Content for TS 24.547 Word version: 18.0.0
1 Scope
2 References
3 Definitions of terms and abbreviations
3.1 Terms
3.2 Abbreviations
4 General description
...
...
1 Scope p. 6
The present document specifies the protocol aspects for the identity management capability of SEAL to support vertical applications (e.g. V2X) over the 3GPP system.
The present document is applicable to the User Equipment (UE) supporting the identity management client functionality as described in TS 23.434, to the application server supporting the identity management server functionality as described in TS 23.434 and to the application server supporting the vertical application server (VAL server) functionality as defined in specific vertical application service (VAL service) specifications.
2 References p. 6
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
- References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
- For a specific reference, subsequent revisions do not apply.
- For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TS 23.434: "Service Enabler Architecture Layer for Verticals (SEAL); Functional architecture and information flows".
[3] Void.
[4] Void.
[5] Void.
[6]
W3C.REC-html401-19991224: "HTML 4.01 Specification".
[7]
TS 33.434: "Service Enabler Architecture Layer (SEAL); Security aspects for Verticals".
[8]
RFC 8693: "OAuth 2.0 Token Exchange".
[9]
RFC 6749: "The OAuth 2.0 Authorization Framework".
[10]
RFC 7159: "The JavaScript Object Notation (JSON) Data Interchange Format".
[11]
"OpenID Connect Core 1.0": incorporating errata set 1.
[12] Void.
[13]
RFC 6750: "The OAuth 2.0 Authorization Framework: Bearer Token Usage".
[14]
TS 24.109: "Bootstrapping interface (Ub) and network application function interface (Ua); Protocol details".
[15]
RFC 9112: "HTTP/1.1".
[16]
RFC 9110: "HTTP Semantics".
[17]
RFC 7252: "The Constrained Application Protocol (CoAP)".
[18]
RFC 8323: "CoAP (Constrained Application Protocol) over TCP, TLS, and WebSockets".
[19]
RFC 9200: "Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)".
[20]
RFC 9202: "Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)".
[21]
RFC 9203: "The Object Security for Constrained RESTful Environments (OSCORE) Profile of the Authentication and Authorization for Constrained Environments (ACE) Framework".
3 Definitions of terms and abbreviations p. 7
3.1 Terms p. 7
For the purposes of the present document, the terms given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
Authorisation endpoint:
A SEAL identity management server protocol endpoint used by the SEAL identity management client to obtain an authorisation grant, as specified in IETF RFC 6749.
SEAL identity management client:
An entity that provides the client side functionalities corresponding to the identity management SEAL service.
SEAL identity management server:
An entity that provides the server side functionalities corresponding to the identity management SEAL service.
Token endpoint:
A SEAL identity management server protocol endpoint used by the SEAL identity management client to exchange an authorisation grant for an access token, as specified in IETF RFC 6749 [9] for HTTP and RFC 9200 for CoAP.
For the purposes of the present document, the following terms and definitions given in TS 23.434 apply:
SEAL client
SEAL server
SEAL service
VAL server
VAL service
VAL user
Vertical
Vertical application
3.2 Abbreviations p. 7
For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
ACE
Authentication and Authorization for Constrained Environments
SEAL
Service Enabler Architecture Layer for verticals
SIM-C
SEAL Identity Management Client
SIM-S
SEAL Identity Management Server
VAL
Vertical Application Layer
4 General description p. 7
Identity management is a SEAL service that provides the identity management related capabilities to one or more vertical applications. The present document enables a SEAL identity management client and a VAL server to communicate with a SEAL identity management server. The SEAL identity management server authenticates the VAL user's identity by verifying the credentials provided by the VAL user. When the VAL user is authenticated it is provided with an access token which is used for accessing different SEAL services.
