5 General Messages

29.3353GPPRelease 17Stage 3TSUser Data Convergence (UDC)User data repository access protocol over the Ud interface

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

5.1 General

This clause describes common messages for UDC to establish sessions and administrate transactions. For an existing session, UDC messages are exchanged between the FE and the UDR. See figure B.1-1 in Annex B for general LDAP message flows.

5.2 Open Link for a LDAP Session

To initiate a LDAP session, a Front-End shall first establish a transport connection with the UDR. The transport connection shall be a TCP connection. The IP Layer may be secured according to clause 8. When IPsec is used, an IPsec connection may support several TCP connections, each supporting a LDAP session.

After establishment of the transport connection, the FE shall initiate a LDAP session by sending a LDAP BindRequest message. The establishment of the LDAP session shall comply with IETF RFC 4511 [8]. It shall be done before sending any other LDAP message. FE Identifier or FE Cluster Identifier shall be included in the BindRequest message.

The UDR shall support the "unauthenticated authentication mechanism of simple Bind" and the "name/password authentication mechanism of simple Bind" in the "simple authentication method" specified in IETF RFC 4513 [16].

The UDR derives the application type from the FE Identifier or the FE Cluster Identifier. If the FE provided the Front End Identifier the UDR may also derive the Front End Cluster Identifier.

NOTE: As security is handled at IP Layer (see clause 8), optional security mechanisms (TLS, SASL) described in IETF RFC 4513 [16] specification are not required for Ud.

5.3 Close Link for a LDAP Session

Termination of the LDAP session may be initiated by the FE by sending an UnbindRequest message or by the UDR by sending a Notice of Disconnection message. The termination of the LDAP session shall comply with IETF RFC 4511 [8]

5.4 Transactions

In order to allow FEs to relate a number of update operations, such as Create (see 6.3), Delete (see 6.4), and Update (see 6.5), and have them performed in one unit of interaction, the transaction concept in IETF RFC 5805 "Lightweight Directory Access Protocol (LDAP) Transactions" [5] shall be supported. See figure B.2-1 in Annex B for LDAP Transaction flow.

If used, they shall only be used for a single subscriber in order to decrease the complexity of transactions.

LDAP server shall terminate the transaction if the timer is expired.

5.5 SOAP Authentication

The UDR may support the SOAP WS-Security extension [20] and "UsernameToken" authentication as specified by the Oasis Web Services Security [21].

The WS-Security Username field may be set to a value that is correlated with the username of the LDAP BindRequest (see clause 5.2).

NOTE: As security is handled at the IP Layer (see clause 8), optional security mechanisms (i.e. signature, encryption and passwordDigest) as described in the Oasis Web Services Security specifications [20][21] are not required for the Ud inteface.