5GLAN services are described in TS 23.501 and TS 23.502.

For authentication and authorization of a UE in 5G LAN communication, the secondary authentication procedures between UE and external data networks via the 5G Network as described in clause 11 shall apply.

To reduce incremental complexity added by security, all PDU sessions associated with a specific 5G LAN group should have the same UP security policy.

The 5G TSC service is described in TS 23.501. It allows the 5G System to be integrated transparently as a bridge in an IEEE TSN network [75], where the 5GS system acts as one or more TSN Bridges of a TSN network.

A 5GS TSC-enabled UE accesses the 5G network as described in this document except where differences are provided in the following clauses.

After the 5GS TSC-enabled UE is authenticated and data connection is set up, any data received from a TSC bridge or another 5GS TSC-enabled UE shall be transported between DS-TT (in the UE) and NW-TT (in the UPF) in a protected way using the mechanisms for UP security as described in clause 6.6. The UP security enforcement information shall be set to "required" for data transferred from gNB to a 5GS TSC-enabled UE. This is also applicable to the (g)PTP messages sent in the user plane.

Any AF that has knowledge of deterministic application requirements is able to request TSC services from the 5GS by interfacing with NEF, and as authorized, can be notified of pertinent network events. The security solution as described in clause 12 shall apply.