Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.980  Word version:  18.0.0

Top   Top   Up   Prev   None
0…   4…
4 Interworking of Liberty Alliance ID-FF/ ID-WSF and Generic Authentication Architecture4.1 Introduction4.2 Architectural Description - Use of GBA within ID-FF / ID-WSF4.3 Co-hosting of NAF and IdP4.3a Co-hosting of BSF and IdP4.4 Use of GUSS / USS in Support of ID-FF and ID-WSF4.5 Liberty Alliance Authentication Context and GBAA Digest Authentication within SASL for Ua protocol between UE and AS/NAF$ Change history

 

4  Interworking of Liberty Alliance ID-FF/ ID-WSF and Generic Authentication Architecturep. 9

4.1  Introductionp. 9

4.2  Architectural Description - Use of GBA within ID-FF / ID-WSFp. 9

4.2.1  Architecture for collocation of NAF with Liberty Alliance Authentication Functionp. 12

4.2.1.1  Collocation of IdP/NAF in Liberty Alliance ID-FF (alternatively SAML v2.0)p. 12

4.2.1.2  Collocation of AS/NAF in Liberty Alliance ID-WSFp. 13

4.2.2  Architecture for collocation of BSF with Liberty Alliance authentication functionp. 15

4.2.2a  Logical data model of the Liberty Alliance Authentication Function (IdP/AS)p. 16

4.2.3  User Registration to Interworking Servicep. 16

4.2.3.1  Registration with Operatorp. 17

4.2.3.2  Registration with IdPp. 17

4.2.4  Provisioning of User Data for Interworking Servicep. 17

4.2.4.1  Service based on standard user datap. 18

4.2.4.2  Service based on pre-provisioned interworking datap. 18

4.2.4.3  Service based on explicitly added interworking datap. 18

4.3  Co-hosting of NAF and IdPp. 18

4.3.1  Federation Concept in GBAp. 19

4.3.2  Session Concept at IdPp. 19

4.3.2a  Single-Logout Conceptp. 20

4.3.3  SSO scenario: ID-FF with <lib:AuthnResponse> transferp. 20

4.3.3.1  HTTPS with conventional TLSp. 20

4.3.3.2  HTTPS with PSK TLSp. 22

4.3.4  SSO scenario: ID-FF with artefact transferp. 23

4.3.5  SSO scenario: ID-WSF Authentication Servicep. 25

4.3.6  SSO scenario: SAML v2.0 with <samlp:Response> transferp. 27

4.3.6.1  HTTPS with TLSp. 27

4.3.6.2  HTTPS with PSK TLSp. 28

4.3.7  SSO scenario: SAML v2.0 with artefact transfer (resolution)p. 29

4.3a  Co-hosting of BSF and IdPp. 30

4.3a.1  Generalp. 30

4.3a.2  UE behaviourp. 31

4.3a.3  IdP/BSF behaviourp. 31

4.3a.4  Federation Concept in GBA with IdP/BSF collocationp. 31

4.3a.5  Session Concept at the IdPp. 32

4.3a.6  SSO scenario: ID-FF with <samlp:AuthnResponse> transferp. 32

4.4  Use of GUSS / USS in Support of ID-FF and ID-WSFp. 34

4.4.1  GAA-LAP Interworking Servicep. 35

4.4.2  GAA-LAP Interworking USSp. 35

4.4.2a  GUSS / USS when IdP/AS is collocated with BSFp. 35

4.5  Liberty Alliance Authentication Context and GBAp. 35

A  Digest Authentication within SASL for Ua protocol between UE and AS/NAFp. 37

A.1  HTTPS deploymentp. 37

A.2  Digest challengep. 37

A.3  Digest responsep. 38

A.4  Response authp. 38

A.5  Subsequent authenticationp. 38

$  Change historyp. 39

Up   Top