The procedure in the present clause covers two cases

Info icon This preview shows pages 139–142. Sign up to view the full content.

View Full Document Right Arrow Icon
The procedure in the present clause covers two cases of locating the authorization entity (WAF): - The WAF is located in the IMS provider domain; - The WAF is located in a third party domain. NOTE 4: WWSF and WAF realisations can be physically co-located or physically separate; in the latter case, WWSF and WAF can reside in the same or in different domains. An example signalling flow for the present registration scenario is shown in Figure X.3.3-1. In this figure, by way of example SIP over secure WebSocket is used between the WebRTC IMS Client and the eP-CSCF. Other protocols (e.g. HTTP RESTful or JSON over WebSocket) can also be used. All steps in the procedure below apply to both cases of WAF location unless stated otherwise. For the example of OAuth 2.0 the WAF needs to be located in the IMS provider domain. 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 139 Release 12
Image of page 139

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
For the normative part, the procedure applies Trusted Node Authentication (TNA) specified for IMS in Annex U of the present specification. The trusted node is the eP-CSCF residing in the operator network, according to the present specification . The signalling between the trusted node and the rest of the IMS core is unchanged from the signalling flow in Annex U of the present specification with the following exception: if the WAF is located in a third party domain then the REGISTER message may be enhanced with an additional parameter, whose inclusion is conditional, to satisfy the requirements REQ 3.2 from clause X.4.1 of the present specification. Figure X.4.2.3-1: WebRTC IMS Client access to IMS using Trusted Node Authentication (example flow) The details of the signalling flows are as follows: Each step x in the signalling flow has a part x.1 providing general text applying to all realisations, irrespective of whether the WAF is located in the IMS provider domain or in a third party domain. This part x.1 is followed by text explaining how it would work for a realisation using the example of OAuth. For the example of OAuth, the WAF needs to be located in the IMS provider domain. In addition, some of the steps contain a second step x.2 that applies only when the WAF is located in a third party domain. 0. WWSF obtains authorization token 0.1 General : 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 140 Release 12
Image of page 140
The WWSF requests an authorization token from the WAF. The WWSF authenticates the user via “web credentials”, i.e. credentials as commonly used for access to web based services, for example a username and password. The WWSF can choose not to authenticate the user if the user is to remain anonymous. Example of OAuth 2.0 : When using the example of OAuth 2.0 then the following authorization flows defined by OAuth 2.0 is used. - Client Credentials flow: The WAF authenticates only the WWSF and the authorization is performed without user involvement. As part of the authorization, the WAF verifies that the WWSF has the necessary permissions to access the IMS account indicated in the request. It is assumed that the WWSF has authenticated the user prior to sending the token request.
Image of page 141

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 142
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern