TS 29.109
Generic Authentication Architecture (GAA) –
Zh and Zn interfaces based on the Diameter protocol

3GPP‑Page ETSI‑search fToC_↓ Partial Content _→

V19.0.0 (PDF) 2025/09 73 p.

V18.1.0 2025/06 73 p.

V17.1.0 2025/06 78 p.

V16.0.0 2020/06 74 p.

V15.0.0 2017/06 78 p.

V14.0.0 2017/03 78 p.

V13.0.0 2015/12 75 p.

V12.2.0 2015/06 76 p.

V11.7.0 2015/06 76 p.

V10.5.0 2015/06 76 p.

V9.7.0 2015/06 76 p.

V8.9.0 2015/06 75 p.

V7.13.0 2013/03 57 p.

V6.9.0 2008/03 28 p.

Rapporteur:: Mr. Wiehe, Ulrich
Nokia Solutions & Networks (S)

full Table of Contents for TS 29.109 Word version: 19.0.0

each clause number in 'red' refers to the equivalent title in the Partial Content

Scope p. 5

References p. 9

Definitions, symbols and abbreviations p. 11

3.1	Definitions p. 11
3.2	Symbols p. 11
3.3	Abbreviations p. 12

GBA Bootstrapping Zh interface and Zh' interface p. 13

4.1

Generic bootstrapping network architecture p. 13

4.2

Protocol Zh between BSF and HSS p. 13

4.3

Protocol Zh' between BSF and HLR |R7| p. 18

4.3.1

Public to Private Identity Resolution over Zh between BSF and HLR |R8| p. 19

GAA Application Zn and Zpn interfaces p. 21

5.1	Applications' network architecture p. 21
5.2	Protocol Zn between NAF and BSF based on Diameter p. 22
5.3	Protocol Zn between NAF and BSF based on Web Services \|R7\| p. 25
5.4	Protocol Zpn between NAF and BSF based on Diameter \|R8\| p. 28
5.5	Protocol Zpn between NAF and BSF based on Web Services \|R8\| p. 32

Diameter application for Zh, Zn and Zpn interfaces p. 35

6.0

Introduction |R7| p. 35

6.1

Command-Code values p. 35

6.2

Result-Code AVP values p. 35

6.2.1

Success p. 35

6.2.2

Permanent failures p. 35

6.2.2.1	DIAMETER_ERROR_IDENTITY_UNKNOWN (5401) p. 35
6.2.2.2	DIAMETER_ERROR_NOT_AUTHORIZED (5402) p. 36
6.2.2.3	DIAMETER_ERROR_TRANSACTION_IDENTIFIER_INVALID (5403) p. 36
6.2.2.4	Void p. …
6.2.2.5	Void p. …
6.2.2.6	Void p. …
6.2.2.7	Void p. …

6.3

AVPs p. 37

6.3.1

Common AVPs p. 38

6.3.1.1	GBA-UserSecSettings AVP p. 38
6.3.1.2	Transaction-Identifier AVP p. 38
6.3.1.3	NAF-Id p. 38
6.3.1.4	GAA-Service-Identifier AVP p. 38
6.3.1.5	Key-ExpiryTime AVP p. 38
6.3.1.6	ME-Key-Material AVP p. 38
6.3.1.7	UICC-Key-Material AVP p. 38
6.3.1.8	GBA_U-Awareness-Indicator p. 38
6.3.1.9	BootstrapInfoCreationTime AVP p. 39
6.3.1.10	GUSS-Timestamp AVP p. 39
6.3.1.11	GBA-Type \|R7\| p. 39
6.3.1.12	UE-Id \|R8\| p. 39
6.3.1.13	UE-Id-Type \|R8\| p. 39
6.3.1.14	UICC-App-Label \|R8\| p. 39
6.3.1.15	UICC-ME \|R8\| p. 39
6.3.1.16	Requested-Key-Lifetime \|R8\| p. 39
6.3.1.17	Private-Identity-Request \|R8\| p. 40
6.3.1.18	GBA-Push-Info \|R8\| p. 40
6.3.1.19	NAF-SA-Identifier \|R8\| p. 40
6.3.1.20	Security-Feature-Request \|R9\| p. 40
6.3.1.21	Security-Feature-Response \|R9\| p. 40
6.3.1.22	SHA-256-Indication \|R17\| p. 40

6.4

User identity to HSS resolution p. 40

Use of namespaces p. 42

7.1	AVP codes p. 42
7.2	Experimental-Result-Code AVP values p. 42
7.3	Command Code values p. 42

(Normative) GBA-UserSecSettings XML definition p. 43

(Normative) GAA Service Type Codes p. 48

(Normative) GAA Authorization flag codes p. 48

(Normative) Web Services Definition for Zn interface |R7| p. 49

Liberty authentication context definitions for GBA |R7| p. 50

E.1

Introduction p. 50

E.2

GBA Authentication context statement data model p. 50

E.3

GBA authentication context statement schema p. 51

E.4

GBA authentication context classes p. 52

E.4.1

GBAOneFactorUnregistered p. 52

E.4.1.1	Associated 3GPP URI p. 52
E.4.1.2	Class schema p. 53

E.4.2

GBATwoFactorUnregistered p. 53

E.4.2.1	Associated 3GPP URI p. 53
E.4.2.2	Class schema p. 53

E.4.3

GBAOneFactorContract p. 54

E.4.3.1	Associated 3GPP URI p. 54
E.4.3.2	Class schema p. 54

E.4.4

GBATwoFactorContract p. 55

E.4.4.1	Associated 3GPP URI p. 55
E.4.4.2	Class schema p. 55

SAML authentication context definitions for GBA |R7| p. 56

F.1

Introduction p. 56

F.2

GBA authentication context declaration data model p. 56

F.3

GBA authentication context declaration types p. 57

F.4

GBA authentication context declaration classes p. 58

F.4.1

GBAOneFactorUnregistered p. 58

F.4.1.1	Associated 3GPP URI p. 58
F.4.1.2	Class schema p. 58

F.4.2

GBATwoFactorUnregistered p. 61

F.4.2.1	Associated 3GPP URI p. 61
F.4.2.2	Class schema p. 61

F.4.3

GBAOneFactorContract p. 63

F.4.3.1	Associated 3GPP URI p. 63
F.4.3.2	Class schema p. 63

F.4.4

GBATwoFactorContract p. 65

F.4.4.1	Associated 3GPP URI p. 65
F.4.4.2	Class schema p. 65

(Normative) Web Services Definition for Zpn interface |R8| p. 68

Change history p. 69

TS 29.109 Generic Authentication Architecture (GAA) – Zh and Zn interfaces based on the Diameter protocol

full Table of Contents for TS 29.109 Word version: 19.0.0

TS 29.109
Generic Authentication Architecture (GAA) –
Zh and Zn interfaces based on the Diameter protocol