B.3 Procedures
24.5473GPPIdentity management - Service Enabler Architecture Layer for Verticals (SEAL)Protocol specificationRelease 17TS
B.3.1 CoAP client
The CoAP client in the UE shall support the client role defined in IETF RFC 7252 [17].
If the communication is via proxies, the CoAP client in the UE:
a) shall be configured with a home CoAP proxy FQDN parameter;
b) shall be configured with a home CoAP proxy port parameter; and
c) may be configured with one of the following (D)TLS tunnel authentication method along with its parameters as specified in 3GPP TS 33.434 [7]:
1) one-way authentication of the CoAP proxy based on the server certificate;
2) mutual authentication based on certificates, along with (D)TLS tunnel authentication based on X.509 certificate; and
3) mutual authentication based on pre-shared key, along with (D)TLS tunnel authentication based on pre-shared key.
B.3.2 CoAP proxy
B.3.2.1 General
The CoAP proxy shall support CoAP-to-CoAP, CoAP-to-HTTP proxy and HTTP-to-CoAP roles defined in IETF RFC 7252 [17].
CoAP proxy shall support UDP transport in IETF RFC 7252 [17] and shall support TCP transport defined in IETF RFC 8323 [18].
B.3.2.2 CoAP request method from CoAP client in UE
The CoAP proxy shall support the server role defined in IETF RFC 7252 [17].
The CoAP proxy may support datagram transport layer security (DTLS) or transport layer security (TLS) as specified in clause 6 of 3GPP TS 33.434 [7].
The CoAP proxy is configured with the following CoAP proxy parameters:
a) an FQDN of an CoAP proxy for UEs; and
b) a port of an CoAP proxy for UEs.
The CoAP proxy may support establishing transport connections on the FQDN of CoAP proxy for UEs and the port of CoAP proxy for UEs. The CoAP proxy shall support establishing a (D)TLS tunnel via each such transport connection as specified in 3GPP TS 33.434 [7]. When establishing the (D)TLS tunnel, the CoAP proxy shall act as the (D)TLS server.
B.3.2.3 CoAP request method from CoAP client in network entity within trust domain
The CoAP proxy is configured with the following parameters:
a) a FQDN of an CoAP proxy for trusted entities; and
b) a port of an CoAP proxy for trusted entities.
Upon receiving an CoAP request method via a transport connection established on the FQDN of CoAP proxy for UEs and the port of CoAP proxy for UEs, if the transport connection is between network elements within trusted domain as specified in 3GPP TS 33.434 [7], then:
a) if the CoAP request contains a CoAP URI identifying a resource in a partner’s VAL service provider, the CoAP proxy shall forward the CoAP request according to the CoAP URI; and
b) if an CoAP request contains CoAP URI identifying a resource in own VAL service provider, the CoAP proxy shall act as reverse proxy for the CoAP request and shall forward the CoAP request according to VAL service provider’s policy.
B.4.2 CoAP server
The CoAP server shall support the server role defined in IETF RFC 7252 [17].
Upon reception of an ACE-OAuth Token Provisioning Request message containing an access token, the CoAP server:
a) shall verify the integrity of the access token; and
b) shall verify that the key included in the access token belongs to the authenticated requesting party.
Upon reception of a resource request, the CoAP server:
a) shall verify that the requesting party is authorized according to the access token as specified in the corresponding ACE-OAuth profile; the DTLS profile of ACE-OAUTH [20] or the OSCORE profile of ACE-OAUTH [21].
Annex C (informative):
Change history
|
Change history |
|||||||
|
Date |
Meeting |
TDoc |
CR |
Rev |
Cat |
Subject/Comment |
New version |
|
2019-10 |
CT1#120 |
C1-196093 |
Draft skeleton provided by the rapporteur. |
0.0.0 |
|||
|
2019-10 |
CT1#120 |
Implementing the following p-CRs agreed by CT1: |
0.1.0 |
||||
|
2019-11 |
CT1#121 |
Implementing the following p-CRs agreed by CT1: |
0.2.0 |
||||
|
2019-12 |
CT-86 |
CP-193154 |
Presentation for information at TSG CT |
1.0.0 |
|||
|
2020-03 |
CT1#122-e |
Implementing the following p-CRs agreed by CT1: C1-201003 |
1.1.0 |
||||
|
2020-03 |
CT-87e |
CP-200171 |
Presentation for approval at TSG CT |
2.0.0 |
|||
|
2020-03 |
CT-87e |
Version 16.0.0 created after approval |
16.0.0 |
||||
|
2020-06 |
CT-88e |
CP-201129 |
0001 |
F |
Updates to User Authentication Client (SIM-C) procedure |
16.1.0 |
|
|
2020-06 |
CT-88e |
CP-201129 |
0002 |
F |
Updates to User Authentication Server (SIM-S) procedure |
16.1.0 |
|
|
2020-06 |
CT-88e |
CP-201129 |
0003 |
3 |
F |
Updates to Token Exchange Client (SIM-C) procedure |
16.1.0 |
|
2020-06 |
CT-88e |
CP-201129 |
0004 |
3 |
F |
Updates to Token Exchange Server (SIM-S) procedure |
16.1.0 |
|
2020-06 |
CT-88e |
CP-201129 |
0005 |
1 |
F |
draft-ietf-oauth-token-exchange has been published as RFC8693 |
16.1.0 |
|
2020-09 |
CT-89e |
CP-202163 |
0006 |
1 |
F |
Correcting a reference |
16.2.0 |
|
2021-12 |
CT-94e |
CP-213031 |
0007 |
– |
B |
Reference update for HTTP/1.1 protocol |
17.0.0 |
|
2021-12 |
CT-94e |
CP-213052 |
0008 |
1 |
B |
SEAL IM FE requirements |
17.0.0 |
|
2021-12 |
CT-94e |
CP-213052 |
0009 |
– |
B |
Token endpoint reference for CoAP support |
17.0.0 |
|
2021-12 |
CT-94e |
CP-213052 |
0010 |
1 |
B |
Addition of CoAP user authentication procedure |
17.0.0 |
|
2021-12 |
CT-94e |
CP-213052 |
0011 |
1 |
B |
Addition of CoAP entities annex |
17.0.0 |
|
2022-03 |
CT-95e |
CP-220255 |
0012 |
– |
F |
Correction of CR implementation issues |
17.1.0 |
|
2022-06 |
CT-96 |
CP-221217 |
0013 |
– |
F |
Resolve Editor’s note on CoAP security |
17.2.0 |