5.5 Protocol Zpn between NAF and BSF based on Web Services

29.1093GPPGeneric Authentication Architecture (GAA)Release 17Stage 3TSZh and Zn Interfaces based on the Diameter protocol

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The procedures in the NAF and in the BSF related Web Services [13] based Zpn interface are the same as specified in clause 5.4, but instead of Diameter messages a Web Services procedures shall be used to communicate over Zpn interface. AnnexG specifies the GBA Service for Web Services, i.e., it contains the Web Services Definition Language (WSDL) [14] specification for GBA Service. Below are the attributes that are defined for GBA Service request, response, and fault cases.

Figure 5.5: The Web Services based GAA application procedure

The possible attribute value definitions and restrictions for the request, response, and fault messages are the same as in clause 6 unless explicitly specified in this clause. The steps of the GAA application procedure in Figure 5.4 are:

Step 1

The NAF shall send a "requestGbaPushInfoRequest message" to the BSF. The WSDL schema of this message is included in Annex G.

Following elements are included into this message:

– "ptid"

This is P-TID and it is given to the BSF so that it can be included in the encrypted "gbaPushInfo" element in the response. Description in subclause 6.3.1.19 applies.

– "nafid"

This is the NAF-Id. Description in subclause 6.3.1.3 applies.

– "gsid"

This element contains the GAA Services Identifiers. Description in subclause 6.3.1.4 applies while the GAA Service Type Codes for 3GPP standardized services are defined in Annex B.

– "gbaUAware"

This element is optionally included. It indicates whether NAF is GBA_U aware, and is capable of using and handling the "uiccKeyMaterial". The default value for "gbaUAware" is false. Description and values defined for the corresponding Diameter AVP in subclause 6.3.1.8 apply.

– "userId"

This element indicates the user identity. Description in subclause 6.3.1.12 applies.

– "userIdType"

This element indicates the user identity type, i.e. private or public. Description and values defined for the corresponding Diameter AVP in subclause 6.3.1.13 apply.

– "uiccAppLabel"

This element includes the UICC application identity to be used. Description in subclause 6.3.1.14 applies.

– "uiccOrMe"

This element indicates the BSF whether GBA_ME or GBA_U is to be used for GBA push. Description and values defined for the corresponding Diameter AVP in subclause 6.3.1.15 apply.

– "requestedLifeTime"

This element indicates the requested key lifetime for the NAF keys. Description in subclause 6.3.1.16 applies.

– "privateIdRequest"

– If this element is present it indicates that the NAF requests the BSF to send the private user identity of the user. Description and values defined for the corresponding Diameter AVP in subclause 6.3.1.17 apply."securityFeaturesRequest"

If this element is present it indicates that the NAF requests information on the availability of security features. The element may contain a semicolumn-separated list of security features that are available ordered by preference. Description in subclause 6.3.1.20 applies while the values are defined in Annex A.

The NAF may use one or more "extension" elements to include additional data to the request, but the BSF may ignore the additional data.

This SOAP message shall be sent to BSF, then the URI of the message shall contain the BSF address.

In the case the NAF is in a visited network, the NAF contacts the subscriber’s home BSF through a GBA-Proxy that is located in the same network as the NAF. The local BSF and the GBA-Proxy may be co-located. See 3GPP TS 33.220 [6].

Step 2

The procedures for step 2 are the same as in step 2 in clause 5.4.

If any of the error situations described in step 2 in clause 5.4 arises, the BSF shall respond with a requestGbaPushInfoFault message, as defined in Annex G. The "errorCode" element shall contain the corresponding Diameter error code (see clause 6.2.2). If the "errorText" is included, it shall contain a human-readable description of the error.

Step 3

After that, the "requestGbaPushInfoResponse" message is sent back to the NAF. The WSDL schema of this message is included in Annex G.

Following elements are included into this message:

– "impi"

This element is optionally included according to BSF configuration. It is only returned if requested and public user identity was used in "requestGbaPushInfoRequest" message. Description for User-Name AVP from 3GPP TS 29.229 [3] applies.

– "meKeyMaterial"

It includes the mandatory common key material with the ME (Ks_NAF or Ks_ext_NAF). Description in subclause 6.3.1.6 applies.

– "uiccKeyMaterial"

This element is the common key material with the UICC (Ks_int_NAF). It is optionally sent only if the "uiccType" tag in "bsfInfo" (received by BSF from the HSS over Zh) is set to "GBA_U". Description in subclause 6.3.1.7 applies.

– "keyExpiryTime"

It contains the expiry time of the Bootstrapping information in the BSF according its configuration. If a special key lifetime value is given in the "lifeTime" tag inside the "bsfInfo" (received by BSF from the HSS over Zh) in bootstraping procedure, it shall be used instead of the BSF default configuration value when the expiry time is calculated. Description in subclause 6.3.1.5 applies.

– "bootstrappingInfoCreationTime"

This element contains the bootstrapinfo creation time, i.e., creation time of the Bootstrapping information in the BSF. Description in subclause 6.3.1.9 applies.

– "gbaType"

This element indicates the type of used authentication in the bootstrapping procedure to the NAF in "gbaType" element. It shall be included if other than 3G GBA type has been performed. Description and values defined for the corresponding Diameter AVP in subclause 6.3.1.11 apply.

– "ussList"

This element is optionally included. The BSF shall select the appropriate User Security Settings (if any) into the "ussList" element from stored GAA-UserSecSettings in Bootstrapping information according "gsid" elements in the request message. The "ussList" element contains a standalone XML document whose root element shall be "ussList" element as specified in Annex A and which contains the User Security Settings selected by the BSF. Description in subclause 6.3.1.1 applies.

– "gbaPushInfo"

This element includes the GPI. Description in subclause 6.3.1.18 applies.

– "securityFeaturesResponse"

If the BSF supports the usage of securityFeature and the NAF has requested the securityFeatures from the BSF in the request, the BSF shall extract securityFeatures element from the "bsfInfo" element in subscriber’s GUSS and add those security features to the securityFeaturesResponse element in the response which are common in the received "securityFeaturesRequest" from the NAF and the extracted information from the "bsfInfo" element. The common security features are added to the "SecurityFeaturesResponse" element in the order as they appear in the "bsfInfo" element. If "securityFeatures" element is not defined in the GUSS or there is no common "securityFeature", the BSF shall add empty string to the "securityFeaturesResponse" element in the response. Description in subclause 6.3.1.21 applies while the values are defined in Annex A.

The BSF may use one or more "extension" elements to include additional data to the request, but the NAF may ignore the additional data.

When the NAF receives the "requestGbaPushInfoResponse" message, the NAF shall check the value of the "gbaType" element if it is included in the message. If the NAF does not support the GBA type the NAF shall stop processing the message and should indicate an error via the O&M subsystem. The further procedure in the NAF when the "requestGbaPushInfoResponse" message is received is described in 3GPP TS 33.220 [5], 3GPP TS 33.222 [11] and optionally in GAA service type specific TSs.