6.2.9 Security

29.5623GPP5G SystemHome Subscriber Server (HSS) servicesRelease 18Stage 3TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

As indicated in 3GPP TS 33.501 [5], the access to the Nhss_imsSDM API may be authorized by means of the OAuth2 protocol (see IETF RFC 6749 [35]), using the "Client Credentials" authorization grant, where the NRF (see 3GPP TS 29.510 [36]) plays the role of the authorization server.

If Oauth2 authorization is used, an NF Service Consumer, prior to consuming services offered by the Nhss_imsSDM API, shall obtain a "token" from the authorization server, by invoking the Access Token Request service, as described in 3GPP TS 29.510 [36], clause 5.4.2.2.

NOTE: When multiple NRFs are deployed in a network, the NRF used as authorization server is the same NRF that the NF Service Consumer used for discovering the Nhss_imsSDM service.

The Nhss_imsSDM API defines the following scopes for OAuth2 authorization:

Table 6.2.9-1: Oauth2 scopes defined in Nhss_imsSDM API

Scope	Description
"nhss-ims-sdm"	Access to the Nhss IMS Subscription Data Management API
"nhss-ims-sdm:registration-status:read"	Access to read the Registration Status resource
"nhss-ims-sdm:profile-data:read"	Access to read the Profile Data resource
"nhss-ims-sdm:priority-levels:read"	Access to read the Priority Levels resource
"nhss-ims-sdm:ifcs:read"	Access to read the Initial Filter Criteria resource
"nhss-ims-sdm:service-level-trace-information:read"	Access to read the Service Level Trace Information resource
"nhss-ims-sdm:server-name:read"	Access to read the Server Name resource
"nhss-ims-sdm:scscf-capabilities:read"	Access to read the S-CSCF Capabilities resource
"nhss-ims-sdm:ps-domain:location-data:read"	Access to read the PS-Domain Location Data resource
"nhss-ims-sdm:ps-domain:ip-address:read"	Access to read the PS-Domain IP Address resource
"nhss-ims-sdm:ps-domain:tads-info:read"	Access to read the PS-Domain TADS Info resource
"nhss-ims-sdm:ps-domain:ue-reach-subscriptions:create"	Access to create PS-Domain UE Reachability Subscriptions resources
"nhss-ims-sdm:ps-domain:ue-reach-subscriptions:modify"	Access to update/delete a PS-Domain UE Reachability Subscription resource
"nhss-ims-sdm:ps-domain:user-state:read"	Access to read the PS-Domain User State resource
"nhss-ims-sdm:cs-domain:location-data:read"	Access to read the CS-Domain Location Data resource
"nhss-ims-sdm:cs-domain:user-state:read"	Access to read the CS-Domain User State resource
"nhss-ims-sdm:cs-domain:csrn:read"	Access to read the CS-Domain CSRN resource
"nshh-ims-sdm:wireline-domain:reference-location:read"	Access to read the Wireline-Domain Reference Location resource
"nhss-ims-sdm:repository-data:modify"	Access to create/update/delete the Repository Data resource
"nhss-ims-sdm:repository-data:read"	Access to read the Repository Data resource
"nhss-ims-sdm:identities:read"	Access to read the Identities resource
"nhss-ims-sdm:srvcc:read"	Access to read the SRVCC resource
"nhss-ims-sdm:srvcc:modify"	Acess to update the SRVCC resource
"nhss-ims-sdm:psi-status:read"	Access to read the PSI Status resource
"nhss-ims-sdm:psi-status:modify"	Acess to update the PSI Status resource
"nhss-ims-sdm:dsai:read"	Access to read the DSAI resource
"nhss-ims-sdm:dsai:modify"	Access to update the DSAI resource
"nhss-ims-sdm:sms-registration-info:read"	Access to read the SMS Registration Info resource
"nhss-ims-sdm:sms-registration-info:modify"	Access to create/update/delete the SMS Registration Info resource
"nhss-ims-sdm:subscriptions:create"	Access to create Subscriptions resources
"nhss-ims-sdm:subscription:modify"	Access to update/delete a Subscription resource
"nhss-ims-sdm:shared-subscriptions:create"	Access to create a Shared-Data Subscriptions resource
"nhss-ims-sdm:shared-subscriptions:modify"	Access to update/delete a Shared-Data Subscription resource
"nhss-ims-sdm:shared-subscriptions:read"	Access to read the Shared-Data resource
"nhss-ims-sdm:charging-info:read"	Access to read the Charging-Information resource