Content for TR 33.804 Word version: 12.0.0
5 System architecture and assumptions
6 Security requirements
7 Solutions
A Use of the key derivation function
$ Change history
5 System architecture and assumptions p. 7
5.1 Overview of Existing Systems p. 7
5.2 High-level architecture for SSO to applications for Common IMS based on SIP Digest p. 11
5.3 Support for the Ut reference point p. 12
5.4 Interworking with Liberty Alliance p. 13
5.5 Interworking with OpenId p. 14
6 Security requirements p. 16
7 Solutions p. 17
7.1 General p. 17
7.2 Solution 1 - SIP Digest based GBA solution p. 17
7.2.1 Solution 1 - Architecture for SIP Digest based GBA (GBA_Digest) p. 17
7.2.2 SIP Digest based GBA (GBA_Digest) bootstrapping procedure and its use p. 19
7.2.3 Interworking of SIP digest based GBA with other SSO systems p. 22
7.2.4 Evaluation p. 22
7.3 Solution 2 - SIP Digest based Authentication and Lightweight Security (SDALS) solution p. 25
7.3.1 Architecture and Interworking for SDALS p. 25
7.3.1.1 Solution 2 - High-level architecture p. 25
7.3.1.2 Interworking of SDALS (solution 2) with other SSO systems p. 26
7.3.2 Message Flows for Solution 2 SDALS p. 29
7.3.2.1 Basic message flow p. 29
7.3.2.2 Message Flow with IdP (SSO Server) and OP co-hosting p. 32
7.3.2.3 Message Flow with AS and OP co-hosting p. 34
7.3.2.4 Solution 2 (SDALS) - Improvements with RP authentication for IdP (SSO Server) and OP co-hosting case p. 37
7.3.3 Solution 2 SDLAS - evaluation p. 42
7.4 The Use of protocol binding for SIP Digest over TLS to prevent MitM attacks p. 42
A Use of the key derivation function p. 45
$ Change history p. 47
