message and the access type included in the DEREGISTRATION REQUEST message is the same as the access in which the NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message is received, then the UE shall ignore the NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message and proceed with the de-registration procedure. Otherwise, the UE shall proceed with both procedures.
  4. Network slice-specific authentication and authorization procedure and service request procedure collision
    If the SERVICE REQUEST message or the CONTROL PLANE SERVICE REQUEST message includes the UE request type IE with the Request type value set to "NAS signalling connection release" and the UE receives a NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message before the ongoing service request procedure has been completed, the UE shall ignore the NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message and proceed with the service request procedure.
    If the SERVICE REQUEST message or the CONTROL PLANE SERVICE REQUEST message does not include the UE request type IE with the Request type value set to "NAS signalling connection release" and the UE receives a NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message before the ongoing service request procedure has been completed, the UE shall proceed with both procedures.
  5. Network slice-specific authentication and authorization procedure and registration procedure for mobility and periodic registration update collision
    If the REGISTRATION REQUEST message includes the Unavailability information IE without start of the unavailability period and the UE receives a NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message before the ongoing registration procedure for mobility and periodic registration update has been completed, the UE shall ignore the NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message and proceed with the registration procedure for mobility and periodic registration update procedure.
    If the REGISTRATION REQUEST message does not include the Unavailability information IE and the UE receives a NETWORK SLICE-SPECIFIC AUTHENTICATION COMMAND message before the ongoing registration procedure for mobility and periodic registration update has been completed, the UE shall proceed with both procedures.
Up

5.4.7.3  Network slice-specific EAP result message transport procedurep. 331

5.4.7.3.1  Network slice-specific EAP result message transport procedure initiationp. 331
In order to initiate the network slice-specific EAP result message transport procedure, the AMF shall create a NETWORK SLICE-SPECIFIC AUTHENTICATION RESULT message.
The AMF shall set the EAP message IE of the NETWORK SLICE-SPECIFIC AUTHENTICATION RESULT message to the EAP-success or EAP-failure message provided by the AAA-S via the NSSAAF.
The AMF shall set the S-NSSAI IE of the NETWORK SLICE-SPECIFIC AUTHENTICATION RESULT message to the HPLMN S-NSSAI or the SNPN S-NSSAI to which the EAP-success or EAP-failure message is related.
The AMF shall send the NETWORK SLICE-SPECIFIC AUTHENTICATION RESULT message. The AMF shall retain the authentication result for the UE and the HPLMN S-NSSAI or the SNPN S-NSSAI while the UE is registered to the PLMN (see subclause 5.15.10 in TS 23.501).
Upon receipt of a NETWORK SLICE-SPECIFIC AUTHENTICATION RESULT message, the UE shall pass:
  1. the EAP-success or EAP-failure message received in the EAP message IE; and
  2. the HPLMN S-NSSAI or the SNPN S-NSSAI in the S-NSSAI IE;
    to the upper layers. Apart from this action, the network slice-specific authentication and authorization procedure is transparent to the 5GMM layer of the UE.
Up

Up   Top   ToC