Content for TS 23.222 Word version: 19.3.0
0…
4…
5…
6…
6.3…
6.4…
7…
8…
8.5…
8.8…
8.9…
8.13…
8.17…
8.21…
8.25…
8.26…
8.28…
8.30…
9…
10…
10.4…
10.7…
11…
A
B…
B.2…
B.3…
C…
D…
8 Procedures and information flows
8.1 Onboarding the API invoker to the CAPIF
8.1.1 General
8.1.2 Information flows
8.1.2.1 Onboard API invoker request
8.1.2.2 Onboard API invoker response
8.1.3 Procedure
8.2 Offboarding the API invoker from the CAPIF
8.2.1 General
8.2.2 Information flows
8.2.2.1 Offboard API invoker request
8.2.2.2 Offboard API invoker response
8.2.3 Procedure
8.3 Publish service APIs
8.3.1 General
8.3.2 Information flows
8.3.2.1 Service API publish request
8.3.2.2 Service API publish response
8.3.3 Procedure
8.4 Unpublish service APIs
8.4.1 General
8.4.2 Information flows
8.4.2.1 Service API unpublish request
8.4.2.2 Service API unpublish response
8.4.3 Procedure
...
...
8 Procedures and information flows p. 41
8.1 Onboarding the API invoker to the CAPIF p. 41
8.1.1 General p. 41
The procedure in this subclause corresponds to the architectural requirements for onboarding the API invoker to the CAPIF. The CAPIF enables a one time onboarding process that enrolls the API invoker as a recognized user of the CAPIF, which may be triggered by the API invoker via CAPIF-1 or CAPIF-1e, or may be based on provisioning.
8.1.2 Information flows p. 41
8.1.2.1 Onboard API invoker request p. 41
Table 8.1.2.1-1 describes the information flow onboard API invoker request from the API invoker to the CAPIF core function.
| Information element | Status | Description |
|---|---|---|
| Onboarding information | M | The information of the API invoker including enrolment details, required for onboarding |
| APIs for enrollment | O | List of APIs being enrolled for. |
| Proposed expiration time | O | Proposed expiration time for the onboarding. |
8.1.2.2 Onboard API invoker response p. 41
Table 8.1.2.2-1 describes the information flow onboard API invoker response from the CAPIF core function to the API invoker.
| Information element | Status | Description |
|---|---|---|
| Onboarding status | M | The result of onboarding request i.e., success indication is included if the API invoker is granted permission otherwise failure. |
| Enrolled information | O
(see NOTE 1) | Information from the provisioned API invoker profile which may include information to allow the API invoker to be authenticated and to obtain authorization for service APIs |
| Service API information | O
(see NOTE 2) | The service API information as specified in Table 8.7.2.2-1. |
| Reason | O
(see NOTE 3) | This element indicates the reason when onboarding status is failure. |
| Expiration time | O | Indicates the expiration time of the onboarding. At expiration, CCF cancels the enrollment of the API invoker from CAPIF. If omitted, it indicates the onboarding does not expire. |
|
NOTE 1:
Information element shall be present when onboarding status is successful.
NOTE 2:
Information element may be present when onboarding status is successful.
NOTE 3:
Information element shall be present when onboarding status is failure.
|
||
8.1.3 Procedure p. 42
Figure 8.1.3-1 illustrates the procedure for onboarding the API invoker to the CAPIF. The security aspects of this procedure are specified in subclause 6.1 of TS 33.122.
Pre-conditions:
- The API invoker is not a recognized user of the CAPIF.
- The API invoker has visibility to APIs information (e.g., API catalogue or dashboard - central place for the API provider to manage which APIs are displayed, giving API invokers the ability to enroll for).
Step 1.
For enrollment of the API invoker to be a recognized user of the CAPIF, the API invoker triggers onboard API invoker request towards the CAPIF core function, providing the information as required for the API management.
Step 2.
The CAPIF core function begins the onboarding process by verifying whether all the necessary information has been provided to onboard the API invoker, and further initiates a grant process. Successful onboarding results in provisioning API invoker profile which includes identity for the API invoker. The authorization information and the list of APIs and the categories of APIs that the API invoker can access subsequent to successful onboarding may also be created. The CAPIF core function may create access control policy (see Table E-1) for the onboarded API invoker considering the network slice information.
Step 3.
If the API invoker has triggered the onboard API invoker request and is granted permission, the onboard API invoker response provides success indication including information from the provisioned API invoker profile which may include information to allow the API invoker to be authenticated and to obtain authorization for service APIs.
Step 4.
As a result of successful onboarding process, the CAPIF core function is able to authenticate and authorize the API invoker.
8.2 Offboarding the API invoker from the CAPIF p. 43
8.2.1 General p. 43
This subclause defines the procedure for offboarding the API invoker from the CAPIF. The offboarding process makes the API invoker no longer a recognized user of the CAPIF. The procedure is triggered by the API invoker over CAPIF-1 or CAPIF-1e.
8.2.2 Information flows p. 43
This subclause describes the information flows for the API invoker offboarding.
8.2.2.1 Offboard API invoker request p. 43
Table 8.2.2.1-1 describes the information flow offboard API invoker request from the API invoker to the CAPIF core function.
| Information element | Status | Description |
|---|---|---|
| API invoker identity information | M | Identity information of the API invoker requesting offboarding |
| Reason | O | Indicate the reason of offboarding |
8.2.2.2 Offboard API invoker response p. 43
Table 8.2.2.2-1 describes the information flow offboard API invoker response from the CAPIF core function to the API invoker.
| Information element | Status | Description |
|---|---|---|
| Result | M | Indicates the success or failure of the offboarding operation |
8.2.3 Procedure p. 43
Figure 8.2.3-1 illustrates the procedure for offboarding the API invoker from the CAPIF, triggered by the API invoker. The security aspects of this procedure are specified in subclause 6.8 of TS 33.122.
Pre-conditions:
- The API invoker has been onboarded as a recognized user of the CAPIF.
Step 1.
The API invoker triggers offboard API invoker request to the CAPIF core function, providing the information as required for the API management.
Step 2.
The CAPIF core function cancels the enrollment of the API invoker from CAPIF. The API invoker ceases to be a recognized user of the CAPIF. All the authorizations corresponding to the API invoker are revoked from CAPIF. Optionally, the information of the API invoker may be retained at the CAPIF core function as per the operator policy.
Step 3.
The CAPIF core function returns the offboard API invoker response providing successful offboarding indication.
8.3 Publish service APIs p. 44
8.3.1 General p. 44
The CAPIF supports publishing service APIs by the API provider. The API publishing function can be within PLMN trust domain or within 3rd party trust domain.
8.3.2 Information flows p. 44
8.3.2.1 Service API publish request p. 44
Table 8.3.2.1-1 describes the information flow service API publish request from the API publishing function to the CAPIF core function.
| Information element | Status | Description |
|---|---|---|
| API publisher information | M | The information of the API publisher may include identity, authentication and authorization information |
| Service API information | M | The service API information includes the service API name, API provider name (optional), List of public IP ranges of UEs (optional), service API category (e.g. V2X, IoT), service API status (e.g. active, inactive), communication type, description, Serving Area Information (optional), AEF location (optional), interface details (e.g. IP address, port number, URI), protocols, version numbers, data format, Service KPIs (optional), and Network Slice Info (optional). |
| Shareable information | O
(see NOTE) | Indicates whether the service API information or the service API category can be published to other CCFs. And if sharing, a list of CAPIF provider domain information where the service API information or the service API category can be published is contained. |
|
NOTE:
If the shareable information is not present, the service API information is not allowed to be shared.
|
||
The Service KPIs is defined as below:
| Information element | Status | Description |
|---|---|---|
| Maximum Request rate | O | Maximum request rate from the API Invoker supported by the server. |
| Maximum Response time | O | The maximum response time advertised for the API Invoker's service requests. |
| Availability | O | Advertised percentage of time the server is available for the API Invoker's use. |
| Available Compute | O | The maximum compute resource available for the API Invoker. |
| Available Graphical Compute | O | The maximum graphical compute resource available for the API Invoker. |
| Available Memory | O | The maximum memory resource available for the API Invoker. |
| Available Storage | O | The maximum storage resource available for the API Invoker. |
| Connection Bandwidth | O | The connection bandwidth in Kbit/s advertised for the API Invoker's use. |
8.3.2.2 Service API publish response p. 45
Table 8.3.2.2-1 describes the information flow service API publish response from the CAPIF core function to the API publishing function.
| Information element | Status | Description |
|---|---|---|
| Result | M | Indicates the success or failure of publishing the service API information |
| Service API published information reference | O
(see NOTE) | The information which can be used for referencing the information (set) about the published service API by the API publishing function. |
| Service API information | O
(see NOTE) | The information which can be used for referencing the information (set) about the published service API by the API publishing function. |
|
NOTE:
This information element is included when the Result indicates success.
|
||
8.3.3 Procedure p. 46
Figure 8.3.3-1 illustrates the procedure for publishing the service APIs. The service API publish mechanism is supported by the CAPIF core function.
Pre-conditions:
- Authorization details of the APF are available with the CAPIF core function.
- API invokers may have subscribed with the CAPIF core function to obtain new service API information.
Step 1.
The API publishing function sends a service API publish request to the CAPIF core function, with the details of the service API. If the service API is to be shared to other CAPIF core functions, the shareable information and the CAPIF provider domain information are included.
Step 2.
Upon receiving the service API publish request, the CAPIF core function checks whether the API publishing function is authorized to publish service APIs. If the check is successful, the service API information provided by the API publishing function is stored at the CAPIF core function (API registry).
Step 3.
The CAPIF core function provides a service API publish response to the API publishing function indicating success or failure result and triggers notifications to subscribed API invokers as described in subclause 8.8.4.
8.4 Unpublish service APIs p. 46
8.4.1 General p. 46
The CAPIF supports unpublishing service APIs by the API provider. Once the service API information is unpublished, it is no more available to be discovered by API invokers. The API publishing function can be within PLMN trust domain or within 3rd party trust domain.
8.4.2 Information flows p. 46
8.4.2.1 Service API unpublish request p. 46
Table 8.4.2.1-1 describes the information flow service API unpublish request from the API publishing function to the CAPIF core function.
| Information element | Status | Description |
|---|---|---|
| API publisher information | M | The information of the API publisher may include identity, authentication and authorization information |
| Service API published information reference | M | The information provided by the CAPIF core function which can be for referencing the information (set) about the published service API by the API publishing function. |
8.4.2.2 Service API unpublish response p. 47
Table 8.4.2.2-1 describes the information flow service API unpublish response from the CAPIF core function to the API publishing function.
| Information element | Status | Description |
|---|---|---|
| Result | M | Indicates the success or failure of unpublishing the service API information |
8.4.3 Procedure p. 47
Figure 8.4.3-1 illustrates the procedure for unpublishing the service APIs. The service API unpublish mechanism is supported by the CAPIF core function.
Pre-conditions:
- Authorization details of the APF are available with the CAPIF core function.
- API invokers may have subscribed with the CAPIF core function to obtain notification regarding service API unpublish.
Step 1.
The API publishing function sends a service API unpublish request to the CAPIF core function, with service API published information reference provided by the CAPIF core function when the service API was published.
Step 2.
Upon receiving the service API unpublish request, the CAPIF core function checks whether the API publishing function is authorized to unpublish service APIs. If the check is successful, the service API information provided by the API publishing function is removed at the CAPIF core function (API registry).
Step 3.
The CAPIF core function provides a service API unpublish response to the API publishing function and triggers notifications to subscribed API invokers as described in subclause 8.8.4.
