SlideShare a Scribd company logo
1 of 13
© 2019 Verizon.
Development of 5G
IAM Architecture
Transitioning to a User Centric
View
Bjorn Hjelm
June 28, 2019
© 2019 Verizon.
Why, What and How
2
© 2019 Verizon. 3
5G Currencies / Capabilities
© 2019 Verizon.
5G Core Network Key Principles and Concepts
4
Service-based interactions between Control Plane Network Functions (NF)
where authorized NFs can access any other NF services.
Separation between Control Plane and User Plane allowing for independent
scalability, evolution and flexible deployments.
Modularization of functions to enable flexible network slicing and support for
capability exposure.
1
2
3
© 2019 Verizon.
5G Core Network redefined as
Service-Based Architecture
(SBA)
5
UE (R)AN UPF
AF
AMF SMF
PCF UDM
DNN6
NRFNEF
N3
N2 N4
AUSF
Nausf Namf Nsmf
NpcfNnrfNnef Nudm Naf
NSSF
Nnssf
SBA entities
User Plane entities
1 3GPP TS 23.501, “System Architecture for the 5G System,” v.15.5.0, March 2019.
5G System Architecture1
© 2019 Verizon. 6
Study on a Layer for User Centric
Identifiers and Authentication followed
by User Identities and Authentication
(UIA) that introduce normative
requirements and study on the Usage
of User Identifiers in the 5G System
for architecture development.
Developed use cases focused on IoT
and generated requirements for a
service- and layer- agnostic Identity
as an Abstraction Layer in 5G as part
of the input to 3GPP.
Defined a 5G Vision around business
context based on use cases, business
models and value creation with a
user-centric view and the identity of
the entity.
Development of 5G IAM Requirements
© 2019 Verizon. 7
Identity as an Abstraction Layer in 5G
Service-
and Layer-
agnostic
Identity
An identity that bridges between network access technologies.
5G IAM architecture needs to abstract from domain related identifiers and network technologies.
An identity that bridges between different services offered by one
provider.
An identity that bridges between operators and other identity
providers, providing a global identity business proposition.
© 2019 Verizon. 8
Basic Concept and Relations of 5G Identity
Management
Relationship between User, Identities, Identifiers and Attributes2
A user is an entity in the context of identity
management.
The identity can depend on the role of the
entity in the system.
A user can have several user identities
(professional, private, etc.).
A user identity is associated with some pieces
of information generally referred to as
attributes where identifiers are one special
form of attribute.
Attributes that are not identifiers may be
associated with one or more identities.
2 3GPP TR 22.904, “Study on user centric identifiers and authentication,” v.16.1.0, Sep. 2018.
© 2019 Verizon. 9
5G User Centric Authentication Layer
2 3GPP TR 22.904, “Study on user centric identifiers and authentication,” v.16.1.0, Sep. 2018.
Shall exist on top of the existing
subscription authentication.
Shall not replace existing subscription
credentials.
Shall support various authentication
mechanisms and interactions with
authentication system.
Shall support a service- and layer-
identity of the user.
The user centric authentication layer2…
© 2019 Verizon. 10
• Slice authentication (and
authorization) by 3rd party.
▶ A slice can represent a tier of
service.
• Industrial factory automation and
discrete automation.
• Several users or devices (IoT,
wearables etc.) behind one
gateway.
• Access via non-3GPP device to a
subscription in the 3GPP system.
• Sharing of devices / services
configuration of shared devices.
• Authorizing others to access one’s
resources.
5G UIA Use Cases
© 2019 Verizon.
In addition...
11
Authorization of 5G Network Function (NF) service access1 and 3rd-
party Application Functions (AF)3 are based on OAuth 2.0 framework.
Identity management and user authentication functionality for 3GPP
Mission Critical (MC) services is based on OpenID Connect and OAuth
2.0.4
1 3GPP TS 23.501, “System Architecture for the 5G System,” v.15.5.0, March 2019.
3 3GPP TS 33.501, “Security architecture and procedures for 5G system,” v.15.4.0, Mar. 2019.
4 3GPP TS 33.180, “Security of the mission critical service,” v.14.6.0, Mar. 2019.
© 2019 Verizon.
Summary
12
The 5G Vision focuses on business context based on use cases, business
models and value creation with a user-centric view.
The concept of User Identity in a 5G system has been defined and agreed upon
within 3GPP with architecture work in development.
Some of the basic building blocks to support 5G User Centric Authentication
Layer already exist.
1
2
3
© 2019 Verizon.

More Related Content

What's hot

LTE Call Processing and Handover
LTE Call Processing and HandoverLTE Call Processing and Handover
LTE Call Processing and HandoverSitha Sok
 
Lecture 11 14. Adhoc routing protocols cont..
Lecture 11 14. Adhoc  routing protocols cont..Lecture 11 14. Adhoc  routing protocols cont..
Lecture 11 14. Adhoc routing protocols cont..Chandra Meena
 
Leading the path towards 5G with LTE Advanced Pro
Leading the path towards 5G with LTE Advanced ProLeading the path towards 5G with LTE Advanced Pro
Leading the path towards 5G with LTE Advanced ProQualcomm Research
 
Lte outbound roaming_session
Lte outbound roaming_sessionLte outbound roaming_session
Lte outbound roaming_sessionSamir Mohanty
 
GGSN-Gateway GPRS Support Node
GGSN-Gateway GPRS Support NodeGGSN-Gateway GPRS Support Node
GGSN-Gateway GPRS Support NodeMustafa Golam
 
Adhoc and Sensor Networks - Chapter 02
Adhoc and Sensor Networks - Chapter 02Adhoc and Sensor Networks - Chapter 02
Adhoc and Sensor Networks - Chapter 02Ali Habeeb
 
Extending the Life of your SS7 Network with SIGTRAN
Extending the Life of your SS7 Network with SIGTRANExtending the Life of your SS7 Network with SIGTRAN
Extending the Life of your SS7 Network with SIGTRANAlan Percy
 
Link Aggregation Control Protocol
Link Aggregation Control ProtocolLink Aggregation Control Protocol
Link Aggregation Control ProtocolKashif Latif
 
WiMAX (IEEE 802.16)
WiMAX (IEEE 802.16)WiMAX (IEEE 802.16)
WiMAX (IEEE 802.16)Sajid Marwat
 
Advanced: 5G NR RRC Inactive State
Advanced: 5G NR RRC Inactive StateAdvanced: 5G NR RRC Inactive State
Advanced: 5G NR RRC Inactive State3G4G
 
Introduction to Mobile Core Network
Introduction to Mobile Core NetworkIntroduction to Mobile Core Network
Introduction to Mobile Core Networkyusufd
 
GRE (generic routing encapsulation)
GRE (generic routing encapsulation)GRE (generic routing encapsulation)
GRE (generic routing encapsulation)Netwax Lab
 
Transport protocols
Transport protocolsTransport protocols
Transport protocolsOnline
 
wireless sensor network
wireless sensor networkwireless sensor network
wireless sensor networkA. Shamel
 
Lte ue initial attach & detach from networkx
Lte ue initial attach & detach from networkxLte ue initial attach & detach from networkx
Lte ue initial attach & detach from networkxtharinduwije
 
An overview of D2D in 3GPP LTE standard
An overview of D2D in 3GPP LTE standardAn overview of D2D in 3GPP LTE standard
An overview of D2D in 3GPP LTE standardssk
 
SENSOR NETWORK PLATFORMS AND TOOLS
SENSOR NETWORK PLATFORMS AND TOOLSSENSOR NETWORK PLATFORMS AND TOOLS
SENSOR NETWORK PLATFORMS AND TOOLSjuno susi
 
Security in wireless sensor network
Security in wireless sensor networkSecurity in wireless sensor network
Security in wireless sensor networkAdit Pathak
 

What's hot (20)

LTE Call Processing and Handover
LTE Call Processing and HandoverLTE Call Processing and Handover
LTE Call Processing and Handover
 
Lecture 11 14. Adhoc routing protocols cont..
Lecture 11 14. Adhoc  routing protocols cont..Lecture 11 14. Adhoc  routing protocols cont..
Lecture 11 14. Adhoc routing protocols cont..
 
Leading the path towards 5G with LTE Advanced Pro
Leading the path towards 5G with LTE Advanced ProLeading the path towards 5G with LTE Advanced Pro
Leading the path towards 5G with LTE Advanced Pro
 
Lte outbound roaming_session
Lte outbound roaming_sessionLte outbound roaming_session
Lte outbound roaming_session
 
GGSN-Gateway GPRS Support Node
GGSN-Gateway GPRS Support NodeGGSN-Gateway GPRS Support Node
GGSN-Gateway GPRS Support Node
 
Adhoc and Sensor Networks - Chapter 02
Adhoc and Sensor Networks - Chapter 02Adhoc and Sensor Networks - Chapter 02
Adhoc and Sensor Networks - Chapter 02
 
Extending the Life of your SS7 Network with SIGTRAN
Extending the Life of your SS7 Network with SIGTRANExtending the Life of your SS7 Network with SIGTRAN
Extending the Life of your SS7 Network with SIGTRAN
 
Link Aggregation Control Protocol
Link Aggregation Control ProtocolLink Aggregation Control Protocol
Link Aggregation Control Protocol
 
WiMAX (IEEE 802.16)
WiMAX (IEEE 802.16)WiMAX (IEEE 802.16)
WiMAX (IEEE 802.16)
 
Advanced: 5G NR RRC Inactive State
Advanced: 5G NR RRC Inactive StateAdvanced: 5G NR RRC Inactive State
Advanced: 5G NR RRC Inactive State
 
Introduction to Mobile Core Network
Introduction to Mobile Core NetworkIntroduction to Mobile Core Network
Introduction to Mobile Core Network
 
GRE (generic routing encapsulation)
GRE (generic routing encapsulation)GRE (generic routing encapsulation)
GRE (generic routing encapsulation)
 
5gc call flow
5gc call flow5gc call flow
5gc call flow
 
Transport protocols
Transport protocolsTransport protocols
Transport protocols
 
wireless sensor network
wireless sensor networkwireless sensor network
wireless sensor network
 
Drx in rrc idle
Drx in rrc idleDrx in rrc idle
Drx in rrc idle
 
Lte ue initial attach & detach from networkx
Lte ue initial attach & detach from networkxLte ue initial attach & detach from networkx
Lte ue initial attach & detach from networkx
 
An overview of D2D in 3GPP LTE standard
An overview of D2D in 3GPP LTE standardAn overview of D2D in 3GPP LTE standard
An overview of D2D in 3GPP LTE standard
 
SENSOR NETWORK PLATFORMS AND TOOLS
SENSOR NETWORK PLATFORMS AND TOOLSSENSOR NETWORK PLATFORMS AND TOOLS
SENSOR NETWORK PLATFORMS AND TOOLS
 
Security in wireless sensor network
Security in wireless sensor networkSecurity in wireless sensor network
Security in wireless sensor network
 

Similar to Development of 5G IAM Architecture

Development of 5G IAM Architecture
Development of 5G IAM ArchitectureDevelopment of 5G IAM Architecture
Development of 5G IAM ArchitectureBjorn Hjelm
 
Architecture for Mobile Data Offload over Wi-Fi Access Networks
Architecture for Mobile Data Offload over Wi-Fi Access NetworksArchitecture for Mobile Data Offload over Wi-Fi Access Networks
Architecture for Mobile Data Offload over Wi-Fi Access NetworksCisco Service Provider
 
White paper 5g-user-registration-for-dual-access--dual-connectivity-march2019
White paper 5g-user-registration-for-dual-access--dual-connectivity-march2019White paper 5g-user-registration-for-dual-access--dual-connectivity-march2019
White paper 5g-user-registration-for-dual-access--dual-connectivity-march2019Sunil Sinha
 
Navigating the Unseen Risks: Exploring 5G Vulnerabilities
Navigating the Unseen Risks: Exploring 5G VulnerabilitiesNavigating the Unseen Risks: Exploring 5G Vulnerabilities
Navigating the Unseen Risks: Exploring 5G VulnerabilitiesSecurityGen1
 
Unveiling SecurityGen's Advanced 5G Security Services
Unveiling SecurityGen's Advanced 5G Security ServicesUnveiling SecurityGen's Advanced 5G Security Services
Unveiling SecurityGen's Advanced 5G Security ServicesSecurityGen1
 
Address 5G Vulnerabilities with SecurityGen's Expert Solution
Address 5G Vulnerabilities with SecurityGen's Expert SolutionAddress 5G Vulnerabilities with SecurityGen's Expert Solution
Address 5G Vulnerabilities with SecurityGen's Expert SolutionSecurity Gen
 
SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING ML
SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING MLSECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING ML
SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING MLIRJET Journal
 
Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)
Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)
Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)Cisco Service Provider Mobility
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
 
SECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network Security
SECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network SecuritySECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network Security
SECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network SecurityIRJET Journal
 
Understanding the Risks: Exploring 5G Vulnerabilities with SecurityGen
Understanding the Risks: Exploring 5G Vulnerabilities with SecurityGenUnderstanding the Risks: Exploring 5G Vulnerabilities with SecurityGen
Understanding the Risks: Exploring 5G Vulnerabilities with SecurityGenSecurityGen1
 
Securing the 5G growth story with NFVi.pdf
Securing the 5G growth story with NFVi.pdfSecuring the 5G growth story with NFVi.pdf
Securing the 5G growth story with NFVi.pdfSecurity Gen
 
Securing the 5G growth story with NFVi (1).pdf
Securing the 5G growth story with NFVi (1).pdfSecuring the 5G growth story with NFVi (1).pdf
Securing the 5G growth story with NFVi (1).pdfSecurity Gen
 
Security course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislationSecurity course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislationPositiveTechnologies
 
Network Security Roadmap have some perception of provided security
Network Security Roadmap have some perception of provided securityNetwork Security Roadmap have some perception of provided security
Network Security Roadmap have some perception of provided securityslametarrokhim1
 
Security_for_5G_Mobile_Wireless_Networks (1).pdf
Security_for_5G_Mobile_Wireless_Networks (1).pdfSecurity_for_5G_Mobile_Wireless_Networks (1).pdf
Security_for_5G_Mobile_Wireless_Networks (1).pdf4nm18is123SunidhiSir
 
5G Drones with 5G Gaming and Application of 5G in Other Industries A ChatGPT ...
5G Drones with 5G Gaming and Application of 5G in Other Industries A ChatGPT ...5G Drones with 5G Gaming and Application of 5G in Other Industries A ChatGPT ...
5G Drones with 5G Gaming and Application of 5G in Other Industries A ChatGPT ...ijtsrd
 
A LOW COST AND FLEXIBLE ZIGBEE SYSTEM FOR LOGISTICS USING WIRELESS SENSOR NET...
A LOW COST AND FLEXIBLE ZIGBEE SYSTEM FOR LOGISTICS USING WIRELESS SENSOR NET...A LOW COST AND FLEXIBLE ZIGBEE SYSTEM FOR LOGISTICS USING WIRELESS SENSOR NET...
A LOW COST AND FLEXIBLE ZIGBEE SYSTEM FOR LOGISTICS USING WIRELESS SENSOR NET...AM Publications
 

Similar to Development of 5G IAM Architecture (20)

Development of 5G IAM Architecture
Development of 5G IAM ArchitectureDevelopment of 5G IAM Architecture
Development of 5G IAM Architecture
 
Architecture for Mobile Data Offload over Wi-Fi Access Networks
Architecture for Mobile Data Offload over Wi-Fi Access NetworksArchitecture for Mobile Data Offload over Wi-Fi Access Networks
Architecture for Mobile Data Offload over Wi-Fi Access Networks
 
An analysis of the security needs
An analysis of the security needsAn analysis of the security needs
An analysis of the security needs
 
White paper 5g-user-registration-for-dual-access--dual-connectivity-march2019
White paper 5g-user-registration-for-dual-access--dual-connectivity-march2019White paper 5g-user-registration-for-dual-access--dual-connectivity-march2019
White paper 5g-user-registration-for-dual-access--dual-connectivity-march2019
 
Navigating the Unseen Risks: Exploring 5G Vulnerabilities
Navigating the Unseen Risks: Exploring 5G VulnerabilitiesNavigating the Unseen Risks: Exploring 5G Vulnerabilities
Navigating the Unseen Risks: Exploring 5G Vulnerabilities
 
Unveiling SecurityGen's Advanced 5G Security Services
Unveiling SecurityGen's Advanced 5G Security ServicesUnveiling SecurityGen's Advanced 5G Security Services
Unveiling SecurityGen's Advanced 5G Security Services
 
Address 5G Vulnerabilities with SecurityGen's Expert Solution
Address 5G Vulnerabilities with SecurityGen's Expert SolutionAddress 5G Vulnerabilities with SecurityGen's Expert Solution
Address 5G Vulnerabilities with SecurityGen's Expert Solution
 
SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING ML
SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING MLSECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING ML
SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING ML
 
Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)
Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)
Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
 
SECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network Security
SECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network SecuritySECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network Security
SECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network Security
 
Understanding the Risks: Exploring 5G Vulnerabilities with SecurityGen
Understanding the Risks: Exploring 5G Vulnerabilities with SecurityGenUnderstanding the Risks: Exploring 5G Vulnerabilities with SecurityGen
Understanding the Risks: Exploring 5G Vulnerabilities with SecurityGen
 
Securing the 5G growth story with NFVi.pdf
Securing the 5G growth story with NFVi.pdfSecuring the 5G growth story with NFVi.pdf
Securing the 5G growth story with NFVi.pdf
 
Securing the 5G growth story with NFVi (1).pdf
Securing the 5G growth story with NFVi (1).pdfSecuring the 5G growth story with NFVi (1).pdf
Securing the 5G growth story with NFVi (1).pdf
 
Security course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislationSecurity course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislation
 
Network Security Roadmap have some perception of provided security
Network Security Roadmap have some perception of provided securityNetwork Security Roadmap have some perception of provided security
Network Security Roadmap have some perception of provided security
 
Security_for_5G_Mobile_Wireless_Networks (1).pdf
Security_for_5G_Mobile_Wireless_Networks (1).pdfSecurity_for_5G_Mobile_Wireless_Networks (1).pdf
Security_for_5G_Mobile_Wireless_Networks (1).pdf
 
5G Drones with 5G Gaming and Application of 5G in Other Industries A ChatGPT ...
5G Drones with 5G Gaming and Application of 5G in Other Industries A ChatGPT ...5G Drones with 5G Gaming and Application of 5G in Other Industries A ChatGPT ...
5G Drones with 5G Gaming and Application of 5G in Other Industries A ChatGPT ...
 
A LOW COST AND FLEXIBLE ZIGBEE SYSTEM FOR LOGISTICS USING WIRELESS SENSOR NET...
A LOW COST AND FLEXIBLE ZIGBEE SYSTEM FOR LOGISTICS USING WIRELESS SENSOR NET...A LOW COST AND FLEXIBLE ZIGBEE SYSTEM FOR LOGISTICS USING WIRELESS SENSOR NET...
A LOW COST AND FLEXIBLE ZIGBEE SYSTEM FOR LOGISTICS USING WIRELESS SENSOR NET...
 

More from Bjorn Hjelm

MODRNA WG Update - Oct 2023
MODRNA WG Update - Oct 2023MODRNA WG Update - Oct 2023
MODRNA WG Update - Oct 2023Bjorn Hjelm
 
MODRNA WG Update - Apr 2023
MODRNA WG Update - Apr 2023MODRNA WG Update - Apr 2023
MODRNA WG Update - Apr 2023Bjorn Hjelm
 
MODRNA WG Update - Nov 2022
MODRNA WG Update - Nov 2022MODRNA WG Update - Nov 2022
MODRNA WG Update - Nov 2022Bjorn Hjelm
 
MODRNA WG update - OpenID Foundation Workshop at EIC 2022
MODRNA WG update - OpenID Foundation Workshop at EIC 2022MODRNA WG update - OpenID Foundation Workshop at EIC 2022
MODRNA WG update - OpenID Foundation Workshop at EIC 2022Bjorn Hjelm
 
MODRNA WG Update - Apr. 2022
MODRNA WG Update - Apr. 2022MODRNA WG Update - Apr. 2022
MODRNA WG Update - Apr. 2022Bjorn Hjelm
 
MODRNA WG update - OpenID Foundation Workshop at EIC 2021
MODRNA WG update - OpenID Foundation Workshop at EIC 2021 MODRNA WG update - OpenID Foundation Workshop at EIC 2021
MODRNA WG update - OpenID Foundation Workshop at EIC 2021 Bjorn Hjelm
 
MODRNA WG Update - Dec 2021
MODRNA WG Update - Dec 2021MODRNA WG Update - Dec 2021
MODRNA WG Update - Dec 2021Bjorn Hjelm
 
MODRNA WG Update - April 2021
MODRNA WG Update - April 2021MODRNA WG Update - April 2021
MODRNA WG Update - April 2021Bjorn Hjelm
 
MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020Bjorn Hjelm
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateBjorn Hjelm
 
OpenID Foundation MODRNA WG Overview
OpenID Foundation MODRNA WG OverviewOpenID Foundation MODRNA WG Overview
OpenID Foundation MODRNA WG OverviewBjorn Hjelm
 
OpenID Foundation MODRNA WG overview at EIC 2019
OpenID Foundation MODRNA WG overview at EIC 2019OpenID Foundation MODRNA WG overview at EIC 2019
OpenID Foundation MODRNA WG overview at EIC 2019Bjorn Hjelm
 
OpenID Foundation MODRNA WG Overview (Apr. 2019)
OpenID Foundation MODRNA WG Overview (Apr. 2019)OpenID Foundation MODRNA WG Overview (Apr. 2019)
OpenID Foundation MODRNA WG Overview (Apr. 2019)Bjorn Hjelm
 
An Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectAn Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectBjorn Hjelm
 
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WGOverview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WGBjorn Hjelm
 
OpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileOpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileBjorn Hjelm
 
Mobile Network Operators and Identity – Crossing the Chasm
Mobile Network Operators and Identity – Crossing the ChasmMobile Network Operators and Identity – Crossing the Chasm
Mobile Network Operators and Identity – Crossing the ChasmBjorn Hjelm
 
NSTIC Panel on Mobile-based Identity and Access Management
NSTIC Panel on Mobile-based Identity and Access ManagementNSTIC Panel on Mobile-based Identity and Access Management
NSTIC Panel on Mobile-based Identity and Access ManagementBjorn Hjelm
 
IIW 27 Wednesday Session 3
IIW 27 Wednesday Session 3IIW 27 Wednesday Session 3
IIW 27 Wednesday Session 3Bjorn Hjelm
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateBjorn Hjelm
 

More from Bjorn Hjelm (20)

MODRNA WG Update - Oct 2023
MODRNA WG Update - Oct 2023MODRNA WG Update - Oct 2023
MODRNA WG Update - Oct 2023
 
MODRNA WG Update - Apr 2023
MODRNA WG Update - Apr 2023MODRNA WG Update - Apr 2023
MODRNA WG Update - Apr 2023
 
MODRNA WG Update - Nov 2022
MODRNA WG Update - Nov 2022MODRNA WG Update - Nov 2022
MODRNA WG Update - Nov 2022
 
MODRNA WG update - OpenID Foundation Workshop at EIC 2022
MODRNA WG update - OpenID Foundation Workshop at EIC 2022MODRNA WG update - OpenID Foundation Workshop at EIC 2022
MODRNA WG update - OpenID Foundation Workshop at EIC 2022
 
MODRNA WG Update - Apr. 2022
MODRNA WG Update - Apr. 2022MODRNA WG Update - Apr. 2022
MODRNA WG Update - Apr. 2022
 
MODRNA WG update - OpenID Foundation Workshop at EIC 2021
MODRNA WG update - OpenID Foundation Workshop at EIC 2021 MODRNA WG update - OpenID Foundation Workshop at EIC 2021
MODRNA WG update - OpenID Foundation Workshop at EIC 2021
 
MODRNA WG Update - Dec 2021
MODRNA WG Update - Dec 2021MODRNA WG Update - Dec 2021
MODRNA WG Update - Dec 2021
 
MODRNA WG Update - April 2021
MODRNA WG Update - April 2021MODRNA WG Update - April 2021
MODRNA WG Update - April 2021
 
MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
 
OpenID Foundation MODRNA WG Overview
OpenID Foundation MODRNA WG OverviewOpenID Foundation MODRNA WG Overview
OpenID Foundation MODRNA WG Overview
 
OpenID Foundation MODRNA WG overview at EIC 2019
OpenID Foundation MODRNA WG overview at EIC 2019OpenID Foundation MODRNA WG overview at EIC 2019
OpenID Foundation MODRNA WG overview at EIC 2019
 
OpenID Foundation MODRNA WG Overview (Apr. 2019)
OpenID Foundation MODRNA WG Overview (Apr. 2019)OpenID Foundation MODRNA WG Overview (Apr. 2019)
OpenID Foundation MODRNA WG Overview (Apr. 2019)
 
An Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectAn Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile Connect
 
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WGOverview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG
 
OpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileOpenID Connect: The Mobile Profile
OpenID Connect: The Mobile Profile
 
Mobile Network Operators and Identity – Crossing the Chasm
Mobile Network Operators and Identity – Crossing the ChasmMobile Network Operators and Identity – Crossing the Chasm
Mobile Network Operators and Identity – Crossing the Chasm
 
NSTIC Panel on Mobile-based Identity and Access Management
NSTIC Panel on Mobile-based Identity and Access ManagementNSTIC Panel on Mobile-based Identity and Access Management
NSTIC Panel on Mobile-based Identity and Access Management
 
IIW 27 Wednesday Session 3
IIW 27 Wednesday Session 3IIW 27 Wednesday Session 3
IIW 27 Wednesday Session 3
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
 

Development of 5G IAM Architecture

  • 1. © 2019 Verizon. Development of 5G IAM Architecture Transitioning to a User Centric View Bjorn Hjelm June 28, 2019
  • 2. © 2019 Verizon. Why, What and How 2
  • 3. © 2019 Verizon. 3 5G Currencies / Capabilities
  • 4. © 2019 Verizon. 5G Core Network Key Principles and Concepts 4 Service-based interactions between Control Plane Network Functions (NF) where authorized NFs can access any other NF services. Separation between Control Plane and User Plane allowing for independent scalability, evolution and flexible deployments. Modularization of functions to enable flexible network slicing and support for capability exposure. 1 2 3
  • 5. © 2019 Verizon. 5G Core Network redefined as Service-Based Architecture (SBA) 5 UE (R)AN UPF AF AMF SMF PCF UDM DNN6 NRFNEF N3 N2 N4 AUSF Nausf Namf Nsmf NpcfNnrfNnef Nudm Naf NSSF Nnssf SBA entities User Plane entities 1 3GPP TS 23.501, “System Architecture for the 5G System,” v.15.5.0, March 2019. 5G System Architecture1
  • 6. © 2019 Verizon. 6 Study on a Layer for User Centric Identifiers and Authentication followed by User Identities and Authentication (UIA) that introduce normative requirements and study on the Usage of User Identifiers in the 5G System for architecture development. Developed use cases focused on IoT and generated requirements for a service- and layer- agnostic Identity as an Abstraction Layer in 5G as part of the input to 3GPP. Defined a 5G Vision around business context based on use cases, business models and value creation with a user-centric view and the identity of the entity. Development of 5G IAM Requirements
  • 7. © 2019 Verizon. 7 Identity as an Abstraction Layer in 5G Service- and Layer- agnostic Identity An identity that bridges between network access technologies. 5G IAM architecture needs to abstract from domain related identifiers and network technologies. An identity that bridges between different services offered by one provider. An identity that bridges between operators and other identity providers, providing a global identity business proposition.
  • 8. © 2019 Verizon. 8 Basic Concept and Relations of 5G Identity Management Relationship between User, Identities, Identifiers and Attributes2 A user is an entity in the context of identity management. The identity can depend on the role of the entity in the system. A user can have several user identities (professional, private, etc.). A user identity is associated with some pieces of information generally referred to as attributes where identifiers are one special form of attribute. Attributes that are not identifiers may be associated with one or more identities. 2 3GPP TR 22.904, “Study on user centric identifiers and authentication,” v.16.1.0, Sep. 2018.
  • 9. © 2019 Verizon. 9 5G User Centric Authentication Layer 2 3GPP TR 22.904, “Study on user centric identifiers and authentication,” v.16.1.0, Sep. 2018. Shall exist on top of the existing subscription authentication. Shall not replace existing subscription credentials. Shall support various authentication mechanisms and interactions with authentication system. Shall support a service- and layer- identity of the user. The user centric authentication layer2…
  • 10. © 2019 Verizon. 10 • Slice authentication (and authorization) by 3rd party. ▶ A slice can represent a tier of service. • Industrial factory automation and discrete automation. • Several users or devices (IoT, wearables etc.) behind one gateway. • Access via non-3GPP device to a subscription in the 3GPP system. • Sharing of devices / services configuration of shared devices. • Authorizing others to access one’s resources. 5G UIA Use Cases
  • 11. © 2019 Verizon. In addition... 11 Authorization of 5G Network Function (NF) service access1 and 3rd- party Application Functions (AF)3 are based on OAuth 2.0 framework. Identity management and user authentication functionality for 3GPP Mission Critical (MC) services is based on OpenID Connect and OAuth 2.0.4 1 3GPP TS 23.501, “System Architecture for the 5G System,” v.15.5.0, March 2019. 3 3GPP TS 33.501, “Security architecture and procedures for 5G system,” v.15.4.0, Mar. 2019. 4 3GPP TS 33.180, “Security of the mission critical service,” v.14.6.0, Mar. 2019.
  • 12. © 2019 Verizon. Summary 12 The 5G Vision focuses on business context based on use cases, business models and value creation with a user-centric view. The concept of User Identity in a 5G system has been defined and agreed upon within 3GPP with architecture work in development. Some of the basic building blocks to support 5G User Centric Authentication Layer already exist. 1 2 3