6.3.4 AUSF discovery and selection

23.5013GPPRelease 18System architecture for the 5G System (5GS)TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

In the case of NF consumer based discovery and selection, the following applies:

– The AMF and the NSWOF perform AUSF selection to allocate an AUSF Instance that performs authentication between the UE and 5G CN in the HPLMN. The AMF and the NSWOF shall utilize the NRF to discover the AUSF instance(s) unless AUSF information is available by other means, e.g. locally configured on AMF and on NSWOF. The AUSF selection function in the AMF and in the NSWOF selects an AUSF instance based on the available AUSF instances (obtained from the NRF or locally configured in the AMF).

– The UDM shall utilize the NRF to discover the AUSF instance(s) unless AUSF information is available by other means, e.g. locally configured on UDM. The UDM selects an AUSF instance based on the available AUSF instance(s) obtained from the NRF or based on locally configured information, and information stored (by the UDM) from a previously successful authentication.

AUSF selection is applicable to both 3GPP access and non-3GPP access.

The AUSF selection function in AUSF NF consumers or in SCP should consider one of the following factors when available:

1. Home Network Identifier (e.g. MNC and MCC, realm) of SUCI/SUPI (by an NF consumer in the Serving network) along with the selected NID (provided by the NG-RAN) in the case of SNPN, Routing Indicator and optionally Home Network Public Key identifier (e.g. in the case that Routing Indicator is not enough to provide SUPI range granularity).

NOTE 1: The UE provides the SUCI, which contains the Routing Indicator and Home Network Public Key identifier as defined in TS 23.003 [19], to the AMF during initial registration and to the NSWOF during NSWO authentication. The AMF can provide the UE’s Routing Indicator and optionally Home Network Public Key identifier to other AMFs as described in TS 23.502 [3].

NOTE 2: The usage of Home Network Public Key identifier for AUSF discovery is limited to the scenario where the AUSF NF consumers belong to the same PLMN as AUSF.

NOTE 3: In the case of SNPN and if the UE provides an IMSI type SUCI to the AMF and the SUCI provided by UE or the SUPI derived from the SUCI is for an SNPN served by the AMF, the AMF uses the selected NID provided by the NG-RAN together with the selected PLMN ID (from IMSI) or the Routing Indicator provided by the UE within the SUCI for selection of AUSF. In the case of SNPN and the UE provides an NSI type SUCI to the AMF, the AMF uses the Home Network Identifier and Routing Indicator of SUCI/SUPI for selection of AUSF.

When the UE’s Routing Indicator is set to its default value as defined in TS 23.003 [19], the AUSF NF consumer can select any AUSF instance within the home network for the UE.

2. AUSF Group ID the UE’s SUPI belongs to.

NOTE 4: The AMF can infer the AUSF Group ID the UE’s SUPI belongs to, based on the results of AUSF discovery procedures with NRF. The AMF provides the AUSF Group ID the SUPI belongs to other AMFs as described in TS 23.502 [3].

3. SUPI; e.g. the AMF selects an AUSF instance based on the SUPI range the UE’s SUPI belongs to or based on the results of a discovery procedure with NRF using the UE’s SUPI as input for AUSF discovery.

NOTE 5: In the case of Onboarding via ON-SNPN, AUSF instances supporting UE onboarding can be registered in NRF or locally configured in the AMF. The AMF in ON-SNPN can discover and select AUSF instance(s) supporting UE onboarding based on the MCC and MNC or realm part in Home Network Identifier of the SUCI/SUPI provided by the onboarding UE.

In the case of delegated discovery and selection in SCP, the AUSF NF consumer shall send all available factors to the SCP.