Security and privacy requirements are important to consider in the context of the present document. Regulatory requirements and user consent are mentioned throughout, emphasizing the importance of data confidentiality. The requirements listed below identify specific capabilities needed for authorization to support functionality described in other clauses of the present document. These requirements supplement the general security requirements for the 5G system defined in TS 22.261.
This clause includes requirements that provide functionality to define and enforce authorization policies. These policies are articulated in the case of avatar-based real-time communication to provide users with the ability to define specific authorization rights to use avatars and multimedia communication services on behalf of a subscriber.
Subject to operator policy, regulatory requirements and user consent, the 5G system shall be able to support mechanisms to expose to a trusted third party the result of the UE authenticating the user.
Subject to operator policy, regulatory requirements and user consent, the 5G system shall support mechanisms to authorize Spatial Localization Service.
[R-7.2.2-002]
Subject to operator policy, the 5G system shall provide an authorized third party a means to define authorization to access spatial anchor information and to manage the spatial anchor(s), e.g., add, remove or modify spatial anchors.
Subject to operator policy, regulatory requirements and user consent, the 5G system shall be able to authorize the avatar to be used in mobile metaverse services.
[R-7.2.3-002]
Subject to operator policy, regulatory requirements, and user consent, the 5G system shall provide time-bound authorization for specified subscribers to use an avatar in mobile metaverse services.
[R-7.2.3-003]
Subject to operator policy, regulatory requirements and user consent, the 5G system shall be able to identify the subscriber who has the right to use an avatar in mobile metaverse services.
[R-7.2.3-004]
Subject to operator policy, regulatory requirements and user consent, the 5G system shall provide a means to temporarily authorize a third party to use a subscriber's digital representation and access specific multimedia communication services on behalf of the subscriber, including not by means of a UE, with restrictive conditions e.g., authorized list of parties.
Subject to operator policy, regulatory requirements and user consent, the 5G system shall provide secure means to authorize the use of digital assets associated with a user (e.g., digital assets belonging to a third party customer).
[R-7.2.4-002]
The 5G system shall provide mechanisms to certify the authenticity of digital assets associated with a user.
The 5G system shall be able to collect charging information for the actions related to spatial anchors, where a third party creates, deletes, or modifies a spatial anchor or associated service information.
[R-8.2.1-002]
The 5G system shall support the collection of charging information associated with the exposure of a spatial map or derived localization information to authorized third parties.
[R-8.2.1-003]
The 5G system shall support the collection of charging information associated with the production or modification of a spatial map on behalf of an authorized third party.
[R-8.2.1-004]
The 5G system shall support the collection of charging information associated with exposing spatial location service information to authorized third parties.
[R-8.2.1-005]
The 5G system shall be able to collect charging information associated with distribution of third party mobile metaverse media to one or more subscribers.
The 5G system shall be able to collect charging information per UE or per application, related to the use of digital assets associated with a user (e.g., typically a human user with a certain subscription).
[R-8.2.3-002]
The 5G system shall be able to collect charging information per UE for managing the digital assets associated with a user (e.g., typically a human user with a certain subscription) or a third party.