For the authorization of the AF, 5GC NF or LCS client for Ranging/SL Positioning service exposure, the SL-MT-LR procedure specified in TS 23.273 is taken as the baseline. The authorization shall be performed towards all the n UEs (n ≥ 2), i.e. UE1, UE2, ..., UEn in the request message. If all of the UEs grant permission for Ranging/SL Positioning exposure, the GMLC shall forward the service request from the AF,5GC NF or LCS client to the AMF. If none of the UEs grants permission for Ranging/SL Positioning exposure, the GMLC shall reject the service request. If part of the UEs grant and part of the UEs don't grant permission for Ranging/SL Positioning exposure, the GMLC shall decide to proceed with or reject the service request from the AF, 5GC NF or LCS client based on the privacy check results of the n UEs and a criterion up to implementation, e.g. a local rule configured by the network operator. If the GMLC decides to accept the service request, it shall only include the identities of the UEs granting permission in the service request forwarded to the AMF. When receiving the Ranging/SL Positioning service request from the AF,5GC NF or LCS client, the GMLC (i.e. anchor GMLC) interacts with the UDM to check the UE privacy profile. for Ranging/SL Positioning service as specified in Annex B for the UEs belonging to the same PLMN If any of n UEs belong to different PLMNs, then the anchor GMLC sends a request to the Home GMLC of each of those UEs to check the Ranging/SL positioning privacy profiles of the UEs.

The Home GMLCs of each of those UEs queries the UDM in its own PLMN to check the UE privacy profile and sends back the privacy check result to the anchor GMLC. When the Home GMLC of each of those UE checks UE Ranging/SL Positioning privacy profile and if privacy check related action (e.g. notification, verification) towards the UE is required, the Home GMLC of each of those UEs shall retrieve the serving AMF from the UDM of each of the UEs and trigger privacy check of the UE towards the serving AMF of each of these UEs via VGMLC, using Ngmlc_Location_ProvideLocation and Namf_Location_ProvidePositioningInfo message which include the indicator of privacy related action for the UE and location type indicating "notification only". The serving AMF shall respond to the Home GMLC of each of the UEs with privacy check results of the UE. If the Ranging/SL Positioning service exposure is disallowed by the UE, or signalling connection establishment fails for UE notification (including UE notification with privacy verification), the serving AMF shall also include failure cause for the UE in the response message to the Home GMLC.

The anchor GMLC interacts with the AMF of the target UE (which is treated as UE1 in clause 6.20.3 of TS 23.273) to request the ranging/SL positioning result of UEs based on the SL-MT-LR procedure as specified in clause 6.20.3 of TS 23.273, which may include an indication of a privacy related action, for each of the UEs if privacy related action is required by the UEs based on privacy profile check result from UDM and if the UEs belonging to the same PLMNand served by the same AMF as the target UE. If one or more UEs are served by different AMF(s) and privacy related action is required, the anchor GMLC triggers privacy check of these UEs towards the serving AMF(s) of these UEs via VGMLC, using Ngmlc_Location_ProvideLocation and Namf_Location_ProvidePositioningInfo message which include the indicator of privacy related action for each of the UEs and location type indicating "notification only". If the indicator of privacy check related action for each of the UEs indicates that the UEs shall either be notified or notified with privacy verification, a notification invoke message is sent to each of the UEs by the serving AMF(s) if the NAS connection is established. The serving AMF(s) shall respond to the anchor GMLC with privacy check results of the UEs. If the Ranging/SL Positioning service exposure is disallowed by the UE, or NAS connection establishment fails for UE notification (including UE notification with privacy verification), the serving AMF(s) shall also include failure cause for each of the UE(s) in the response message to the anchor GMLC.

According to clause 5.6.2 of TS 23.586, Ranging/SL Positioning service can be exposed to the SL Positioning Client UE through PC5. The SL Positioning Client UE shall be authorized for Ranging/SL Positioning service exposure.

For Ranging/SL Positioning service exposure through PC5 (i.e. clause 6.7.1.1 of TS 23.586), the SL Positioning Client UE authorization is triggered by the Reference/Target UE during PC5 link establishment. The authorization can be performed by the network via the SLPKMF for ProSe capable UEs or by the Reference/Target UE if the authorization information is available in the UE. For UE-only operation or before triggering SL-MO-LR for Network based operation, the UE1 receiving the Ranging/SL positioning request shall send a supplementary RSPP signalling message to UE2/../UEn to trigger privacy check for Ranging/SL positioning service exposure through PC5. The supplementary RSPP message shall include Client UE's user info ID that is received by UE1 from the Client UE. The UE1 and UE2/../UEn shall perform UE privacy check as described in clause 6.3.7 to determine whether their location related information can be exposed to Client UE. If the Client UE is not authorized, the Ranging/SL Positioning service request shall be rejected.