6.1.9 Security

29.5023GPP5G SystemRelease 16Session Management ServicesStage 3TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

As indicated in 3GPP TS 33.501 [17] and 3GPP TS 29.500 [4], the access to the Nsmf_PDUSession API may be authorized by means of the OAuth2 protocol (see IETF RFC 6749 [18]), based on local configuration, using the "Client Credentials" authorization grant, where the NRF (see 3GPP TS 29.510 [19]) plays the role of the authorization server.

If OAuth2 authorization is used, an NF Service Consumer, prior to consuming services offered by the Nsmf_PDUSession API, shall obtain a "token" from the authorization server, by invoking the Access Token Request service, as described in 3GPP TS 29.510 [19], clause 5.4.2.2.

NOTE 1: When multiple NRFs are deployed in a network, the NRF used as authorization server is the same NRF that the NF Service Consumer used for discovering the Nsmf_PDUSession service.

NOTE 2: The security credentials for accessing a child resource URI of an sm-contexts or pdu-sessions collection distributed on different processing instances or hosts are the same as for accessing the collection URI.

The Nsmf_PDUSession API defines a single scope "nsmf-pdusession" for the entire service, and it does not define any additional scopes at resource and operation level.