5.9 Security

29.5123GPP5G SystemRelease 18Session Management Policy Control ServiceStage 3TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

As indicated in 3GPP TS 33.501 [27], the access to the Npcf_SMPolicyControl API shall be authorized by means of the OAuth2 protocol (see IETF RFC 6749 [28]), using the "Client Credentials" authorization grant, where the NRF (see 3GPP TS 29.510 [29]) plays the role of the authorization server.

An NF service consumer, prior to consuming services offered by the Npcf_SMPolicyControl API, shall obtain a "token" from the authorization server, by invoking the Access Token Request service, as described in 3GPP TS 29.510 [29], clause 5.4.2.2.

NOTE: When multiple NRFs are deployed in a network, the NRF used as authorization server is the same NRF that the NF service consumer used for discovering the Npcf_SMPolicyControl service.

The Npcf_SMPolicyControl API defines a single scope "npcf-smpolicycontrol" for OAuth2 authorization (as specified in 3GPP TS 33.501 [27]) for the entire API, and it does not define any additional scopes at resource or operation level.

Annex A (normative):
OpenAPI specification