A.3.3 Signalling flows for PN-configuration

24.2593GPPPersonal Network Management (PNM)Release 17Stage 3TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

A.3.3.1 PN-configuration for PN UE redirection

Figure A.3.3.1-1 shows the message exchange between PN UE and NAF/PNM AS when the PN UE wants to configure the PN settings for the PN UE redirection. The messaging only takes place after a successful bootstrapping procedure (as described in 3GPP TS 33.220 [8]) in which case the bootstrapped security association has been established before step 1.

Figure A.3.3.1-1: Successful PN-configuration for UE redirection

1. Initial PN-configuration request (PN UE to NAF/PNM AS) – see example in table A.3.3.1-1

The PN UE sends an HTTP request to the NAF/PNM AS containing the configuration request for the PN UE redirection.

Table A.3.3.1-1: Initial PN-configuration request (UE to NAF/PNM AS)

PUT http://xcap.home1.net/pnm.3gpp.org/users/sip:PN_user_public@home1.net/pnm HTTP/1.1

Host: pnmas.home1.net:1234

User-Agent: PNM User Agent; Release-6 3gpp-gba

Content-Type: application/pnm+xml charset="utf-8"

Content-Length: (…)

Date: Wed, 31 Oct 2007 10:50:35 GMT

Accept: application/pnm+xml

Referrer: http://pnmas.home1.net:1234/service

Authorization: Digest username="(B-TID)", realm="3GPP-bootstrapping@pnmas.home1.net", nonce="a6332ffd2d234==", uri="pnmclient", qop=auth-int, nc=00000001, cnonce="6629fae49393a05397450978507c4ef1", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f30e41", algorithm=MD5

<?xml version="1.0" encoding="utf-8"?>

<PNUEID>sip:PN_user1_public1@home1.net</PNUEID>

<PNUEName>PN_user1_public1_old</PNUEName>

</RedirectedUserID>

<PNUEID>sip:PN_user2_public1@home1.net</PNUEID>

<PNUEName>PN_user2_public1_old</PNUEName>

<RedirectionLevel>application</RedirectionLevel>

</RedirectingUserID>

</UERedirection>

</PNConfiguration>

Request-URI: The Request-URI (the URI that follows the method name, "PUT", in the first line) indicates the resource of this PUT request. The Request-URI contains the XCAP HTTP URI which indicates to the PNM AS the desired PN is requested to be configured.

Host: Specifies the Internet host and port number of the PNM AS, obtained from the original URI provided by the referring resource.

User-Agent: Contains information about the user agent originating the request and it includes the static string "3gpp-gba" to indicate to the application server (i.e., NAF) that the UE supports 3GPP-bootstrapping based authentication.

Referer: Allows the user agent to specify the address (URI) of the resource from which the URI for the PNM AS was obtained.

Authorization: Contains the credentials obtained by means of the bootstrapping procedure (as described in 3GPP TS 33.220 [8]).

XML body: Contains the settings for the PN UE redirection that the PN-user requests the PNM AS to do. In this example, the UE with public user identity <sip: PN_user1_public1@home1.net > requests the PNM AS to configure the redirection of all sessions, addressing <sip: PN_user2_public1@home1.net > with the PN UE name PN_user2_public1_old, to <sip: PN_user1_public1@home1.net > with the PN UE name PN_user1_public1_old with the highest priority, i.e. one.

2. Authentication/authorization and UE capability and subscription checking

The NAF/PNM AS verifies the Authorization header by using the bootstrapping transaction identifier B-TID and the key material Ks_NAF obtained from BSF (as described in 3GPP TS 33.220 [8]). NAF/PNM AS calculates the corresponding digest values using Ks_NAF, and compares the calculated values with the received values in the Authorization header. If the verification succeeds, the NAF passes the private user identity <sip: PN_user1_private@home1.net> associated with the public user identity <sip: PN_user1_public1@home1.net> to the PNM AS. The PNM AS then authorizes the UE by comparing the received public user identity <sip: PN_user1_public1@home1.net> with the preconfigured one identified by the private user identity <sip: PN_user1_private@home1.net>. If the authorization succeeds, the incoming request is taken in for further processing.

The NAF/PNM AS also performs the PN UE capability and subscription checking. If the checking succeeds, the incoming request is taken in for further processing.

NOTE: Performing the PN UE subscription checking entails the interaction with the HSS over the sh interface (see 3GPP TS 29.328 [9]) which is not shown in the message flow.

3. Delivery of PN-configuration response (NAF/PNM AS to PN UE) – see example in table A.3.3-3

The PNM AS sends a HTTP 200 OK response to the PN UE to indicate the success of the PN-configuration.

Table A.3.3.1-3: Delivery of PN-configuration response (NAF/PNM AS to PN UE)

HTTP/1.1 200 OK

Server: Apache/1.3.22 (Unix) mod_perl/1.27

Content-Length: 0

Authentication-Info: qop=auth-int, rspauth="6629fae49394a05397450978507c4ef1", cnonce="6629fae49393a05397450978507c4ef1", nc=00000001

Date: Wed, 31 Oct 2007 10:50:36 GMT

Expires: Wed, 31 Nov 2007 10:50:36 GMT

Authentication-Info: This carries the protection.

A.3.3.2 PN-configuration for PN access control

Figure A.3.3.2-1 shows the message exchange between PN UE and NAF/PNM AS when the PN UE wants to configure the PN settings for the PN access control service. The messaging only takes place after a successful bootstrapping procedure (as described in 3GPP TS 33.220 [8]) in which case the bootstrapped security association has been established before step 1.

Figure A.3.3.2-1: Successful initial PN-configuration for PN access control

1. Initial PN-configuration request (PN UE to NAF/PNM AS) – see example in table A.3.3.2-1

The PN UE sends an HTTP request to the NAF/PNM AS containing the configuration request for the PN access control.

Table A.3.3.2-1: Initial PN-configuration request (UE to NAF/PNM AS)

PUT http://xcap.home1.net/pnm.3gpp.org/users/sip:PN_user_public@home1.net/pnm HTTP/1.1

Host: pnmas.home1.net:1234

User-Agent: PNM User Agent; Release-6 3gpp-gba

Content-Type: application/pnm+xml charset="utf-8"

Content-Length: (…)

Date: Wed, 31 Oct 2007 10:50:35 GMT

Accept: application/pnm+xml

Referrer: http://pnmas.home1.net:1234/service

<?xml version="1.0" encoding="utf-8"?>

<PNUEID>sip:PN_user1_public1@home1.net</PNUEID>

<PNUEName>PN_user1_public1_old</PNUEName>

</ControllerUE>

<PNUEID>sip:PN_user2_public1@home1.net</PNUEID>

<PNUEName>PN_user2_public1_old</PNUEName>

<PNAccessControlList>sip:PN_user1_friend_public1@home1.net sip:PN_user1_friend_public2@home1.net</PNAccessControlList>

<PNAccessControlType>Controller</PNAccessControlType>

</ControlleeUE>

</AccessControl>

</PNConfiguration>

Host: Specifies the Internet host and port number of the PNM AS, obtained from the original URI provided by the referring resource.

Referer: Allows the user agent to specify the address (URI) of the resource from which the URI for the PNM AS was obtained.

Authorization: Contains the credentials obtained by means of the bootstrapping procedure (as described in 3GPP TS 33.220 [8]).

XML body: Contains the settings for the PN access control service that the UE requests from the PNM AS. In this example, the UE with public user identity <sip: PN_user1_public1@home1.net> requests the PNM AS to configure PN access control for all sessions, addressing <sip: PN_user2_public1@home1.net > with the PN UE name PN_user2_public1_old, except for the case when the callee is either <sip: PN_user1_friend_public1@home1.net> or < sip: PN_user1_friend_public2@home1.net >. Furthermore, the UE indicates in the access control type that the controller UE with <sip: PN_user1_public1@home1.net> and the PN UE name PN_user1_public1_old needs to be interrogated when the PNM AS executes the PN access control.

2. Authentication/authorization and subscription checking

As described in Step 2 of figure A.3.3.1-1.

3. Delivery of PN-configuration response (NAF/PNM AS to PN UE) – see example in table A.3.3.2-3

The PNM AS sends a HTTP 200 OK response to the PN UE to indicate the success of the PN-configuration.

Table A.3.3.2-3: Delivery of PN-configuration response (NAF/PNM AS to PN UE)

HTTP/1.1 200 OK

Server: Apache/1.3.22 (Unix) mod_perl/1.27

Content-Length: 0

Authentication-Info: qop=auth-int, rspauth="6629fae49394a05397450978507c4ef1", cnonce="6629fae49393a05397450978507c4ef1", nc=00000001

Date: Wed, 31 Oct 2007 10:50:36 GMT

Expires: Wed, 31 Nov 2007 10:50:36 GMT

Authentication-Info: This carries the protection.

A.3.3.3 PN-configuration for changing PN UE name

Figure A.3.3.3-1 shows the message exchange between PN UE and NAF/PNM AS when the PN UE changes the PN UE name. The messaging only takes place after a successful bootstrapping procedure (as described in 3GPP TS 33.220 [8]) in which case a bootstrapped security association has been established before step 1.

Figure A.3.3.3-1: Successful PN-configuration for changing PN UE name

1. Initial PN-configuration request (PN UE to NAF/PNM AS) – see example in table A.3.3.3-1

The PN UE sends an HTTP request to the NAF/PNM AS containing the configuration request for changing the PN UE name.

Table A.3.3.3-1: Initial PN-configuration request (UE to NAF/PNM AS)

PUT http://xcap.home1.net/pnm.3gpp.org/users/sip:PN_user_public@home1.net/pnm HTTP/1.1

Host: pnmas.home1.net:1234

User-Agent: PNM User Agent; Release-6 3gpp-gba

Content-Type: application/pnm+xml charset="utf-8"

Content-Length: (…)

Date: Wed, 31 Oct 2007 10:50:35 GMT

Accept: application/pnm+xml

Referrer: http://pnmas.home1.net:1234/service

<?xml version="1.0" encoding="utf-8"?>

<PNUEID>sip:PN_user1_public1@home1.net</PNUEID>

<Name>PN_user1_public1_new</Name>

</NameofPNUE>

</PNConfiguration>

Host: Specifies the Internet host and port number of the PNM AS, obtained from the original URI provided by the referring resource.

Referer: Allows the user agent to specify the address (URI) of the resource from which the URI for the PNM AS was obtained.

Authorization: Contains the credentials obtained by means of the bootstrapping procedure (as described in 3GPP TS 33.220 [8]).

XML body: Contains the old and the new PN UE names that the PN-user requests the PNM AS to change. In this example, the UE with public user identity <sip: PN_user1_public1@home1.net > requests the PNM AS to change the old PN UE name with the new PN UE name "PN_user1_public1_new".

2. Authentication/authorization and UE capability and subscription checking

As described in Step 2 of figure A.3.3.1-1.

NOTE: Changing the PN UE name from PN_user1_public1_old to PN_user1_public1_new does not entail interaction between the PN MAS and the HSS over the Sh interface.

3. Delivery of PN-configuration response (NAF/PNM AS to PN UE) – see example in table A.3.3.3-3

The PNM AS sends a HTTP 200 OK response to the PN UE to indicate the success of the PN-configuration.

Table A.3.3.3-3: Delivery of PN-configuration response (NAF/PNM AS to PN UE)

HTTP/1.1 200 OK

Server: Apache/1.3.22 (Unix) mod_perl/1.27

Content-Length: 0

Authentication-Info: qop=auth-int, rspauth="6629fae49394a05397450978507c4ef1", cnonce="6629fae49393a05397450978507c4ef1", nc=00000001

Date: Wed, 31 Oct 2007 10:50:36 GMT

Expires: Wed, 31 Nov 2007 10:50:36 GMT

Authentication-Info: This carries the protection.

A.3.3.4 PN-query

Figure A.3.3.4-1 shows the message exchange between PN UE and NAF/PNM AS when the PN UE wants to obtain the PN setting information from the PNM AS. The messaging only takes place after a successful bootstrapping procedure (as described in 3GPP TS 33.220 [8]) in which case the bootstrapped security association has been established before step 1.

Figure A.3.3.4-1: Successful PN-query

1. Initial PN-query request (PN UE to NAF/PNM AS) – see example in table A.3.3.4-1

The PN UE sends an HTTP request to the NAF/PNM AS PN in order to obtain the PN setting information of the <UERedirection> with the attribute value "UriOfRedirectedUser= sip:PN_user1_public1@home1.net".

Table A.3.3.4-1: Initial PN-query request (UE to NAF/PNM AS)

GET http://xcap.home1.net/pnm.3gpp.org/users/sip:PN_user_public@home1.net/pnm/~~/PNConfiguration/UERedirection%5b@UriOfRedirectedUser=%22sip:PN_user1_public1@home1.net%22%5d HTTP/1.1

Host: pnmas.home1.net:1234

User-Agent: PNM User Agent; Release-6 3gpp-gba

Content-Length: 0

Date: Wed, 31 Oct 2007 10:50:35 GMT

Accept: application/pnm+xml

Referrer: http://pnmas.home1.net:1234/service

Host: Specifies the Internet host and port number of the PNM AS, obtained from the original URI provided by the referring resource.

Referer: Allows the user agent to specify the address (URI) of the resource from which the URI for the PNM AS was obtained.

Authorization: Contains the credentials obtained by means of the bootstrapping procedure (as described in 3GPP TS 33.220 [8]).

XML body: In this example, it is assumed that the UE with the public user identity < sip: PN_user1_public1@home1.net > interrogates the PNM AS for the whole set of the PN setting information.

2. Authentication/authorization and UE capability

See Step 2 of figure A.3.3.4-1.

3. Delivery of PN-query response (NAF/PNM AS to PN UE) – see example in table A.3.3.4-3

The PNM AS sends a HTTP 200 OK response to the PN UE to inform the whole set of the PN setting information for the <UERedirection> with the attribute value "UriOfRedirectedUser= sip:PN_user1_public1@home1.net".

Table A.3.3.4-3: Delivery of PN-query response (NAF/PNM AS to PN UE)

HTTP/1.1 200 OK

Server: Apache/1.3.22 (Unix) mod_perl/1.27

Content-Length: 0

Authentication-Info: qop=auth-int, rspauth="6629fae49394a05397450978507c4ef1", cnonce="6629fae49393a05397450978507c4ef1", nc=00000001

Date: Wed, 31 Oct 2007 10:50:36 GMT

Expires: Wed, 31 Nov 2007 10:50:36 GMT

<?xml version="1.0" encoding="utf-8"?>

<PNUEID>sip:PN_user1_public1@home1.net</PNUEID>

<PNUEName>PN_user1_public1_old</PNUEName>

</RedirectedUserID>

<PNUEID>sip:PN_user2_public1@home1.net</PNUEID>

<PNUEName>PN_user2_public1_old</PNUEName>

<RedirectionLevel>application</RedirectionLevel>

</RedirectingUserID>

</PNConfiguration>

Authentication-Info: This carries the protection.

XML body: Indicates the whole set of the PN setting information related to the UE with the public user identity < sip: PN_user1_public1@home1.net>.

A.3.3.5 PN-deconfiguration

Figure A.3.3.5-1 shows the message exchange between PN UE and NAF/PNM AS when the PN UE wants to deconfigure the PN settings for the UE redirection service and the PN access control service. The messaging only takes place after a successful bootstrapping procedure (as described in 3GPP TS 33.220 [8]) in which case the bootstrapped security association has been established before step 1.

Figure A.3.3.5-1: Successful initial PN-deconfiguration

1. Initial PN-deconfiguration request (PN UE to NAF/PNM AS) – see example in table A.3.3.5-1

The PN UE sends an HTTP request to the NAF/PNM AS containing the configuration request to delete the <UERedirection> with the attribute value "UriOfRedirectedUser= sip:PN_user1_public1@home1.net".

Table A.3.3.5-1: Initial PN-deconfiguration request (UE to NAF/PNM AS)

DELETE http://xcap.home1.net/pnm.3gpp.org/users/sip:PN_user_public@home1.net/pnm/~~/PNConfiguration/UERedirection%5b@UriOfRedirectedUser=%22sip:PN_user1_public1@home1.net%22%5d HTTP/1.1

Host: pnmas.home1.net:1234

User-Agent: PNM User Agent; Release-6 3gpp-gba

Content-Length: 0

Date: Wed, 31 Oct 2007 10:50:35 GMT

Accept: text/xml

Referrer: http://pnmas.home1.net:1234/service

Request-URI: The Request-URI (the URI that follows the method name, "DELETE", in the first line) indicates the resource of this DELETE request. The Request-URI contains the XCAP HTTP URI which indicates to the PNM AS the desired PN is requested to be configured.

Host: Specifies the Internet host and port number of the PNM AS, obtained from the original URI provided by the referring resource.

Referer: Allows the user agent to specify the address (URI) of the resource from which the URI for the PNM AS was obtained.

Authorization: Contains the credentials obtained by means of the bootstrapping procedure (as described in 3GPP TS 33.220 [8]).

XML body: In this example, the UE with public user identity <sip: PN_user1_public1@home1.net> wants the PNM AS to delete the whole PN settings established before.

2. Authentication/authorization and UE capability and subscription checking

See Step 2 of figure A.3.3.5-1.

3. Delivery of PN-configuration response (NAF/PNM AS to PN UE) – see example in table A.3.3.5-3

The PNM AS sends a HTTP 200 OK response to the PN UE to indicate the success of the PN-deconfiguration.

Table A.3.3.5-3: Delivery of PN-configuration response (NAF/PNM AS to PN UE)

HTTP/1.1 200 OK

Server: Apache/1.3.22 (Unix) mod_perl/1.27

Content-Length: 0

Authentication-Info: qop=auth-int, rspauth="6629fae49394a05397450978507c4ef1", cnonce="6629fae49393a05397450978507c4ef1", nc=00000001

Date: Wed, 31 Oct 2007 10:50:36 GMT

Expires: Wed, 31 Nov 2007 10:50:36 GMT

Authentication-Info: This carries the protection.