Content for TS 33.141 Word version: 18.0.0
0 Introduction
1 Scope
2 References
3 Definitions and abbreviations
3.1 Definitions
3.2 Abbreviations
...
...
0 Introduction p. 4
This technical specification gives an overview of the security architecture and defines the security features and security mechanisms for the presence services.
Presence services enable the dissemination of presence information of a user to other users or services. A presence entity or presentity comprises the user, user's devices, services and service components. It is the intention that this platform will enable new services like e.g. enhancement to chat, multimedia messaging, cinema ticket information, the score of a football game and so on.
A user has the possibility to control if her or his information is made available to other users or services. This control is possible to achieve with high granularity e.g. explicitly define which user or users and services have access to presence information.
A presentity is a uniquely identifiable entity with the capability to provide the presence information and it has only one principal associated with it. Hence a principal is distinct from all other principals and can be e.g. a human, organisation, program or even a collection thereof. One example of such a relation is when the presentity is a terminal and the principal of the terminal is the subscriber. However, the presence service is based on Public Identities, and consequently it is possible to have several terminals related to the same presentity. A watcher is also a uniquely identifiable entity but with the aim to fetch or request information about a presentity. There are access rules that set the rules for how presence information gets available to watchers.
Presence information consists of a number of elements or presence tuples as defined in TS 23.141
1 Scope p. 5
The present document is the Stage 2 specification for the security requirements, security architecture, security features and security mechanisms for the Presence Service, which includes the elements necessary to realise the requirements in TS 22.141 and TS 23.141. As far as SIP-based procedures are concerned, this specification refers to TS 33.203. The main content of this specification is the security for the Ut reference point, which is HTTP-based, as applied in presence services.
The present document includes information applicable to network operators, service providers and manufacturers.
2 References p. 5
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
- References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
- For a specific reference, subsequent revisions do not apply.
- For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TS 22.141: "Presence service; Stage 1".
[3]
TS 23.141: "Presence service; Architecture and functional description".
[4]
TS 33.203: "3G Security; Access security for IP-based services".
[5] Void
[6] Void
[7]
TS 23.002: "Network architecture".
[8] Void
[9] Void
[10]
TS 33.210: "3G Security; Network Domain Security; IP network layer security".
[11]
TS 33.220: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture".
[12] Void
[13] Void.
[14] Void
[15]
TR 33.919: "Generic Authentication Architecture (GAA); System description".
[16] Void
[17] Void
[18] Void
[19]
TS 33.222: "Generic Authentication Architecture (GAA); Access to network application functions using secure hypertext transfer protocol (HTTPS)".
[20] Void.
[21]
3GPP2 S.S0109-A v1.0: "Generic bootstrapping architecture"
[22]
3GPP2 S.S0114-A v1.0: "Security mechanisms using GBA"
[23]
TS 29.329: "Sh interface based on the Diameter protocol; Protocol details"
[24]
TS 24.109: "Bootstrapping interface (Ub) and network application function interface (Ua); Protocol details
[25]
TS 23.003: "Numbering, addressing and identification".
[26]
TS 29.328: "IP Multimedia (IM) Subsystem Sh interface; Signalling flows and message contents".
3 Definitions and abbreviations p. 6
3.1 Definitions p. 6
For the purposes of the present document, the following terms and definitions apply.
Confidentiality:
The property that information is not made available or disclosed to unauthorised individuals, entities or processes.
Data integrity:
The property that data has not been altered in an unauthorised manner.
Data origin authentication:
The corroboration that the source of data received is as claimed.
Entity authentication:
The provision of assurance of the claimed identity of an entity.
3.2 Abbreviations p. 6
For the purposes of the present document, the following abbreviations apply, TR 21.905 contains additional applicable abbreviations:
AKA
Authentication and key agreement
AP
Authentication Proxy
APN
Access Point Name
AS
Application Server
BSF
Bootstrapping Server Function
CSCF
Call Session Control Function
ESP
Encapsulating Security Payload
GBA
Generic Bootstrapping Architecture
GGSN
Gateway GPRS Support Node
GIBA
GPRS-IMS-Bundled Authentication
HTTP
HyperText Transfer Protocol
HTTPS
HTTP over TLS
IM
IP Multimedia
IMPI
IM Private Identity
IMPU
IM Public Identity
IMS
IP Multimedia Core Network Subsystem
IP
Internet Protocol
IPsec
IP Security
ISIM
IM Services Identity Module
NAF
Network Application Function
NDS/IP
Network Domain Security for IP based Protocols
P-CSCF
Proxy Call Session Control Function
PDP
Packet Data Protocol
SEG
Security Gateway
SIP
Session Initiation Protocol
TLS
Transport Layer Security
