Content for  TS 23.434  Word version:  19.3.0

In this step the identity management client begins the user authorization procedure. The VAL user supplies the user credentials (e.g. biometrics, secureID, username/password) for verification with the identity management server. This step may occur before or after step 3. In a VAL system with multiple VAL services, a single user authentication as in step 1 can be used for multiple VAL service authorizations for the user.

The signalling user agent establishes a secure connection to the SIP core for the purpose of SIP level authentication and registration.

The signalling user agent completes the SIP level registration with the SIP core (and an optional third-party registration with the VAL service server(s)).

The VAL server sends a request message to identity management server to provision required information. The request message includes identity of the VAL server, security credentials of the VAL server, and service provider specific information like identity list per VAL service.

Upon receiving the request, the identity management server authorizes the request based on the security credentials provided in the request and considering the service level agreement between VAL service provider and SEAL service provider. If VAL server is authorized to use the SEAL service, then the identity management server stores the details about the VAL server including the list of VAL user IDs per VAL service. The identity management server sends the response message to the VAL server.

The VAL server sends a request message to identity management server to update the required provisioning information. The request message includes identity of the VAL server, security credentials of the VAL server, and service provider specific information like identity list per VAL service.

Upon receiving the request, the identity management server authorizes the request based on the security credentials provided in the request and considering the service level agreement between VAL service provider and SEAL service provider. If VAL server is authorized to use the SEAL service and if there exists provisioning information, then the identity management server updates the details about the VAL server for the provided VAL service IDs, including the list of VAL user IDs per VAL service. The provisioning information corresponding to a VAL server ID can be updated to add, remove or update VAL service IDs and its related information. The identity management server sends the response message to the VAL server.

The VAL server sends a request message to identity management server to get the required provisioning information. The request message includes identity of the VAL server whose provisioning information is requested.

Upon receiving the request, the identity management server authorizes the request based on the security credentials provided in the request and considering the service level agreement between VAL service provider and SEAL service provider. If VAL server is authorized to use the SEAL service and if there exists provisioning information, then the identity management server sends success response including the list of VAL user IDs per VAL service. Otherwise, the identity management server sends failure response message to the VAL server.

The VAL server sends a request message to identity management server to delete the provisioning information. The request message includes identity of the VAL server.

Upon receiving the request, the identity management server authorizes the request based on the security credentials provided in the request and considering the service level agreement between VAL service provider and SEAL service provider. If VAL server is authorized to use the SEAL service and if there exists provisioning information, then the identity management server deletes the provisioning information for given VAL server ID and sends success response. Otherwise, the identity management server sends failure response message to the VAL server.