SlideShare a Scribd company logo
© 2019 Verizon.
Development of 5G
IAM Architecture
Transitioning to a User Centric
View
Bjorn Hjelm
June 28, 2019
© 2019 Verizon.
Why, What and How
2
© 2019 Verizon. 3
5G Currencies / Capabilities
© 2019 Verizon.
5G Core Network Key Principles and Concepts
4
Service-based interactions between Control Plane Network Functions (NF)
where authorized NFs can access any other NF services.
Separation between Control Plane and User Plane allowing for independent
scalability, evolution and flexible deployments.
Modularization of functions to enable flexible network slicing and support for
capability exposure.
1
2
3
© 2019 Verizon.
5G Core Network redefined as
Service-Based Architecture
(SBA)
5
UE (R)AN UPF
AF
AMF SMF
PCF UDM
DNN6
NRFNEF
N3
N2 N4
AUSF
Nausf Namf Nsmf
NpcfNnrfNnef Nudm Naf
NSSF
Nnssf
SBA entities
User Plane entities
1 3GPP TS 23.501, “System Architecture for the 5G System,” v.15.5.0, March 2019.
5G System Architecture1
© 2019 Verizon. 6
Study on a Layer for User Centric
Identifiers and Authentication followed
by User Identities and Authentication
(UIA) that introduce normative
requirements and study on the Usage
of User Identifiers in the 5G System
for architecture development.
Developed use cases focused on IoT
and generated requirements for a
service- and layer- agnostic Identity
as an Abstraction Layer in 5G as part
of the input to 3GPP.
Defined a 5G Vision around business
context based on use cases, business
models and value creation with a
user-centric view and the identity of
the entity.
Development of 5G IAM Requirements
© 2019 Verizon. 7
Identity as an Abstraction Layer in 5G
Service-
and Layer-
agnostic
Identity
An identity that bridges between network access technologies.
5G IAM architecture needs to abstract from domain related identifiers and network technologies.
An identity that bridges between different services offered by one
provider.
An identity that bridges between operators and other identity
providers, providing a global identity business proposition.
© 2019 Verizon. 8
Basic Concept and Relations of 5G Identity
Management
Relationship between User, Identities, Identifiers and Attributes2
A user is an entity in the context of identity
management.
The identity can depend on the role of the
entity in the system.
A user can have several user identities
(professional, private, etc.).
A user identity is associated with some pieces
of information generally referred to as
attributes where identifiers are one special
form of attribute.
Attributes that are not identifiers may be
associated with one or more identities.
2 3GPP TR 22.904, “Study on user centric identifiers and authentication,” v.16.1.0, Sep. 2018.
© 2019 Verizon. 9
5G User Centric Authentication Layer
2 3GPP TR 22.904, “Study on user centric identifiers and authentication,” v.16.1.0, Sep. 2018.
Shall exist on top of the existing
subscription authentication.
Shall not replace existing subscription
credentials.
Shall support various authentication
mechanisms and interactions with
authentication system.
Shall support a service- and layer-
identity of the user.
The user centric authentication layer2…
© 2019 Verizon. 10
• Slice authentication (and
authorization) by 3rd party.
▶ A slice can represent a tier of
service.
• Industrial factory automation and
discrete automation.
• Several users or devices (IoT,
wearables etc.) behind one
gateway.
• Access via non-3GPP device to a
subscription in the 3GPP system.
• Sharing of devices / services
configuration of shared devices.
• Authorizing others to access one’s
resources.
5G UIA Use Cases
© 2019 Verizon.
In addition...
11
Authorization of 5G Network Function (NF) service access1 and 3rd-
party Application Functions (AF)3 are based on OAuth 2.0 framework.
Identity management and user authentication functionality for 3GPP
Mission Critical (MC) services is based on OpenID Connect and OAuth
2.0.4
1 3GPP TS 23.501, “System Architecture for the 5G System,” v.15.5.0, March 2019.
3 3GPP TS 33.501, “Security architecture and procedures for 5G system,” v.15.4.0, Mar. 2019.
4 3GPP TS 33.180, “Security of the mission critical service,” v.14.6.0, Mar. 2019.
© 2019 Verizon.
Summary
12
The 5G Vision focuses on business context based on use cases, business
models and value creation with a user-centric view.
The concept of User Identity in a 5G system has been defined and agreed upon
within 3GPP with architecture work in development.
Some of the basic building blocks to support 5G User Centric Authentication
Layer already exist.
1
2
3
© 2019 Verizon.

More Related Content

Development of 5G IAM Architecture

  • 1. © 2019 Verizon. Development of 5G IAM Architecture Transitioning to a User Centric View Bjorn Hjelm June 28, 2019
  • 2. © 2019 Verizon. Why, What and How 2
  • 3. © 2019 Verizon. 3 5G Currencies / Capabilities
  • 4. © 2019 Verizon. 5G Core Network Key Principles and Concepts 4 Service-based interactions between Control Plane Network Functions (NF) where authorized NFs can access any other NF services. Separation between Control Plane and User Plane allowing for independent scalability, evolution and flexible deployments. Modularization of functions to enable flexible network slicing and support for capability exposure. 1 2 3
  • 5. © 2019 Verizon. 5G Core Network redefined as Service-Based Architecture (SBA) 5 UE (R)AN UPF AF AMF SMF PCF UDM DNN6 NRFNEF N3 N2 N4 AUSF Nausf Namf Nsmf NpcfNnrfNnef Nudm Naf NSSF Nnssf SBA entities User Plane entities 1 3GPP TS 23.501, “System Architecture for the 5G System,” v.15.5.0, March 2019. 5G System Architecture1
  • 6. © 2019 Verizon. 6 Study on a Layer for User Centric Identifiers and Authentication followed by User Identities and Authentication (UIA) that introduce normative requirements and study on the Usage of User Identifiers in the 5G System for architecture development. Developed use cases focused on IoT and generated requirements for a service- and layer- agnostic Identity as an Abstraction Layer in 5G as part of the input to 3GPP. Defined a 5G Vision around business context based on use cases, business models and value creation with a user-centric view and the identity of the entity. Development of 5G IAM Requirements
  • 7. © 2019 Verizon. 7 Identity as an Abstraction Layer in 5G Service- and Layer- agnostic Identity An identity that bridges between network access technologies. 5G IAM architecture needs to abstract from domain related identifiers and network technologies. An identity that bridges between different services offered by one provider. An identity that bridges between operators and other identity providers, providing a global identity business proposition.
  • 8. © 2019 Verizon. 8 Basic Concept and Relations of 5G Identity Management Relationship between User, Identities, Identifiers and Attributes2 A user is an entity in the context of identity management. The identity can depend on the role of the entity in the system. A user can have several user identities (professional, private, etc.). A user identity is associated with some pieces of information generally referred to as attributes where identifiers are one special form of attribute. Attributes that are not identifiers may be associated with one or more identities. 2 3GPP TR 22.904, “Study on user centric identifiers and authentication,” v.16.1.0, Sep. 2018.
  • 9. © 2019 Verizon. 9 5G User Centric Authentication Layer 2 3GPP TR 22.904, “Study on user centric identifiers and authentication,” v.16.1.0, Sep. 2018. Shall exist on top of the existing subscription authentication. Shall not replace existing subscription credentials. Shall support various authentication mechanisms and interactions with authentication system. Shall support a service- and layer- identity of the user. The user centric authentication layer2…
  • 10. © 2019 Verizon. 10 • Slice authentication (and authorization) by 3rd party. ▶ A slice can represent a tier of service. • Industrial factory automation and discrete automation. • Several users or devices (IoT, wearables etc.) behind one gateway. • Access via non-3GPP device to a subscription in the 3GPP system. • Sharing of devices / services configuration of shared devices. • Authorizing others to access one’s resources. 5G UIA Use Cases
  • 11. © 2019 Verizon. In addition... 11 Authorization of 5G Network Function (NF) service access1 and 3rd- party Application Functions (AF)3 are based on OAuth 2.0 framework. Identity management and user authentication functionality for 3GPP Mission Critical (MC) services is based on OpenID Connect and OAuth 2.0.4 1 3GPP TS 23.501, “System Architecture for the 5G System,” v.15.5.0, March 2019. 3 3GPP TS 33.501, “Security architecture and procedures for 5G system,” v.15.4.0, Mar. 2019. 4 3GPP TS 33.180, “Security of the mission critical service,” v.14.6.0, Mar. 2019.
  • 12. © 2019 Verizon. Summary 12 The 5G Vision focuses on business context based on use cases, business models and value creation with a user-centric view. The concept of User Identity in a 5G system has been defined and agreed upon within 3GPP with architecture work in development. Some of the basic building blocks to support 5G User Centric Authentication Layer already exist. 1 2 3