6.1.9 Security

29.5183GPP5G SystemAccess and Mobility Management ServicesRelease 17Stage 3TS

As indicated in 3GPP TS 33.501 [27], the access to the Namf_Communication API may be authorized by means of the OAuth2 protocol (see IETF RFC 6749 [28]), using the "Client Credentials" authorization grant, where the NRF (see 3GPP TS 29.510 [29]) plays the role of the authorization server.

If Oauth2 authorization is used, an NF Service Consumer, prior to consuming services offered by the Namf_Communication API, shall obtain a "token" from the authorization server, by invoking the Access Token Request service, as described in 3GPP TS 29.510 [29], clause

NOTE: When multiple NRFs are deployed in a network, the NRF used as authorization server is the same NRF that the NF Service Consumer used for discovering the Namf_Communication service.

The Namf_Communication API defines scopes for OAuth2 authorization as specified in 3GPP TS 33.501 [27]; it defines a single scope consisting on the name of the service (i.e., "namf-comm"), and it does not define any additional scopes at resource or operation level.