Content for TS 26.501 Word version: 18.6.0
1…
4…
4.0.6…
4.1…
4.2…
4.2.2…
4.3…
4.4
4.5…
4.6…
4.7…
4.7.4…
4.8
4.9…
4.10…
5…
5.2…
5.2.4
5.2.5…
5.3…
5.3.2…
5.4…
5.5…
5.6…
5.7…
5.7.4…
5.7.8
5.8…
5.10…
5.10.5…
5.10.6…
5.11…
5.12…
5.12.4…
5.12.5…
6…
6.2…
6.2.2.2…
6.2.3…
6.3…
6.4…
6.8…
6.9…
6.9.5…
6.9.7
7…
8…
9…
A…
A.4…
A.8
A.9
A.10
A.11
A.12
A.13
A.14
A.15…
A.15.3…
B…
B.3
C…
C.3
C.4
C.5
D…
E…
6.3 Establishment of an uplink Media Streaming session
6.3.1 Overview
6.3.2 Baseline procedure for establishment of an uplink media streaming session
6.3.3 Baseline procedure for establishment of an uplink media streaming session with per-application authorisation of media session handling operations
6.3.3.1 Overview
6.3.3.2 Authorisation of media session handling at M5u based on access token
6.3.3.3 Authorisation of media session handling at M5u based on redirection
...
...
6.3 Establishment of an uplink Media Streaming session p. 163
6.3.1 Overview |R18| p. 163
This clause describes the baseline procedure for establishing a unicast uplink media streaming session. This baseline procedure assumes that the 5GMSu AF and the 5GMSu AS both reside in the external DN and that there are no interactions between the 5GMSu AF and the 5G System.
6.3.2 Baseline procedure for establishment of an uplink media streaming session |R18| p. 163
The procedure allows a Media Streamer to establish an uplink streaming session with a 5GMSu AS.
Steps:
Step 1.
When client assistance is provisioned:
During provisioning, the Media Streamer component of the 5GMSu Client is provisioned with basic information, such as the 5GMSu AF and 5GMSu AS addresses.
Step 2.
The 5GMSu-Aware Application acquires Service Access Information via reference point M8u or M5u according to the one of the procedures defined in clause 6.2.2.2.
Step 3.
The 5GMSu-Aware Application instructs the 5GMSu Client to start uplink media streaming according to one of the procedures defined in clause 6.2.2.2.
Step 4.
The 5GMSu Client establishes the uplink transport session.
Step 5.
The 5GMSu Client establishes the uplink media streaming session.
Step 6.
When server assistance is desired (e.g. for QoS or charging):
The 5GMSu Client establishes the assistance channel to the provisioned 5GMSu AF(s).
6.3.3 Baseline procedure for establishment of an uplink media streaming session with per-application authorisation of media session handling operations |R18| p. 164
6.3.3.1 Overview p. 164
This clause defines procedures by which a 5GMSu Application Provider authorises a 5GMSu-Aware Application to invoke media streaming operations on the 5GMSu AF at reference point M5u.
6.3.3.2 Authorisation of media session handling at M5u based on access token p. 164
The 5GMSu Application Provider provides a different access token (e.g. a random string) via M8 to each 5GMSu-Aware Application, so that each application instance can identify itself uniquely to the 5GMSu AF. The access token is provided, for example, during the login procedure or is requested at a later stage. The validity of access tokens is often limited in time. The 5GMSu-Aware Application may need to refresh the access token depending on the token validity.
The 5GMSu-Aware Application passes the access token (via an M6 API call) to the Media Session Handler. When the Media Session Handler invokes a media session handling operation at reference point M5, it presents the access token to the 5GMSu AF. Upon receipt of such an access token, the 5GMSu AF verifies whether the access token is valid. If the token is valid, the 5GMSu-Aware Application is authorised to invoke the operation.
When the OAuth 2.0 architecture RFC 6749 is used, the 5GMSu Application provider acts as authorization server, the 5GMSu-Aware Application acts as client and the 5GMSu AF acts as resource server.
The procedure allows a Media Streamer to establish an uplink streaming session with a 5GMSu AS.
Steps:
Step 1.
When client assistance is provisioned:
During provisioning, the Media Streamer component of the 5GMSu Client is provisioned with basic information, such as the 5GMSu AF and 5GMSu AS addresses.
Step 2.
5GMSu-Aware Application seeks authorisation from the 5GMSd Application Provider providing, for example, a username and a password.
Step 3.
Upon successful authorisation, the 5GMSu-Aware Application obtains an uid and a token.
Step 4.
The 5GMSu-Aware Application acquires Service Access Information via reference point M8u or M5u according to the one of the procedures defined in clause 6.2.2.2.
Step 5.
The 5GMSu-Aware Application instructs the 5GMSu Client to start uplink media streaming according to one of the procedures defined in clause 6.2.2.2.
Step 6.
The 5GMSu Client establishes the uplink transport session.
Step 7.
The 5GMSu Client establishes the uplink media streaming session.
Step 8.
The provided access token is verified.
Step 9.
When server assistance is desired (e.g. for QoS or charging):
The 5GMSu Client establishes the assistance channel to the provisioned 5GMSu AF(s).
6.3.3.3 Authorisation of media session handling at M5u based on redirection p. 166
When the OAuth 2.0 (RFC 6749) Authorization Code grant type is used, either the 5GMSu Application Provider or the 5GMSu AF acts as authorization server, as shown in Figure 6.3.3.3-1. The Media Session Handler acts as client and the 5GMSu AF acts as resource server.
The call flow is depicted below.
Step 1.
When the 5GMSu-Aware Application (immediately or later) invokes the Media Session Handler to activate media session handling for a media delivery session, the application passes only the session access information.
Step 2.
When the Media Session Handler invokes a media session handling operation on the 5GMSu AF at reference point M5u.
Step 3.
The 5GMSu AF identifies that authorization is required for accessing the requested service. The 5GMSu AF sends a redirect to the Media Session Handler, which is forwarded to the 5GMSu-Aware Application.
Step 4.
The 5GMSu-Aware Application requests an access token from the authorization server, which is realised either by the 5GMSu Application Provider (at reference point M8u) or by the 5GMSu AF (at reference point M5u).
Step 5.
After determining the policy rights of the requesting 5GMSu-Aware Application, the authorization server creates an access token and provides it to the 5GMSu-Aware Application.
Step 6.
The 5GMSu-Aware Application attempts to activate the service again, this time providing the access token obtained in the previous step as an additional input parameter.
Step 7.
The Media Session Handler invokes the media session handling operation again, this time providing the obtained access token.
Step 8.
The 5GMSu AF verifies the access token with the 5GMSu Application Provider.
Step 9.
If the 5GMSu AF is satisfied that the 5GMSu-Aware Application is authorised to invoke the media session handling operation (based on the presented access token), the 5GMSu AF carries out the requested operation. (This may involve further interaction with the PCF or NEF.)
