5.5.4 Default HTTP message and other information elements
36.579-13GPPMission Critical (MC) services over LTEPart 1: Common test environmentRelease 15TS
5.5.4.1 General
The HTTP Messages are specified in RFC 2616 [26]. Wherever another reference applies to their content it is explicitly indicated.
The following conditions apply throughout clause 5.5:
Table 5.5.4.1-1: Conditions
Condition |
Explanation |
AUTH |
Message/IE sent only as part of an MCX UE authentication |
UEINITIALCONFIG |
Message/IE sent only as part of an MCX UE initial configuration |
USERAUTH |
Message/IE sent only as part of an MCX UE user authentication |
UECONFIG |
Message/IE sent only as part of an MCX UE configuration |
UEUSERPROF |
Message/IE sent only as part of an MCX UE User profile configuration |
UESERVCONFIG |
Message/IE sent only as part of an MCX UE service configuration |
GROUPCONFIG |
Message/IE sent only as part of an MCX group configuration |
TEMPGROUP |
Message/IE sent only in temporary group creation scenario |
TOKEN |
Message/IE sent only as part of an MCX token exchange |
KMSINIT |
Message/IE sent only as part of an MCX KMS initialisation |
KMSKEY |
Message/IE sent only as part of an MCX KMS key exchange |
FD_HTTP |
Message/IE sent only as part of MCData signalling for FD using HTTP |
5.5.4.2 GET
Table 5.5.4.2-1: HTTP GET
Derivation Path: RFC 2616 [26] |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
Request-Line |
||||
Method |
"GET" |
|||
Request-URI |
||||
uri |
tsc_MCX_IdMS_auth_UriPath |
points to the Authorisation endpoint of the IdM Server |
TS 33.180 [94] |
AUTH |
px_MCX_InitialConfigServer_UriPath |
points to initial UE Configuration document |
TS 24.484 [14] |
UEINITIALCONFIG |
|
tsc_MCX_CMSXCAPRootURI & "/" & AUID1 & "/users/" & XUI & ue-config-docname |
points to UE Configuration document (NOTE 1a, 2, 3, 5) |
TS 24.484 [14] |
UECONFIG |
|
tsc_MCX_CMSXCAPRootURI & "/" & AUID2 & "/users/" & XUID & ""/" & user-profile-docname |
points to UE User Profile document (NOTE 1b, 2, 4) |
TS 24.484 [14] |
UEUSERPROF |
|
tsc_MCX_CMSXCAPRootURI & "/" & AUID3 & "/global/service-config.xml" |
points to UE Service Configuration document (NOTE 1c, 2) |
TS 24.484 [14] |
UESERVCONFIG |
|
tsc_MCX_GMSXCAPRootURI & "/" & "org.openmobilealliance.groups/global/byGroupID/" & group-id |
points to group configuration document (NOTE 6) |
TS 24.481 [11] |
GROUPCONFIG |
|
URI as contained in the payload of the FD SIGNALLING PAYLOAD indication the file upload |
FD_HTTP |
|||
query |
As described in Table 5.5.4.10.1-1 |
TS 33.180 [94] |
AUTH |
|
HTTP-Version |
"HTTP/1.1" |
|||
Cache-Control |
RFC 2616 [26] |
|||
cache-directive |
"no-cache" |
|||
Authorization |
RFC 2617 [72] |
UECONFIG UEUSERPROF UESERVCONFIG GROUPCONFIG FD_HTTP |
||
authentication-scheme |
“Bearer” |
RFC 6750 [104] |
||
b64token |
Access token as assigned to the UE by Token Response |
RFC 6750 [104] |
||
Authorization |
not present |
|||
Content-Type |
AUTH |
|||
media-type |
"application/x-www-form-urlencoded" |
|||
Content-Type |
Not present |
|||
Message-body |
Not present |
|||
NOTE 1a: AUID1 = "org.3gpp.mcptt.ue-config" for Condition MCPTT NOTE 1b: AUID2 = "org.3gpp.mcptt.user-profile" for Condition MCPTT NOTE 1c: AUID3 = "org.3gpp.mcptt.service-config" for Condition MCPTT NOTE 2: XUID = "sip:" & px_MCPTT_ID_User_A for Condition MCPTT NOTE 3: MCSUEID = Instance id of the UE (derived from the IMEI according to 23.003 [69] clause 13.8) NOTE 4: user-profile-docname = "mcptt-user-profile-" & profile-index & ".xml" for Condition MCPTT NOTE 5: ue-config-docname = "mcptt-ue-configuration.xml" for Condition MCPTT NOTE 6: group-id = px_MCPTT_Group_A_ID for Condition MCPTT |
5.5.4.3 POST
Table 5.5.4.3-1: HTTP POST
Derivation Path: RFC 2616 [26] |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
Status-Line |
||||
Method |
"POST" |
|||
Request-URI |
||||
uri |
tsc_MCX_IdMS_auth_UriPath |
points to the Authorisation endpoint of the IdM Server |
TS 33.180 [94] |
AUTH, USERAUTH |
tsc_MCX_IdMS_userauth_UriPath |
points to the endpoint verifying the user authentication; same URI as provided to the UE in the action attribute of the HTML login form |
TS 33.180 [94] HTML 4.01 Specification [105] |
USERAUTH |
|
tsc_MCX_IdMS_token_UriPath |
points to the Token endpoint of the IdM Server |
TS 33.180 [94] |
TOKEN |
|
tsc_MCX_KMS_ClientReqUrl_init |
"KMS Initialize" request according to TS 33.180 [94] D.2.3 |
TS 33.180 [94] |
KMSINIT |
|
tsc_MCX_KMS_ClientReqUrl |
"KMS KeyProvision" request according to TS 33.180 [94] D.2.4 |
TS 33.180 [94] |
KMSKEY |
|
tsc_MCX_GMSXCAPRootURI & "/" & "org.openmobilealliance.groups/users/" & px_MCX_GroupCreationXUI & "/" & temporary-group-id |
Points to the temporary group configuration document to be created (NOTE 1) |
TS 24.481[11] clause 6.3.14.2 |
TEMPGROUP |
|
tsc_MCData_MSF_URI |
The absolute URI identifying the resource on a media storage function |
TS 24.282 [87], clause 10.2.2.1 |
FD_HTTP |
|
HTTP-Version |
"HTTP/1.1" |
|||
Cache-Control |
RFC 2616 [26] |
|||
cache-directive |
"no-cache" |
|||
Authorization |
RFC 2617 [72] |
KMSINIT, KMSKEY, TEMPGROUP, FD_HTTP |
||
authentication-scheme |
“Bearer” |
RFC 6750 [104] |
||
b64token |
Access token as assigned to the UE by Token Response |
RFC 6750 [104] |
||
Host |
FD_HTTP |
|||
host |
tsc_MCData_MSF_Hostname |
hostname identifying the media storage function |
TS 24.282 [87], clause 10.2.2.1 |
|
port |
not present |
|||
Content-Type |
AUTH, USERAUTH, TOKEN |
|||
media-type |
"application/x-www-form-urlencoded" |
|||
Content-Type |
present in case of KMS request security |
(KMSINIT OR KMSKEY) AND pc_MCX_KMS_RequestSecurity |
||
media-type |
"application/xml" |
RFC 7303 [112] |
||
Content-Type |
TEMPGROUP |
|||
media-type |
"application/vnd.3gpp.GMOP+xml" |
|||
Content-Type |
FD_HTTP |
|||
media-type |
"multipart/mixed" |
TS 24.282 [87], clause 10.2.2.1 |
||
Message-body |
AUTH |
|||
Authentication Request |
As described in Table 5.5.4.10.1-1 |
|||
Message-body |
HTML 4.01 Specification [105] |
USERAUTH |
||
user |
px_MCX_User_A_username |
|||
password |
px_MCX_User_A_password |
|||
Message-body |
TOKEN |
|||
Token request |
As described in Table 5.5.4.10.3-1 |
|||
Message-body |
present in case of KMS request security |
(KMSINIT OR KMSKEY) AND pc_MCX_KMS_RequestSecurity |
||
Signed KMS Request |
As described in Table 5.5.4.10.9-1 |
|||
Message-body |
TEMPGROUP |
|||
Temporary Group Creation Document" |
As described in Table 5.5.7.4-2 |
|||
Message-body |
FD_HTTP |
|||
MIME body part |
MCData-Info |
|||
MIME-part-headers |
||||
MIME-Content-Type |
"application/vnd.3gpp.mcdata-info+xml" |
|||
MIME-part-body |
MCData-Info described in Table 5.5.3.2.1-3 |
|||
MIME body part |
File content |
TS 24.282 [87] clause 10.2.2.1 |
||
MIME-part-headers |
||||
MIME-Content-Type |
"application/octet-stream" |
|||
MIME-part-body |
binary data representing the file |
|||
NOTE 1: temporary-group-id = px_MCPTT_Group_T_ID for Condition MCPTT |
5.5.4.4 PUT
Table 5.5.4.4-1: HTTP PUT
Derivation Path: RFC 2616 [26] |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
Request-line |
||||
Method |
"PUT" |
|||
Request-URI |
tsc_MCX_GMSXCAPRootURI & "/" & "org.openmobilealliance.groups/users/" & px_MCX_GroupCreationXUI & "/" & document name (NOTE 1) |
XCAP URI in users tree where the XUI is set to a group creation XUI configuration parameter |
TS 24.481 [11] clause 6.3.2.2.1 |
GROUPCREATE |
Cache-Control |
RFC 2616 [26] |
|||
cache-directive |
"no-cache" |
|||
Authorization |
TS 24.482 [12] A.2.3: Expected by the server to validate and identify the client |
RFC 2617 [72] |
||
authentication-scheme |
“Bearer” |
RFC 6750 [104] |
||
b64token |
Access token as assigned to the UE by Token Response |
RFC 6750 [104] |
||
Content-Type |
GROUPCREATE |
|||
media-type |
application/vnd.oma.poc.groups+xml |
|||
Message-body |
GROUPCREATE |
|||
Group Creation Document |
As described in Table 5.5.7.4-1 |
|||
NOTE 1: document name is the name of the group document contained in the message body |
Condition |
Explanation |
GROUPCREATE |
Message/IE sent only in group creation scenario |
NOTE: For further conditions see table 5.5.1-1 |
5.5.4.5 DELETE
Table 5.5.4.5-1: HTTP DELETE
Derivation Path: RFC 2616 [26] |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
Request-line |
||||
Method |
"DELETE" |
|||
Request-URI |
tsc_MCX_GMSXCAPRootURI & "/" & "org.openmobilealliance.groups/users/" & px_MCX_GroupCreationXUI & "/" & temporary-group-id |
Points to the group configuration document (NOTE 1) |
TS 24.481 [11] |
TEMPGROUP |
Cache-Control |
RFC 2616 [26] |
|||
cache-directive |
"no-cache" |
|||
Authorization |
TS 24.482 [12] A.2.3: Expected by the server to validate and identify the client |
RFC 2617 [72] |
||
authentication-scheme |
“Bearer” |
RFC 6750 [104] |
||
b64token |
Access token as assigned to the UE by Token Response |
RFC 6750 [104] |
||
NOTE 1: temporary-group-id = px_MCPTT_Group_T_ID for Condition MCPTT |
5.5.4.6 HTTP 200 (OK)
Table 5.5.4.6-1: HTTP 200 (OK)
Derivation Path: RFC 2616 [26] |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
Status-Line |
||||
HTTP-Version |
"HTTP/1.1" |
|||
Status-Code |
"200" |
|||
Reason-Phrase |
"OK" |
|||
Cache-Control |
RFC 2616 [26] |
|||
cache-directive |
"no-store" |
|||
Pragma |
RFC 2616 [26] |
|||
pragma-directive |
"no-cache" |
|||
Content-Length |
||||
value |
length of message-body |
|||
Content-Type |
TOKEN |
|||
media-type |
"application/json;charset=UTF-8" |
TS 33.180 [94] |
||
Content-Type |
KMSINIT |
|||
media-type |
"application/xml" |
TS 33.180 [94] |
||
Content-Type |
KMSKEY |
|||
media-type |
"application/xml" |
TS 33.180 [94] |
||
Content-Type |
UEINITIALCONFIG |
|||
media-type |
"application/vnd.3gpp.mcptt-ue-init-config+xml" |
TS 24.484 [14] |
||
Content-Type |
UECONFIG |
|||
media-type |
"application/vnd.3gpp.mcptt-ue-config+xml" |
TS 24.484 [14] |
MCPTT |
|
"application/vnd.3gpp.mcvideo-ue-config+xml" |
MCVIDEO |
|||
"application/vnd.3gpp.mcdata-ue-config+xml" |
MCDATA |
|||
Content-Type |
UEUSERPROF |
|||
media-type |
"application/vnd.3gpp.mcptt-user-profile+xml" |
TS 24.484 [14] |
MCPTT |
|
"application/vnd.3gpp.mcvideo-user-profile+xml" |
MCVIDEO |
|||
"application/vnd.3gpp.mcdata-user-profile+xml" |
MCDATA |
|||
Content-Type |
UESERVCONFIG |
|||
media-type |
"application/vnd.3gpp.mcptt-service-config+xml" |
TS 24.484 [14] |
MCPTT |
|
"application/vnd.3gpp.mcvideo-service-config+xml" |
MCVIDEO |
|||
"application/vnd.3gpp.mcdata-service-config+xml" |
MCDATA |
|||
Content-Type |
GROUPCONFIG |
|||
media-type |
"application/vnd.oma.poc.groups+xml" |
TS 24.481 [11] |
||
Content-Type |
TEMPGROUP |
|||
media-type |
"application/vnd.3gpp.GMOP+xml" |
TS 24.481 [11] |
||
Content-Type |
FD_HTTP |
|||
media-type |
"application/octet-stream" |
|||
Message-body |
TOKEN |
|||
Token response |
As described in Table 5.5.4.10.4-1 |
|||
Message-body |
KMSINIT |
|||
KMS Certificate |
As described in Table 5.5.4.10.6-1 |
|||
Message-body |
KMSKEY |
|||
KMS Key Set |
As described in Table 5.5.4.10.8-1 |
|||
Message-body |
UEINITIALCONFIG |
|||
mcptt-initial-UE-configuration |
As described in Table 5.5.8.1-1 |
Initial UE Configuration document returned |
||
Message-body |
UECONFIG |
|||
mcptt-UE-configuration |
As described in Table 5.5.8.2-1 |
UE Configuration document returned |
MCPTT |
|
mcvideo-UE-configuration |
As described in Table 5.5.8.5-1 |
UE Configuration document returned |
MCVIDEO |
|
mcdata-UE-configuration |
As described in Table 5.5.8.10-1 |
UE Configuration document returned |
MCDATA |
|
Message-body |
UEUSERPROF |
|||
mcptt-user-profile |
As described in Table 5.5.8.3-1 |
UE User Profile document returned |
MCPTT |
|
mcvideo-user-profile |
As described in Table 5.5.8.7-1 |
UE User Profile document returned |
MCVIDEO |
|
mcdata-user-profile |
As described in Table 5.5.8.11-1 |
UE User Profile document returned |
MCDATA |
|
Message-body |
UESERVCONFIG |
|||
service-configuration-info |
As described in Table 5.5.8.4-1 |
UE Service Configuration document returned |
MCPTT |
|
service-configuration-info |
As described in Table 5.5.8.8-1 |
UE Service Configuration document returned |
MCVIDEO |
|
service-configuration-info |
As described in Table 5.5.8.12-1 |
UE Service Configuration document returned |
MCDATA |
|
Message-body |
GROUPCONFIG |
|||
group-configuration |
As described in Table 5.5.7.1-1 |
Group Configuration document returned |
||
Message-body |
TEMPGROUP |
|||
gmop:document |
||||
gmop:response |
||||
gmop:group-regroup-creation-response |
||||
temporary-group-document-ETag |
unique value arbitrarily selected by the SS |
|||
Message-body |
FD_HTTP |
|||
file content |
binary data representing the file |
5.5.4.7 HTTP 201 (Created)
Table 5.5.4.7-1: HTTP 201 (Created)
Derivation Path: RFC 2616 [26] |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
Status-Line |
||||
HTTP-Version |
"HTTP/1.1" |
|||
Status-Code |
"201" |
|||
Reason-Phrase |
"Created" |
|||
Cache-Control |
RFC 2616 [26] |
|||
cache-directive |
"no-store" |
|||
Pragma |
RFC 2616 [26] |
|||
pragma-directive |
"no-cache" |
|||
ETag |
RFC 2616 [26] |
|||
entity-tag |
unique value arbitrarily selected by the SS |
|||
Location |
RFC 7231 [118] clauses 4.3.3, 6.3.2, 7.1.2 |
|||
uri |
tsc_MCX_GMSXCAPRootURI & "/" & "org.openmobilealliance.groups/global/byGroupID/" & group-id |
URI referring to the created group document |
||
tsc_MCData_MSF_URI & "/file-location-1" |
URL identifying the location of the stored file |
FD_HTTP |
||
NOTE 1: group-id = px_MCPTT_Group_B_ID for Condition MCPTT |
5.5.4.8 HTTP 302 (Found)
Table 5.5.4.8-1: HTTP 302 (Found)
Derivation Path: RFC 2616 [26] |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
Status-Line |
||||
HTTP-Version |
"HTTP/1.1" |
|||
Status-Code |
"302" |
|||
Reason-Phrase |
"Found" |
|||
Location |
AUTH |
|||
Location-URI |
||||
uri |
px_MCX_OAuth_RedirectURI_A |
Identifier of the MCPTT client making the API request |
TS 33.180 [94] |
|
query |
As described in Table 5.5.4.10.2-1 |
5.5.4.9 HTTP 409 (Conflict)
Table 5.5.4.9-1: HTTP 409 (Conflict)
Derivation Path: RFC 2616 [26] |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
Status-Line |
||||
HTTP-Version |
"HTTP/1.1" |
|||
Status-Code |
"409" |
|||
Reason-Phrase |
"URI constraint violated" |
Conflict reason |
TS 24.484 [14] |
5.5.4.10 HTTP Message Bodies
5.5.4.10.1 Authentication Request
Table 5.5.4.10.1-1: Authentication Request
Derivation Path: TS 33.180 [94], clause B.4.2.2 |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
response-type |
"code" |
For native MCX clients the value shall be set to "code" |
OpenID Connect 1.0 [95] |
|
client_id |
px_MCX_OAuth_ClientId_A |
Identifier of the MCX client making the API request |
OpenID Connect 1.0 [95] |
|
Scope |
"openid" |
Scope values are expressed as a list of space-delimited, case-sensitive strings which indicate which MCS resource servers the client is requesting access to. "openid" is defined by the OpenID Connect standard and is mandatory |
TS 33.180 [94] OpenID Connect 1.0 [95] |
|
"3gpp:mc:ptt_service" "3gpp:mc:ptt_key_management_service" "3gpp:mc:ptt_config_management_service" "3gpp:mc:ptt_group_management_service" NOTE: The list may contain further scope values which are not checked |
Additional authorization scopes when the UE supports MCPTT |
MCPTT |
||
"3gpp:mc:video_service" "3gpp:mc:video_key_management_service" "3gpp:mc:video_config_management_service" "3gpp:mc:video_group_management_service" NOTE: The list may contain further scope values which are not checked |
Additional authorization scopes when the UE supports MCVideo |
MCVIDEO |
||
"3gpp:mc:data_service" "3gpp:mc:data_key_management_service" "3gpp:mc:data_config_management_service" "3gpp:mc:data_group_management_service" NOTE: The list may contain further scope values which are not checked |
Additional authorization scopes when the UE supports MCData |
MCDATA |
||
redirect_uri |
px_MCX_OAuth_RedirectURI_A |
The URI of the MCX client to which the IdM server will redirect the MCX client’s user agent in order to return the authorization code |
OpenID Connect 1.0 [95] |
|
state |
any value as selected by the UE |
An opaque value used by the MCX client to maintain state between the authentication request and authentication response |
OpenID Connect 1.0 [95] |
|
acr-values |
"3gpp:acr:password" |
Space-separated string that specifies the acr values that the IdM server is being requested to use for processing this authentication request |
TS 33.180 [94] |
|
code-challenge |
any value |
base64url-encoded SHA-256 challenge: hash of the code_verifier selected by the UE |
TS 33.180 [94] RFC 7636 [100] |
|
codechallenge-method |
"S256" |
The hash method used to transform the code verifier to produce the code challenge |
TS 33.180 [94] RFC 7636 [100] |
5.5.4.10.2 Authentication Response
Table 5.5.4.10.2-1: Authentication Response
Derivation Path: TS 33.180 [94], clause B.4.2.3 |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
code |
"SplxlOBeZQQYbYS6WxSbIA" |
The authorization code generated by the authorization endpoint and returned to the MCX client via the authentication response |
TS 33.180 [94] |
|
state |
same value as in the Authentication Request |
The value shall match the exact value used in the authorization request |
TS 33.180 [94] |
5.5.4.10.3 Token Request
Table 5.5.4.10.3-1: Token Request
Derivation Path: TS 33.180 [94], clause B.4.2.4 |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
grant-type |
"authorization_code" |
RFC 2616 [26] |
||
code |
same value as assigned by the SS in the Authentication Response |
The authorization code generated by the authorization endpoint and returned to the MCX client via the authentication response |
TS 33.180 [94] |
|
client_id |
px_MCX_OAuth_ClientId_A |
Identifier of the MCX client making the API request |
TS 33.180 [94] |
|
redirect_uri |
px_MCX_OAuth_RedirectURI_A |
The URI of the MCX client to which the IdM server will redirect the MCX client’s user agent |
TS 33.180 [94] |
|
code_verifier |
Value selected by the UE: The SS shall check that the code-challenge in the Authentication Request is the base64url-encoded SHA-256 hash of the code-verifier |
A cryptographically random string that is used to correlate the authorization request to the token request; |
TS 33.180 [94] RFC 7636 [100] |
5.5.4.10.4 Token Response
Table 5.5.4.10.4-1: Token Response
Derivation Path: TS 33.180 [94], clause B.4.2.5 |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
access_token |
The access token. The access token is opaque to the MCX client |
RFC 6749 [77] TS 33.180 [94] |
||
{ |
||||
{ |
Header Algorithm |
|||
"kid" |
"jws-rsa" |
hint indicating which key was used to secure the JWS: name of the RSA public key in case of RS256 Editor’s note: value to be confirmed |
RFC 7515 [102] |
|
"alg" |
"RS256" |
identifies the cryptographic algorithm used to secure the JWS: RSASSA-PKCS1-v1_5 SHA-256 digital signature Editor’s note: value to be confirmed |
RFC 7515 [102] |
|
} |
||||
{ |
Payload Data |
RFC 7519 [101] |
||
"mcptt_id" |
px_MCPTT_ID_User_A |
TS 24.380 TS 24.483 TS 24.380 B.2.2.3 |
MCPTT |
|
"mcvideo_id" |
px_MCVideo_ID_User_A |
TS 33.180 B.2.2.3 |
MCVIDEO |
|
"mcdata_id" |
px_MCData_ID_User_A |
TS 24.380 B.2.2.3 |
MCDATA |
|
"scope" |
"openid" |
list of space-delimited, case-sensitive strings to inform the client of the scope of the access token issued and is OPTIONAL, if identical to the scope requested by the client otherwise REQUIRED "openid" is defined by the OpenID Connect standard and is mandatory regardless from the MCS context in which the message is used |
RFC 6749 [77] TS 33.180 [94] B.2.2.2 OpenID Connect 1.0 [95] |
|
"3gpp:mc:ptt_service" "3gpp:mc:ptt_key_management_service" "3gpp:mc:ptt_config_management_service" "3gpp:mc:ptt_group_management_service" |
MCPTT |
|||
"3gpp:mc:video_service" "3gpp:mc:video_key_management_service" "3gpp:mc:video_config_management_service" "3gpp:mc:video_group_management_service" |
MCVIDEO |
|||
"3gpp:mc:data_service" "3gpp:mc:data_key_management_service" "3gpp:mc:data_config_management_service" "3gpp:mc:data_group_management_service" |
MCDATA |
|||
"exp" |
Current system time + 7199 seconds; the system time is the number of seconds since 00:00:00 UTC on 1 January 1970 |
Number containing a NumericData value identifies the expiration time on or after which the JWT MUST NOT be accepted for processing Editor’s note: value to be confirmed |
RFC 7519 [101] TS 33.180 [94] |
|
“client_id” |
Same value as received in the token request |
Identifier of the MCX client making the API request |
TS 33.180 [94] |
|
} |
||||
Signature |
HASH [base64UrlEncode(header) + "." + base64UrlEncode(payload)) |
Created by the hash algorithm corresponding to the algorithm provided in the header |
RFC 7515 [102] |
|
} |
||||
refresh_token |
"Y7NSzUJuS0Jp7G4SKpBKSOJVHIZxFbxqsqCIZhOEk9" |
Arbitrarily selected string: |
RFC 6749 [77] |
|
id_token |
The MCX client may validate the user with the ID token and configure itself for the user |
RFC 6749 [77] TS 33.180 [94] |
||
{ |
||||
{ |
Header Algorithm |
RFC 7515 [102] |
||
"kid" |
"jws-rsa" |
hint indicating which key was used to secure the JWS Editor’s note: value to be confirmed |
||
"alg" |
"RS256" |
identifies the cryptographic algorithm used to secure the JWS Editor’s note: value to be confirmed |
||
} |
||||
{ |
Payload Data |
RFC 7519 [101] |
||
“mcptt_id” |
px_MCPTT_ID_User_A |
TS 24.380 TS 24.483 TS 33.180 B.2.1.3 |
MCPTT |
|
"mcvideo_id" |
px_MCVideo_ID_User_A |
TS 33.180 B.2.1.3 |
MCVIDEO |
|
"mcdata_id" |
px_MCData_ID_User_A |
TS 24.380 B.2.1.3 |
MCDATA |
|
"sub" |
"1234567890" |
Arbitrarily selected string: case-sensitive string containing a StringOrURI value which identifies the principal that is the subject of the JWT and is optional |
RFC 7519 [101] |
|
"aud" |
client_id as received in token request |
Audience: identifies the recipients that the JWT is intended for and is optional |
RFC 7519 [101] |
|
"iss" |
tsc_MCX_IdMS_token_UriPath |
Issuer: |
RFC 7519 [101] |
|
"exp" |
Current system time + 7199 seconds; the system time is the number of seconds since 00:00:00 UTC on 1 January 1970 |
Number containing a NumericData value identifies the expiration time on or after which the JWT MUST NOT be accepted for processing |
RFC 7519 [101] TS 33.180 [94] |
|
"iat" |
Current system time Epoch time: number of seconds since 00:00:00 UTC on 1 January 1970 |
Numeric value which identifies the time at which the JWT was issued and is optional |
RFC 7519 [101] TS 33.180 [94] |
|
} |
||||
Signature |
HASH (base64UrlEncode(header) + “.” + base64UrlEncode(payload)) |
Created by the hash algorithm corresponding to the algorithm provided in the header |
RFC 7515 [102] |
|
} |
||||
token-type |
"Bearer" |
The token type for access |
RFC 6749 [77] |
|
expires-in |
"7199" |
Token expiry time |
RFC 6749 [77] |
5.5.4.10.5 Void
5.5.4.10.6 KMS Certificate
Table 5.5.4.10.6-1: KMS Certificate
Derivation Path: TS 33.180 [94], clause D.3.2 |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
SignedKmsResponse |
||||
Id |
“kmsResponse” |
arbitrarily selected id which the Signature’s Reference URI refers to |
||
KmsUri |
tsc_MCX_KMS_Hostname |
The URI of the KMS which issued the key set |
||
UserUri |
tsc_MCX_MC_ID_User_A Editor’s note: to be clarified whether the MC ID can be used in this context or whether there are restrictions how to set the UserUri |
The MC ID with which the user has used for authentication |
||
Time |
Current system time of the SS |
Time stamp of KMS message |
||
ClientReqUrl |
tsc_MCX_KMS_ClientReqUrl_init |
URL of the client making the key request |
||
KmsMessage |
||||
KmsInit |
||||
Version |
"1.0.0" |
|||
KmsCertificate |
||||
Version |
"1.1.0" |
The version number of the certificate type |
||
Role |
"Root" |
This shall indicate whether the certificate is a "Root" or "External" certificate |
||
CertUri |
tsc_MCX_KMS_CertUri |
The URI of the Certificate (this object) |
||
KmsUri |
tsc_MCX_KMS_Hostname |
The URI of the KMS which issued the Certificate |
||
Issuer |
Not present |
(Optional) String describing the issuing entity |
||
ValidFrom |
Not present |
(Optional) Date from which the Certificate may be used |
||
ValidTo |
Not present |
(Optional) Date at which the Certificate expires |
||
Revoked |
false |
(Optional) A Boolean value defining whether a Certificate has been revoked |
||
UserIDFormat |
"2" |
Shall contain the value ‘2’ |
||
UserKeyPeriod |
"2592000" |
The number of seconds that each user key issued by this KMS should be used (2592000 seconds are 30 days) |
||
UserKeyOffset |
CurrentTimestamp MODULO UserKeyPeriod |
UserKeyOffset so that KeyPeriod starts at current system time; CurrentTimestamp is the current system time in seconds since 0h on 1st Jan 1900 |
||
PubEncKey |
SAKKE Public Key Z_T derived from master secret z_T according to RFC 6508 |
The SAKKE Public Key, "Z_T". This is an OCTET STRING encoding of an elliptic curve point |
RFC 6508 [99] |
|
PubAuthKey |
ECCSI Public Key KPAK derived from private key KSAK according to RFC 6507 |
The ECCSI Public Key, "KPAK". This is an OCTET STRING encoding of an elliptic curve point |
RFC 6507 [98] |
|
ParameterSet |
Not present |
(Optional) The choice of parameter set used for SAKKE and ECCSI |
||
KmsDomainList |
Not present |
(Optional) List of domains associated with the certificate |
||
SignedInfo |
||||
CanonicalizationAlgorithm |
"xml-c14n" |
XML Signature processing |
||
SignatureAlgorithm |
"HMAC-SHA-256" |
Hashing algorithm to be applied to sign the SignedInfo with the key given in the KeyInfo |
||
Reference |
||||
URI |
“#kmsResponse” |
referring to the data object for which the hash is generatet (KMS response element in this case) |
||
DigestAlgorithm |
"SHA-256" |
Hashing algorithm to be applied to sign the data object |
||
DigestValue |
Hash signing the data object (referred to by the URI) |
|||
SignatureValue |
Hash signing the SignedInfo |
The signing key is derived from the InK (px_MCX_InK) according to TS 33.180 [94] Annex F.1.4 with FC = 0x52 XPK-ID = InK-ID (px_MCX_InK_ID) |
||
KeyInfo |
||||
KeyName |
base64 encoded InK-ID (px_MCX_InK_ID) |
5.5.4.10.7 Void
5.5.4.10.8 KMS Key Set
Table 5.5.4.10.8-1: KMS Key Set
Derivation Path: TS 33.180 [94], clause D.3.2.2 |
||||
---|---|---|---|---|
Information Element |
Value/remark |
Comment |
Reference |
Condition |
Signed KmsResponse |
||||
Id |
“kmsResponse” |
arbitrarily selected id which the Signature’s Reference URI refers to |
||
KmsUri |
tsc_MCX_KMS_Hostname |
The URI of the KMS which issued the key set |
||
UserUri |
tsc_MCX_MC_ID_User_A Editor’s note: to be clarified whether the MC ID can be used in this context or whether there are restrictions how to set the UserUri |
The MC ID with which the user has used for authentication |
||
Time |
Current system time of the SS |
Time stamp of KMS message |
||
ClientReqUrl |
tsc_MCX_KMS_ClientReqUrl_keyprov |
URL of the client making the key request |
||
KmsMessage |
||||
KmsKeyProv |
||||
Version |
"1.0.0" |
The version number of the key provision XML |
||
KmsKeySet[1] |
||||
Version |
"1.1.0" |
The version number of the key set XML |
||
KmsUri |
tsc_MCX_KMS_Hostname |
The URI of the KMS which issued the key set |
||
CertUri |
Not present |
(Optional) The URI of the Certificate which may be used to validate the key set |
||
Issuer |
Not present |
(Optional) String describing the issuing entity |
||
UserUri |
px_MCPTT_ID_User_A |
The user’s MCPTT ID |
MCPTT |
|
px_MCVideo_ID_User_A |
The user’s MCVideo ID |
MCVIDEO |
||
px_MCData_ID_User_A |
The user’s MCData ID |
MCDATA |
||
UserID |
UID generated according to annex F.2.1 of TS 33.180 [94] with MCX-Id as identifier Editor’s note: to be clarified how to convert the UID into charstring (e.g. hexstring representation or base64 encoding) |
UID corresponding to the key set |
TS 33.180 [94] |
|
ValidFrom |
Not present |
(Optional) Date and time from which the key set may be used |
||
ValidTo |
Not present |
(Optional) Date and time at which the key set expires |
||
KeyPeriodNo |
FLOOR((CurrentTimestamp – UserKeyOffset) / UserKeyPeriod) |
Current Key Period: |
TS 33.180 [94] |
|
Revoked |
"false" |
(Optional) A Boolean value defining whether the key set has been revoked |
||
UserDecryptKey |
The SAKKE "Receiver Secret Key" (RSK). This is an OCTET STRING encoding of an elliptic curve point |
RFC 6508 [99] |
||
EncryptionAlgorithm |
"AES256" |
Encryption algorithm to use |
||
KeyInfo |
||||
KeyName |
base64 encoded TrK-ID (px_MCX_TrK_ID) |
|||
CipherData |
||||
CipherValue |
encrypted RSK |
The encryption key is derived from the TrK (px_MCX_TrK) according to TS 33.180 [94] Annex F.1.4 with FC = 0x51 XPK-ID = TrK-ID (px_MCX_TrK_ID) |
||
UserSigningKeySSK |
The ECCSI private Key, "SSK". This is an OCTET STRING encoding of an integer; the PVT is generated using the UID as contained in the UserID of the KSM message |
RFC 6507 [98] |
||
EncryptionAlgorithm |
"AES256" |
Encryption algorithm to use |
||
KeyInfo |
||||
KeyName |
base64 encoded TrK-ID (px_MCX_TrK_ID) |
|||
CipherData |
||||
CipherValue |
encrypted SSK |
The encryption key is derived from the TrK (px_MCX_TrK) according to TS 33.180 [94] Annex F.1.4 with FC = 0x51 XPK-ID = TrK-ID (px_MCX_TrK_ID) |
||
UserPubTokenPVT |
The ECCSI public validation token, "PVT". This is an OCTET STRING encoding of an elliptic curve point; the PVT is generated using the UID as contained in the UserID of the KSM message |
RFC 6507 [98] |
||
EncryptionAlgorithm |
"AES256" |
Encryption algorithm to use |
||
KeyInfo |
||||
KeyName |
base64 encoded TrK-ID (px_MCX_TrK_ID) |
|||
CipherData |
||||
CipherValue |
Encrypted PVT |
The encryption key is derived from the TrK (px_MCX_TrK) according to TS 33.180 [94] Annex F.1.4 with FC = 0x51 XPK-ID = TrK-ID (px_MCX_TrK_ID) |
||
Signature |
||||
SignedInfo |
||||
CanonicalizationAlgorithm |
"xml-c14n" |
XML Signature processing |
||
SignatureAlgorithm |
"HMAC-SHA-256" |
Hashing algorithm to be applied to sign the SignedInfo with the key given in the KeyInfo |
||
Reference |
||||
URI |
“#kmsResponse” |
referring to the data object for which the hash is generatet (KMS response element in this case) |
||
DigestAlgorithm |
"SHA-256" |
Hashing algorithm to be applied to sign the data object |
||
DigestValue |
Hash signing the data object (referred to by the URI) |
|||
SignatureValue |
Hash signing the SignedInfo |
The signing key is derived from the InK (px_MCX_InK) according to TS 33.180 [94] Annex F.1.4 with FC = 0x52 XPK-ID = InK-ID (px_MCX_InK_ID) |
||
KeyInfo |
||||
KeyName |
base64 encoded InK-ID (px_MCX_InK_ID) |
5.5.4.10.9 Signed KMS Request
Table 5.5.4.10.9-1: Signed KMS Request
Derivation Path: TS 33.180 [94], clause D.2.2 |
||||
---|---|---|---|---|
Information Element |
Value/remark |
Comment |
Reference |
Condition |
SignedKmsRequest |
||||
KmsRequest |
||||
Id attribute |
any value |
value as used as reference in the signature |
||
Version attribute |
"1.1.0" |
|||
UserUri |
px_MCPTT_ID_User_A |
The user’s MCPTT ID |
MCPTT |
|
px_MCVideo_ID_User_A |
The user’s MCVideo ID |
MCVIDEO |
||
px_MCData_ID_User_A |
The user’s MCData ID |
MCDATA |
||
KmsUri |
tsc_MCX_KMS_Hostname |
The URI of the KMS to which the request is sent |
||
Time |
any value |
Date/time that the request is made by the client |
||
ClientId |
any value if present |
A string representing the client |
||
DeviceId |
any value if present |
A string representing the device |
||
ClientReqUrl |
URI with same path as in the request URI of the HTTP request |
The resource URI to which the HTTP POST request is sent |
||
KrrList |
not present |
|||
ClientError |
not present |
|||
Signature |
||||
SignedInfo |
||||
CanonicalizationAlgorithm |
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315" |
XML Signature processing |
||
SignatureAlgorithm |
"http://www.w3.org/2001/04/xmldsig-more#hmac-sha256" |
Hashing algorithm to be applied to sign the SignedInfo with the key given in the KeyInfo |
||
Reference |
||||
URI |
URI referring to the Id of the request |
same value as the Id attribute of the request with leading "#" |
||
DigestAlgorithm |
"http://www.w3.org/2001/04/xmlenc#sha256" |
Hashing algorithm applied to sign the data object |
||
DigestValue |
Hash signing the data object (referred to by the URI) |
|||
SignatureValue |
Hash signing the SignedInfo; shall be validated by the SS |
The signing key is derived from the InK (px_MCX_InK) according to TS 33.180 [94] Annex F.1.4 with FC = 0x52 XPK-ID = InK-ID (px_MCX_InK_ID) |
||
KeyInfo |
||||
KeyName |
base64 encoded InK-ID (px_MCX_InK_ID) |