Ȩ > Ç¥ÁØÈ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ
Ç¥ÁعøÈ£ | TTAT.3G-33.310(R7-7.1.0) | ±¸Ç¥ÁعøÈ£ | |
---|---|---|---|
Á¦°³Á¤ÀÏ | 2008-04-09 | ÃÑÆäÀÌÁö | 0 |
ÇѱÛÇ¥Áظí | IMT-2000 3GPP - ¸Á µµ¸ÞÀÎ º¸¾È; ÀÎÁõ ÇÁ·¹ÀÓ¿öÅ©(R7) | ||
¿µ¹®Ç¥Áظí | IMT-2000 3GPP-Network domain security; Authentication framework (NDS/AF)(R7) | ||
Çѱ۳»¿ë¿ä¾à | |||
¿µ¹®³»¿ë¿ä¾à | The scope of this Technical Specification is limited to authentication of network elements, which are using NDS/IP or TLS, and located in the inter-operator domain.
In the case of NDS/IP this Specification concentrates on authentication of Security Gateways (SEG), and the corresponding Za-interfaces. Authentication of elements in the intra-operator domain is considered an internal issue for operators. This is quite much in line with [1] which states that only Za is mandatory, and that the security domain operator can decide if the Zb-interface is deployed or not, as the Zb-interface is optional for implementation. However, NDS/AF can easily be adapted to intra-operator use since it is just a simplification of the inter-operator case when all NDS/IP NEs and the PKI infrastructure belong to the same operator. Validity of certificates may be restricted to the operator's domain. NOTE: In case two SEGs interconnect separate network regions under a single administrative authority (e.g. owned by the same mobile operator) then the Za-interface is not subject to interconnect agreements, but the decision on applying Za-interface is left to operators. The NDS architecture for IP-based protocols is illustrated in figure 1. Figure 1: NDS architecture for IP-based protocols [1] In the case of TLS this Specification concentrates on authentication of TLS entities across inter-operator links. For example, TLS is specified for inter-operator communications between IMS and non-IMS networks [9] and on the Zn' interface in GBA [10]. Authentication of TLS entities across intra-operator links is considered an internal issue for operators. However, NDS/AF can easily be adapted to the intra-operator use case since it is just a simplification of the inter-operator case when all TLS NEs and the PKI infrastructure belong to the same operator. Validity of certificates may be restricted to the operator's domain. |
||
±¹Á¦Ç¥ÁØ | |||
°ü·ÃÆÄÀÏ | TTAT.3G-33.310(R7-7.1.0).zip |