Requirement Name:
NF discovery authorization for specific slice
Requirement Reference:
Requirement Description:
"NRF shall be able to ensure that NF Discovery and registration requests are authorized" as specified in
TS 33.501, clause 5.9.2.1.
"The NRF authorizes the
Nnrf_NFDiscovery_Request. Based on the profile of the expected NF/NF service and the type of the NF service consumer, the NRF determines whether the NF service consumer is allowed to discover the expected NF instance(s). If the expected NF instance(s) or NF service instance(s) are deployed in a certain network slice, NRF authorizes the discovery request according to the discovery configuration of the Network Slice, e.g. the expected NF instance(s) are only discoverable by the NF in the same network slice".
as specified in
TS 23.502, clause 4.17.4.
"If included, the requester-snssais IE shall contain the list of S-NSSAI of the requester NF. The NRF shall use this to return only those NF profiles of NF Instances allowing to be discovered from the slice(s) identified by this IE, according to the "allowedNssais" list in the NF Profile and NF Service" as specified in
TS 29.510, clause 6.2.3.2.3.1.
Threat References:
Test Case:
Test Name:
TC_DISC_AUTHORIZATION_SLICE_NRF
Purpose:
Verify that the NRF under test does not authorize slice specific discovery request for the NF instance which is not part of the requested slice, according to the slice specific discovery configuration of the requested NF instance.
Procedure and execution steps:
Pre-Conditions:
-
Test environment with the NF1 and NF2, which may be simulated.
-
The NF2 is configured with a list of S-NSSAI, which contains slice A but not slice B.
-
The NF1 is configured as a NF instance belonging to slice B and is connected in emulated/real network environment.
-
The NF1 and NF2 is successfully authenticated with the NRF under test.
Execution Steps
-
The NF2 registers at the NRF under test with a list of S-NSSAI.
-
The NF1 sends an Nnrf_NFDiscovery_Request to the NRF under test with the expected service name of NF2, NF type of the expected NF2.
-
The NRF under test determines that NF2 instance only allows discovery from NFs belonging to slice A, according to the "allowedNssais" list stored in NF2 Profile.
Expected Results:
Expected format of evidence:
Evidence suitable for the interface, e.g., evidence can be presented in the form of screenshot/screen-capture.