9 Security and Access Control

26.5323GPPData Collection and ReportingProtocols and FormatsRelease 17TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

Security and access control functionality associated with UE data collection, reporting and exposure are described in other clauses of the present document, namely:

1. TLS-based authentication for HTTP/S operations associated with invocation of UE data collection, reporting and event exposure APIs is specified in clause 5.3.1.

2. Cross-Origin Resource Sharing (CORS [10]) HTTP response headers pertaining to access control.

3. Authentication or authorization by the Data Collection AF of network entities when invoking the UE data collection, reporting and event exposure APIs specified in clauses 6 and 7 including:

a) Authentication of the Provisioning AF via use of the Authorization HTTP request header.

b) Authorization of resource access requests using OAuth 2.0 [8] access tokens.

c) Use of the authorizationURL property of the DataReportingConfiguration resource for authorizing subscription requests by consumer entities to event exposure services.

4. Provisioning AF specification of Data Access Profiles associated with the Data Reporting Configuration resource, for controlling event exposure by the Data Collection AF to different event consumer entities is specified in clause 4.2.3.3.2.

Annex A (normative):
Data reporting data models