Content for  TS 29.109  Word version:  18.0.0

Top   Top   None   None   Next
1…   4…


1  Scopep. 5

The present stage 3 specification defines the Diameter based implementation for bootstrapping Zh interface (BSF-HSS) and Dz interface (BSF-SLF) for HSS resolution for the BSF, the MAP based implementation for bootstrapping Zh' interface (BSF-HLR) and GAA Application Zn interface (BSF-NAF) in Generic Authentication Architecture (GAA). This specification also defines the Web Services based implementation for GAA Application Zn reference point (BSF-NAF). The definition contains procedures, message contents and coding. The procedures for bootstrapping and usage of bootstrapped security association are defined in TS 33.220.
The present document also specifies the Diameter and Web Services based implementation for the GAA Application Push Function Zpn reference point (BSF-NAF). The procedures for bootstrapping are defined in TS 33.223.
This specification is a part of the Generic Authentication Architecture (GAA) specification series.
The diameter based implementation for the Zh interface is based on re-usage of Cx interface Multimedia-Auth-Request/Answer messages originally between CSCF and HSS. These messages are defined in TS 29.229. The 3GPP IMS mobility management uses the same definitions between CSCF and HSS. The present document defines how the defined messages are used with the bootstrapping and GAA application procedures (e.g. subscriber certificates) and the application logic that is needed in GAA network elements (BSF, HSS, and NAF).
Figure 1.1 depicts the relationships of these specifications to the other specifications for the Diameter based implementations.
Copy of original 3GPP image for 3GPP TS 29.109, Fig. 1.1:  Relationships to other specifications
Figure 1.1: Relationships to other specifications
(⇒ copy of original 3GPP image)
Figure 1.2 provides an informal overall quick introduction to the whole signalling procedures in GAA system. The important identifiers are marked bold and optional data items are italicised. The Ub and Ua interfaces, not defined in this TS, are simplified.
Copy of original 3GPP image for 3GPP TS 29.109, Fig. 1.2: The whole signalling procedure in GAA system
Figure 1.3 provides an informal overall quick introduction to the whole signalling procedures in GAA Push Function. The important identifiers are marked bold and optional data items are italicised. The Ua and Upa interfaces, not defined in this TS, are simplified.
Copy of original 3GPP image for 3GPP TS 29.109, Fig. 1.3: Signalling procedure in GAA Bootstrapping Push Function

2  Referencesp. 9

The following documents contain provisions that, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]  Void.
TS 29.228: "IP Multimedia (IM) Subsystem Cx and Dx Interfaces; Signalling flows and message contents".
TS 29.229: "Cx and Dx interfaces based on the Diameter protocol".
TR 33.919: "Generic Authentication Architecture (GAA); System Description".
TS 33.220: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture".
TS 33.221: "Generic Authentication Architecture (GAA); Support for Subscriber Certificates".
TS 24.109: "Bootstrapping interface (Ub) and Network application function interface (Ua);Protocol details".
TS 29.230: "Diameter applications; 3GPP specific codes and identifiers"
RFC 3589:  "Diameter Command Codes for Third Generation Partnership Project (3GPP)".
TS 23.008: "Organisation of subscriber data"
TS 33.222: "Generic Authentication Architecture (GAA); Access to network application functions using secure hypertext transfer protocol (HTTPS)".
TS 23.228: "IP Multimedia Subsystem (IMS); Stage 2"
W3C: "Web Services Activity",
W3C: "Web Services Description Language (WSDL) Version 2.0 Part 0: Primer",
TR 33.980: "Liberty Alliance and 3GPP Security Interworking; Interworking of Liberty Alliance ID-FF, ID-WSF and Generic Authentication Architecture".
Liberty Alliance Project: "Liberty ID-FF Authentication Context Specification".
TS 33.110: "Key establishment between a Universal Integrated Circuit Card (UICC) and a terminal"
TS 33.259: "Key establishment between a UICC Hosting Device and a Remote Device"
TS 29.002: "Mobile Application Part (MAP) Specification"
TS 33.102: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Security architecture".
TS 23.003: "Numbering, addressing and identification".
OASIS Standard: "Authentication Context for the OASIS Security Assertion Markup Language (SAML) V2.0 OASIS Standard, 15 March 2005, saml-authn-context-2.0-os".
TS 33.223: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA) Push Function".
TS 33.402: "3GPP System Architecture Evolution (SAE); Security aspects of non-3GPP accesses".
[25]  Void
TS 26.237: "IP Multimedia Subsystem (IMS) based Packet Switched Streaming (PSS) Multimedia Broadcast/Multicast Services (MBMS); User Service; Protocols".
[27]  Void
[28]  Void
TR 33.924: "Identity Management and 3GPP Security Interworking; Identity Management and Generic Authentication Architecture (GAA) Interworking".
TS 33.224: "Generic Authentication Architecture (GAA); Generic Push Layer".
TS 33.203: "Access security for IP-based services".
TS 29.329: " Sh Interface based on the Diameter protocol; Protocol details".
RFC 6733:  "Diameter Base Protocol".

3  Definitions, symbols and abbreviationsp. 11

3.1  Definitionsp. 11

For the purposes of the present document, the terms and definitions given in TS 23.008, TR 33.919, TS 33.220 apply with following additions.
Bootstrapping information (Bootstrapped data) in a BSF:
consists of a bootstrapping transaction identifier (B-TID), a key material (Ks), the key lifetime (expiry time), the boostrapinfo creation time, the IMPI and the GUSS (if received from HSS) with BSF control information. Each bootstrapping procedure creates a bootstrapped data entity with B-TID as retrieval key..
GAA application:
an application that uses the security association created by GBA Bootstrapping procedure.
GAA service:
an operator specific end user service that uses the security association created by GAA Bootstrapping procedure. GAA services are identified by GAA Service Identifiers. A GAA service is implemented using some standardised or propriatary GAA application defined by GAA application type.
NAF specific Bootstrapping information:
transferred from a BSF to a NAF contains NAF and its service specific parts from bootstrapped data and needed key information derived from the bootstrapped data.
The term service is used here in its common meaning. A service is something that a MNO offers to subscribers. GAA Services are identified by GAA Service Identifier (GSID). In stage 2 documents ([4], [5], [6] and [11]) the term application is used in the same meaning i.e. MNOs offer applications to subscribers. There is a reason to avoid the usage of the term application here. The application is an already reserved term in Diameter. In Diameter applications are identified by Application Identifiers.

3.2  Symbolsp. 11

For the purposes of the present document, the terms and definitions given in TS 23.008.

3.3  Abbreviationsp. 12

For the purposes of the present document, the following abbreviations apply:
Anonymity Key
Authentication and Key Agreement
Authentication token
Authentication Vector. 3GPP AV=[RAND,AUTN,XRES,CK,IK].
Attribute-Value-Pair in Diameter messages.
BootstrappingInfo-Answer message
BootstrappingInfo-Request message
BootStrapping Procedure
Bootstrapping server functionality. BSF is hosted in a network element under the control of an MNO.
Bootstrapping Transaction Identifier
Certificate Authority
Confidential Key
Full Qualified Domain Name in URI (e.g. http://FQDN:80)
Generic Authentication Architecture
Generic Bootstrapping Architecture
GBA Push Information
GAA Service Identifier
GBA User Security Settings
Home Subscriber System
Integrity Key
IP Multimedia Private Identity
IP Multimedia Public Identity
Key Material
MEbased key for a specific NAF
UICC based key for a specific NAF
Mobile Equipment
Mobile network operator
Operator-controlled network application function functionality. NAF is hosted in a network element under the control of an MNO.
Push Temporary Identifier
Random challenge in authentication
In Diameter header indicates that the message is a Request.
Stream Control Transmission Protocol
Subscription Location Function
Subscriber Certificate Procedure
UE-NAF interface for GAA applications
UE-BSF interface for bootstrapping
User Equipment
User Security Settings (a part of GUSS)
Expected response in authentication
BSF-HSS interface for bootstrapping procedure
BSF-HLR interface for bootstrapping procedure
BSF-NAF interface for GAA applications
BSF-NAF interface for GBA push.

Up   Top   ToC