Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 24.502  Word version:  18.0.0

Top   Top   Up   Prev   Next
1…   4…   5…   6…   7…   7.3…   7.3A…   7.4…   7.6…   7.9…   7.10…   8…   9…

 

6  UE - 5GC network protocolsp. 25

6.1  Generalp. 25

This clause specifies the related procedures performed between the UE and untrusted or trusted non-3GPP access network or wireline access network.

6.2Void

6.3  Authentication and authorization for accessing 5GS via non-3GPP access networkp. 25

6.3.1  Generalp. 25

In order to register to the 5G core network (5GCN) via untrusted non-3GPP IP access, the UE first needs to be configured with a local IP address from the untrusted non-3GPP access network (N3AN).
Once the UE is configured with a local IP address, the UE shall select the Non-3GPP InterWorking Function (N3IWF) as described in clause 7.2 and shall initiate the IKEv2 SA establishment procedure as described in clause 7.3. During the IKEv2 SA establishment procedure, authentication and authorization for access to 5GCN is performed.
In a trusted non-3GPP access, a UE shall first connect to a TNAN using a link layer protocol and shall initiate EAP authentication. During EAP authentication, authentication and authorization for access to 5GCN is performed by exchange of EAP-5G message the link layer protocol between the UE and the TNAN, see clause 7.3A.2.1. Upon completion of EAP authentication, the UE shall be assigned an IP address by that TNAN. Once the UE is configured with an IP address, it shall initiate the IKEv2 SA establishment procedure as described in clause 7.3A.
In a wireline access, the 5G-RG shall first establish connection using W-CP protocol stack with a W-AGF serving the 5G-RG using means out of scope of the present document
In wireline access, authentication and authorization of an N5GC device behind a CRG for access to 5GCN is performed as described in clause 6.3.2.
Up

6.3.2  Authentication of N5GC device behind a CRG over wireline access |R16|p. 25

In order to register to 5GCN via wireline access, the N5GC device first establishes a layer-2 connection to W-AGF via the CRG as specified in CableLabs WR-TR-5WWC-ARCH- V02-200430 [36]. Once the layer-2 connection is established, authentication and authorization for access to 5GCN is performed.
The W-AGF initiates an exchange of EAP-Request/Identity message and EAP-Response/Identity message as specified in RFC 3748 for obtaining the identity of the N5GC device. In wireline access, the W-AGF and the N5GC device exchange EAP-Request/Identity message and EAP-Response/Identity message via the CRG, encapsulated in the link layer protocol packets.
Upon reception of EAP-Request/Identity message, the N5GC device shall:
  1. construct an EAP-Response/Identity message as described in RFC 3748 containing an NAI username@realm as specified in RFC 7542; and
  2. transmit the EAP-Response of identity type encapsulated in the link layer protocol packets towards the W-AGF.
The CRG conveys the information provided by the N5GC device to the W-AGF which initiates the registration on behalf of the N5GC device as described in TS 24.501. The SUPI of the N5GC device contains a network specific identifier. For the registration, the W-AGF uses the NULL scheme as specified in TS 33.501, to construct a SUCI from the SUPI which was received as the NAI from the N5GC device in the EAP-Response/Identity message.
An exchange of the EAP request and EAP response as described in RFC 3748 occurs until the N5GC device is authenticated by the 5GCN with the EAP authentication described in TS 33.501.
Upon completion of successful authentication and on reception of the authentication result from the AMF, the W-AGF serving the N5GC device shall complete the procedure by sending an EAP-Success message encapsulated in the link layer protocol packets.
Up

6.3a  Authentication for NSWO in 5GS |R17|p. 26

A UE that supports NSWO in 5GS and is configured to use NSWO in 5GS, shall not perform NSWO in EPS. NSWO in 5GS capability can be enabled and disabled via configuration on the USIM (see TS 31.102) or on the ME. Configuration on the USIM shall take precedence over the ME.
In order to use NSWO in 5GS, and if the WLAN access network requires 5GS-based authentication of a UE to connect to the WLAN, the UE shall perform the EAP-AKA' authentication procedure as specified in TS 33.501 Annex S.3. The UE shall use as its identity the SUCI in NAI format for NSWO in 5GS as defined in clause 28.7.12 of TS 23.003.
Upon receipt of an EAP-Request/AKA'-Challenge message the UE shall apply the rules for comparison of the locally determined ANID "5G:NSWO" (see Table 8.1.1.2-2 of TS 24.302) and the Network Name field of the AT_KDF_INPUT attribute received in the EAP-Request/AKA'-Challenge message as specified in IETF RFC 5448 [38].
A roaming UE that supports NSWO in 5GS and is configured to use NSWO in 5GS shall use as its identity the SUCI in decorated NAI format as specified for NSWO in 5GS in clause 28.7.9 of TS 23.003.
Up

6.4  Handling of ANDSP Informationp. 26

6.4.1  Generalp. 26

The Access Network Discovery & Selection policy (ANDSP) is used to control UE behavior related to access network discovery and selection of trusted and untrusted non-3GPP access network.
ANDSP consists of:
  • WLAN Selection Policy (WLANSP); and
  • Non-3GPP access network (N3AN) node configuration information.
The UE uses the WLANSP for selecting the WLAN.
The UE uses the Non-3GPP access network (N3AN) node configuration information for selecting a N3AN node (i.e. N3IWF or ePDG).
When roaming, the UE can receive ANDSP including WLANSP from H-PCF or V-PCF or both. The ANDSP including N3AN node configuration information is provided by -PCF only. The UE shall ignore the N3AN node configuration information in the ANDSP if the ANDSP is provided by V-PCF.
The structure and the content of ANDSP are defined in TS 24.526.
Up

6.4.2  UE proceduresp. 27

6.4.2.1  Generalp. 27

When ANDSP is modified based on information received from network as specified in TS 24.501 Annex D, the UE shall re-evaluate the ANDSP.
The received ANDSP information shall not impact the PLMN selection and reselection procedures specified in TS 23.122.
The UE shall periodically re-evaluate ANDSP. The value of the periodic re-evaluation timer is implementation dependent. The additional trigger for (re-)evaluating ANDSP is when the active WLANSP rule becomes invalid (conditions no longer fulfilled), or other manufacturer specific trigger.
Up

6.4.2.2  Use of WLAN selection informationp. 27

During automatic mode WLAN selection, the UE shall use the WLAN selection policy (WLANSP), if provided by the PCF, to determine the selected WLAN as described in clause 5.3.

6.4.2.3  Use of N3AN node configuration informationp. 27

If the UE accesses 5GCN via the non-3GPP access, the UE shall use the N3AN node configuration information to select an N3AN node as described in clause 7.2, to be used for establishing IKEv2 security association as described in clause 7.3.

6.4.3  ANDSP information from the networkp. 27

ANDSP information is provided by the network to the UE using the UE policy delivery procedure described in Annex D of TS 24.501.

Up   Top   ToC