Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 33.804
Single Sign On (SSO) Application Security
for Common IMS based on SIP Digest

3GPP‑Page   fToC   Partial Content
V12.0.0 (Wzip)  2013/06  47 p.
V11.2.0  2013/06  47 p.
Rapporteur:
Dr. Holtmanns, Silke
Nokia Networks Oy

full Table of Contents for  TR 33.804  Word version:  12.0.0

each clause number in 'red' refers to the equivalent title in the Partial Content
Here   Top
0Introduction  p. 4
1Scope  p. 5
2References  p. 5
3Definitions, symbols and abbreviations  p. 6
3.1Definitions  p. 6
3.2Abbreviations  p. 6
4Description of SSO feature  p. 6
5System architecture and assumptions  p. 7
5.1Overview of Existing Systems  p. 7
5.1.1Use of SIP Digest in Common IMS  p. 7
5.1.2Uses of GBA  p. 7
5.2High-level architecture for SSO to applications for Common IMS based on SIP Digest  p. 11
5.3Support for the Ut reference point  p. 12
5.4Interworking with Liberty Alliance  p. 13
5.5Interworking with OpenId  p. 14
6Security requirements  p. 16
7Solutions  p. 17
7.1General  p. 17
7.2Solution 1 - SIP Digest based GBA solution  p. 17
7.2.1Solution 1 - Architecture for SIP Digest based GBA (GBA_Digest)  p. 17
7.2.2SIP Digest based GBA (GBA_Digest) bootstrapping procedure and its use  p. 19
7.2.3Interworking of SIP digest based GBA with other SSO systems  p. 22
7.2.4Evaluation  p. 22
7.3Solution 2 - SIP Digest based Authentication and Lightweight Security (SDALS) solution  p. 25
7.3.1 Architecture and Interworking for SDALS  p. 25
7.3.1.1Solution 2 - High-level architecture  p. 25
7.3.1.2Interworking of SDALS (solution 2) with other SSO systems  p. 26
7.3.1.2.1Background  p. 26
7.3.1.2.2Co-hosting AS and OP  p. 26
7.3.1.2.3Co-hosting AS and IdP (Liberty Alliance)  p. 27
7.3.1.2.4Co-hosting IdP (SSO Server) and OP  p. 28
7.3.2Message Flows for Solution 2 SDALS  p. 29
7.3.2.1Basic message flow  p. 29
7.3.2.2Message Flow with IdP (SSO Server) and OP co-hosting  p. 32
7.3.2.3Message Flow with AS and OP co-hosting  p. 34
7.3.2.4Solution 2 (SDALS) - Improvements with RP authentication for IdP (SSO Server) and OP co-hosting case  p. 37
7.3.3Solution 2 SDLAS - evaluation  p. 42
7.4The Use of protocol binding for SIP Digest over TLS to prevent MitM attacks  p. 42
AUse of the key derivation function  p. 45
A.1Derivation of passwd and Ks  p. 45
A.2NAF specific key derivation in GBA_Digest  p. 45
$Change history  p. 47

Up   Top