6 API Definitions
29.2563GPPAerial Management ServicesRelease 17Stage 3TSUncrewed Aerial Systems Network Function (UAS-NF)
6.1 Nnef_Authentication Service API
6.1.1 Introduction
The Nnef_Authentication shall use the Nnef_Authentication API.
The API URI of the Nnef_Authentication API shall be:
{apiRoot}/<apiName>/<apiVersion>
The request URIs used in HTTP requests from the NF service consumer towards the NF service producer shall have the Resource URI structure defined in clause 4.4.1 of 3GPP TS 29.501 [5], i.e.:
{apiRoot}/<apiName>/<apiVersion>/<apiSpecificResourceUriPart>
with the following components:
– The {apiRoot} shall be set as described in 3GPP TS 29.501 [5].
– The <apiName> shall be "nnef-authentication".
– The <apiVersion> shall be "v1".
– The <apiSpecificResourceUriPart> shall be set as described in clause 6.1.3.
6.1.2 Usage of HTTP
6.1.2.1 General
HTTP/2, IETF RFC 7540 [8], shall be used as specified in clause 5 of 3GPP TS 29.500 [4].
HTTP/2 shall be transported as specified in clause 5.3 of 3GPP TS 29.500 [4].
The OpenAPI [9] specification of HTTP messages and content bodies for the Nnef_Authentication API is contained in Annex A.
6.1.2.2 HTTP standard headers
6.1.2.2.1 General
See clause 5.2.2 of 3GPP TS 29.500 [4] for the usage of HTTP standard headers.
6.1.2.2.2 Content type
JSON, IETF RFC 8259 [10], shall be used as content type of the HTTP bodies specified in the present specification as specified in clause 5.4 of 3GPP TS 29.500 [4]. The use of the JSON format shall be signalled by the content type "application/json".
"Problem Details" JSON object shall be used to indicate additional details of the error in a HTTP response body and shall be signalled by the content type "application/problem+json", as defined in IETF RFC 7807 [11].
6.1.2.3 HTTP custom headers
The mandatory HTTP custom header fields specified in clause 5.2.3.2 of 3GPP TS 29.500 [4] shall be applicable.
6.1.3 Resources
6.1.3.1 Overview
This clause describes the structure for the Resource URIs and the resources and methods used for the service.
Figure 6.1.3.1-1 depicts the resource URIs structure for the Nnef_Authentication API.
Figure 6.1.3.1-1: Resource URI structure of the Nnef_Authentication API
Table 6.1.3.1-1 provides an overview of the resources and applicable HTTP methods.
Table 6.1.3.1-1: Resources and methods overview
|
Resource name |
Resource URI |
HTTP method or custom operation |
Description |
|
uav-authentications |
/uav-authentications |
POST |
A UAV authentication |
6.1.3.2 Resource: uav-authentications
The resource represents UAV Authentications to be done with the NEF (UAS-NF).
6.1.3.2.1 Description
6.1.3.2.2 Resource Definition
Resource URI: {apiRoot}/nnef-authentication/<apiVersion>/uav-authentications
This resource shall support the resource URI variables defined in table 6.1.3.2.2-1.
Table 6.1.3.2.2-1: Resource URI variables for this resource
|
Name |
Data type |
Definition |
|
apiRoot |
string |
See clause 6.1.1 |
6.1.3.2.3 Resource Standard Methods
6.1.3.2.3.1 POST
This method performs UAV authentication.
This method shall support the URI query parameters specified in table 6.1.3.2.3.1-1.
Table 6.1.3.2.3.1-1: URI query parameters supported by the POST method on this resource
|
Name |
Data type |
P |
Cardinality |
Description |
Applicability |
|
n/a |
This method shall support the request data structures specified in table 6.1.3.2.3.1-2 and the response data structures and response codes specified in table 6.1.3.2.3.1-3.
Table 6.1.3.2.3.1-2: Data structures supported by the POST Request Body on this resource
|
Data type |
P |
Cardinality |
Description |
|
UAVAuthInfo |
M |
1 |
Represents the data to be used for UAV authentication |
Table 6.1.3.2.3.1-3: Data structures supported by the POST Response Body on this resource
|
Data type |
P |
Cardinality |
Response codes |
Description |
|
UAVAuthResponse |
M |
1 |
200 OK |
Successful request of UAV authentication and authorization. If C2 authorization request is sent during UUAA-SM, the final response indicates that at least UUAA has succeeded. |
|
RedirectResponse |
O |
0..1 |
307 Temporary Redirect |
Temporary redirection. The response shall include a Location header field containing a different URI, or the same URI if a request is redirected to the same target resource via a different SCP. In the former case, the URI shall be an alternative URI of the resource located on an alternative service instance within the same NEF (UAS-NF) or NEF (UAS-NF) (service) set. (NOTE 2) |
|
RedirectResponse |
O |
0..1 |
308 Permanent Redirect |
Permanent redirection. The response shall include a Location header field containing a different URI, or the same URI if a request is redirected to the same target resource via a different SCP. In the former case, the URI shall be an alternative URI of the resource located on an alternative service instance within the same NEF (UAS-NF) or NEF (UAS-NF) (service) set. (NOTE 2) |
|
UAVAuthFailure |
O |
0..1 |
403 Forbidden |
This represents that the UAV authentication is failed, the "cause" attribute of the ProblemDetails data structure set to: – AUTHENTICATION_FAILURE See table 6.1.7.3-1 for the description of these errors. |
|
ProblemDetails |
O |
0..1 |
504 Gateway Timeout |
The "cause" attribute may be used to indicate the following application error: – PEER_NOT_RESPONDING See table 6.1.7.3-1 for the description of the error. |
|
NOTE 1: The mandatory HTTP error status code for the POST method listed in Table 5.2.7.1-1 of 3GPP TS 29.500 [4] also apply. NOTE 2: RedirectResponse may be inserted by an SCP, see clause 6.10.9.1 of 3GPP TS 29.500 [4]. |
||||
Table 6.1.3.2.3.1-4: Headers supported by the 307 Response Code on this resource
|
Name |
Data type |
P |
Cardinality |
Description |
|
Location |
string |
M |
1 |
An alternative URI of the resource located on an alternative service instance within the same NEF (UAS-NF) or NEF (UAS-NF) (service) set. Or the same URI, if a request is redirected to the same target resource via a different SCP. |
|
3gpp-Sbi-Target-Nf-Id |
string |
O |
0..1 |
Identifier of the target NF (service) instance ID towards which the request is redirected |
Table 6.1.3.2.3.1-5: Headers supported by the 308 Response Code on this resource
|
Name |
Data type |
P |
Cardinality |
Description |
|
Location |
string |
M |
1 |
An alternative URI of the resource located on an alternative service instance within the same NEF (UAS-NF) or UAS-NF/NEF (service) set. Or the same URI, if a request is redirected to the same target resource via a different SCP. |
|
3gpp-Sbi-Target-Nf-Id |
string |
O |
0..1 |
Identifier of the target NF (service) instance ID towards which the request is redirected |
6.1.3.2.4 Resource Custom Operations
None
6.1.5 Notifications
6.1.5.1 General
This clause specifies the notifications provided by the Nnef_Authentication service.
Notifications shall comply to clause 6.2 of 3GPP TS 29.500 [4] and clause 4.6.2.3 of 3GPP TS 29.501 [5].
6.1.5.2 Authentication Notification
6.1.5.2.1 Description
The NF Service Consumer (e.g. the AMF or SMF or SMF+PGW-C) provides the Notification URI for getting notified about reauthentication requested by the USS. The NEF (UAS-NF) shall notify the NF Service Consumer when reauthentication is requested by the USS.
6.1.5.2.2 Target URI
The Notification URI "{notifUri}" shall be used with the callback URI variables defined in table 6.1.5.2.2-1.
Table 6.1.5.2.2-1: Callback URI variables
|
Name |
Definition |
|
notificationUri |
String formatted as URI with the Callback Uri |
6.1.5.2.3 Standard Methods
6.1.5.2.3.1 POST
This method shall support the request data structures specified in table 6.1.5.2.3.1-1 and the response data structures and response codes specified in table 6.1.5.2.3.1-2.
Table 6.1.5.2.3.1-1: Data structures supported by the POST Request Body
|
Data type |
P |
Cardinality |
Description |
|
AuthNotification |
M |
1 |
Contains the reauthentication information. |
Table 6.1.5.2.3.1-2: Data structures supported by the POST Response Body
|
Data type |
P |
Cardinality |
Response codes |
Description |
|
n/a |
204 No Content |
Successful notification of reauthentication |
||
|
RedirectResponse |
O |
0..1 |
307 Temporary Redirect |
Temporary redirection. The response shall include a Location header field containing a different URI. The URI shall be an alternative URI of the resource located on an alternative service instance within the same NF consumer where the notification should be sent. If an SCP redirects the message to another SCP then the location header field shall contain the same URI or a different URI pointing to the endpoint of the NF service consumer to which the notification should be sent. (NOTE 2) |
|
RedirectResponse |
O |
0..1 |
308 Permanent Redirect |
Permanent redirection. The response shall include a Location header field containing a different URI. The URI shall be an alternative URI of the resource located on an alternative service instance within the same NF consumer where the notification should be sent. If an SCP redirects the message to another SCP then the location header field shall contain the same URI or a different URI pointing to the endpoint of the NF service consumer to which the notification should be sent. (NOTE 2) |
|
NOTE 1: The mandatory HTTP error status codes for the POST method listed in Table 5.2.7.1-1 of 3GPP TS 29.500 [4] also apply, with response body containing an object of ProblemDetails data type (see clause 5.2.7 of 3GPP TS 29.500 [4]). NOTE 2: RedirectResponse may be inserted by an SCP, see clause 6.10.9.1 of 3GPP TS 29.500 [4]. |
||||
Table 6.1.5.2.3.1-4: Headers supported by the 307 Response Code on this resource
|
Name |
Data type |
P |
Cardinality |
Description |
|
Location |
string |
M |
1 |
A URI pointing to the endpoint of NF service consumer to which the notification should be sent |
|
3gpp-Sbi-Target-Nf-Id |
string |
O |
0..1 |
Identifier of the target NF (service) instance ID towards which the notification is redirected |
Table 6.1.5.2.3.1-5: Headers supported by the 308 Response Code on this resource
|
Name |
Data type |
P |
Cardinality |
Description |
|
Location |
string |
M |
1 |
A URI pointing to the endpoint of NF service consumer to which the notification should be sent |
|
3gpp-Sbi-Target-Nf-Id |
string |
O |
0..1 |
Identifier of the target NF (service) instance ID towards which the notification is redirected |
6.1.6 Data Model
6.1.6.1 General
This clause specifies the application data model supported by the API.
Table 6.1.6.1-1 specifies the data types defined for the Nnef_Authentication service based interface protocol.
Table 6.1.6.1-1: Nnef_Authentication specific Data Types
|
Data type |
Clause defined |
Description |
Applicability |
|
UAVAuthInfo |
6.1.6.2.2 |
Information within Authenticate Request |
|
|
AuthNotification |
6.1.6.2.3 |
Information within notification |
|
|
UAVAuthResponse |
6.1.6.2.4 |
Information within Authenticate Response |
|
|
UAVAuthFailure |
6.1.6.2.5 |
Information within Authenticate Response |
|
|
AuthResult |
6.1.6.3.3 |
Enumeration indicating authentication result |
|
|
NotifType |
6.1.6.3.4 |
Enumeration Notification type |
|
|
AuthContainer |
6.1.6.2.6 |
Carries the AA related data |
Table 6.1.6.1-2 specifies data types re-used by the Nnef_Authentication service based interface protocol from other specifications, including a reference to their respective specifications and when needed, a short description of their use within the Nnef_Authentication service based interface.
Table 6.1.6.1-2: Nnef_Authentication re-used Data Types
|
Data type |
Reference |
Comments |
Applicability |
|
IpAddr |
3GPP TS 29.571 [15] |
IP address |
|
|
Pei |
3GPP TS 29.571 [15] |
Permanent Equipment Identifier |
|
|
Uri |
3GPP TS 29.571 [15] |
Uri |
|
|
Gpsi |
3GPP TS 29.571 [15] |
GPSI |
|
|
ExtSnssai |
3GPP TS 29.571 [15] |
Ext Snssai |
|
|
Dnn |
3GPP TS 29.571 [15] |
DNN information |
|
|
UserLocation |
3GPP TS 29.571 [15] |
User location |
|
|
RedirectResponse |
3GPP TS 29.571 [15] |
Contains redirection related information |
|
|
NFType |
3GPP TS 29.510 [14] |
NF Type |
|
|
RefToBinaryData |
3GPP TS 29.571 [15] |
authMsg data, AA message payload data |
|
|
Bytes |
3GPP TS 29.571 [15] |
Binary data encoded as a base64 character string |
6.1.6.2 Structured data types
6.1.6.2.1 Introduction
This clause defines the structures to be used in resource representations.
6.1.6.2.2 Type: UAVAuthInfo
Table 6.1.6.2.2-1: Definition of type UAVAuthInfo
|
Attribute name |
Data type |
P |
Cardinality |
Description |
Applicability |
|
gpsi |
Gpsi |
M |
1 |
GPSI of the UAV |
|
|
serviceLevelId |
string |
M |
1 |
Service Level Device Identity of the UAV |
|
|
ipAddr |
IpAddr |
O |
0..1 |
This IE may be present if the NF Service Consumer is the SMF or SMF+PGW-C. When present, this IE indicates the IP address associated with the PDU session. |
|
|
authMsg |
RefToBinaryData |
O |
0..1 |
Contains the service-level AA message. This attribute is deprecated; the attribute "authContainer" should be used instead. |
|
|
authContainer |
array(AuthContainer) |
O |
1..N |
Contains the AA related data without the "authResult" attribute. This attribute deprecates "authMsg" attribute. |
|
|
pei |
Pei |
O |
0..1 |
This IE may be present if the NF Service Consumer is the SMF or SMF+PGW-C. When present, PEI associated with the UAV. |
|
|
authServerAddress |
string |
O |
0..1 |
Provides the Authorization Server Address, e.g. Authorization Server FQDN. |
|
|
authNotificationURI |
Uri |
C |
0..1 |
This IE shall be present in the initial authentication message. It carries the notification URI to receive authentication related notifications |
|
|
dnn |
Dnn |
C |
0..1 |
This IE shall be present if the NF Service Consumer is the SMF or SMF+PGW-C. When present, this IE indicates DNN associated with the PDU session. |
|
|
sNssai |
ExtSnssai |
C |
0..1 |
This IE shall be present if the NF Service Consumer is the SMF. When present, this IE indicates the S-NSSAI associated with the PDU session. |
|
|
ueLocInfo |
UserLocation |
O |
0..1 |
This IE shall contain the UE location information if it is available. |
|
|
nfType |
NFType |
M |
0..1 |
NFType of the NF service consumer. Possible NFType values supported in this release of the specification are – AMF – SMF |
6.1.6.2.3 Type: AuthNotification
Table 6.1.6.2.3-1: Definition of type AuthNotification
|
Attribute name |
Data type |
P |
Cardinality |
Description |
Applicability |
|
gpsi |
Gpsi |
M |
1 |
GPSI of the UAV |
|
|
serviceLevelId |
string |
M |
1 |
Service Level Device Identity of the UAV |
|
|
authMsg |
RefToBinaryData |
C |
0..1 |
Contains the service-level AA message. This IE may be present if the notifType is set to "UPDATEAUTH". This attribute is deprecated; the attribute "authContainer" should be used instead. |
|
|
authContainer |
array(AuthContainer) |
C |
1..N |
Contains the AA related data, including optionally the "authResult" attribute. This IE shall be present if the notifType is set to "UPDATEAUTH". This attribute deprecates "authMsg" attribute. |
|
|
notifType |
NotifType |
M |
1 |
This IE shall contain the notification type. |
|
|
notifyCorrId |
string |
M |
1 |
This IE shall contain the Notification Correlation Id. |
6.1.6.2.4 Type: UAVAuthResponse
Table 6.1.6.2.4-1: Definition of type UAVAuthResponse
|
Attribute name |
Data type |
P |
Cardinality |
Description |
Applicability |
|
gpsi |
Gpsi |
M |
1 |
GPSI of the UAV |
|
|
authResult |
AuthResult |
C |
0..1 |
This IE shall be present for the final NEF (UAS-NF) to NF service consumer message. Conveys the UAV authentication result. This attribute is deprecated; the attribute "authContainer" should be used instead. |
|
|
authMsg |
RefToBinaryData |
O |
0..1 |
Contains the service-level AA message. This attribute is deprecated; the attribute "authContainer" should be used instead. |
|
|
authContainer |
array(AuthContainer) |
C |
1..N |
Contains the AA related data, including the "authResult" attribute in the final AA response. This attribute shall be present for the final AA response message. This attribute deprecates "authMsg" attribute. |
|
|
serviceLevelId |
string |
O |
0..1 |
This IE contains the authorized Service Level Device Identity |
|
|
notifyCorrId |
string |
O |
0..1 |
When present, this IE shall contain the Notification Correlation Id. |
6.1.6.2.5 Type: UAVAuthFailure
Table 6.1.6.2.x-1: Definition of type UAVAuthFailure
|
Attribute name |
Data type |
P |
Cardinality |
Description |
Applicability |
|
error |
ProblemDetails |
M |
0..1 |
Represents the application error information. The application level error cause shall be encoded in the "cause" attribute. |
|
|
uasResourceRelease |
boolean |
C |
0..1 |
This IE shall be present and used to indicate if the PDU sessions associated with the "DNN(s) subject to aerial services" can be released or not, during re-authentication failure. It shall be included if the "cause" attribute of the ProblemDetails data structure set to "AUTHENTICATION_FAILURE". When present, it shall be set as follows: – true: the PDU sessions associated with the "DNN(s) subject to aerial services" release is requested; – false (default): the PDU sessions associated with the "DNN(s) subject to aerial services" release is not requested. |
6.1.6.2.6 Type: AuthContainer
Table 6.1.6.2.X-1: Definition of type AuthContainer
|
Attribute name |
Data type |
P |
Cardinality |
Description |
Applicability |
|
authMsgType |
Bytes |
O |
0..1 |
This IE, when present, carries the Service-level-AA payload type specified in clause 9.11.2.15 of 3GPP TS 24.501 [16]. |
|
|
authMsgPayload |
RefToBinaryData |
O |
0..1 |
AA message payload data. |
|
|
authResult |
AuthResult |
C |
0..1 |
Shall be present for the final AA response conveying the AA result. |
6.1.6.3 Simple data types and enumerations
6.1.6.3.1 Introduction
This clause defines simple data types and enumerations that can be referenced from data structures defined in the previous clauses.
6.1.6.3.2 Simple data types
The simple data types defined in table 6.1.6.3.2-1 shall be supported.
Table 6.1.6.3.2-1: Simple data types
|
Type Name |
Type Definition |
Description |
Applicability |
6.1.6.3.3 Enumeration: AuthResult
The enumeration AuthResult represents the result of authentication and/or authorization. It shall comply with the provisions defined in table 6.1.5.3.3-1.
Table 6.1.6.3.3-1: Enumeration AuthResult
|
Enumeration value |
Description |
Applicability |
|
"AUTH_SUCCESS" |
The UAV authentication or C2 Authorization has succeeded. |
|
|
"AUTH_FAIL" |
The UAV authentication or C2 Authorization has failed. |
6.1.6.3.4 Enumeration: NotifType
The enumeration NotifType represents the type of notification. It shall comply with the provisions defined in table 6.1.6.3.4-1.
Table 6.1.6.3.4-1: Enumeration NotifType
|
Enumeration value |
Description |
Applicability |
|
"REAUTH" |
The UAV needs to be reauthenticated. |
|
|
"UPDATEAUTH" |
Authorization data needs to be updated to UAV. |
|
|
"REVOKE" |
Revoke UAV authentication and authorization |
6.1.7 Error Handling
6.1.7.1 General
For the Nnef_Authentication API, HTTP error responses shall be supported as specified in clause 4.8 of 3GPP TS 29.501 [5]. Protocol errors and application errors specified in table 5.2.7.2-1 of 3GPP TS 29.500 [4] shall be supported for an HTTP method if the corresponding HTTP status codes are specified as mandatory for that HTTP method in table 5.2.7.1-1 of 3GPP TS 29.500 [4].
In addition, the requirements in the following clauses are applicable for the Nnef_Authentication API.
6.1.7.2 Protocol Errors
No specific procedures for the Nnef_Authentication service are specified.
6.1.7.3 Application Errors
The application errors defined for the Nnef_Authentication service are listed in Table 6.1.7.3-1.
Table 6.1.7.3-1: Application errors
|
Application Error |
HTTP status code |
Description |
|
AUTHENTICATION_FAILURE |
403 Forbidden |
The UAV authentication is failed |
|
PEER_NOT_RESPONDING |
504 Gateway Timeout |
No response is received from the remote peer (i.e. USS) when time out. |
6.1.8 Feature negotiation
The optional features in table 6.1.8-1 are defined for the Nnef_Authentication API. They shall be negotiated using the extensibility mechanism defined in clause 6.6 of 3GPP TS 29.500 [4].
Table 6.1.8-1: Supported Features
|
Feature number |
Feature Name |
Description |
6.1.9 Security
As indicated in 3GPP TS 33.501 [12] and 3GPP TS 29.500 [4], the access to the Nnef_Authentication API may be authorized by means of the OAuth2 protocol (see IETF RFC 6749 [13]), based on local configuration, using the "Client Credentials" authorization grant, where the NRF (see 3GPP TS 29.510 [14]) plays the role of the authorization server.
If OAuth2 is used, an NF Service Consumer, prior to consuming services offered by the Nnef_Authentication API, shall obtain a "token" from the authorization server, by invoking the Access Token Request service, as described in 3GPP TS 29.510 [14], clause 5.4.2.2.
NOTE: When multiple NRFs are deployed in a network, the NRF used as authorization server is the same NRF that the NF Service Consumer used for discovering the Nnef_Authentication service.
The Nnef_Authentication API defines a single scope "nnef-authentication" for the entire service, and it does not define any additional scopes at resource or operation level.
Annex A (normative):
OpenAPI specification