Content for TS 26.501 Word version: 18.6.0
1…
4…
4.0.6…
4.1…
4.2…
4.2.2…
4.3…
4.4
4.5…
4.6…
4.7…
4.7.4…
4.8
4.9…
4.10…
5…
5.2…
5.2.4
5.2.5…
5.3…
5.3.2…
5.4…
5.5…
5.6…
5.7…
5.7.4…
5.7.8
5.8…
5.10…
5.10.5…
5.10.6…
5.11…
5.12…
5.12.4…
5.12.5…
6…
6.2…
6.2.2.2…
6.2.3…
6.3…
6.4…
6.8…
6.9…
6.9.5…
6.9.7
7…
8…
9…
A…
A.4…
A.8
A.9
A.10
A.11
A.12
A.13
A.14
A.15…
A.15.3…
B…
B.3
C…
C.3
C.4
C.5
D…
E…
4.10 3GPP Service URL handling
4.10.1 General
4.10.2 Baseline parameters of 3GPP Service URL for 5G Media Streaming
4.11 Security architecture
4.11.1 General
4.11.2 Mapping of CAPIF to 5GMS architecture
4.11.2.1 Provisioning a trusted 5GMS AF from a 5GMS Application Provider in the Trusted or External DN at reference point M1
4.11.2.2 Configuring a trusted 5GMS AS from a 5GMS AF in the Trusted or External DN at reference point M3
4.11.2.3 Invoking a 5GMS AF in the Trusted DN from a Media Session Handler at reference point M5
...
...
4.10 3GPP Service URL handling |R18| p. 72
4.10.1 General p. 72
Where there is a facility for an application or service to launch a UE function on the same UE via a URL request, it is convenient to use such a mechanism to launch media session handling for a 5G Media Streaming session. In this case, the Media Session Handler can be launched implicitly as a result of a request for a URL with a prefix that matches a value previously registered with the UE Operating System by the Media Session Handler. Media streaming may also be launched as a by-product of the URL request by embedding a Media Entry Point in the URL. This enables 5G Media Streaming sessions to be launched by any UE application (not just a 5GMS-Aware Application), or from a link in a web page.
If the Media Session Handler is not available on the UE, or if the Media Session Handler is not able to resolve the service, then the 3GPP Service URL shall resolve to an endpoint on the 5GMS AF which may respond to the URL request, for example by redirecting the application to a Media Entry Point.
This clause defines the baseline requirements for a 3GPP Service URL that can be used to activate a 5G Media Streaming session in line with step 5 of clause 5.1 (for downlink Media Streaming), and steps 4 and 6 of clause 6.1 (for uplink Media Streaming). The detailed baseline procedure for handling these 3GPP Service URLs is defined in clause 9.
4.10.2 Baseline parameters of 3GPP Service URL for 5G Media Streaming p. 72
The parameters in Table 4.10.2-1 may be included explicitly or implicitly in the 3GPP Service URL when it is used to launch a 5G Media Streaming session:
| Parameter | Use | Description |
|---|---|---|
| Service type | M | Uniquely indicating either downlink 5G Media Streaming or uplink 5G Media Streaming. |
| External service identifier | M | A globally unique service identifier nominated by the 5GMS Application Provider that resolves to a Provisioning Session in the 5GMS System. |
| 5GMS AF endpoint addresses | 0..N | Endpoint address(es) for 5GMS AF instance(s) to be used by the Media Session Handler at reference point M5. Any of the provided addresses may be used for media session handling of this 3GPP Service URL. Present only in the case where the 5GMS AF is deployed outside the Trusted DN. |
| 5GMS AF access token | 0..1 | A token that is presented by the Media Session Handler to the 5GMS AF at reference point M5 that asserts its right to invoke the media session handling operations exposed by the 5GMS AF. |
| Media Entry Point URLs | 0..N | URLs of Media Entry Points on a 5GMS AS to be launched by the Media Session Handler after successful initiation of media session handling and establishment of communication with the Media Stream Handler (Media Player or Media Streamer). |
| Acceptable media types | C | Indicating a set of media types acceptable to the 5GMS-Aware Application for a 5G Media Streaming session. Present if no Media Entry Point is provided. This value is used by the Media Session Handler to select the appropriate Media Entry Point provided by the 5GMS AF. |
| Acceptable media profiles | C | Indicating a set of acceptable conformance profiles for a 5G Media Streaming session. Present if no Media Entry Point is provided. This value is used by the Media Session Handler to select the appropriate Media Entry Point provided by the 5GMS AF. |
The 3GPP Service URL for 5G Media Streaming may also include information to support handling of eMBMS or MBS delivery.
4.11 Security architecture |R18| p. 72
4.11.1 General p. 72
The 5GMS architecture may support the Common API Framework (CAPIF) as specified in TS 23.222 for the interactions across security trust boundaries defined in clause 4.11.2.
4.11.2 Mapping of CAPIF to 5GMS architecture p. 73
4.11.2.1 Provisioning a trusted 5GMS AF from a 5GMS Application Provider in the Trusted or External DN at reference point M1 p. 73
Aligned with the provisions for securing northbound APIs defined in TS 33.122, access to the provisioning operations of the 5GMS AF at reference point M1 may be authorised by means of the OAuth 2.0 framework defined in RFC 6749. In this case, the CAPIF core function defined in TS 29.222 plays the role of authorization server, the 5GMS AF plays the role of resource server and the 5GMS Application Provider plays the role of client.
When CAPIF is supported at reference point M1, the 5GMS Application Provider in the Trusted or External DN shall be authenticated and authorised by the CAPIF core function before it is permitted to create, modify or remove the provisioned services in the trusted 5GMS AF at reference point M1. To successfully invoke provisioning operations at reference point M1, the 5GMS Application Provider is required to present a valid access token that has previously been issued to it by the CAPIF core function at CAPIF-1/1e.
Figure 4.11.2.1-1: Mapping of 5G Media Streaming architecture to CAPIF
(⇒ copy of original 3GPP image)
(⇒ copy of original 3GPP image)
for 5GMS Application Provider provisioning trusted 5GMS AF
When CAPIF is supported at reference point M1, then:
- The 5GMS AF shall support the CAPIF API provider domain functions (i.e. CAPIF-2/2e, CAPIF-3, CAPIF-4 and CAPIF-5 as specified in TS 23.222).
- The Maf_Provisioning service shall be exposed to the 5GMS Application Provider at reference point CAPIF-2/2e, realising reference point M1.
4.11.2.2 Configuring a trusted 5GMS AS from a 5GMS AF in the Trusted or External DN at reference point M3 p. 74
Aligned with the provisions for securing northbound APIs defined in TS 33.122, access to the configuration operations of the 5GMS AS at reference point M3 may be authorised by means of the OAuth 2.0 framework defined in RFC 6749. In this case, the CAPIF core function defined in TS 29.222 plays the role of authorization server, the 5GMS AS plays the role of resource server and the 5GMS AF plays the role of client.
When CAPIF is supported at reference point M3, the 5GMS AF in the Trusted or External DN shall be authenticated and authorised by the CAPIF core function before it is permitted to create, modify or remove the configurations in the trusted 5GMS AS at reference point M3. To successfully invoke configuration operations at reference point M3, the 5GMS AF is required to present a valid access token that has previously been issued to it by the CAPIF core function at CAPIF-1/1e.
Figure 4.11.2.2-1: Mapping of 5G Media Streaming architecture to CAPIF
(⇒ copy of original 3GPP image)
(⇒ copy of original 3GPP image)
for 5GMS AF provisioning trusted 5GMS AS
When CAPIF is supported at refernece point M3, then:
- The 5GMS AS shall support the CAPIF API provider domain functions (i.e. CAPIF-2/2e, CAPIF-3, CAPIF-4 and CAPIF-5 as specified in TS 23.222).
- The Mas_Configuration service shall be exposed to the 5GMS AF at reference point CAPIF-2/2e, realising reference point M3.
4.11.2.3 Invoking a 5GMS AF in the Trusted DN from a Media Session Handler at reference point M5 p. 75
Aligned with the provisions for securing southbound APIs defined in TS 23.222 access to the media session handling operations of the 5GMS AF at reference point M5 may be authorised by means of the OAuth 2.0 framework defined in RFC 6749. In this case, either the CAPIF core function defined in TS 23.222 or the 5GMS Application Provider plays the role of authorization server, the 5GMS AF plays the role of resource server and the Media Session Handler plays the role of client.
When CAPIF is supported at reference point M5, the Resource owner-aware Northbound API Access (RNAA) model is recommended as defined in clause 6.2.3 of TS 23.222. The Media Session Handler in the 5GMS Client shall be authenticated and authorised by the CAPIF core function before it is permitted to invoke media session handling operations on the 5GMS AF at reference point M5. To successfully invoke media session handling operations at reference point M5, the Media Session Handler in the 5GMS Client is required to present a valid access token that has previously been issued to it by the CAPIF core function at CAPIF-1e.
Figure 4.11.2.3-1: Mapping of 5G Media Streaming architecture to CAPIF
(⇒ copy of original 3GPP image)
(⇒ copy of original 3GPP image)
for a 5GMS Client accessing the 5GMS AF
When CAPIF is supported at reference point M5, then:
- The 5GMS AF shall support the CAPIF API provider domain functions (i.e. CAPIF-2e, CAPIF-3, CAPIF-4 and CAPIF-5 as specified in TS 23.222).
- The Maf_SessionHandling service shall be exposed to the Media Session Handler in the 5GMS Client at reference point CAPIF-2e, realising reference point M5.
