D.2 Implicit authentication and authorization
28.5333GPPArchitecture frameworkManagement and orchestrationRelease 17TS
Precondition:
A centralized authentication service producer, e.g. LDAP server, is deployed in operator’s network and will be used by MnS Producer to perform authentication. MnS Consumer does not interact directly with authenication service producer.
Authentication service producer contains authentication information required for MnS Producer to perform authentication such as MnS Consumer identities (including credentials) and/or groups. The specific information required will depend on the implementation.
MnS Producer has been configured to use the centralized authentication service producer.
MnS Producer optionally has support for local authentication, i.e. in event centralized authentication service is unavailable.
MnS Producer has been configured with access rules, used for local enforcement based on MnS Consumer access privileges.
Procedure:
Session Initiation:
101. MnS Consumer initiates a management session towards MnS Producer. As part of session establishment credentials are exchanged.
102. Based on credentials in the request, MnS Producer accesses Authentication Service Producer to verify the identity, and information required to perform access control including the associated group(s) of the identity.
103. If Authentication Service Producer is unavailable, MnS Producer may opt to perform local authentication.
104. If authentication is successful, MnS Producer sends success response and an authentication context is established between MnS Consumer and MnS Producer.
105. If authentication fails, MnS Producer sends failure response to MnS Consumer.
Session Duration:
106/7. For each MnS Consumer request, MnS Producer enforces access control using local policies applicable for the current authentication context.
Session Termination:
108. Upon session termination the authentication context is also terminated.
Annex E (informative):
5G specifications overview
The following figure and table show the overview information of 5G specifications which capture corresponding management features:
Figure E-1: Overview of 5G management specifications
In the figure, some features are generic management features which are applied to management of different network technologies, and some features are 5G specific management features which apply for management of 5G network only. The following table provides the overall 5G management features and the related specification information.
|
5G related management features |
Related specifications |
|
|
1 |
5G management capabilities (Heart beat) |
TS 28.537[39],TS 28.532[9] |
|
2 |
Network and service management concept |
TS 28.530[3] |
|
3 |
Network management service based management architecture |
TS 28.533[36] |
|
4 |
Management and orchestration; Levels of autonomous network |
TS 28.100[35] |
|
5 |
Network and Network slicing management related specifications |
|
|
5.1 |
Network and Network slicing provisioning |
TS 28.531[8],TS 28.532[9],TS 28.540[41],TS 28.541[4] |
|
5.2 |
Network and Network slicing fault supervision |
TS 28.545[28],TS 28.532[9] |
|
5.3 |
Network and Network slicing performance assurance |
TS 28.550[42],TS 28.532[9],TS 28.540[41],TS 28.541[4],TS 28.552[5], TS 28.554[6] |
|
5.4 |
NRM |
TS 28.540[41],TS 28.541[4] |
|
6 |
ONAP-3GPP integration |
TS 28.532[9] |
|
7 |
Trace and MDT management |
TS 32.421[43],TS 32.422[44], TS 32.423[45] |
|
8 |
QOE Management |
TS 28.622[32], TS 28.623[54], TS 28.404[48], TS 28.405[49],TS 28.406[50] |
|
9 |
Inventory management |
TS 28.631[51], TS 28.632[52], TS 28.633[53] |
|
10 |
Management data collection control and discovery (MADCOL) |
TS28.533[36], 28.532[9],28.622[32], 28.623[54] |
|
11 |
5G RAN Sharing |
TS 32.130[55], TS 28.541[4],TS 28.552[5] |
|
12 |
Edge Computing Management |
TS 28.538[40] |
|
13 |
Energy efficiency related specifications |
TS 28.310[56],TS 28.532[9],TS 28.552[5],TS 28.554[6] |
|
14 |
Management Data Analytics |
TS 28.104[57] |
|
15 |
5G SON management |
TS 28.313[58],TS 28.541[4] |
|
16 |
Plug and Connect |
TS 28.314[59],TS 28.315[60], TS 28.316[61] |
|
17 |
Policy management |
TS 28.555[62], TS 28.556[63] |
|
18 |
Close-loop SLS |
TS 28.535[37], TS 28.536[38] |
|
19 |
Intent-driven management |
TS 28.312[46] |
|
20 |
Management service discovery |
TS 28.530[3],TS 28.533[36] |
|
21 |
SLA management |
TS 28.540[41],TS 28.541[4], TS 28.531[8], TS 28.550[42] |
|
22 |
NPN management |
TS 28.557[47] |
|
23 |
Management of tenant information |
TS 28.530[3], TS 28.531[8],TS 28.533[36],TS 28.550[42],TS 28.552[5],TS 28.541[4] |
Annex F (informative):
Change history
|
Change history |
|||||||
|
Date |
Meeting |
TDoc |
CR |
Rev |
Cat |
Subject/Comment |
New version |
|
2018-09 |
SA#81 |
Upgrade to change control version |
15.0.0 |
||||
|
2018-12 |
SA#82 |
SP-181042 |
0001 |
1 |
F |
Add management service discovery |
15.1.0 |
|
2018-12 |
SA#82 |
SP-181042 |
0003 |
1 |
F |
Update reference to TS 28.532 |
15.1.0 |
|
2018-12 |
SA#82 |
SP-181042 |
0004 |
2 |
F |
Replace MF with management function |
15.1.0 |
|
2018-12 |
SA#82 |
SP-181042 |
0005 |
– |
F |
Implement MnS naming agreement |
15.1.0 |
|
2018-12 |
SA#82 |
SP-181042 |
0008 |
1 |
F |
Add usecase and requirements for MnS Query |
15.1.0 |
|
2019-06 |
SA#84 |
SP-190372 |
0015 |
1 |
B |
Add examples of ONAP utilizing the MnSs provided by 3GPP MnS Producer |
16.0.0 |
|
2019-09 |
SA#85 |
SP-190742 |
0026 |
1 |
A |
Add description of MnS provided by NF |
16.1.0 |
|
2019-09 |
SA#85 |
SP-190750 |
0028 |
2 |
B |
Add 3GPP Management Service deployment based on ZSM Framework |
16.1.0 |
|
2019-09 |
SA#85 |
SP-190742 |
0031 |
3 |
A |
Add management coordination with NWDAF |
16.1.0 |
|
2019-12 |
SA#86 |
SP-191219 |
0039 |
2 |
A |
Update of Management service description and diagram |
16.2.0 |
|
2019-12 |
SA#86 |
SP-191171 |
0044 |
1 |
B |
Add description for management capability support in multiple tenant environment |
16.2.0 |
|
2019-12 |
SA#86 |
SP-191219 |
0047 |
2 |
A |
Correction on example of MnS deployment scenario in clause 4.5 |
16.2.0 |
|
2019-12 |
SA#86 |
SP-191159 |
0049 |
– |
F |
Some correction on the reference in Clause 5.3 |
16.2.0 |
|
2019-12 |
SA#86 |
SP-191152 |
0051 |
1 |
B |
Introduce a MnS profile |
16.2.0 |
|
2019-12 |
SA#86 |
SP-191219 |
0053 |
1 |
A |
Clarify numerous definitions |
16.2.0 |
|
2020-03 |
SA#87E |
SP-200227 |
0056 |
1 |
A |
Add the missing paradigm of interaction between MnS producer and MnS consumer |
16.3.0 |
|
2020-03 |
SA#87E |
SP-200180 |
0057 |
1 |
F |
Update Clause 5.3 Management service deployment based on ZSM framework |
16.3.0 |
|
2020-03 |
SA#87E |
SP-200227 |
0064 |
2 |
A |
Update of Management service description and diagram |
16.3.0 |
|
2020-06 |
SA#88-e |
SP-200497 |
0068 |
– |
B |
Add clarifications to description of tenant concept |
16.4.0 |
|
2020-09 |
SA#89e |
SP-200724 |
0072 |
1 |
F |
Add missing definition |
16.5.0 |
|
2020-09 |
SA#89e |
Adding missing definition due that were missed in CR implementation |
16.5.1 |
||||
|
2020-12 |
SA#90e |
SP-201050 |
0073 |
1 |
F |
Cleanup based on refined slice definition |
16.6.0 |
|
2020-12 |
SA#90e |
SP-201050 |
0074 |
– |
F |
Add abbreviation reference |
16.6.0 |
|
2020-12 |
SA#90e |
SP-201056 |
0075 |
1 |
F |
Add example of closed loop SLS assurance |
16.6.0 |
|
2020-12 |
SA#90e |
SP-201088 |
0076 |
– |
F |
Correct inconsistent terminology |
16.6.0 |
|
2021-03 |
SA#91e |
SP-210145 |
0077 |
– |
A |
Fix errors in Exposure Governance descriptions |
16.7.0 |
|
2021-09 |
SA#93e |
SP-210864 |
0086 |
– |
C |
Remove unnecessary stage 2 details for discovery of management services |
17.0.0 |
|
2021-12 |
SA#94e |
SP-211456 |
0089 |
1 |
A |
Correcting the Scope |
17.1.0 |
|
2021-12 |
SA#94e |
SP-211467 |
0090 |
– |
C |
Remove MnS Discovery use case and requirement |
17.1.0 |
|
2021-12 |
SA#94e |
SP-211468 |
0092 |
– |
B |
Enhance SBMA to support access control |
17.1.0 |
|
2021-12 |
SA#94e |
SP-211468 |
0093 |
– |
B |
Enhance request-response communication paradigm to support access contro |
17.1.0 |
|
2021-12 |
SA#94e |
SP-211454 |
0095 |
– |
A |
Fix editorial issues |
17.1.0 |
|
2022-03 |
SA#95e |
SP-220186 |
0098 |
1 |
F |
Add 5G specification information |
17.2.0 |