Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   None

TR 33.995
Study on Security aspects
of integration of Single Sign-On (SSO) Frameworks
with 3GPP Operator-controlled Resources and Mechanisms

3GPP‑Page   ETSI‑search   fToC   Partial Content
V19.0.0 (PDF)  2025/09  39 p.
V18.0.0  2024/03  39 p.
V17.0.0  2022/03  39 p.
V16.0.0  2020/06  39 p.
V15.0.0  2018/06  38 p.
V14.0.0  2017/03  39 p.
V13.0.1  2017/03  39 p.
Rapporteur:
Mr. Lehtovirta, Vesa
Ericsson LM

full Table of Contents for  TR 33.995  Word version:  19.0.0

each clause number in 'red' refers to the equivalent title in the Partial Content
Here   Top
1Scope  p. 5
2References  p. 5
3Definitions and abbreviations  p. 6
3.1Definitions  p. 6
3.2Abbreviations  p. 6
4Relation of the present study to other related work in 3GPP  p. 6
5Requirements identified in the present study  p. 7
6Solutions for Liberty Alliance/SAML - 3GPP interworking  p. 7
6.1General  p. 7
7Solutions for OpenID - 3GPP interworking  p. 7
7.1General  p. 7
7.2GBA Lite  p. 7
7.2.1Rationale for solution  p. 7
7.2.2Solution description  p. 8
7.2.2.1Architecture  p. 8
7.2.2.2BSF Implementation optimizations  p. 8
7.2.2.3Message Flow  p. 9
7.2.3Evaluation against SA1 requirements  p. 10
7.3Third Party IdP binding for two-factor authentication  p. 10
7.3.1Rationale for solution  p. 10
7.3.3Solution 1 description  p. 12
7.3.3.1General  p. 12
7.3.3.2Example solutions for two factor authentication  p. 14
7.3.4Solution 2 description  p. 18
7.3.4.1Solution based on OpenID-GBA interworking where OTT performs username/password authentication  p. 18
7.3.4.2Solution based on OpenID-GBA interworking where MNO performs both GBA and username/password authentication  p. 19
7.3.5Evaluation against SA1 requirements  p. 21
7.4Using user consent for GBA and SSO  p. 23
7.4.1Rationale for solution  p. 23
7.4.2Solution description  p. 23
7.4.2.1General  p. 23
7.4.2.2GBA_ME-based solution  p. 24
7.4.2.3GBA_U-based solution  p. 25
7.4.3Functional Architecture  p. 27
7.4.4Evaluation against SA1 requirements  p. 29
7.53rd party SSO identity mapping  p. 31
7.5.1Rationale for solution  p. 31
7.5.2Solution description  p. 31
7.5.3Evaluation against SA1 requirements  p. 33
8Conclusions  p. 35
$Change History  p. 36

Up   Top