5 Services offered by the NEF (UAS-NF)

29.2563GPPAerial Management ServicesRelease 17Stage 3TSUncrewed Aerial Systems Network Function (UAS-NF)

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

5.1 Introduction

The table 5.1-1 shows the NEF (UAS-NF) Services and Service Operations:

Table 5.1-1 List of NEF (UAS-NF) Services

Service Name	Service Operations	Operation Semantics	Example Consumer(s)	Mapped Service Operation
Nnef_Authentication	AuthenticateAuthorize	Request/Response	AMF, SMF, SMF+PGW-C	Nnef_Authentication_AuthenticateAuthorize
Nnef_Authentication	Notification	Subscribe/Notify	AMF, SMF, SMF+PGW-C	Nnef_Authentication_Notification

5.2 Nnef_Authentication Service

5.2.1 Service Description

The service allows communication of authentication and authorization messages between AMF/SMF and external AF (USS). An NF as service consumer (e.g. AMF, SMF, SMF+PGW-C) can authenticate or subscribe to receive notifications from NEF (UAS-NF) related to reauthentication, update authorization data or revoke authorization of the UAV.

5.2.2 Service Operations

5.2.2.1 Introduction

The Nnef_Authentication service supports following service operations:

– AuthenticateAuthorize

– Notification

5.2.2.2 AuthenticateAuthorize Service Operation

5.2.2.2.1 General

The AuthenticateAuthorize service operation is used during the following procedure:

– UUAA-MM and UUAA-SM procedures (see 3GPP TS 23.256 [6], clause 5.2.2 and clause 5.2.3, respectively)

– C2 authorization (see 3GPP TS 23.256 [6], clause 5.2.5)

The AuthenticateAuthorize service operation is invoked by an NF Service Consumer (e.g. an AMF, SMF, SMF+PGW-C) towards the NEF (UAS-NF), when UUAA-MM is done at 5GS registration, UUAA-SM is done at PDU session establishment, or for Authorization for C2 in 5GS or EPS.

The NF Service Consumer (e.g. the AMF or the SMF or the SMF+PGW-C) shall send the authentication message to NEF (UAS-NF) by sending the HTTP POST request towards the UAV Authentications resource as shown in Figure 5.2.2.2.1-1.

Figure 5.2.2.2.1-1: AuthenticateAuthorize Service Operation

1. The NF Service Consumer shall send a POST request to the resource representing the UAV Authentications resource of the NEF (UAS-NF) with a "UAVAuthInfo" object in the request body, including:

– gpsi IE set to GPSI (in the format of External Identifier) of the UAV;

– serviceLevelId IE set to Service Level Device Identity;

– authMsg IE contains the service-level AA message

. This IE is deprecated; the "authContainer" IE should be used instead.

– "authContainer" IE that contains one or more authentication message(s) in the AA container provided by the UE (see 3GPP TS 23.256 [6]). This IE deprecates the "authMsg" IE.

– authNotificationURI IE provides the notification URI to receive notifications related to authentication;

– authServerAddress IE provides the Authorization Server Address, e.g. Authorization Server FQDN. This IE is not included for intermediate round-trip authentication messages;

– nfType IE carries the NF type of the NF service consumer (e.g. AMF or SMF or SMF+PGW-C); and

– userLocInfo IE provides the user location information (e.g. cell Id).

If the NF Service Consumer is SMF or SMF+PGW-C, the "UAVAuthInfo" also may include:

– ipAddr IE carries the IP Address associated with the PDU session;

– pei IE carries the PEI;

If the NF Service Consumer is SMF or SMF+PGW-C, for UUAA-MM and UUAA-SM procedures the "UAVAuthInfo" also may include:

– dnn IE carries the DNN which can be used by NEF (UAS-NF) later on to create a subscription at SMF; and

– sNssai IE carries the S-NSSAI which can be used by NEF (UAS-NF) later on to create a subscription at SMF.

2a. On success, the NEF (UAS-NF) shall store the result and return "200 OK".

For intermediate round-trip messages, the payload body (i.e. UAVAuthResponse) shall contain the GPSI of the UAV and Service Level Device Identity. The payload body optionally includes "authContainer", see 3GPP TS 23.256 [6] for further details.

For the final NEF (UAS-NF) to NF service consumer message, the payload body (i.e. UAVAuthResponse) shall contain the GPSI of the UAV, notifyCorrId attribute and "authResult" attribute. If the UAV is authenticated successfully, the NEF (UAS-NF) shall set the "authResult" attribute to "AUTH_SUCCESS". "authMsg" and "authResult" attributes are deprecated; the attribute "authContainer" should be used instead. The payload body shall contain the authorized Service Level Device Identity and "authContainer" payload delivering the AA result, configuration information to the UAV. The AMF forwards the message transparently to UE over NAS MM.

2b. On failure or redirection, one of the HTTP status codes listed in Table 6.1.7.3-1 shall be returned. For a 4xx/5xx response, the message body containing a ProblemDetails structure with the "cause" attribute set to one of the application errors listed in Table 6.1.7.3-1.

If the NEF (UAS-NF) cannot successfully fulfil the received HTTP POST request due to an internal error or an error in the HTTP POST request, the NEF (UAS-NF) shall send the HTTP error response as specified in clause 6.1.7.

If the UAV authentication is failed, the NEF (UAS-NF) shall reject the request with an HTTP "403 Forbidden" response message including the "cause" attribute of the ProblemDetails data structure set to "AUTHENTICATION_FAILURE". NEF (UAS-NF) shall also include an indication of uasResourceRelease received from the USS to indicate if the PDU sessions associated with the "DNN(s) subject to aerial services" can be released or not, during re-authentication failure, when the service operation is used during Re-authentication procedure.

In above steps, while there is no expected response from the USS in the case of time out, the NEF(UAS-NF) shall return HTTP status code "504 Gateway Timeout", with the message body containing a ProblemDetails structure with the "cause" attribute set to "PEER_NOT_RESPONDING".

5.2.2.3 AuthNotify Service Operation

5.2.2.3.1 General

The AuthNotify service operation is used during the following procedure:

– USS Initiated reauthentication (see 3GPP TS 23.256 [6], clause 5.2.4)

– USS Initiated update authorization data or revoke authorization of the UAV

The AuthNotify service operation is invoked by the NEF (UAS-NF) to inform a NF Service Consumer (e.g. AMF, SMF, SMF+PGW-C), when USS triggers reauthentication, update authorization data or revoke authorization of the UAV. NEF (UAS-NF) shall determine the NF service consumer based on the previously stored UUAA context during the successful UUAA procedure as defined in clause 5.2.2.2.

The NEF (UAS-NF) shall send the AuthNotify request by sending the HTTP POST method towards the Notification URI as shown in Figure 5.2.2.3.1-1.

Figure 5.2.2.3.1-1: AuthNotify Service Operation

1. The NEF (UAS-NF) shall send a POST request towards the Notification URI received in the Authenticate service operation request (See clause 5.2.2.2.1). The NEF (UAS-NF) shall be able to determine the NF type of the NF service consumer by nfType IE received in the Authenticate service operation request. The request body shall contain a "AuthNotification" object containing the reauthentication information or update authorization information or revoke authorization indication.

When the procedure is used for reauthentication or reauthorization/update authorization information, the AuthNotification object includes:

– the gpsi IE set to the GPSI (in the format of External Identifier) of the given UAV required to be reauthenticated;

– serviceLevelId IE set to the Service Level Device Identity of the UAV;

– authMsg IE contains the service-level AA message. This IE is deprecated; the "authContainer" IE should be used instead.

– "authContainer" IE that contains AA related data provided by the UE (see 3GPP TS 23.256 [6]). This IE deprecates the "authMsg" IE.

– notifType IE set to REAUTH used for reauthentication and/or notifType IE set to UPDATEAUTH used for update authorization data; and

– notifyCorrId IE set to the notification correlation ID;

When the procedure is used for authorization revocation, the AuthNotification object includes:

– the gpsi IE set to the GPSI (in the format of External Identifier) of the given UAV;

– serviceLevelId IE set to the Service Level Device Identity of the UAV;

– notifType IE set to REVOKE; and

– notifyCorrId IE set to the notification correlation ID;

2a. On success, "204 No content" shall be returned without response body. If the NF Service consumer remove the successful UUAA result during UUAA Revocation procedure, the NEF (UAS-NF) shall remove the UUAA context (see clause 5.2.7 of 3GPP TS 23.256 [6]).

2b. On failure or redirection, one of the HTTP status code listed in Table 6.1.5.2.3.1-3 shall be returned. For a 4xx/5xx response, the response body should contain a "ProblemDetails" object.

If the NF service consumer cannot successfully fulfil the received HTTP POST request due to an internal error or an error in the HTTP POST request, the NF service consumer shall send an HTTP error response as specified in clause 6.1.7.