C.1 General

33.1223GPPRelease 17Security aspects of Common API Framework (CAPIF) for 3GPP northbound APIsTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The information in this annex provides a description of the access token used in the ‘Method 3 – TLS with OAuth token’ authentication and authorisation method (see clause 6.5.2.3). Characterization of the access token, how to obtain the access token, how to validate the access token, and how to refresh the access token is explained.

A ‘Method 3 – TLS with OAuth token’ access token has the following chanracterics:

– Shall be encrypted when transported over the CAPIF 1/1e and CAPIF 2/2e interfaces (e.g. using TLS);

– Shall be a bearer type as specified in IETF RFC 6750 [5];

– Shall be encoded as a JSON Web Token as specified in IETF RFC 7519 [6];

– Shall be protected by the JSON signature profile as specified in IETF RFC 7515 [7]; and,

– Shall be validated per OAuth 2.0 [4], IETF RFC 7519 [6] and IETF RFC 7515 [7].