ETSI TS 102 747 V1.1.1 (2009-12)

ETSI TS 102 747 V1.1.1 (2009-12)
Technical Specification


Human Factors (HF);
Personalization and User Profile Management;
Architectural Framework

---------------------- Page: 1 ----------------------
2 ETSI TS 102 747 V1.1.1 (2009-12)



Reference
DTS/HF-00123
Keywords
profile, user
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2009.
All rights reserved.

TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
LTE™ is a Trade Mark of ETSI currently being registered
for the benefit of its Members and of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI TS 102 747 V1.1.1 (2009-12)
Contents
Intellectual Property Rights . 5
Foreword . 5
Introduction . 5
1 Scope . 6
2 References . 6
2.1 Normative references . 7
2.2 Informative references . 7
3 Definitions and abbreviations . 9
3.1 Definitions . 9
3.2 Abbreviations . 10
4 Summary of profile . 11
5 User profile management architecture requirements . 13
5.1 Profile roles . 13
5.2 Profile identification . 13
5.3 The UPM architecture model . 13
5.4 Procedures . 15
5.4.1 Introduction. 15
5.4.2 Profile synchronization . 16
5.4.2.1 Synchronization conflict resolution/avoidance . 17
5.4.2.2 Protocol candidates for profile component synchronization . 17
5.4.3 Profile creation/update/deletion . 17
5.4.3.1 Profile creation . 17
5.4.4 Update of profile data according to context . 18
5.4.5 Profile deletion . 18
6 UP/UPM security . 19
6.1 UP/UPM and impact on privacy . 19
6.2 Key goal for UP/UPM security . 19
6.3 Risk analysis - assumptions and objectives . 20
6.4 Risk analysis - functional capabilities . 22
6.4.1 Threats and threat agents in UP/UPM. 22
6.4.2 Identification . 22
6.4.3 Privacy . 23
6.4.4 Integrity (data) . 23
6.5 Detailed security requirements . 24
6.5.1 Identification SA . 24
6.5.2 Authentication SA . 25
6.5.3 Authorisation SA . 25
6.5.4 Confidentiality SA . 25
6.5.5 Integrity SA . 25
Annex A (normative): Mapping to services and networks . 26
A.1 Introduction . 26
A.1.1 Mapping of user profile roles with TISPAN roles. 26
A.1.1.1 Introduction. 26
A.1.1.2 Principles . 26
A.1.1.3 Involved use cases . 27
A.1.2 Common Profile Storage (CPS) defined in TR 132 808 . 28
A.1.3 3GPP Generic User Profile (GUP) Release 8 architecture . 28
A.1.4 Relationship to UPM distribution and synchronization capabilities . 30
A.1.5 Universal Communications Identifier . 30
Annex B (informative): Core system objectives . 32
ETSI

---------------------- Page: 3 ----------------------
4 ETSI TS 102 747 V1.1.1 (2009-12)
B.1 Stakeholder categories and their objectives . 32
B.2 Management of user profile data . 32
B.3 Processing of profile data . 33
B.4 Activation/deactivation of situation profiles . 33
B.5 Information and feedback to users . 33
B.6 Logging . 33
Annex C (informative): Related Work in other Standardization Bodies . 34
C.1 Open Mobile Alliance . 34
C.2 W3C . . 35
Annex D (informative): Security terms and concepts . 36
D.1 Security associations . 36
D.2 Confidentiality . 36
D.3 Integrity . 36
D.4 Authenticity . 37
D.5 Authority . 37
Annex E (informative): Conflict resolution/avoidance . 38
E.1 Priorities for avoiding conflicts . 38
E.2 Avoiding conflicts by using templates . 38
E.3 Conflict resolution/avoidance methods . 38
E.3.1 Method 1 . 38
E.3.2 Method 2 . 39
E.3.3 Comparing conflict resolution methods . 39
E.3.4 User choices of handling conflicts at run-time . 39
E.3.5 Conflict resolution without user involvement . 40
E.3.6 Method for capturing and utilizing the results of a resolution process . 40
Annex F (informative): Analysis of candidate protocols and mechanisms for UP/UPM
security provision . 41
F.1 Overview . . 41
F.1.1 Symmetric key solutions . 41
F.1.2 Asymmetric key solutions . 41
F.2 Authorisation Single-Sign On approaches . 41
F.2.1 Generic Authentication Architecture (GAA). 41
F.2.2 X.509 Privilege Management Infrastructure (PMI) . 41
F.2.3 XDM for Access Control . 43
F.2.4 Kerberos . 43
History . 44

ETSI

---------------------- Page: 4 ----------------------
5 ETSI TS 102 747 V1.1.1 (2009-12)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://webapp.etsi.org/IPR/home.asp).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Human Factors (HF).
Introduction
The present documents builds on the user profile concept described in EG 202 325 [i.1]. The concept of a user profile
usually refers to a set of information, preferences and rules that are used by a device or service to deliver a customized
version of capabilities to the user. Traditionally, many devices and services contain profiles specific to that product and
unrelated to any other. This requires that, on change of service or device, the user has to re-educate themselves in how
to personalize their services or devices and re-enter their information and preferences. This will result in variable
success rate and user satisfaction. The user profile concept described in EG 202 325 [i.1] provides an enhanced user
experience.
There will be a number of user characteristics and preferences that will apply independently of any particular product
(e.g. a user's preferred language or their need for enlarged text). A key objective is that users should not be required to
provide this information more times than is necessary.
Users move between situations throughout the day (e.g. at home, driving, working). In each of these situations, users
may have different needs for how they would like their ICT resources arranged. At present, an increasing number of
products provide the user with ways of tailoring their preferences to these different situations. Users should be able to
specify their context dependent needs in ways that require the minimum need to understand the individual products.
In addition, personalization and user profile management holds the promise of improving the uptake of new
technologies and allowing greater access to their benefits. The present document provides an architectural framework
for supporting personalization and user profile management.
ETSI

---------------------- Page: 5 ----------------------
6 ETSI TS 102 747 V1.1.1 (2009-12)
1 Scope
The present document defines an architectural framework supporting the personalization and user profile management
concepts described in EG 202 325 [i.1]. The present document addresses issues related to network requirements,
functions and procedures. It also covers User Profile security and privacy issues.
Capabilities provided by the architecture are:
• data editing (e.g. creation, templates, update);
• data storage;
• synchronization;
• backup;
• access control respecting user preferences and legal policies;
Profile solutions within the scope of the present document are:
• those provided for the primary benefit of the end-user;
• those which the end-user has rights to manage the profile contents;
• those where the end-user has the right to have a dialogue with the information owning stakeholder.
Intended readers of the present document are user profile providers, operators, service developers, service providers,
device manufacturers, standards developers.
2 References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• Non-specific reference may be made only to a complete document or a part thereof and only in the following
cases:
- if it is accepted that it will be possible to use all future changes of the referenced document for the
purposes of the referring document;
- for informative references.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
ETSI

---------------------- Page: 6 ----------------------
7 ETSI TS 102 747 V1.1.1 (2009-12)
2.1 Normative references
The following referenced documents are indispensable for the application of the present document. For dated
references, only the edition cited applies. For non-specific references, the latest edition of the referenced document
(including any amendments) applies.
[1] ETSI ES 202 746: "Human Factors (HF); Personalization and User Profile Management; User
Profile Preferences and Information".
[2] ITU-T Recommendation M.3050 Supplement 1: "Enhanced Telecom Operations Map (eTOM) -
Supplement 1 - Interim view of an interpreter's guide for eTOM and ITIL practitioners".
[3] OMA, Push-to-Talk over Cellular, Architecture.
NOTE: See OMA-AD-PoC-V2_0-20080507-C.
[4] ETSI TS 133 221: "Digital cellular telecommunications system (Phase 2+); Universal Mobile
Telecommunications System (UMTS); LTE; Generic Authentication Architecture (GAA); Support
for subscriber certificates (3GPP TS 33.221)".
[5] ETSI TS 184 002: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Identifiers (IDs) for NGN".
[6] ITU-T Recommendation E.164: "The international public telecommunication numbering plan".
[7] ETSI TS 188 002-1: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); NGN Subscription Management; Part 1: Requirements".
2.2 Informative references
The following referenced documents are not essential to the use of the present document but they assist the user with
regard to a particular subject area. For non-specific references, the latest version of the referenced document (including
any amendments) applies.
[i.1] ETSI EG 202 325: "Human Factors (HF); User Profile Management".
[i.2] ETSI TR 132 808: "Telecommunication management; Study of Common Profile Storage (CPS)
Framework of User Data for network services and management (3GPP TR 32.808)".
[i.3] ETSI TR 180 003: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Release 3 definition".
[i.4] ETSI TS 102 165-1: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Methods and protocols; Part 1: Method and proforma for
Threat, Risk, Vulnerability Analysis".
[i.5] ETSI TR 187 011: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); NGN Security; Application of ISO-15408-2 requirements to
ETSI standards - guide, method and application with examples".
[i.6] ISO/IEC 15408-2: "Information technology - Security techniques - Evaluation criteria for IT
security - Part 2: Security functional requirements".
[i.7] UK Home Office; R.V.Clark; "Hot Products: understanding, anticipating and reducing demand for
stolen goods", ISBN 1-84082-278-3.
[i.8] ETSI EG 202 067: "Universal Communications Identifier (UCI); System framework".
[i.9] ETSI EG 203 072: "Universal Communications Identifier (UCI); Results of a detailed study into
the technical areas for identification harmonization; Recommendations on the UCI for NGN".
[i.10] IETF RFC 4510: "Lightweight Directory Access Protocol (LDAP): Technical Specification Road
Map".
ETSI

---------------------- Page: 7 ----------------------
8 ETSI TS 102 747 V1.1.1 (2009-12)
[i.11] Open Mobile Alliance (OMA): "SyncML Sync Protocol".
NOTE: See http://www.openmobilealliance.org/tech/affiliates/syncml/syncml_sync_protocol_v11_20020215.pdf.
[i.12] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the
protection of individuals with regard to the processing of personal data and on the free movement
of such data.
[i.13] United Nations General Assembly resolution 217 A (III) (10 December 1948): "Universal
Declaration of Human Rights".
[i.14] ITU-T Recommendation X.509: "Information technology - Open Systems Interconnection - The
Directory: Public-key and attribute certificate frameworks".
NOTE: Also available as ISO/IEC 9594-8.
[i.15] ETSI TS 123 240: "Universal Mobile Telecommunications System (UMTS); LTE; 3GPP Generic
User Profile (GUP) requirements; Architecture (Stage 2)".
[i.16] Open Mobile Alliance (OMA): "User Agent Profile, Specifications, Version 2.0",
OMA-TS-UAProf-V2-0-20060206-A.
[i.17] Open Mobile Alliance (OMA): "Device Profile Evolution V1.0".
NOTE: See http://www.openmobilealliance.org/Technical/release_program/dpe_V1_0.aspx.
[i.18] Open Mobile Alliance (OMA): "Device Management Working Group".
NOTE: See http://www.openmobilealliance.org/Technical/DM.aspx.
[i.19] Open Mobile Alliance (OMA): "Device Management Protocol, Specifications",
OMA-TS-DM-Protocol-V1-2-1-20080617-A.
[i.20] Open Mobile Alliance (OMA): XML Document Management V1.1.
NOTE: See http://www.openmobilealliance.org/Technical/release_program/xdm_v1_1.aspx.
[i.21] Open Mobile Alliance (OMA): Presence Simple V1.1.
NOTE: See http://www.openmobilealliance.org/Technical/release_program/presence_simple_v1_1.aspx.
[i.22] ETSI ES 283 030: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Presence Service Capability; Protocol Specification
[3GPP TS 24.141 V7.0.0, modified and OMA-TS-Presence-SIMPLE-V1-0, modified]".
[i.23] Open Mobile Alliance (OMA): "Instant Messaging and Presence Service V1.3".
NOTE: See http://www.openmobilealliance.org/Technical/release_program/imps_v1_3a.aspx.
[i.24] "OMA-TS-XDM-Core-V1-0-20051103-C" and "OMA-TS-XDM-Shared-V1-0-20051006-C".
[i.25] ETSI TS 183 038: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); PSTN/ISDN Simulation Services; Extensible Markup
Language (XML) Document Management; Protocol Specification (Endorsement of OMA-TS-
XDM-Core-V1-0-20051103-C and OMA-TS-XDM-Shared-V1-0-20051006-C)".
[i.26] Open Mobile Alliance (OMA): "Enabler Release Definition for XML Document Management
Candidate Version 2.1", 31 March 2009, OMA-ERELD-XDM-V2-1-20090331-C.
NOTE: See http://www.openmobilealliance.org/Technical/release_program/docs/XDM/V2_1-20090331-
C/OMA-ERELD-XDM-V2_1-20090331-C.pdf.
[i.27] IETF RFC 4825: The Extensible Markup Language (XML) Configuration Access protocol
(XCAP).
NOTE: See http://www.ietf.org/rfc/rfc4825.txt.
ETSI

---------------------- Page: 8 ----------------------
9 ETSI TS 102 747 V1.1.1 (2009-12)
[i.28] "W3C Recommendation: "XQuery 1.0: An XML Query Language", January 23 2007.
NOTE: See http://www.w3.org/TR/xquery/.
[i.29] "W3C Composite Capability/Preference Profiles (CC/PP): Structure and Vocabularies", G. Klyne,
F. Reynolds, C. Woodrow, H. Ohto.
NOTE See: http://www.w3.org/TR/2007/WD-CCPP-struct-vocab2-20070430/.
[i.30] "W3C Mobile Web Initiative (MWI) Device Description Repository (DDR)".
NOTE: See http://www.w3.org/TR/2007/WD-ddr-core-vocabulary-20071218/#sec-introduction.
[i.31] "W3C Delivery Context Ontology (DCO)".
NOTE: See http://www.w3.org/2007/uwa/editors-drafts/DeliveryContextOntology/2007-11-
30/DCOntology.html.
[i.32] ETSI EG 284 004: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Incorporating Universal Communications Identifier (UCI)
support into the specification of Next Generation Networks (NGN)".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the terms and definitions given in EG 202 325 [i.1] and the following apply:
Concealable, Removable, Available, Valuable, Enjoyable, and Disposable (CRAVED): classification scheme to
determine the likelihood that a particular type of item will be the subject of theft [i.7]
context: any information that can be used to characterize the state of entities that are considered relevant to the
interaction between a user and an application, network function, service or device
normal profile: user view of information, preferences and rules that are always active in the profile when no specific
situation is applicable
object: profile data with attributes, values and operations that the user can refer to when defining their profiles
profile: total set of user related information, preferences, rules and settings which affects the way in which a user
experiences terminals, devices and services
NOTE: The use of the word profile in the present document implies user profile unless otherwise stated.
root profile: part of the profile held by the profile provider
situation profile: user view of user related information, preferences and rules which affects the way in which a user
experiences devices and services in a specific situation
subscriber: person or organization responsible for concluding contracts for the services subscribed to and for paying
for these services
NOTE: See ITU-T Recommendation M.3050.1 [2].
ETSI

---------------------- Page: 9 ----------------------
10 ETSI TS 102 747 V1.1.1 (2009-12)
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
3GPP AKA 3GPP Authentication and Key Agreement
AA Attribute Authority
AC Attribute Certificate
AS Application Server
ASF Application Server Function
CA Certificate Authority
CC/PP Composite Capability/Preference Profiles
CPS Common Profile Storage
CRAVED Concealable, Removable, Available, Valuable, Enjoyable, and Disposable
CSCF Call Se
...