Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 26.531  Word version:  18.2.0

Top   Top   Up   Prev   Next
1…   4…   4.5…   5…   5.2   5.3   5.4   5.5…   5.7…   A…

 

4.5  Information security modelp. 16

4.5.1  Transport securityp. 16

An encrypted data transfer protocol shall be employed at reference point R2 to protect the secrecy and integrity of collected UE data in transit between the Direct Data Collection Client and the Data Collection AF.

4.5.2  Data exposure restriction modelp. 16

The Provisioning AF restricts the exposure of UE data over reference points R5 and R6 by configuring a set of Data Access Profiles for each Event ID to be exposed. A Data Access Profile specifies a set of data processing operations that need to be performed by the Data Collection AF on the collected UE data in order to synthesize the event data that will be exposed to the NWDAF and/or Event Consumer AF.
When subscribing to event exposure notifications for a particular Event ID, an NWDAF or Event Consumer AF goes through an authorisation procedure (see clause 5.8) with an Authorisation AS that determines the level of access the event subscriber is allowed to have by selecting one of the provisioned Data Access Profiles for the Event ID in question. If successful, the Authorisation AS supplies an access token to the subscriber which is presented to and validated by the Data Collection AF as part of the event subscription procedure.
Figure 4.5.2-1 depicts the static data model for the data collection provisioning with Data Access Profiles to restrict data exposure access.
Copy of original 3GPP image for 3GPP TS 26.531, Fig. 4.5.2-1: Data exposure restriction domain model
Up
The Data Access Profile defines restrictions along the time, user, and location dimensions:
  • Restrictions along the time dimension determine the granularity of access to UE data along the time axis. The finest granularity allows access to events as they take place in time. The coarsest level of access aggregates all event data along the time axis to produce a single aggregated value.
  • Restrictions along the user dimension allow the Provisioning AF to restrict access to UE data related events based on groups. The finest granularity allows the event consumer to access events related to single users. Coarse granularity access exposes aggregated collected event data based on user groups. The coarsest granularity access exposes the data being aggregated for all users.
  • Restrictions along the location dimension allow the Provisioning AF to restrict access to UE data related events based on the geographical location of the data collection client during the event. The finest granularity allows the event consumer to access events individually, irrespective of the location. Coarse granularity access exposes aggregated collected event data based on a geographical area. The coarsest level of access aggregates all event data along the location axis to produce a single aggregated value for all locations.
The baseline set of aggregation functions is listed in Table 4.5.2-1:
Aggregation function Description
NoneNo aggregation is applied, and all reported data records are exposed as individual events.
CountThe number of reported data records is exposed to event consumers.
MeanThe mean average of the values in reported data records is exposed to event consumers.
MaximumThe maximal observed value in reported data records is exposed to event consumers.
MinimumThe minimal observed value in reported data records is exposed to event consumers.
SumThe sum of the values in reported data records is exposed to event consumers.
The authorization URL, if present in the data exposure restrictions, is used to redirect subscription requests without a valid access token to an authorization server, which will perform the authorization for the requested Data Access Profile.
Upon successful authorization, the consumer entity obtains an access token, which contains an identifier of the Data Access Profile that is allowed for the event consumer. Upon successful subscription, the Data Collection AF shall apply the indicated aggregation functions of the corresponding Data Access Profile along the time and user dimensions on the collected data prior to exposing it to the event consumer.
Up

4.5.3  Authentication of data collection clients by the Data Collection AFp. 17

To satisfy the requirements in clause 6.2.8.1 of TS 23.288, a data collection client shall supply authentication information to the Data Collection AF:
  1. When the data collection client requests its data collection and reporting configuration from the Data Collection AF; and
  2. When the data collection client reports UE data to the Data Collection AF.
For reasons of efficiency, the authentication information may be provided once at the start of a long-lived UE data reporting session.
Up

4.5.4  Precedence rulesp. 17

4.5.4.1  Generalp. 17

Where there is a conflict between data exposure restrictions provisioned by the ASP at reference point R1 and preconfiguration of the Data Collection AF and/or data collection clients by the MNO, or event subscriptions by MNO-managed event consumers (as defined in clause 3.1) such as the NWDAF, precedence is based on ownership of the UE data domain of concern, with specific rules as described in clauses 4.5.4.2 and 4.5.4.3.
In this context, ownership of specific UE data domains is as specified in Annex B.
Up

4.5.4.2  UE data domains owned by the 5G System (MNO)p. 18

The following rules shall apply to UE data domains that are owned by the 5G System (MNO):
  1. For determining data collection and reporting behaviour, any preconfiguration of the Data Collection AF and/or data collection clients by the 5G System operator shall take precedence over similar ASP-defined provisioning information.
    1. Any attempt by the ASP to provision data collection and reporting rules that are either more lax or more restrictive than allowed by the preconfiguration may be rejected by the Data Collection AF, subject to MNO policy.
  2. For determining permissible access to event data exposed by the Data Collection AF to MNO-managed event consumers such as the NWDAF, MNO policies on event exposure (for example, regarding anonymization and aggregation) shall take precedence over any data exposure restrictions provisioned by the ASP as part of a Data Access Profile.
    1. Any attempt by the ASP to provision data exposure rules affecting an MNO-managed event consumer that are either more lax or more restrictive than allowed by MNO policy shall be rejected by the Data Collection AF.
    2. Any event subscription request by the ASP's Event Consumer AF to the Data Collection AF that would relax the data exposure restrictions provisioned on the Data Collection AF by the 5G System operator for that event consumer shall be rejected by the Data Collection AF.
Up

4.5.4.3  UE data domains owned by the ASPp. 18

The following rules shall apply to UE data domains that are owned by the ASP:
  1. For determining data collection and reporting behaviour, ASP-defined provisioning information shall take precedence over any similar preconfiguration of the Data Collection AF and/or data collection clients by the 5G System operator.
    1. Any preconfiguration by the 5G System operator of UE data collection and reporting behaviour that is either more lax or more restrictive than similar ASP-defined provisioning information should be ignored by the Data Collection AF and/or data collection clients.
  2. For determining permissible access to event data exposed by the Data Collection AF to MNO-managed event consumers such as the NWDAF, data exposure restrictions provisioned by the ASP as part of a Data Access Profile shall take precedence over MNO policies on event exposure (for example, regarding anonymization and aggregation).
    1. Any event subscription request by an MNO-managed event consumer to the Data Collection AF that would relax the data exposure restrictions provisioned on the Data Collection AF by the ASP for that event consumer shall be rejected by the Data Collection AF.
Up

4.6  Domain modelp. 19

4.6.1  Generalp. 19

Figure 4.6.1-1 depicts the static data model for the data collection and reporting domain. It is further described below.
Copy of original 3GPP image for 3GPP TS 26.531, Fig. 4.6.1-1: Static domain model
Figure 4.6.1-1: Static domain model
(⇒ copy of original 3GPP image)
Up
The Provisioning AF provisions zero or more sets of provisioning information in the Data Collection AF at reference point R1. The baseline set of information provisioned is described in clause 4.6.2. Each set of provisioning information pertains to one application, identified by its external application identifier, and one type of exposed event, uniquely identified in the 5G System by its Event ID, as defined in clause 4.15.1 of TS 23.502. There may be more than one set of provisioning information for a particular external application identifier, but the combination of the external application identifier and Event ID shall be unique for a given Data Collection AF instance.
The types of data collection client that are permitted to collect UE data are indicated in Valid targets. Parameters to be collected specifies which subset of parameters associated with the UE data domain for the provisioned Event ID are to be collected by these types of data collection clients.
Data sampling rules specify how the domain-specific parameters associated with the Event ID are to be collected by the data collection client (e.g., sampling frequency, location filter). Data reporting rules specify how the data collection client is to report its collected data parameters to the Data Collection AF (e.g., reporting probability, reporting frequency, reporting format, data packaging strategy).
The data processing instructions and data exposure restrictions are expressed as a set of Data Access Profiles (see clause 4.5.2). The data exposure restrictions limit the types of event consumer that are authorised to subscribe to the Event ID provisioned for the application and the data processing instructions specify aggregation functions that are applied to UE data prior to exposure to those event consumers.
Each set of provisioning information is manifested as a data collection client configuration that the Data Collection AF makes available to Direct Data Collection Client instances at reference point R2, to Indirect Data Collection Client instances at R3 and to AS instances at R4.
Once configured, these data collection clients then send data reports to the Data Collection AF associated with the data collection client configuration. Each data report provides the external application identifier associated with the UE Application and also includes a non-empty list of data reporting records containing the parameters collected by the data collection client. These parameters typically include a sampling timestamp.
An event consumer (the NWDAF and/or Event Consumer AF) subscribes to a type of event exposed by the Data Collection AF using the procedures defined in clause 6.2.8.2.3 of TS 23.288. The event consumer may additionally specify user-, location- and/or application-based filters in its subscription request in order to further limit the events exposed to a subset of those permitted by the relevant provisioned data exposure restriction(s). Attempts by an event consumer to subscribe to event types that are not provisioned at the Data Collection AF instance are permitted, but will yield no event notifications until such event types have been successfully provisioned.
Depending on the data processing instructions provisioned in the Data Collection AF, a data reporting record contributes to zero or more events exposed to subscribers at reference points R5 and/or R6. Conversely, an exposed event arises from one or more data reporting records. In the case of events synthesised by the Data Collection AF from multiple data reporting records, the timestamp of the event shall indicate when it was synthesised. Otherwise, the timestamp of the event shall be identical to the timestamp of the data reporting record from which it arose.
The Data Collection AF exposes a batch of recent events to consumers (the NWDAF and/or Event Consumer AF) as an event exposure notification.
Up

4.6.2  Provisioning information for data collection and reportingp. 20

A separate set of provisioning information shall be provided to the Data Collection AF at reference point R1 for each Event ID it is to expose. This provisioning information embodies the Service Level Agreement between the network operator and the Application Service Provider envisaged in clause 6.2.8.1 of TS 23.288. The provisioning information shall include at least the parameters defined in Table 4.6.2-1 below:
Parameter Cardinality Description
External Application Identifier1..1The identifier to be used in reports sent to the Data Collection AF by data collection clients. (This needs to be mapped to the Internal Application Identifier when exposing events to the NWDAF.)
Internal Application Identifier1..1The identifier to be used by event consumers (including the NWDAF and the Event Consumer AF) when subscribing to events in the Data Collection AF.
Event ID1..1The identifier of an AF event that will be exposed to event consumers as a result of the provisioning.
Data collection client type1..1The type of data collection client that will submit data reports to the Data Collection AF.
Valid targets1..1A parameter to control whether event consumers are permitted to filter events by External UE identifier or External Group Identifier when subscribing, instead of receiving events relating to all UEs.
Parameters to be reported1..*The subset of domain-specific parameters associated with the specified Event ID to be reported to the Data Collection AF (subject to user consent).
Data sampling rules0..*Information to be forwarded by the Data Collection AF to the data collection client, representing instructions on how the subset of domain-specific parameters associated with the Event ID are to be sampled by the data collection client (e.g., sampling frequency, location filter).
Default values (which may be agreed between the ASP and the MNO) shall be assumed by the Data Collection AF for any rules that are omitted.
Data reporting rules0..*Information to be forwarded by the Data Collection AF to the data collection client, representing instructions on how the data collection client is to report data to the Data Collection AF (e.g., reporting probability, reporting frequency, reporting format, data packaging strategy).
Default values (which may be agreed between the ASP and the MNO) shall be assumed by the Data Collection AF for any rules that are omitted.
Data processing instructions1..*A set of operations to be performed by the Data Collection AF on the parameters reported according to clause 4.6.4 prior to exposure as an event at a particular access level.
The set of supported operations shall include at least those listed in Table 4.5.2-1.
Data exposure restrictions1..*A set of restrictions on the exposure of the collected data after any data processing, each corresponding to a different access level.
Up

4.6.3  Configuration information for data collection clientsp. 21

All clients of the Data Collection AF wishing to report data shall first obtain a data collection and reporting configuration from the Data Collection AF at reference point R2, R3 or R4 (as appropriate). For each Event ID, the data collection and reporting configuration shall include at least the parameters defined in Table 4.6.3-1 below:
Parameter Cardinality Description
External Application Identifier1..1Identifies the UE Application to which this data collection and reporting configuration pertains.
Quoted in reports sent to the Data Collection AF.
Parameters to be collected1..*The subset of domain-specific parameters associated with the specified Event ID to be collected by the Data Collection AF (subject to user consent).
Data sampling rules1..*Instructions on how the subset of domain-specific parameters associated with the Event ID are to be sampled by the data collection client (e.g., sampling frequency, location filter).
Data reporting rules1..*Instructions on how the data collection client is to report data to the Data Collection AF (e.g., reporting probability, reporting frequency, reporting format, data packaging strategy).
Up

4.6.4  Information included in data reports to the Data Collection AFp. 21

For each Event ID, the data report shall include at least the parameters as defined in Table 4.6.4-1 below:
Parameter Cardinality Description
External Application Identifier1..1Identifies the UE Application to which this data report pertains.
Collected parameters1..*The set of parameters collected by the data collection and reporting client.
Up

4.7  Service exposurep. 22

4.7.1  Service exposure via Network Exposure Function (NEF)p. 22

The following services provided by a Data Collection AF deployed inside the trusted domain shall be exposed northbound by the NEF to an Application Service Provider outside the trusted domain, as depicted in clauses A.3 and A.4:
  • The Ndcaf_DataReportingProvisioning service shall be exposed to Provisioning AF instances deployed outside the trusted domain as Nnef_DataReportingProvisioning. See clause 6 of TS 26.532 and clause 5.24 of TS 29.522.
  • The Ndcaf_DataReporting service shall be exposed to Indirect Data Collection Clients and Application Servers deployed outside the trusted domain as Nnef_DataReporting. See clause 7 of TS 26.532 and clause 5.23 of TS 29.522.
  • The Naf_EventExposure service shall be exposed to Event Consumer AF instances deployed outside the trusted domain as Nnef_EventExposure. See TS 29.517 and TS 29.522.
The following services provided by an externally deployed Data Collection AF shall be exposed southbound by the NEF to Network Functions deployed inside the trusted domain, as depicted in clauses A.5:
  • The Naf_EventExposure service shall be exposed to Event Consumer AF instances deployed inside the trusted domain as Nnef_EventExposure. See TS 29.517 and TS 29.591.
Up

4.7.2  Service exposure via Common API Framework (CAPIF) for Northbound APIsp. 22

When CAPIF is supported, then:
  • the Data Collection AF shall support the CAPIF API provider domain functions as part of a distributed CAPIF deployment, i.e. Ndcaf and Naf via CAPIF-2/2e; and CAPIF-3, CAPIF-4 and CAPIF-5, as specified in clause 7.3 of TS 23.222;
  • the Data Collection AF shall support the CAPIF Core Function and API provider domain functions as part of a centralised CAPIF deployment, i.e. Ndcaf and Naf via CAPIF-2/2e, as specified in clause 7.2 of TS 23.222.
The CAPIF and associated API provider domain functions are specified in TS 23.222.
Up

4.7.3  Service exposure via Service Enabler Architecture Layer (SEAL) for Verticalsp. 22

The use of the SEAL framework for exposure of the Ndcaf_DataReportingProvisioning, Ndcaf_DataReporting and Naf_EventExposure services is for future study.

Up   Top   ToC