B.8 Security tokens

33.1803GPPRelease 17Security of the Mission Critical (MC) serviceTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

Security tokens are obtained from the primary IdMS and used for authentication with a partner IdMS.

Standard claims are REQUIRED for MCX implementation. Other claims defined by OpenID Connect are optional. The standards-based claims for an MCX Connect ID security token are shown in table B.8-1.

Table B.8-1: Security token standard claims

Parameter	Description
iss	REQUIRED. The URL of the IdM server.
Sub	REQUIRED. A case-sensitive, never reassigned string (not to exceed 255 bytes), which uniquely identifies the MCX user within the MCX server provider’s domain.
Aud	REQUIRED. The Oauth 2.0 client_id of the MCX client. This field shall additionally carry the address of the target IdMS where the security token will be applied (i.e. the same value provided in the “resource” parameter from the token exchange request message).
exp	REQUIRED. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew (not to exceed 30 seconds)
iat	REQUIRED. Time at which the ID Token was issued. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.