TR 33.980
Interworking of
Liberty Alliance Identity Federation Framework (ID-FF),
Identity Web Services Framework (ID-WSF) and GAA

3GPP‑Page ETSI‑search fToC_↓ Partial Content _→

V19.0.0 (PDF) 2025/09 42 p.

V18.0.0 2024/03 42 p.

V17.0.0 2022/03 42 p.

V16.0.0 2020/06 42 p.

V15.0.0 2018/06 41 p.

V14.0.0 2017/03 42 p.

V13.0.0 2016/01 42 p.

V12.0.0 2014/10 42 p.

V11.1.0 2013/12 42 p.

V10.0.0 2011/04 42 p.

V9.0.0 2009/12 41 p.

V8.0.0 2008/12 40 p.

V7.6.0 2007/09 40 p.

Rapporteur:: Dr. Holtmanns, Silke
Nokia Networks Oy

full Table of Contents for TR 33.980 Word version: 19.0.0

each clause number in 'red' refers to the equivalent title in the Partial Content

Introduction p. 5

Scope p. 6

References p. 6

Definitions, symbols and abbreviations p. 7

3.1	Definitions p. 7
3.2	Abbreviations p. 8

Interworking of Liberty Alliance ID-FF/ ID-WSF and Generic Authentication Architecture p. 9

4.1

Introduction p. 9

4.2

Architectural Description - Use of GBA within ID-FF / ID-WSF p. 9

4.2.1

Architecture for collocation of NAF with Liberty Alliance Authentication Function p. 12

4.2.1.1	Collocation of IdP/NAF in Liberty Alliance ID-FF (alternatively SAML v2.0) p. 12
4.2.1.2	Collocation of AS/NAF in Liberty Alliance ID-WSF p. 13

4.2.2

Architecture for collocation of BSF with Liberty Alliance authentication function p. 15

4.2.2a

Logical data model of the Liberty Alliance Authentication Function (IdP/AS) p. 16

4.2.3

User Registration to Interworking Service p. 16

4.2.3.1	Registration with Operator p. 17
4.2.3.2	Registration with IdP p. 17

4.2.4

Provisioning of User Data for Interworking Service p. 17

4.2.4.1	Service based on standard user data p. 18
4.2.4.2	Service based on pre-provisioned interworking data p. 18
4.2.4.3	Service based on explicitly added interworking data p. 18

4.3

Co-hosting of NAF and IdP p. 18

4.3.1

Federation Concept in GBA p. 19

4.3.2

Session Concept at IdP p. 19

4.3.2a

Single-Logout Concept p. 20

4.3.3

SSO scenario: ID-FF with <lib:AuthnResponse> transfer p. 20

4.3.3.1	HTTPS with conventional TLS p. 20
4.3.3.2	HTTPS with PSK TLS p. 22

4.3.4

SSO scenario: ID-FF with artefact transfer p. 23

4.3.5

SSO scenario: ID-WSF Authentication Service p. 25

4.3.6

SSO scenario: SAML v2.0 with <samlp:Response> transfer p. 27

4.3.6.1	HTTPS with TLS p. 27
4.3.6.2	HTTPS with PSK TLS p. 28

4.3.7

SSO scenario: SAML v2.0 with artefact transfer (resolution) p. 29

4.3a

Co-hosting of BSF and IdP p. 30

4.3a.1	General p. 30
4.3a.2	UE behaviour p. 31
4.3a.3	IdP/BSF behaviour p. 31
4.3a.4	Federation Concept in GBA with IdP/BSF collocation p. 31
4.3a.5	Session Concept at the IdP p. 32
4.3a.6	SSO scenario: ID-FF with <samlp:AuthnResponse> transfer p. 32

4.4

Use of GUSS / USS in Support of ID-FF and ID-WSF p. 34

4.4.1	GAA-LAP Interworking Service p. 35
4.4.2	GAA-LAP Interworking USS p. 35
4.4.2a	GUSS / USS when IdP/AS is collocated with BSF p. 35

4.5

Liberty Alliance Authentication Context and GBA p. 35

Digest Authentication within SASL for Ua protocol between UE and AS/NAF p. 37

A.1	HTTPS deployment p. 37
A.2	Digest challenge p. 37
A.3	Digest response p. 38
A.4	Response auth p. 38
A.5	Subsequent authentication p. 38

Change history p. 39

TR 33.980 Interworking of Liberty Alliance Identity Federation Framework (ID-FF), Identity Web Services Framework (ID-WSF) and GAA

full Table of Contents for TR 33.980 Word version: 19.0.0

TR 33.980
Interworking of
Liberty Alliance Identity Federation Framework (ID-FF),
Identity Web Services Framework (ID-WSF) and GAA