Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 33.122  Word version:  19.1.0

Top   Top   None   None   Next
1…   4…   5…   6…   6.5…   6.6…   A…   B…   C…
1 Scope2 References3 Definitions, symbols and abbreviations3.1 Definitions3.2 Symbols3.3 Abbreviations
...

 

1  Scopep. 6

The present document specifies the security architecture i.e., the security features and the security mechanisms for the common API framework (CAPIF) as per the architecture and procedures defined in TS 23.222.

2  Referencesp. 6

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TS 33.310: "Network Domain Security (NDS); Authentication Framework (AF)".
[3]
TS 23.222: "Common API Framework for 3GPP Northbound APIs".
[4]
RFC 6749:  "The OAuth 2.0 Authorization Framework".
[5]
RFC 6750:  "The OAuth 2.0 Authorization Framework: Bearer Token Usage".
[6]
RFC 7519:  "JSON Web Token (JWT)".
[7]
RFC 7515:  "JSON Web Signature (JWS)".
[8]
TS 33.220: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA)".
[9]  Void
[10]
TS 33.210: "3G security; Network Domain Security (NDS); IP network layer security".
[11]
RFC 7636:  "Proof Key for Code Exchange by OAuth Public Clients".
[12]
RFC 8693:  "OAuth 2.0 Token Exchange".
Up

3  Definitions, symbols and abbreviationsp. 6

3.1  Definitionsp. 6

For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
Resource owner authorization:
The permission provided by the resource owner to allow the API invoker to access the resource owner's resource via the northbound API.

3.2  Symbolsp. 7

For the purposes of the present document, the following symbols apply:
AEFPSK
Pre-Shared Key for AEF

3.3  Abbreviationsp. 7

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
AEF
API Exposing Function
API
Application Programming Interface
CAPIF
Common API Framework
CCF
CAPIF Core Function
JSON
JavaScript Object Notation
JWT
JSON Web Token
KDF
Key Derivation Function
PKI
Public Key Infrastructure
PSK
Pre-Shared Key
RNAA
Resource owner-aware northbound API access
ROF
Resource Owner Function
TLS
Transport Layer Security
Up

Up   Top   ToC