Tech-invite3GPPspaceIETF RFCsSIP
Quick21222324252627282931323334353637384‑5x

Content for  TR 33.855  Word version:  16.1.0

Top   Top   Up   Prev   None
1…   4…   6…

 

6  SolutionsWord‑p. 32

6.1  Solution #1: Authorization of NF service accessWord‑p. 32

6.2  Solution #2: Application layer protection based on JSON Object Signing and Encryption (JOSE)Word‑p. 34

6.3  Solution #3: NF service registration processWord‑p. 40

6.3.1Void

6.3.2  Solution DetailsWord‑p. 40

6.3.3  EvaluationWord‑p. 40

6.4  Solution #4: Authorization of NF service accessWord‑p. 40

6.5  Solution #5: Using mediation services with end-to-end encryptionWord‑p. 44

6.6  Solution #6: Policies for protection on the N32 interfaceWord‑p. 48

6.6.1Void

6.6.2  Solution detailsWord‑p. 48

6.6.3  EvaluationWord‑p. 48

6.7  Solution #7: Signaling based provisioning of message protection policy in partner SEPPsWord‑p. 49

6.7.1Void

6.7.2  Solution detailsWord‑p. 49

6.7.3  EvaluationWord‑p. 49

6.8  Solution #8: Inter PLMN routing and TLS: Solution OptionsWord‑p. 50

6.9  Solution #9: N32 message anti-spoofing within the SEPPWord‑p. 52

6.9.1Void

6.9.2  Solution DetailsWord‑p. 52

6.9.3  EvaluationWord‑p. 52

6.10  Solution #10: Mitigation against fraudulent registration attack between SEPPsWord‑p. 52

6.10.1  IntroductionWord‑p. 52

6.10.2  Solution DetailsWord‑p. 52

6.10.3  EvaluationWord‑p. 52

6.11  Solution #11: Security policy provisioning for SEPPWord‑p. 53

6.12  Solution #12: End-to-end data protection in hop-by-hop network communication linksWord‑p. 53

6.13  Solution #13: Content and structure of protection policiesWord‑p. 55

6.14  Solution #14: Provisioning and negotiation of protection policiesWord‑p. 57

6.15  Solution #15: Service access authorization in the delegated "Subscribe-Notify" interaction scenariosWord‑p. 58

6.15.1  IntroductionWord‑p. 58

6.15.2  Solution detailsWord‑p. 58

6.15.3  EvaluationWord‑p. 60

6.16  Solution #16: OAuth 2.0 based authorization for Indirect communication without Delegated Discovery (Model C)Word‑p. 61

6.16.1  IntroductionWord‑p. 61

6.16.2  Solution detailsWord‑p. 61

6.16.3  EvaluationWord‑p. 61

6.17  Solution #17: Protection of SeCoP interfacesWord‑p. 61

6.17.1  IntroductionWord‑p. 61

6.17.2  Solution detailsWord‑p. 62

6.17.3  EvaluationWord‑p. 62

6.18  Solution #18: Support NDS/IP on the inter-PLMN N9 interfaceWord‑p. 62

6.18.1  IntroductionWord‑p. 62

6.18.2  Solution detailsWord‑p. 62

6.18.3  EvaluationWord‑p. 63

6.19  Solution #19: Service access authorization based on NF Set in non-roaming scenarioWord‑p. 63

6.20  Solution #20: UP Gateway function on the inter-PLMN N9 interfaceWord‑p. 66

6.21  Solution #21: OAuth 2.0 based authorization for Indirect communication with Delegated Discovery (Model D)Word‑p. 68

6.22  Solution #22: Authentication and authorization between Network Functions for Indirect Communication modelsWord‑p. 71

6.22.1  IntroductionWord‑p. 71

6.22.2  Solution detailsWord‑p. 71

6.22.3  EvaluationWord‑p. 71

6.23  Solution #23: Token-based authorization for Scenario D using stateless SeCoPWord‑p. 71

6.24  Solution #24: Token-based authorization for Scenario C using stateless SeCoPWord‑p. 73

6.25  Solution #25: NF service consumer verification during service access authorization in the direct communication scenarioWord‑p. 75

6.26  Solution #26: OAuth 2.0 based resource level authorization of NF service consumersWord‑p. 79

6.26.1  IntroductionWord‑p. 79

6.26.2  Solution DescriptionWord‑p. 79

6.26.3  Solution EvaluationWord‑p. 80

6.27  Solution #27: Policy based authorization for Indirect communication between Network functionsWord‑p. 80

6.27.1  IntroductionWord‑p. 80

6.27.2  Solution DescriptionWord‑p. 81

6.27.2.1  Policy filesWord‑p. 81

6.27.2.2  ProcedureWord‑p. 81

6.27.3  Solution EvaluationWord‑p. 82

6.28  Solution #28: Authorization between Network Functions in Scenario DWord‑p. 82

6.28.1  IntroductionWord‑p. 82

6.28.2  Solution detailsWord‑p. 82

6.28.3  EvaluationWord‑p. 82

6.29  Solution #29: Telescopic FQDN for the SeCoPWord‑p. 82

6.29.1  IntroductionWord‑p. 82

6.29.2  Solution DescriptionWord‑p. 82

6.29.3  Solution EvaluationWord‑p. 82

6.30  Solution #30: Token-based authorization for NF Sets / NF Service Sets by existing methodsWord‑p. 83

6.30.1  IntroductionWord‑p. 83

6.30.2  Solution DescriptionWord‑p. 83

6.30.3  Solution EvaluationWord‑p. 83

6.31  Solution #31: Service access authorization based on of a NF Set in roaming scenarioWord‑p. 83

6.32  Solution #32: OAuth 2.0 based resource level authorization of NF service consumersWord‑p. 85

6.33  Solution #33: NF service consumer verification during service access authorization in indirect communication scenarioWord‑p. 89

6.34  Solution #34: Security of indirect communication in roaming scenariosWord‑p. 94

6.34.1  IntroductionWord‑p. 94

6.34.2  Solution DescriptionWord‑p. 94

6.34.3  Solution EvaluationWord‑p. 95

6.35  Solution #35: Service access authorization in the non-delegated "Subscribe-Notify" interaction scenariosWord‑p. 95

6.35.1  IntroductionWord‑p. 95

6.35.2  Solution detailsWord‑p. 95

6.35.3  EvaluationWord‑p. 97

7  ConclusionsWord‑p. 97

AVoid

B  Options for integrity protection on the N32 interfaceWord‑p. 100

C  Deployment options for the UP gatewayWord‑p. 101

$  Change historyWord‑p. 103


Up   Top