ETSI TS 129 309 V19.1.0 (2026-02)

TECHNICAL SPECIFICATION
5G;
Bootstrapping Server Function (GBA BSF) Services
(3GPP TS 29.309 version 19.1.0 Release 19)


3GPP TS 29.309 version 19.1.0 Release 19 1 ETSI TS 129 309 V19.1.0 (2026-02)

Reference
RTS/TSGC-0429309vj10
Keywords
5G
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871

Important notice
The present document can be downloaded from the
ETSI Search & Browse Standards application.
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format on ETSI deliver repository.
Users should be aware that the present document may be revised or have its status changed,
this information is available in the Milestones listing.
If you find errors in the present document, please send your comments to
the relevant service listed under Committee Support Staff.
If you find a security vulnerability in the present document, please report it through our
Coordinated Vulnerability Disclosure (CVD) program.
Notice of disclaimer & limitation of liability
The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of
experience to understand and interpret its content in accordance with generally accepted engineering or
other professional standard and applicable regulations.
No recommendation as to products and services or vendors is made or should be implied.
No representation or warranty is made that this deliverable is technically accurate or sufficient or conforms to any law
and/or governmental rule and/or regulation and further, no representation or warranty is made of merchantability or fitness
for any particular purpose or against infringement of intellectual property rights.
In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.

Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not
limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property
rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages
for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use
of or inability to use the software.
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2026.
All rights reserved.
ETSI
3GPP TS 29.309 version 19.1.0 Release 19 2 ETSI TS 129 309 V19.1.0 (2026-02)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The declarations
pertaining to these essential IPRs, if any, are publicly available for ETSI members and non-members, and can be
found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to
ETSI in respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the
ETSI IPR online database.
Pursuant to the ETSI Directives including the ETSI IPR Policy, no investigation regarding the essentiality of IPRs,
including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not
referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become,
essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its
Members. 3GPP™, LTE™ and 5G™ logo are trademarks of ETSI registered for the benefit of its Members and of the
3GPP Organizational Partners. oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and of ®
the oneM2M Partners. GSM and the GSM logo are trademarks registered and owned by the GSM Association.
Legal Notice
This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP).
The present document may refer to technical specifications or reports using their 3GPP identities. These shall be
interpreted as being references to the corresponding ETSI deliverables.
The cross reference between 3GPP and ETSI identities can be found at 3GPP to ETSI numbering cross-referencing.
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
ETSI
3GPP TS 29.309 version 19.1.0 Release 19 3 ETSI TS 129 309 V19.1.0 (2026-02)
Contents
Intellectual Property Rights . 2
Legal Notice . 2
Modal verbs terminology . 2
Foreword . 5
1 Scope . 7
2 References . 7
3 Definitions and abbreviations . 8
3.1 Definitions . 8
3.2 Abbreviations . 8
4 Overview . 8
5 Services offered by the GBA BSF . 9
5.1 Introduction . 9
5.2 Nbsp_GBA Service . 9
5.2.1 Service Description . 9
5.2.2 Service Operations . 9
5.2.2.1 Introduction . 9
5.2.2.2 BootstrapInfo . 10
5.2.2.2.1 General . 10
5.2.2.2.2 Boostrapping Info Retrieval . 10
5.2.2.3 PushInfo . 10
5.2.2.3.1 General . 10
5.2.2.3.2 Push Info Retrieval . 10
6 API Definitions . 11
6.1 Nbsp_GBA Service API . 11
6.1.1 Introduction. 11
6.1.2 Usage of HTTP . 12
6.1.2.1 General . 12
6.1.2.2 HTTP standard headers . 12
6.1.2.2.1 General . 12
6.1.2.2.2 Content type . 12
6.1.2.3 HTTP custom headers . 12
6.1.3 Resources . 12
6.1.3.1 Overview . 12
6.1.4 Custom Operations without associated resources . 13
6.1.4.1 Overview . 13
6.1.4.2 Operation: Bootstrapping Info Retrieval . 13
6.1.4.2.1 Description . 13
6.1.4.2.2 Operation Definition . 13
6.1.4.3 Operation: Push Info Retrieval . 14
6.1.4.3.1 Description . 14
6.1.4.3.2 Operation Definition . 14
6.1.5 Notifications . 15
6.1.6 Data Model . 15
6.1.6.1 General . 15
6.1.6.2 Structured data types . 16
6.1.6.2.1 Introduction . 16
6.1.6.2.2 Type: BootstrappingInfoRequest . 17
6.1.6.2.3 Type: BootstrappingInfoResponse . 17
6.1.6.2.4 Type: PushInfoRequest . 17
6.1.6.2.5 Type: PushInfoResponse . 18
6.1.6.2.6 Type: NafId . 18
6.1.6.2.7 Type: UssListItem . 18
ETSI
3GPP TS 29.309 version 19.1.0 Release 19 4 ETSI TS 129 309 V19.1.0 (2026-02)
6.1.6.2.8 Type: Uss . 18
6.1.6.2.9 Type: UeIdsItem . 19
6.1.6.2.10 Type: FlagsItem . 19
6.1.6.3 Simple data types and enumerations . 19
6.1.6.3.1 Introduction . 19
6.1.6.3.2 Simple data types . 19
6.1.6.3.3 Enumeration: KeyChoice . 20
6.1.6.3.4 Enumeration: UiccOrMe . 20
6.1.6.3.5 Enumeration: SecFeature . 21
6.1.6.3.6 Enumeration: GbaType . 21
6.1.6.3.7 Enumeration: UeIdType . 21
6.1.7 Error Handling . 21
6.1.7.1 General . 21
6.1.7.2 Protocol Errors . 21
6.1.7.3 Application Errors . 21
6.1.8 Feature negotiation . 22
6.1.9 Security . 22
Annex A (normative): OpenAPI specification . 23
A.1 General . 23
A.2 Nbsp_GBA AP I . 23
Annex B (informative): Change history . 30
History . 31

ETSI
3GPP TS 29.309 version 19.1.0 Release 19 5 ETSI TS 129 309 V19.1.0 (2026-02)
Foreword
This Technical Specification has been produced by the 3rd Generation Partnership Project (3GPP).
The contents of the present document are subject to continuing work within the TSG and may change following formal
TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an
identifying change of release date and an increase in version number as follows:
Version x.y.z
where:
x the first digit:
1 presented to TSG for information;
2 presented to TSG for approval;
3 or greater indicates TSG approved document under change control.
y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections,
updates, etc.
z the third digit is incremented when editorial only changes have been incorporated in the document.
In the present document, modal verbs have the following meanings:
shall indicates a mandatory requirement to do something
shall not indicates an interdiction (prohibition) to do something
The constructions "shall" and "shall not" are confined to the context of normative provisions, and do not appear in
Technical Reports.
The constructions "must" and "must not" are not used as substitutes for "shall" and "shall not". Their use is avoided
insofar as possible, and they are not used in a normative context except in a direct citation from an external, referenced,
non-3GPP document, or so as to maintain continuity of style when extending or modifying the provisions of such a
referenced document.
should indicates a recommendation to do something
should not indicates a recommendation not to do something
may indicates permission to do something
need not indicates permission not to do something
The construction "may not" is ambiguous and is not used in normative elements. The unambiguous constructions
"might not" or "shall not" are used instead, depending upon the meaning intended.
can indicates that something is possible
cannot indicates that something is impossible
The constructions "can" and "cannot" are not substitutes for "may" and "need not".
will indicates that something is certain or expected to happen as a result of action taken by an agency
the behaviour of which is outside the scope of the present document
will not indicates that something is certain or expected not to happen as a result of action taken by an
agency the behaviour of which is outside the scope of the present document
might indicates a likelihood that something will happen as a result of action taken by some agency the
behaviour of which is outside the scope of the present document
ETSI
3GPP TS 29.309 version 19.1.0 Release 19 6 ETSI TS 129 309 V19.1.0 (2026-02)
might not indicates a likelihood that something will not happen as a result of action taken by some agency
the behaviour of which is outside the scope of the present document
In addition:
is (or any other verb in the indicative mood) indicates a statement of fact
is not (or any other negative verb in the indicative mood) indicates a statement of fact
The constructions "is" and "is not" do not indicate requirements.
ETSI
3GPP TS 29.309 version 19.1.0 Release 19 7 ETSI TS 129 309 V19.1.0 (2026-02)
1 Scope
The present document specifies the stage 3 protocol and data model for the Nbsp Service Based Interface. It provides
stage 3 protocol definitions and message flows, and specifies the API for each service offered by the GBA BSF.
The 5G System stage 2 architecture and procedures are specified in 3GPP TS 23.501 [2] and 3GPP TS 23.502 [3].
The stage 2 architecture and procedures of SBA-enabled GBA is specified in 3GPP TS 33.220 [14] and
3GPP TS 33.223 [15].
The Technical Realization of the Service Based Architecture and the Principles and Guidelines for Services Definition
are specified in 3GPP TS 29.500 [4] and 3GPP TS 29.501 [5].
2 References
The following documents contain provisions which, through reference in this text, constitute provisions of the present
document.
- References are either specific (identified by date of publication, edition number, version number, etc.) or
non-specific.
- For a specific reference, subsequent revisions do not apply.
- For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including
a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same
Release as the present document.
[1] 3GPP TR 21.905: "Vocabulary for 3GPP Specifications".
[2] 3GPP TS 23.501: "System Architecture for the 5G System; Stage 2".
[3] 3GPP TS 23.502: "Procedures for the 5G System; Stage 2".
[4] 3GPP TS 29.500: "5G System; Technical Realization of Service Based Architecture; Stage 3".
[5] 3GPP TS 29.501: "5G System; Principles and Guidelines for Services Definition; Stage 3".
[6] OpenAPI: "OpenAPI Specification Version 3.0.0", https://spec.openapis.org/oas/v3.0.0.
[7] 3GPP TR 21.900: "Technical Specification Group working methods".
[8] 3GPP TS 33.501: "Security architecture and procedures for 5G system".
[9] IETF RFC 6749: "The OAuth 2.0 Authorization Framework".
[10] 3GPP TS 29.510: "5G System; Network Function Repository Services; Stage 3".
[11] IETF RFC 9113: "HTTP/2".
[12] IETF RFC 8259: "The JavaScript Object Notation (JSON) Data Interchange Format".
[13] IETF RFC 9457: "Problem Details for HTTP APIs".
[14] 3GPP TS 33.220: "Generic Authentication Architecture (GAA); Generic Bootstrapping
Architecture (GBA)".
[15] 3GPP TS 33.223: "Generic Authentication Architecture (GAA); Generic Bootstrapping
Architecture (GBA) Push function".
[16] 3GPP TS 33.224: "Generic Authentication Architecture (GAA); Generic Bootstrapping
Architecture (GBA) Push Layer".
[17] 3GPP TS 29.109: "Generic Authentication Architecture (GAA); Zh and Zn Interfaces based on the
Diameter protocol; Stage 3".
ETSI
3GPP TS 29.309 version 19.1.0 Release 19 8 ETSI TS 129 309 V19.1.0 (2026-02)
[18] 3GPP TS 29.571: "5G System; Common Data Types for Service Based Interfaces; Stage 3".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the terms and definitions given in 3GPP TR 21.905 [1] and the following
apply. A term defined in the present document takes precedence over the definition of the same term, if any, in 3GPP
TR 21.905 [1].
Bootstrapping Server Function: BSF is hosted in a network element under the control of an MNO. BSF, HSS, and
UEs participate in GBA in which a shared secret is established between the network and a UE by running the
bootstrapping procedure. The shared secret can be used between NAFs and UEs, for example, for authentication
purposes. In the context of the present specification, the BSF is an SBA-capable BSF.
GBA Function: A function on the ME executing the bootstrapping procedure with BSF (i.e. supporting the Ub
reference point) and providing Ua applications with security association to run bootstrapping usage procedure. GBA
function is called by a Ua application when a Ua application wants to use bootstrapped security association.
Network Application Function: NAF is hosted in a network element. GBA may be used between NAFs and UEs for
authentication purposes, and for securing the communication path between the UE and the NAF. In the context of the
present specification, the NAF is an SBA-capable NAF.
GBA User Security Settings: GUSS contains the BSF specific information element and the set of all application-
specific USSs.
Ua Application: An application on the ME intended to run bootstrapping usage procedure with a NAF.
3.2 Abbreviations
For the purposes of the present document, the abbreviations given in 3GPP TR 21.905 [1] and the following apply. An
abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in
3GPP TR 21.905 [1].
BSF Bootstrapping Server Function
GBA Generic Bootstrapping Architecture
GUSS GBA User Security Settings
HSS Home Subscriber System
NAF Network Application Function
SBA Service-Based Architecture
USS User Security Setting
4 Overview
Nbsp is a Service-based interface exhibited by GBA BSF (Generic Bootstrapping Architecture; Bootstrapping Server
Function) which is a Network Function that supports the following functionality:
- Allows the NAF and the Push-NAF to fetch the key material agreed during a previous protocol run between the
UE and the GBA BSF. It is also used to fetch application-specific user security settings from the GBA BSF, if
requested by the NAF.
The reference points N66 and N67 (see Fig 4-1 below) show the interaction between the GBA BSF and the NAF and
Push-NAF Network Functions.
ETSI
3GPP TS 29.309 version 19.1.0 Release 19 9 ETSI TS 129 309 V19.1.0 (2026-02)
NAF
N66
Nbsp
GBA BSF
Push-NAF
N67
Figure 4-1: Reference Model – Nbsp
In the context of the present specification, the GBA BSF is an SBA-capable BSF, and the NAF and Push-NAF are also
SBA-capable Network Functions (see 3GPP TS 33.220 [14] and 3GPP TS 33.223 [15]).
5 Services offered by the GBA BSF
5.1 Introduction
The GBA BSF offers the following services via the Nbsp interface:
- Nbsp_GBA Service
Table 5.1-1 summarizes the corresponding APIs defined for this specification.
Table 5.1-1: API Descriptions
Service Name Clause Description OpenAPI Specification File apiName Annex
Nbsp_GBA 5.2 Nbsp GBA Service TS29309_Nbsp_GBA.yaml nbsp-gba A.2

5.2 Nbsp_GBA Service
5.2.1 Service Description
This service is exposed by the GBA BSF for the purpose of providing GBA bootstrap information to an SBI-capable
NAF, and GBA push information (GPI) to an SBI-capable Push-NAF, for the derivation of the application key material
(e.g. Ks_(ext/int)_NAF). It also supports to fetch application-specific user security settings (USS) from the GBA BSF.
5.2.2 Service Operations
5.2.2.1 Introduction
For the Nbsp_GBA service the following service operations are defined:
- BootstrapInfo
- PushInfo
ETSI
3GPP TS 29.309 version 19.1.0 Release 19 10 ETSI TS 129 309 V19.1.0 (2026-02)
5.2.2.2 BootstrapInfo
5.2.2.2.1 General
This service operation is used between the SBI-capable NAF and the GBA BSF to request the key material agreed
during bootstrapping from the UE to the GBA BSF. It is also used to fetch application-specific user security settings
from the BSF, if requested by the NAF.
5.2.2.2.2 Boostrapping Info Retrieval
Figure 5.2.2.2.2-1 shows a scenario where the NF Service Consumer (e.g. the SBI-capable NAF) sends a request to the
GBA BSF to receive the bootstrapping info and optionally the user security settings.
NF service
GBA BSF
consumer
1. POST …/bootstrapping-info-retrieval
(BootstrappingInfoRequest)
2a. 200 OK (BootstrappingInfoResponse)
2b. 4xx/5xx Errors
2c. 3xx Redirect
Figure 5.2.2.2.2-1: Requesting Bootstrapping Info
1. The NF Service Consumer sends a POST request (custom method "bootstrapping-info-retrieval") to the GBA
BSF. The request includes the B-TID, the NAF-Id and optionally a flag to indicate that the NAF is GBA_U
aware, and a list of GAA Service Identifiers (GSID).
2a. On success the GBA BSF responds with "200 OK" and including in the message body the key material
(Ks_NAF in case of GBA_ME and Ks_ext_NAF in case of GBA_U), the key material lifetime and the
bootstrapping creation time. Optionally, it may include additional key material (i.e. Ks_int_NAF), application-
specific user security settings and the UE private identity.
On failure, the appropriate HTTP status code indicating the error shall be returned and appropriate additional error
information should be returned in the POST response body.
In the case of redirection, the GBA BSF shall return 3xx status code, which shall contain a Location header with an URI
pointing to the endpoint of another GBA BSF (service) instance.
5.2.2.3 PushInfo
5.2.2.3.1 General
This service operation is used between the SBI-capable Push-NAF and the GBA BSF to request the GBA Push
Information (GPI) in order to bootstrap the UE with GBA key material. It is also used to fetch application-specific user
security settings from the BSF, if requested by the Push-NAF.
5.2.2.3.2 Push Info Retrieval
Figure 5.2.2.3.2-1 shows a scenario where the NF Service Consumer (e.g. the SBI-capable Push-NAF) sends a request
to the GBA BSF to receive the bootstrapping info and optionally the user security settings.
ETSI
3GPP TS 29.309 version 19.1.0 Release 19 11 ETSI TS 129 309 V19.1.0 (2026-02)
NF service
GBA BSF
consumer
1. POST …/push-info-retrieval
(PushInfoRequest)
2a. 200 OK (PushInfoResponse)
2b. 4xx/5xx Errors
2c. 3xx Redirect
Figure 5.2.2.3.2-1: Requesting Push Info
1. The NF Service Consumer sends a POST request (custom method "push-info-retrieval") to the GBA BSF. The
request includes the User Identity (Private or Public Identity), User Identity type, UICC application identifier,
Push-NAF-Id, Push-NAF SA identifier, Indicator for use of GBA_ME or GBA_U, Requested Push-NAF key
lifetime, Private User Identity indicator, list of GAA Service Identifiers (GSID), AUTS and RAND.
2a. On success the GBA BSF responds with "200 OK" and including in the message body the GPI data, key material
(Ks_NAF in case of GBA_ME and Ks_ext_NAF in case of GBA_U), key material lifetime, application-specific
user security settings. Optionally, it may include additional key material (i.e. Ks_int_NAF), application-specific
user security settings and the UE private identity.
On failure, the appropriate HTTP status code indicating the error shall be returned and appropriate additional error
information should be returned in the POST response body.
In the case of redirection, the GBA BSF shall return 3xx status code, which shall contain a Location header with an URI
pointing to the endpoint of another GBA BSF (service) instance.
6 API Definitions
6.1 Nbsp_GBA Service API
6.1.1 Introduction
The Nbsp_GBA service shall use the Nbsp_GBA API.
The API URI of the Nbsp_GBA API shall be:
{apiRoot}//
The request URIs used in HTTP requests from the NF service consumer towards the NF service producer shall have the
Resource URI structure defined in clause 4.4.1 of 3GPP TS 29.501 [5], i.e.:
{apiRoot}///
with the following components:
- The {apiRoot} shall be set as described in 3GPP TS 29.501 [5].
- The shall be "nbsp-gba".
- The shall be "v1".
- The shall be set as described in clause 6.1.3.
ETSI
3GPP TS 29.309 version 19.1.0 Release 19 12 ETSI TS 129 309 V19.1.0 (2026-02)
6.1.2 Usage of HTTP
6.1.2.1 General
HTTP/2, IETF RFC 9113 [11], shall be used as specified in clause 5 of 3GPP TS 29.500 [4].
HTTP/2 shall be transported as specified in clause 5.3 of 3GPP TS 29.500 [4].
The OpenAPI [6] specification of HTTP messages and content bodies for the Nbsp_GBA API is contained in Annex A.
6.1.2.2 HTTP standard headers
6.1.2.2.1 General
See clause 5.2.2 of 3GPP TS 29.500 [4] for the usage of HTTP standard headers.
6.1.2.2.2 Content type
JSON, IETF RFC 8259 [12], shall be used as content type of the HTTP bodies specified in the present specification as
specified in clause 5.4 of 3GPP TS 29.500 [4]. The use of the JSON format shall be signalled by the content type
"application/json".
"Problem Details" JSON object shall be used to indicate additional details of the error in a HTTP response body and
shall be signalled by the content type "application/problem+json", as defined in IETF RFC 9457 [13].
6.1.2.3 HTTP custom headers
The mandatory HTTP custom header fields specified in clause 5.2.3.2 of 3GPP TS 29.500 [4] shall be supported, and
the optional HTTP custom header fields specified in clause 5.2.3.3 of 3GPP TS 29.500 [4] may be supported.
6.1.3 Resources
In this release of this specification, no resources are defined for the Nbsp_GBA service.
6.1.3.1 Overview
The structure of the Resource URIs of the Nbsp_GBA service is shown in figure 6.1.3.1-1.
{apiRoot}/nbsp-gba/{apiVersion}
/bootstrapping-info-retrieval
/push-info-retrieval
Figure 6.1.3.1-1: Resource URI structure of the Nbsp_GBA API
ETSI
3GPP TS 29.309 version 19.1.0 Release 19 13 ETSI TS 129 309 V19.1.0 (2026-02)
6.1.4 Custom Operations without associated resources
6.1.4.1 Overview
Table 6.1.4.1-1: Custom operations without associated resources
Mapped HTTP
Operation Name Custom operation URI Description
method
Bootstrapping Info Retrieval /bootstrapping-info-retrieval POST
Push Info Retrieval /push-info-retrieval POST

6.1.4.2 Operation: Bootstrapping Info Retrieval
6.1.4.2.1 Description
6.1.4.2.2 Operation Definition
This operation shall support the response data structures and response codes specified in tables 6.1.4.2.2-1 and
6.1.4.2.2-2.
Table 6.1.4.2.2-1: Data structures supported by the POST Request Body
Data type P Cardinality Description
BootstrappingInfo M 1 Request body of the Bootstrapping Info Request
Request
Table 6.1.4.2.2-2: Data structures supported by the POST Response Body
Data type P Cardinality Response Description
codes
BootstrappingInfo M 1 200 OK A response body containing the BootstrappingInfoResponse
Response shall be returned.
RedirectRespons O 0.1 307 Temporary redirection.
e Temporary (NOTE 2)
Redirect
RedirectRespons O 0.1 308 Permanent redirection.
e Permanent (NOTE 2)
Redirect
ProblemDetails O 0.1 403 The NAF is not authorized to request Bootstrapping Information
Forbidden from the GBA BSF.
NOTE 1: The mandatory HTTP error status code for the POST method listed in Table 5.2.7.1-1 of
3GPP TS 29.500 [4] also apply.
NOTE 2: RedirectResponse may be inserted by an SCP, see clause 6.10.9.1 of 3GPP TS 29.500 [4].

Table 6.1.4.2.2-3: Headers supported by the 307 Response Code
Name Data type P Cardinality Description
Location string M 1 An alternative URI of the resource located on an alternative
service instance within the same GBA BSF (service) set. For
the case when a request is redirected to the same target
resource via a different SCP, see clause 6.10.9.1 in
3GPP TS 29.500 [4].
3gpp-Sbi-Target- string O 0.1 Identifier of the target NF (service) instance ID towards which
Nf-Id the request is redirected.

ETSI
3GPP TS 29.309 version 19.1.0 Release 19 14 ETSI TS 129 309 V19.1.0 (2026-02)
Table 6.1.4.2.2-4: Headers supported by the 308 Response Code
Name Data type P Cardinality Description
Location string M 1 An alternative URI of the resource located on an alternative
service instance within the same GBA BSF (service) set. For
the case when a request is redirected to the same target
resource via a different SCP, see clause 6.10.9.1 in
3GPP TS 29.500 [4].
3gpp-Sbi-Target- string O 0.1 Identifier of the target NF (service) instance ID towards which
Nf-Id the request is redirected.

6.1.4.3 Operation: Push Info Retrieval
6.1.4.3.1 Description
6.1.4.3.2 Operation Definition
This operation shall support the response data structures and response codes specified in tables 6.1.4.3.2-1 and
6.1.4.3.2-2.
Table 6.1.4.3.2-1: Data structures supported by the POST Request Body
Data type P Cardinality Description
PushInfoRequest M 1 Request body of the Push Info Request

Table 6.1.4.3.2-2: Data structures supported by the POST Response Body
Data type P Cardinality Response Description
codes
PushInfoResponse M 1 200 OK A response body containing the PushInfoResponse shall be
returned.
RedirectResponse O 0.1 307 Temporary Temporary redirection.
Redirect (NOTE 2)
RedirectResponse O 0.1 308 Permanent Permanent redirection.
Redirect (NOTE 2)
ProblemDetails O 0.1 403 Forbidden The Push-NAF is not authorized to request GBA Push
Information (GPI) from the GBA BSF.
NOTE 1: The mandatory HTTP error status code for the POST method listed in Table 5.2.7.1-1 of
3GPP TS 29.500 [4] also apply.
NOTE 2: RedirectResponse may be inserted by an SCP, see clause 6.10.9.1 of 3GPP TS 29.500 [4].

Table 6.1.4.3.2-3: Headers supported by the 307 Response Code
Name Data type P Cardinality Description
Location string M 1 An alternative URI of the resource located on an alternative
service instance within the same GBA BSF (service) set. For
the case when a request is redirected to the same target
resource via a different SCP, see clause 6.10.9.1 in
3GPP TS 29.500 [4].
3gpp-Sbi-Target- string O 0.1 Identifier of the target NF (service) instance ID towards which
Nf-Id the request is redirected.

ETSI
3GPP TS 29.309 version 19.1.0 Release 19 15 ETSI TS 129 309 V19.1.0 (2026-02)
Table 6.1.4.3.2-4: Headers supported by the 308 Response Code
Name Data type P Cardinality Description
Location string M 1 An alternative URI of the resource located on an alternative
service instance within the same GBA BSF (service) set. For
the case when a request is redirected to the same target
resource via a different SCP, see clause 6.10.9.1 in
3GPP TS 29.500 [4].
3gpp-Sbi-Target- string O 0.1 Identifier of the target NF (service) instance ID towards which
Nf-Id the request is redirected.

6.1.5 Notifications
In this release of this specification, no notifications are defined for the Nbsp_GBA service.
6.1.6 Data Model
6.1.6.1 General
This clause specifies the application data model supported by the API.
Table 6.1.6.1-1 specifies the data types defined for the Nbsp_GBA service-based interface protocol.
ETSI
3GPP TS 29.309 version 19.1.0 Release 19 16 ETSI TS 129 309 V19.1.0 (2026-02)
Table 6.1.6.1-1: Nbsp_GBA specific Data Types
Data type Clause defined Description
BootstrappingInfoRequest 6.1.6.2.2 Request body of the HTTP POST operation for
resource "/bootstrapping-info-request".
BootstrappingInfoResponse 6.1.6.2.3 Response body of the HTTP POST operation
for resource "/bootstrapping-info-request".
PushInfoRequest 6.1.6.2.4 Request body of the HTTP POST operation for
resource "/push-info-request".
PushInfoResponse 6.1.6.2.5 Response body of the HTTP POST operation
for resource "/push-info-request".
NafId 6.1.6.2.6 NAF ID, containing the NAF FQDN and the Ua
Security Protocol Identifier.
UssListItem 6.1.6.2.7 Data item in a User Security Settings array list.
Uss 6.1.6.2.8 User Security Settings for a given GAA
Service.
UeIdsItem 6.1.6.2.9 Data item in a UE ID array list.
FlagsItem 6.1.6.2.10 Data item in a Flags array list.
GsId 6.1.6.3.2 GAA Service Identifier.
GsType 6.1.6.3.2 GAA Service Type.
BtId 6.1.6.3.2 Bootstrapping Transaction Identifier.
MeKeyMaterial 6.1.6.3.2 ME Key Material (hex-encoded string).
UiccKeyMaterial 6.1.6.3.2 UICC key material (hex-encoded string).
UeId 6.1.6.3.2 Public Identity of the UE.
Impi 6.1.6.3.2 IMS Private Identity of the UE
Flag 6.1.6.3.2 GAA authorization flags, as defined in
3GPP TS 29.109 [17], Annex C.
GbaPushInfo 6.1.6.3.2 GBA Push Info (hex-encoded string).
NafGroup 6.1.6.3.2 NAF Group (string).
PtId 6.1.6.3.2 P-TID.
UiccAppLabel 6.1.6.3.2 UICC Application Label (string).
Auts 6.1.6.3.2 AUTS in UMTS AKA.
Rand 6.1.6.3.2 RAND in UMTS AKA.
KeyChoice 6.1.6.3.3 Type of key (ME-based or UICC-based) that
the NAF shall use.
UiccOrMe 6.1.6.3.4 Indicates whether GBA_ME or GBA_U is to be
used for GBA push.
SecFeature 6.1.6.3.5 Security features supported by the BSF or the
NAF.
GbaType 6.1.6.3.6 Authentication type used by the UE for GBA.
UeIdType 6.1.6.3.7 Type of UE Identity (public or private).

Table 6.1.6.1-2 specifies data types re-used by the Nbsp_GBA service-based interface protocol from other
specifications, including a reference to their respective specifications and when needed, a short description of their use
within the Nbsp_GBA service-based interface.
Table 6.1.6.1-2: Nbsp_GBA re-used Data Types
Data type Reference Comments
Uint32 3GPP TS 29.571 [18] Unsigned 32-bit integer.
DateTime 3GPP TS 29.571 [18] String with a "date-time" format, as defined by
OpenAPI [6].
ProblemDetails 3GPP TS 29.571 [18] Response body of error response messages.
RedirectResponse 3GPP TS 29.571 [18] Response body of a redirect response message.
Fqdn 3GPP TS 29.571 [18] Fully Qualified Domain Name

6.1.6.2 Structured data types
6.1.6.2.1 Introduction
This clause defines the structures to be used in resource representations.
ETSI
3GPP TS 29.309 version 19.1.0 Release 19 17 ETSI TS 129 309 V19.1.0 (2026-02)
6.1.6.2.2 Type: BootstrappingInfoRequest
Table 6.1.6.2.2-1: Definition of type BootstrappingInfoRequest
Attribute name Data type P Cardinality Description
btId BtId M 1 Bootstrapping Transaction Identifier
nafId NafId M 1 NAF Identifier
gbaUAware boolean O 0.1 GBA-U Awareness Indicator.

true: The sending node is GBA_U aware
false (default) or absent: The sending node
is not GBA_U aware.
gsIds array(GsId) O 1.N GBA Service Identifiers

6.1.6.2.3 Type: BootstrappingInfoResponse
Table 6.1.6.2.3-1: Definition of type BootstrappingInfoResponse
Attribute name Data type P Cardinality Description
meKeyMaterial MeKeyMaterial M 1 ME key material (Ks_NAF or Ks_Ext_NAF)
uiccKeyMaterial UiccKeyMaterial O 0.1 UICC key material (Ks_Int_NAF)
keyExpiryTime DateTime O 0.1 Key expiry time
bootstrappingInfoCreatio DateTime O 0.1 Bootstrapping Info Creation Time
nTime
ussList array(UssListItem) O 1.N GBA User Security Settings per GBA
Service Identifier
gbaType GbaType O 0.1 Authentication type that was used by the UE
during the bootstrapping procedure.
impi Impi O 0.1 UE Private Identity

6.1.6.2.4 Type: PushInfoRequest
Table 6.1.6.2.4-1: Definition of type PushInfoRequest
Attribute name Data type P Cardinality Description
ueId UeId M 1 User Identity.
ueIdType UeIdType M 1 Type of UE identity (public or private).
uiccAppLabel UiccAppLabel M 1 UICC Application Label.
nafId NafId M 1 NAF Identifier.
...