The present document specifies the security features and mechanisms to support the Service Enabler Architecture Layer (SEAL) in 5G. Specifically security architecture, functional model(s), security aspects of SEAL reference points (e.g. SEAL-UU, etc.), Key Management (KM) procedures, Identity Management (IdM) procedures and SEAL access authentication and authorization for supporting efficient use and deployment of vertical applications over the 3GPP systems are specified.
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
 TR 21.905
"Vocabulary for 3GPP Specifications".
 TS 23.434
"Service Enabler Architecture Layer for Verticals (SEAL); Functional architecture and information flows".
 RFC 6749:
"The OAuth 2.0 Authorization Framework".
 RFC 6750:
"The OAuth 2.0 Authorization Framework: Bearer Token Usage".
OpenID Connect 1.0: "OpenID Connect Core 1.0 incorporating errata set 1", http://openid.net/specs/openid-connect-core-1_0.html.
 TS 33.310
"Network Domain Security (NDS); Authentication Framework (AF)".
 TS 23.401
"General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access".
 TS 23.501
"System Architecture for the 5G System; Stage 2".
 RFC 7521:
"Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants".
 RFC 7523:
"JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants".
 RFC 7797:
" JSON Web Signature (JWS) Unencoded Payload Option ".
 RFC 7515:
"JSON Web Signature (JWS)".
 RFC 7662:
"OAuth 2.0 Token Introspection".
 TS 33.210
" 3G security; Network Domain Security (NDS); IP network layer security".
 TS 33.222
"Generic Authentication Architecture (GAA); Access to network application functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS)".
 TS 33.501
"Security architecture and procedures for 5G system".