The mission critical user identity is also known as the MC ID. The MC ID is the identity that an MC service user or MC replay service user presents to the identity management server during a user authentication transaction. In general, since identity management is a common service, it uses an identity which is linked to a set of credentials (e.g. biometrics, secureID, username/password) that may not necessarily be tied to a single mission critical service. The MC ID and the MC service ID may be the same. The MC ID uniquely identifies the MC service user or MC replay service user to the identity management server. The MC ID is used by the identity management server to provide the identity management client a means for mission critical service authentication.
The MC service user identity is also known as the MC service ID. The MC service ID is a globally unique identifier within the MC service that represents the MC service user. The MC service ID identifies an MC service user. The MC service ID may also identify one or more MC service user profiles for the user at the application layer.
There are attributes associated with the MC service ID configured in the MC service that relate to the human user of the MC service. Typically, this information identifies the MC service user, by name or role, may also identify a user's organization or agency, and may also identify MC service user's service subscription to one or more MC services. Such attributes associated with an MC service ID can be used by the MC service server to make authorization decisions about the MC service granted to the user. For example, if the MC service user is subscribed to MCPTT service, an attribute that identifies a user's role as an incident commander could automatically be used by the MCPTT service to grant the user additional administrative rights over the creation of groups, or access to privileged talk groups.
The MC service ID shall be a URI. The MC service ID uniquely identifies an MC service user in an MC system. The MC service ID indicates the MC system where the MC service ID is defined.
When required by the MC service provider, the MC service ID is hidden from the signalling control plane.
A default or temporary MC service ID may be used where a user is not yet associated with a device. When a user would like to use one or more MC services but has not been authenticated by the identity management server, a default or temporary MC service ID and a corresponding MC service user profile may be used.
For the purposes of this document, an MC service administrator, MC service dispatcher, or MC service authorized user is an MC service user that has been granted special privileges within the context of the client function being performed (e.g. MC service client, group management client, configuration management client, key management client). For example, the MC service ID of a group management client of an MC service administrator can be authorized within the group management server to create new groups and add members to groups (i.e. administrative function), but is not authorized to dynamically create group or user regroups (i.e. operational function). Alternatively, for example, the MC service ID of a dispatcher will typically be authorized to dynamically create group and user regroups, but is not authorized to create new groups or add/delete members to groups. The MC service authorization framework is defined in TS 33.180.
The MC service group identity is also known as the MC service group ID. The MC service group ID is a globally unique identifier within the MC service that represents a set of MC service users. The set of MC service users may belong to the same or different MC systems. The MC system for each user (within the group) is identified by each user's respective MC service ID.
The MC service group ID identifies an MC service group in an MC system. It indicates the MC system where the MC service group is defined. It indicates the MC service server within the MC system where the group is defined as described in subclause 8.3.2.
The MC service group ID is used as follows:
For identifying a set of identities of its group members; and
By the MC service client to address the MC service group.
The MC service group ID shall be a URI.
When required by the MC service provider, the MC service group ID is hidden from the signalling control plane.
In TS 23.379, the MCPTT group ID is an MC service group ID.
In TS 23.281, the MCVideo group ID is an MC service group ID.
In TS 23.282, the MCData group ID is an MC service group ID.
In off-network operation, an MC service group ID is used for identifying the MC service group while off-network. The MC service group ID should be resolved to the ProSe Group IP multicast address and ProSe Layer-2 Group ID for the group communication. The MC service UE is able to make one or more MC service communications (as per the group configuration) with other member UEs whose users are of the same MC service group ID over ProSe direct communications based on ProSe Layer-2 Group ID and ProSe Group IP multicast address, and utilising IPv4 or IPv6 as indicated by policy, as described in TS 23.303.
Figure 8.1.3.2-1 illustrates how the MC service group ID, ProSe Group IP multicast address and the ProSe Layer-2 Group ID are mapped to each other. ProSe Group IP multicast address and ProSe Layer-2 Group ID are pre-configured in accordance with the MC service group ID. Thus, they are pre-defined and associated. This mapping information should be provisioned through UICC in the UE or through ProSe function as specified in TS 23.303, or be delivered from an application server. Mapping information is provisioned from group management server for online configuration, and provisioned from configuration management server for offline configuration.
Functional alias provides a complementary, role-based user identification scheme which can be used by MC service users for operational purposes in the form of meaningful elements such as the function, the order number or vehicle identifications that can be used within any form of MC service communication. Functional alias takes a form of a URI where the host part of the URI shall identify the home MC system MC service functional alias controlling server. The application addressing remains in its form and forms the foundation for the association with the corresponding functional alias. An MC service user can simultaneously activate several functional aliases but only one can be associated to a certain communication.
Each functional alias is subject to the uniqueness principle within an organization and can be shared simultaneously by several MC service users, depending on the assignment. In this case, all assigned MC service users sharing a functional alias can be included in a communication.
An MC service user uses a different set of functional aliases when migrating towards another service organization to allow the MC service user to be reachable by functional aliases within that organization.
The use of a functional alias always requires an association with the MC service ID. The MC service ID needs to be used to provide the security context for a communication.
The optional MC service UE label allows to distinguish between different MC service UEs in use by the same MC service ID. The MC service UE label may be added to location information reports.
The non-routable MC service UE label may include human readable information, such as an incident or MC service user specific ID, manufacturer name, brand, model, serial number, etc.
The SIP signalling control plane depends upon the use of both a private user identity and one or more public user identities.
When the signalling user agent sends registration requests to the registrar / application service selection, the private user identity is used to find corresponding credentials for authentication of the signalling user agent by the registrar / application service selection. This private user identity fulfils the same functions as the IMPI defined in TS 23.228.
All SIP signalling messages sent by a signalling user agent to an MC service server via a SIP core use a public user identity as the identifier to enable signalling messages to be routed through the SIP system. The public user identity fulfils the same functions as IMPU defined in TS 23.228.
The public user identities do not necessarily contain any application-level attributes of MC services (e.g., MCPTT ID). Any association of the public user identities with such attributes occurs at the application layer only.
When the SIP core and the MC service are part of the same trust domain, public user identities may be provided by the MC service provider or the PLMN operator. When the SIP core and the MC service are part of the different trust domains, public user identities may be provided by the PLMN operator.
The SIP core may generate public GRUUs and temporary GRUUs in order to uniquely identify MC service UEs when a user logging on from multiple devices or multiple users sharing the same device is supported per TS 23.228.
Public service identity is used as the identifier to route SIP signalling for the MC system. The public service identity fulfils the same functions as PSI defined in TS 23.228.
The following relationships exist between the MC service ID(s) and the public user identity(ies):
An MC service ID may be mapped to one or more public user identities (e.g. multiple UEs, shared UE, multiple MC services);
A public user identity may be mapped to one or more MC service IDs (e.g. UE-to-network relay); and
An MC service ID may be mapped to one or more public GRUUs (e.g. a user logging on from multiple UEs, multiple users sharing the same UE).
The MC service server manages the mapping between MC service IDs and public user identities.
The MC service server manages the mapping between MC service IDs and public GRUUs.
Temporary GRUUs are mapped to public GRUUs by the SIP core.
The public user identity does not necessarily identify the MC service user at the SIP signalling control plane. When the MC service provider and the home PLMN operator are part of the same trust domain, the public user identity in the SIP signalling control plane may also identify the MC service user at the application plane.
Each MC service group ID shall be mapped to a public service identity for the MC service server where the group is defined. The MC service server manages the mapping between MC service group IDs and public service identities.
When the MC service provider and the home PLMN operator are part of the same trust domain, the public service identity in the SIP signalling control plane may also identify the MC service group ID at the application plane.