Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 29.501  Word version:  19.0.0

Top   Top   Up   Prev   Next
1…   4…   4.3…   4.4…   4.6…   4.6.2…   4.7…   4.8…   4.9…   4.10   5…   5.2…   5.3…   6…   A…   D   E   F…

 

6  Requirements for secure API designp. 73

6.1  Introductionp. 73

This clause contains a list of security requirements for API design provided by SA3.

6.2  Generalp. 73

The following requirements are intended as general guidance for 3GPP Stage 3 work in order to specify secure protocols and APIs. As such, these guidelines are independent of the specific technology and shall be followed at all times.
  • The valid format and range of values (when applicable) for each IE shall be defined unambiguously.
  • For each message the number of leaf IEs shall not exceed 2048K. If a leaf IE is an array of a simple data type, then the whole array shall count as one leaf. If a leaf IE is a data structure or an array of data structures, then it shall be considered a branch, i.e. it shall not be counted as a leaf. The data structure's (branch) attributes determine the number of leaves. For instance, a data structure with e.g. three attributes will count as three leaves.
  • The maximum size of the JSON body of any HTTP request/response shall not exceed 16 million octets before compression is applied, if any.
  • The maximum nesting depth of leaves shall not exceed 32. If a leaf IE is an array of a simple data type, then the whole array shall be considered as the first level of nesting. If a leaf IE is a data structure or an array of data structures, then it shall be considered a branch and the first level of nesting. The data structure's attributes (leaves) shall be considered as the second level of nesting. For instance, a data structure with e.g. one attribute-A, which is also a data structure with e.g. one attribute-B, then attribute-B will make the third level of nesting.
  • For data structures where values are accessible using names (sometimes referred to as keys), e.g. a JSON object, the name shall be unique. The occurrence of the same name (or key) twice within such a structure shall be an error and the message shall be rejected.
Up

6.3  SBA-specific requirementsp. 74

The following requirements shall be considered for every network function that implements a service-based interface.
  • OpenAPI specifications are machine-readable JSON objects and can be used as the basis for re-configuring an NFs action when an API or message structure changes. Therefore, each OpenAPI specifications shall contain all necessary information to correctly and unambiguously parse the contents of the message body.
  • 3GPP TS 33.501 documents which type of information shall be confidentiality protected on the N32 interface. The fields where these types of information (e.g. SUPI) is contained may have different names. Even if the field names are different, the mechanism specified in clause 5.2.3.3 of TS 29.573 shall clearly identify the type of information carried in each IE and which information types shall be confidentiality protected.
Up

Up   Top   ToC