SIST ES 282 004 V2.0.0:2008
Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN) - NGN Functional Architecture - Network Attachment Sub-System (NASS)
Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN) - NGN Functional Architecture - Network Attachment Sub-System (NASS)
�NASS enhancements required to support NGN release 2 capabilities or sub-system requirements �NASS enhancements to NASS R1 functionality, e.g. oFailure recovery of NASS components (e.g. CLF failure recovery) oImprovements required with regard to the support of authentication procedures when no PPP session is setup. oEnhancements to nomadism and mobility support Further the description reference points and functions which have not been fully specified in release 1 (i.e. reference points a1, a3, e3, �).
Zlite telekomunikacijske in internetne storitve ter protokoli za napredno omreženje (TISPAN) - Funkcijska arhitektura omrežja NGN - Podsistem omrežne priključitve (NASS)
General Information
Buy Standard
Standards Content (Sample)
ETSI ES 282 004 V2.0.0 (2008-02)
ETSI Standard
Telecommunications and Internet converged Services and
Protocols for Advanced Networking (TISPAN);
NGN Functional Architecture;
Network Attachment Sub-System (NASS)
---------------------- Page: 1 ----------------------
2 ETSI ES 282 004 V2.0.0 (2008-02)
Reference
RES/TISPAN-02045-NGN-R2
Keywords
access, system
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2008.
All rights reserved.
TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
ETSI
---------------------- Page: 2 ----------------------
3 ETSI ES 282 004 V2.0.0 (2008-02)
Contents
Intellectual Property Rights.5
Foreword.5
1 Scope.6
2 References.6
2.1 Normative references.6
2.2 Informative references.7
3 Definitions and abbreviations.7
3.1 Definitions.7
3.2 Abbreviations.7
4 General Description of NASS .8
4.1 High level functional overview .8
4.2 High level concepts of NASS.9
4.3 Mobility, Nomadism.9
4.4 Access network level registration.9
4.4.1 Implicit authentication .10
4.4.1.1 Line authentication.10
4.4.2 Explicit authentication .10
4.4.3 CNG remote network configuration .10
4.4.4 TISPAN NGN Service/Applications Subsystems discovery .10
5 Functional Architecture.11
5.1 Overview.11
5.2 Functional Entities.12
5.2.1 Network Access Configuration Function (NACF) .12
5.2.2 Void.12
5.2.3 Connectivity session Location and repository Function (CLF) .12
5.2.3.1 Information Model.12
5.2.3.2 State Model.14
5.2.4 User Authentication and Authorization Function (UAAF).15
5.2.5 Profile Data Base Function (PDBF) .16
5.2.6 CNG Configuration Function (CNGCF).16
5.2.7 Void.17
5.3 Internal Reference points.17
5.3.1 Void.17
5.3.2 Reference Point NACF - CLF (a2) .17
5.3.2.1 Bind Indication.17
5.3.2.2 Bind Acknowledgement.18
5.3.2.3 Unbind Indication.18
5.3.2.4 Bind Information Query.18
5.3.2.5 Bind Information Query Acknowledgement.18
5.3.3 Void.19
5.3.4 Reference Point UAAF - CLF (a4).19
5.3.4.1 Access Profile Push.19
5.3.4.2 Access Profile Pull .21
5.3.4.3 Remove Access Profile.21
5.3.5 Reference Point NACF - UAAF .21
5.3.6 Reference Point UAAF - UAAF (e5) .21
5.3.6.1 Information exchanged on e5.22
5.4 Interface with the Resource and Admission Control Subsystem (RACS).23
5.4.1 Interface between CLF and RACF (e4) .23
5.4.1.1 Access Profile Push.23
5.4.1.2 Access Profile Pull .25
5.4.1.3 IP Connectivity Release Indication.25
5.5 Interfaces between NASS and the application plane and service control subsystems.25
ETSI
---------------------- Page: 3 ----------------------
4 ETSI ES 282 004 V2.0.0 (2008-02)
5.5.1 Interface between CLF and Application Functions (e2) .25
5.5.1.1 Information Query Request.26
5.5.1.2 Information Query Response.26
5.5.1.3 Event Registration Request.26
5.5.1.4 Event Registration Response.27
5.5.1.5 Notification Event Request .27
5.5.1.6 Notification Event Response.28
5.6 Reference points between NASS and User Equipment.28
5.6.1 Authentication and IP address allocation (e1) .28
5.6.2 Interface between CNGCF and CNG (e3) .28
5.6.3 Reference points with the AMF.29
6 Mapping onto network roles.29
7 Information flows.32
7.1 High level information flows.32
7.2 PPP based authentication.33
7.3 DHCP mode.34
Annex A (informative): Physical Configurations .35
A.1 PPP case.35
A.2 PPP with DHCP configuration.36
A.3 DHCP (option 1) .37
A.4 DHCP (option 2) .38
A.5 PANA-based configuration.38
Annex B (informative): Recovery procedures for functional elements within NASS .40
B.1 Conceptual information exchange flow for CLF state recovery .40
Annex C (informative): Bibliography.41
History .42
ETSI
---------------------- Page: 4 ----------------------
5 ETSI ES 282 004 V2.0.0 (2008-02)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://webapp.etsi.org/IPR/home.asp).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This ETSI Standard (ES) has been produced by ETSI Technical Committee Telecommunications and Internet
converged Services and Protocols for Advanced Networking (TISPAN).
The present document describes the architecture of the Network Attachment Subsystem (NASS) identified in the overall
TISPAN NGN architecture.
ETSI
---------------------- Page: 5 ----------------------
6 ETSI ES 282 004 V2.0.0 (2008-02)
1 Scope
The present document describes the architecture of the Network Attachment Subsystem (NASS) and its role in the
TISPAN NGN architecture as defined in ES 282 001 [2].
2 References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• Non-specific reference may be made only to a complete document or a part thereof and only in the following
cases:
- if it is accepted that it will be possible to use all future changes of the referenced document for the
purposes of the referring document;
- for informative references.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
For online referenced documents, information sufficient to identify and locate the source shall be provided. Preferably,
the primary source of the referenced document should be cited, in order to ensure traceability. Furthermore, the
reference should, as far as possible, remain valid for the expected life of the document. The reference shall include the
method of access to the referenced document and the full network address, with the same punctuation and use of upper
case and lower case letters.
NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
2.1 Normative references
The following referenced documents are indispensable for the application of the present document. For dated
references, only the edition cited applies. For non-specific references, the latest edition of the referenced document
(including any amendments) applies.
[1] ETSI TS 133 203: "Digital cellular telecommunications system (Phase 2+); Universal Mobile
Telecommunications System (UMTS); 3G security; Access security for IP-based services (3GPP
TS 33.203)".
[2] ETSI ES 282 001: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); NGN Functional Architecture Release 1".
[3] IETF RFC 1661: "The Point-to-Point Protocol (PPP)".
[4] ISO/IEC 7498-2: "Information Processing Systems - Open Systems Interconnection - Basic
Reference Model - Part 2: Security Architecture".
[5] IEEE 802.1X: "IEEE Standard for Local and metropolitan area networks - Port Based Network
Access Control".
[6] ETSI TS 182 008: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Presence Service; Architecture and functional description
(Endorsement of 3GPP TS 23.141 and OMA-AD-Presence-SIMPLE-V1-0)".
ETSI
---------------------- Page: 6 ----------------------
7 ETSI ES 282 004 V2.0.0 (2008-02)
2.2 Informative references
[7] ETSI TR 121 905: "Digital cellular telecommunications system (Phase 2+); Universal Mobile
Telecommunications System (UMTS); Vocabulary for 3GPP Specifications (3GPP TR 21.905
Release 7)".
[8] ETSI ES 282 007: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); IP Multimedia Subsystem (IMS); Functional architecture".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
authentication: property by which the correct identity of an entity or party is established with a required assurance
NOTE: The party being authenticated could be a user, subscriber, home environment or serving network (see
TR 121 905 [7]).
authorization: granting of permission based on authenticated identification (see ISO/IEC 7498-2 [4])
NOTE: In some contexts, authorization may be granted without requiring authentication or identification
e.g. emergency call services.
Customer Network Gateway (CNG): gateway between the Customer Premises Network (CPN) and the Access
Network
NOTE: A Customer Network Gateway may be in its simplest form a bridged or routed modem, and in a more
advanced form be an IAD.
explicit authentication: authentication that requires that the party to be authenticated performs an authentication
procedure (to verify the claimed identity of the party)
NOTE: For example, in IMS security (TS 133 203 [1]), explicit authentication is provided with full AKA directed
towards the IMS client entity (represented by IMPI/IMPU and USIM/ISIM) and also implicit
authentication is provided by means of the IPsec security associations.
implicit authentication: authentication based on a trusted relationship already established between two parties, or based
on one or more outputs of an authentication procedure already established between two parties
line identification: process that establishes the identity of the line based on the trusted configuration
NASS user: entity requesting authorization, authentication and allocation of the IP-Address from the NASS
User Equipment (UE): one or more devices allowing a user to access services delivered by TISPAN NGN networks
NOTE: This includes devices under user control commonly referred to as CPE, IAD, ATA, RGW, TE, etc., but
not network controlled entities such as access gateways.
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AAA Authentication Authorization and Accounting
AF Application Functions
AMF Access Management Function
AN Access Network
API Application Programming Interface
A-RACF Access-Resource and Admission Control Function
ARF Access Relay Function
ETSI
---------------------- Page: 7 ----------------------
8 ETSI ES 282 004 V2.0.0 (2008-02)
ASF Application Server Functions
ATM Asynchronous Transfer Mode
BGF Border Gateway Function
CLF Connectivity session Location and repository Function
CNG Customer Network Gateway
CNGCF CNG Configuration Function
CPE Customer Premises Equipment
CPN Customer Premises Network
DHCP Dynamic Host Configuration Protocol
DNS Domain Name Server
EAP Extensible Authentication Protocol
EP Enforcement Point
FQDN Fully Qualified Domain Name
IBCF Interconnection Border Control Function
IMS IP Multimedia SubSystem
IP Internet Protocol
LIF Location Information Forum
NACF Network Access Configuration Function
NASS Network Attachment Subsystem
PAA PANA Authentication Agent
PaC PANA Client
PANA Protocol for carrying Authentication for Network Access
P-CSCF Proxy-Call Session Control Function
PDBF Profile Data Base Function
PNA Presence Network Agent
PPP Point-to-Point Protocol
RACS Resource Admission Control Subsystem
RCEF Resource Control Emulation Function
TE Terminal Equipment
UAAF User Access Authorization Function
UE User Equipment
VC Virtual Circuit
VP Virtual Path
4 General Description of NASS
4.1 High level functional overview
The Network Attachment Subsystem provides the following functionalities:
• Dynamic provision of IP address and other user equipment configuration parameters (e.g. using DHCP).
• User authentication, prior or during the IP address allocation procedure.
• Authorization of network access, based on user profile.
• Access network configuration, based on user profile.
• Location management.
ETSI
---------------------- Page: 8 ----------------------
Other networks
User Equipment
9 ETSI ES 282 004 V2.0.0 (2008-02)
The location of this subsystem in the overall TISPAN architecture can be found in ES 282 001 [2] and is shown here for
information in figure 4.1.
Applications
Service Layer
Other
Subsyst ems
User
profiles
Core IMS
PSTN/ISDN
Emulat ion
Subsyst em
Transport Layer
Network
Attachment
Resource and
Subsyst em
Admission Control
Subsyst em
Transport processing functions
Figure 4.1: TISPAN NGN Architecture overview
4.2 High level concepts of NASS
The Network Attachment Subsystem (NASS) provides registration at access level and initialization of
User Equipment (UE) for accessing to the TISPAN NGN services. The NASS provides network level identification and
authentication, manages the IP address space of the Access Network and authenticates access sessions. The NASS also
announces the contact point of the TISPAN NGN Service/Applications Subsystems to the UE.
Network attachment through NASS is based on implicit or explicit user identity and authentication credentials stored in
the NASS.
4.3 Mobility, Nomadism
Mobility management functions provided by the NASS in the current TISPAN NGN release are limited to the ability of
a terminal to be moved to different access points and access networks (which may be owned by a different access
network provider) and a user to utilize different terminal, access points and access networks to retrieve their TISPAN
NGN services (even from another network operator). The current TISPAN NGN release does not require the support of
handover and session continuity between access networks without excluding autonomous mobility capabilities provided
within the access networks.
The impact of these nomadism requirements are defined in clause 6.
4.4 Access network level registration
NASS registration involves the identification, authentication, and authorization procedures between the UE and the
NASS to control the access to the NASS. Two authentication types are defined for NASS: Implicit authentication, for
example based on line identification, and explicit authentication, for example based on EAP. The relationship between
the identity and the credentials used for authentication must be known to the NASS for any authentication solution to be
possible.
ETSI
---------------------- Page: 9 ----------------------
10 ETSI ES 282 004 V2.0.0 (2008-02)
Explicit authentication is required between the UE and the NASS. It requires a signalling procedure to be performed
between the UE and the NASS. Implicit authentication may be performed by the NASS based on the line identification
of the connection to the UE. It is a matter of operator policy which form of authentication is applied.
Both implicit authentication and explicit authentication may be used independently as NASS authentication
mechanisms.
4.4.1 Implicit authentication
Depending on the access network configuration, especially for wired broadband access networks, the implicit access
authentication may rely only on an implicit authentication through physical or logic identity on the layer 2 (L2)
transport layer. A UE can directly gain access to access network without an explicit authentication procedure.
A CNG shall be able to directly access an access network without an explicit authentication procedure.
Which implicit authentication method applies depends on the operator policies.
4.4.1.1 Line authentication
Line authentication is a form of implicit authentication. Line authentication ensures that an access line is authenticated
and can be accessed from the CNG. Line authentication shall be based on the activation of the L2 connection between
the CNG and the access network.
Line authentication ensures that an access line is authenticated and can be accessed from the CNG. The line ID shall be
used for line authentication. The operator's policy shall decide whether line authentication applies.
4.4.2 Explicit authentication
In case the CNG is a routing modem and the Customer Premises Network (CPN) is a private IP realm, authentication
shall be initiated from the CNG. In case the CNG is a bridge, each UE shall authenticate with the NASS as the IP realm
in the CPN is known to the access network.
The relationship between the identity and the credentials used for authentication must be known to the NASS for any
explicit authentication solution to be possible. The identity used for explicit authentication may depend on the
authentication mechanism applied and on the access network which the UE is connected to. Two examples of these
identities are:
• User identity and credentials.
• UE identity.
The type of explicit authentication mechanisms used shall depend on the access network configuration and on the
operator policy.
4.4.3 CNG remote network configuration
This procedure is needed for the initialization of the CNGs accessing to the TISPAN NGN service subsystems.
4.4.4 TISPAN NGN Service/Applications Subsystems discovery
As part of the network registration process, the NASS shall have the possibility to announce the contact information of
the TISPAN NGN Service/Applications Subsystems to the UE. In case the TISPAN NGN Subsystem is the IMS, the
contact information provided by the NASS shall identify the P-CSCF.
The contact information provided by the NASS should either be in the form of the IP address of the contact point or in
the form of the FQDN of the contact point (in which case the NASS provides the IP address of the DNS server that is
able to resolve this FQDN into the IP address of the contact point).
Alternatively, the contact point to the TISPAN NGN Service/Applications Subsystems may be statically configured in
the UE e.g. using Fully Qualified Domain Names (FQDN) and DNS resolution to retrieve the contact points IP
addresses. This option applies in the non-roaming case.
ETSI
---------------------- Page: 10 ----------------------
11 ETSI ES 282 004 V2.0.0 (2008-02)
5 Functional Architecture
5.1 Overview
The Network Attachment Subsystem (NASS) comprises the following functional entities:
• Network Access Configuration Function (NACF).
• Connectivity session Location and repository Function (CLF).
• User Authentication and Authorization Function (UAAF).
• Profile Data Base Function (PDBF).
• CNG Configuration Function (CNGCF).
The NASS has interaction with the following TISPAN NGN functional entities:
• TISPAN Service control subsystems and applications.
• Resource Admission Control Subsystem (RACS).
• Access Relay Function (ARF) and Access Management Function (AMF).
• User Equipment (UE).
One or more functional entities may be mapped onto a single physical entity. If one functional entity is implemented by
two physical entities, the interface between these physical entities is outside the scope of standardization.
Functional entities in the Network Attachment Subsystem (NASS) may be distributed over two ad
...
Final draft ETSI ES 282 004 V2.0.0 (2007-11)
ETSI Standard
Telecommunications and Internet converged Services and
Protocols for Advanced Networking (TISPAN);
NGN Functional Architecture;
Network Attachment Sub-System (NASS)
---------------------- Page: 1 ----------------------
2 Final draft ETSI ES 282 004 V2.0.0 (2007-11)
Reference
RES/TISPAN-02045-NGN-R2
Keywords
access, system
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2007.
All rights reserved.
TM TM TM
DECT , PLUGTESTS and UMTS are Trade Marks of ETSI registered for the benefit of its Members.
TM
TIPHON and the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
ETSI
---------------------- Page: 2 ----------------------
3 Final draft ETSI ES 282 004 V2.0.0 (2007-11)
Contents
Intellectual Property Rights.5
Foreword.5
1 Scope.6
2 References.6
2.1 Normative references.6
2.2 Informative references.7
3 Definitions and abbreviations.7
3.1 Definitions.7
3.2 Abbreviations.7
4 General Description of NASS .8
4.1 High level functional overview .8
4.2 High level concepts of NASS.9
4.3 Mobility, Nomadism.9
4.4 Access network level registration.9
4.4.1 Implicit authentication .10
4.4.1.1 Line authentication.10
4.4.2 Explicit authentication .10
4.4.3 CNG remote network configuration .10
4.4.4 TISPAN NGN Service/Applications Subsystems discovery .10
5 Functional Architecture.11
5.1 Overview.11
5.2 Functional Entities.12
5.2.1 Network Access Configuration Function (NACF) .12
5.2.2 Void.12
5.2.3 Connectivity session Location and repository Function (CLF) .12
5.2.3.1 Information Model.12
5.2.3.2 State Model.14
5.2.4 User Authentication and Authorization Function (UAAF).15
5.2.5 Profile Data Base Function (PDBF) .16
5.2.6 CNG Configuration Function (CNGCF).16
5.2.7 Void.17
5.3 Internal Reference points.17
5.3.1 Void.17
5.3.2 Reference Point NACF - CLF (a2) .17
5.3.2.1 Bind Indication.17
5.3.2.2 Bind Acknowledgement.18
5.3.2.3 Unbind Indication.18
5.3.2.4 Bind Information Query.18
5.3.2.5 Bind Information Query Acknowledgement.18
5.3.3 Void.19
5.3.4 Reference Point UAAF - CLF (a4).19
5.3.4.1 Access Profile Push.19
5.3.4.2 Access Profile Pull .21
5.3.4.3 Remove Access Profile.21
5.3.5 Reference Point NACF - UAAF .21
5.3.6 Reference Point UAAF - UAAF (e5) .21
5.3.6.1 Information exchanged on e5.22
5.4 Interface with the Resource and Admission Control Subsystem (RACS).23
5.4.1 Interface between CLF and RACF (e4) .23
5.4.1.1 Access Profile Push.23
5.4.1.2 Access Profile Pull .25
5.4.1.3 IP Connectivity Release Indication.25
5.5 Interfaces between NASS and the application plane and service control subsystems.25
ETSI
---------------------- Page: 3 ----------------------
4 Final draft ETSI ES 282 004 V2.0.0 (2007-11)
5.5.1 Interface between CLF and Application Functions (e2) .25
5.5.1.1 Information Query Request.26
5.5.1.2 Information Query Response.26
5.5.1.3 Event Registration Request.26
5.5.1.4 Event Registration Response.27
5.5.1.5 Notification Event Request .27
5.5.1.6 Notification Event Response.28
5.6 Reference points between NASS and User Equipment.28
5.6.1 Authentication and IP address allocation (e1) .28
5.6.2 Interface between CNGCF and CNG (e3) .28
5.6.3 Reference points with the AMF.29
6 Mapping onto network roles.29
7 Information flows.32
7.1 High level information flows.32
7.2 PPP based authentication.33
7.3 DHCP mode.34
Annex A (informative): Physical Configurations .35
A.1 PPP case.35
A.2 PPP with DHCP configuration.36
A.3 DHCP (option 1) .37
A.4 DHCP (option 2) .38
A.5 PANA-based configuration.38
Annex B (informative): Recovery procedures for functional elements within NASS .40
B.1 Conceptual information exchange flow for CLF state recovery .40
Annex C (informative): Bibliography.41
History .42
ETSI
---------------------- Page: 4 ----------------------
5 Final draft ETSI ES 282 004 V2.0.0 (2007-11)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://webapp.etsi.org/IPR/home.asp).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This ETSI Standard (ES) has been produced by ETSI Technical Committee Telecommunications and Internet
converged Services and Protocols for Advanced Networking (TISPAN), and is now submitted for the ETSI standards
Membership Approval Procedure.
The present document describes the architecture of the Network Attachment Subsystem (NASS) identified in the overall
TISPAN NGN architecture.
ETSI
---------------------- Page: 5 ----------------------
6 Final draft ETSI ES 282 004 V2.0.0 (2007-11)
1 Scope
The present document describes the architecture of the Network Attachment Subsystem (NASS) and its role in the
TISPAN NGN architecture as defined in ES 282 001 [2].
2 References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• Non-specific reference may be made only to a complete document or a part thereof and only in the following
cases:
- if it is accepted that it will be possible to use all future changes of the referenced document for the
purposes of the referring document;
- for informative references.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
For online referenced documents, information sufficient to identify and locate the source shall be provided. Preferably,
the primary source of the referenced document should be cited, in order to ensure traceability. Furthermore, the
reference should, as far as possible, remain valid for the expected life of the document. The reference shall include the
method of access to the referenced document and the full network address, with the same punctuation and use of upper
case and lower case letters.
NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
2.1 Normative references
The following referenced documents are indispensable for the application of the present document. For dated
references, only the edition cited applies. For non-specific references, the latest edition of the referenced document
(including any amendments) applies.
[1] ETSI TS 133 203: "Digital cellular telecommunications system (Phase 2+); Universal Mobile
Telecommunications System (UMTS); 3G security; Access security for IP-based services
(3GPP TS 33.203)".
[2] ETSI ES 282 001: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); NGN Functional Architecture Release 1".
[3] IETF RFC 1661: "The Point-to-Point Protocol (PPP)".
[4] ISO/IEC 7498-2: "Information Processing Systems - Open Systems Interconnection - Basic
Reference Model - Part 2: Security Architecture".
[5] IEEE 802.1X: "IEEE Standard for Local and metropolitan area networks - Port Based Network
Access Control".
[6] ETSI TS 182 008: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Presence Service; Architecture and functional description
(Endorsement of 3GPP TS 23.141 and OMA-AD-Presence-SIMPLE-V1-0)".
ETSI
---------------------- Page: 6 ----------------------
7 Final draft ETSI ES 282 004 V2.0.0 (2007-11)
2.2 Informative references
[7] ETSI TR 121 905: "Digital cellular telecommunications system (Phase 2+); Universal Mobile
Telecommunications System (UMTS); Vocabulary for 3GPP Specifications (Release 7)
(3GPP TR 21.905)".
[8] ETSI ES 282 007: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); IP Multimedia Subsystem (IMS); Functional architecture".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
authentication: property by which the correct identity of an entity or party is established with a required assurance
NOTE: The party being authenticated could be a user, subscriber, home environment or serving network (see
TR 121 905 [7]).
authorization: granting of permission based on authenticated identification (see ISO/IEC 7498-2 [4])
NOTE: In some contexts, authorization may be granted without requiring authentication or identification
e.g. emergency call services.
Customer Network Gateway (CNG):gateway between the Customer Premises Network (CPN) and the Access
Network
NOTE: A Customer Network Gateway may be in its simplest form a bridged or routed modem, and in a more
advanced form be an IAD.
explicit authentication: authentication that requires that the party to be authenticated performs an authentication
procedure (to verify the claimed identity of the party)
NOTE: For example, in IMS security (TS 133 203 [1]), explicit authentication is provided with full AKA directed
towards the IMS client entity (represented by IMPI/IMPU and USIM/ISIM) and also implicit
authentication is provided by means of the IPsec security associations.
implicit authentication: authentication based on a trusted relationship already established between two parties, or based
on one or more outputs of an authentication procedure already established between two parties
line identification: process that establishes the identity of the line based on the trusted configuration
NASS user: entity requesting authorization, authentication and allocation of the IP-Address from the NASS
User Equipment (UE): one or more devices allowing a user to access services delivered by TISPAN NGN networks
NOTE: This includes devices under user control commonly referred to as CPE, IAD, ATA, RGW, TE, etc., but
not network controlled entities such as access gateways.
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AAA Authentication Authorization and Accounting
AF Application Functions
AMF Access Management Function
AN Access Network
API Application Programming Interface
A-RACF Access-Resource and Admission Control Function
ARF Access Relay Function
ETSI
---------------------- Page: 7 ----------------------
8 Final draft ETSI ES 282 004 V2.0.0 (2007-11)
ASF Application Server Functions
ATM Asynchronous Transfer Mode
BGF Border Gateway Function
CLF Connectivity session Location and repository Function
CNG Customer Network Gateway
CNGCF CNG Configuration Function
CPE Customer Premises Equipment
CPN Customer Premises Network
DHCP Dynamic Host Configuration Protocol
DNS Domain Name Server
EAP Extensible Authentication Protocol
EP Enforcement Point
FQDN Fully Qualified Domain Name
IBCF Interconnection Border Control Function
IMS IP Multimedia SubSystem
IP Internet Protocol
LIF Location Information Forum
NACF Network Access Configuration Function
NASS Network Attachment Subsystem
PAA PANA Authentication Agent
PaC PANA Client
PANA Protocol for carrying Authentication for Network Access
P-CSCF Proxy-Call Session Control Function
PDBF Profile Data Base Function
PNA Presence Network Agent
PPP Point-to-Point Protocol
RACS Resource Admission Control Subsystem
RCEF Resource Control Emulation Function
TE Terminal Equipment
UAAF User Access Authorization Function
UE User Equipment
VC Virtual Circuit
VP Virtual Path
4 General Description of NASS
4.1 High level functional overview
The Network Attachment Subsystem provides the following functionalities:
• Dynamic provision of IP address and other user equipment configuration parameters (e.g. using DHCP).
• User authentication, prior or during the IP address allocation procedure.
• Authorization of network access, based on user profile.
• Access network configuration, based on user profile.
• Location management.
ETSI
---------------------- Page: 8 ----------------------
Other networks
User Equipment
9 Final draft ETSI ES 282 004 V2.0.0 (2007-11)
The location of this subsystem in the overall TISPAN architecture can be found in ES 282 001 [2] and is shown here for
information in figure 4.1.
Applications
Service Layer
Other
Subsyst ems
User
profiles
Core IMS
PSTN/ISDN
Emulat ion
Subsyst em
Transport Layer
Network
Attachment
Resource and
Subsyst em
Admission Control
Subsyst em
Transport processing functions
Figure 4.1: TISPAN NGN Architecture overview
4.2 High level concepts of NASS
The Network Attachment Subsystem (NASS) provides registration at access level and initialization of
User Equipment (UE) for accessing to the TISPAN NGN services. The NASS provides network level identification and
authentication, manages the IP address space of the Access Network and authenticates access sessions. The NASS also
announces the contact point of the TISPAN NGN Service/Applications Subsystems to the UE.
Network attachment through NASS is based on implicit or explicit user identity and authentication credentials stored in
the NASS.
4.3 Mobility, Nomadism
Mobility management functions provided by the NASS in the current TISPAN NGN release are limited to the ability of
a terminal to be moved to different access points and access networks (which may be owned by a different access
network provider) and a user to utilize different terminal, access points and access networks to retrieve their TISPAN
NGN services (even from another network operator). The current TISPAN NGN release does not require the support of
handover and session continuity between access networks without excluding autonomous mobility capabilities provided
within the access networks.
The impact of these nomadism requirements are defined in clause 6.
4.4 Access network level registration
NASS registration involves the identification, authentication, and authorization procedures between the UE and the
NASS to control the access to the NASS. Two authentication types are defined for NASS: Implicit authentication, for
example based on line identification, and explicit authentication, for example based on EAP. The relationship between
the identity and the credentials used for authentication must be known to the NASS for any authentication solution to be
possible.
ETSI
---------------------- Page: 9 ----------------------
10 Final draft ETSI ES 282 004 V2.0.0 (2007-11)
Explicit authentication is required between the UE and the NASS. It requires a signalling procedure to be performed
between the UE and the NASS. Implicit authentication may be performed by the NASS based on the line identification
of the connection to the UE. It is a matter of operator policy which form of authentication is applied.
Both implicit authentication and explicit authentication may be used independently as NASS authentication
mechanisms.
4.4.1 Implicit authentication
Depending on the access network configuration, especially for wired broadband access networks, the implicit access
authentication may rely only on an implicit authentication through physical or logic identity on the layer 2 (L2)
transport layer. A UE can directly gain access to access network without an explicit authentication procedure.
A CNG shall be able to directly access an access network without an explicit authentication procedure.
Which implicit authentication method applies depends on the operator policies.
4.4.1.1 Line authentication
Line authentication is a form of implicit authentication. Line authentication ensures that an access line is authenticated
and can be accessed from the CNG. Line authentication shall be based on the activation of the L2 connection between
the CNG and the access network.
Line authentication ensures that an access line is authenticated and can be accessed from the CNG. The line ID shall be
used for line authentication. The operator's policy shall decide whether line authentication applies.
4.4.2 Explicit authentication
In case the CNG is a routing modem and the Customer Premises Network (CPN) is a private IP realm, authentication
shall be initiated from the CNG. In case the CNG is a bridge, each UE shall authenticate with the NASS as the IP realm
in the CPN is known to the access network.
The relationship between the identity and the credentials used for authentication must be known to the NASS for any
explicit authentication solution to be possible. The identity used for explicit authentication may depend on the
authentication mechanism applied and on the access network which the UE is connected to. Two examples of these
identities are:
• User identity and credentials.
• UE identity.
The type of explicit authentication mechanisms used shall depend on the access network configuration and on the
operator policy.
4.4.3 CNG remote network configuration
This procedure is needed for the initialization of the CNGs accessing to the TISPAN NGN service subsystems.
4.4.4 TISPAN NGN Service/Applications Subsystems discovery
As part of the network registration process, the NASS shall have the possibility to announce the contact information of
the TISPAN NGN Service/Applications Subsystems to the UE. In case the TISPAN NGN Subsystem is the IMS, the
contact information provided by the NASS shall identify the P-CSCF.
The contact information provided by the NASS should either be in the form of the IP address of the contact point or in
the form of the FQDN of the contact point (in which case the NASS provides the IP address of the DNS server that is
able to resolve this FQDN into the IP address of the contact point).
Alternatively, the contact point to the TISPAN NGN Service/Applications Subsystems may be statically configured in
the UE e.g. using Fully Qualified Domain Names (FQDN) and DNS resolution to retrieve the contact points IP
addresses. This option applies in the non-roaming case.
ETSI
---------------------- Page: 10 ----------------------
11 Final draft ETSI ES 282 004 V2.0.0 (2007-11)
5 Functional Architecture
5.1 Overview
The Network Attachment Subsystem (NASS) comprises the following functional entities:
• Network Access Configuration Function (NACF).
• Connectivity session Location and repository Function (CLF).
• User Authentication and Authorization Function (UAAF).
• Profile Data Base Function (PDBF).
• CNG Configuration Function (CNGCF).
The NASS has interaction with the following TISPAN NGN functional entities:
• TISPAN Service control subsystems and applications.
• Resource Admission Control Subsystem (RACS).
• Access Relay Function (ARF) and Access Management Function (AMF).
• User Equipment (UE).
One or more functional entities may be mapped ont
...
SLOVENSKI STANDARD
SIST ES 282 004 V2.0.0:2008
01-julij-2008
=OLWHWHOHNRPXQLNDFLMVNHLQLQWHUQHWQHVWRULWYHWHUSURWRNROL]DQDSUHGQRRPUHåHQMH
7,63$1)XQNFLMVNDDUKLWHNWXUDRPUHåMD1*13RGVLVWHPRPUHåQHSULNOMXþLWYH
1$66
Telecommunications and Internet converged Services and Protocols for Advanced
Networking (TISPAN) - NGN Functional Architecture - Network Attachment Sub-System
(NASS)
Ta slovenski standard je istoveten z: ES 282 004 Version 2.0.0
ICS:
33.040.01 Telekomunikacijski sistemi Telecommunication systems
na splošno in general
33.080 Digitalno omrežje z Integrated Services Digital
integriranimi storitvami Network (ISDN)
(ISDN)
SIST ES 282 004 V2.0.0:2008 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST ES 282 004 V2.0.0:2008
---------------------- Page: 2 ----------------------
SIST ES 282 004 V2.0.0:2008
ETSI ES 282 004 V2.0.0 (2008-02)
ETSI Standard
Telecommunications and Internet converged Services and
Protocols for Advanced Networking (TISPAN);
NGN Functional Architecture;
Network Attachment Sub-System (NASS)
---------------------- Page: 3 ----------------------
SIST ES 282 004 V2.0.0:2008
2 ETSI ES 282 004 V2.0.0 (2008-02)
Reference
RES/TISPAN-02045-NGN-R2
Keywords
access, system
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2008.
All rights reserved.
TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
ETSI
---------------------- Page: 4 ----------------------
SIST ES 282 004 V2.0.0:2008
3 ETSI ES 282 004 V2.0.0 (2008-02)
Contents
Intellectual Property Rights.5
Foreword.5
1 Scope.6
2 References.6
2.1 Normative references.6
2.2 Informative references.7
3 Definitions and abbreviations.7
3.1 Definitions.7
3.2 Abbreviations.7
4 General Description of NASS .8
4.1 High level functional overview .8
4.2 High level concepts of NASS.9
4.3 Mobility, Nomadism.9
4.4 Access network level registration.9
4.4.1 Implicit authentication .10
4.4.1.1 Line authentication.10
4.4.2 Explicit authentication .10
4.4.3 CNG remote network configuration .10
4.4.4 TISPAN NGN Service/Applications Subsystems discovery .10
5 Functional Architecture.11
5.1 Overview.11
5.2 Functional Entities.12
5.2.1 Network Access Configuration Function (NACF) .12
5.2.2 Void.12
5.2.3 Connectivity session Location and repository Function (CLF) .12
5.2.3.1 Information Model.12
5.2.3.2 State Model.14
5.2.4 User Authentication and Authorization Function (UAAF).15
5.2.5 Profile Data Base Function (PDBF) .16
5.2.6 CNG Configuration Function (CNGCF).16
5.2.7 Void.17
5.3 Internal Reference points.17
5.3.1 Void.17
5.3.2 Reference Point NACF - CLF (a2) .17
5.3.2.1 Bind Indication.17
5.3.2.2 Bind Acknowledgement.18
5.3.2.3 Unbind Indication.18
5.3.2.4 Bind Information Query.18
5.3.2.5 Bind Information Query Acknowledgement.18
5.3.3 Void.19
5.3.4 Reference Point UAAF - CLF (a4).19
5.3.4.1 Access Profile Push.19
5.3.4.2 Access Profile Pull .21
5.3.4.3 Remove Access Profile.21
5.3.5 Reference Point NACF - UAAF .21
5.3.6 Reference Point UAAF - UAAF (e5) .21
5.3.6.1 Information exchanged on e5.22
5.4 Interface with the Resource and Admission Control Subsystem (RACS).23
5.4.1 Interface between CLF and RACF (e4) .23
5.4.1.1 Access Profile Push.23
5.4.1.2 Access Profile Pull .25
5.4.1.3 IP Connectivity Release Indication.25
5.5 Interfaces between NASS and the application plane and service control subsystems.25
ETSI
---------------------- Page: 5 ----------------------
SIST ES 282 004 V2.0.0:2008
4 ETSI ES 282 004 V2.0.0 (2008-02)
5.5.1 Interface between CLF and Application Functions (e2) .25
5.5.1.1 Information Query Request.26
5.5.1.2 Information Query Response.26
5.5.1.3 Event Registration Request.26
5.5.1.4 Event Registration Response.27
5.5.1.5 Notification Event Request .27
5.5.1.6 Notification Event Response.28
5.6 Reference points between NASS and User Equipment.28
5.6.1 Authentication and IP address allocation (e1) .28
5.6.2 Interface between CNGCF and CNG (e3) .28
5.6.3 Reference points with the AMF.29
6 Mapping onto network roles.29
7 Information flows.32
7.1 High level information flows.32
7.2 PPP based authentication.33
7.3 DHCP mode.34
Annex A (informative): Physical Configurations .35
A.1 PPP case.35
A.2 PPP with DHCP configuration.36
A.3 DHCP (option 1) .37
A.4 DHCP (option 2) .38
A.5 PANA-based configuration.38
Annex B (informative): Recovery procedures for functional elements within NASS .40
B.1 Conceptual information exchange flow for CLF state recovery .40
Annex C (informative): Bibliography.41
History .42
ETSI
---------------------- Page: 6 ----------------------
SIST ES 282 004 V2.0.0:2008
5 ETSI ES 282 004 V2.0.0 (2008-02)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://webapp.etsi.org/IPR/home.asp).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This ETSI Standard (ES) has been produced by ETSI Technical Committee Telecommunications and Internet
converged Services and Protocols for Advanced Networking (TISPAN).
The present document describes the architecture of the Network Attachment Subsystem (NASS) identified in the overall
TISPAN NGN architecture.
ETSI
---------------------- Page: 7 ----------------------
SIST ES 282 004 V2.0.0:2008
6 ETSI ES 282 004 V2.0.0 (2008-02)
1 Scope
The present document describes the architecture of the Network Attachment Subsystem (NASS) and its role in the
TISPAN NGN architecture as defined in ES 282 001 [2].
2 References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• Non-specific reference may be made only to a complete document or a part thereof and only in the following
cases:
- if it is accepted that it will be possible to use all future changes of the referenced document for the
purposes of the referring document;
- for informative references.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
For online referenced documents, information sufficient to identify and locate the source shall be provided. Preferably,
the primary source of the referenced document should be cited, in order to ensure traceability. Furthermore, the
reference should, as far as possible, remain valid for the expected life of the document. The reference shall include the
method of access to the referenced document and the full network address, with the same punctuation and use of upper
case and lower case letters.
NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
2.1 Normative references
The following referenced documents are indispensable for the application of the present document. For dated
references, only the edition cited applies. For non-specific references, the latest edition of the referenced document
(including any amendments) applies.
[1] ETSI TS 133 203: "Digital cellular telecommunications system (Phase 2+); Universal Mobile
Telecommunications System (UMTS); 3G security; Access security for IP-based services (3GPP
TS 33.203)".
[2] ETSI ES 282 001: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); NGN Functional Architecture Release 1".
[3] IETF RFC 1661: "The Point-to-Point Protocol (PPP)".
[4] ISO/IEC 7498-2: "Information Processing Systems - Open Systems Interconnection - Basic
Reference Model - Part 2: Security Architecture".
[5] IEEE 802.1X: "IEEE Standard for Local and metropolitan area networks - Port Based Network
Access Control".
[6] ETSI TS 182 008: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Presence Service; Architecture and functional description
(Endorsement of 3GPP TS 23.141 and OMA-AD-Presence-SIMPLE-V1-0)".
ETSI
---------------------- Page: 8 ----------------------
SIST ES 282 004 V2.0.0:2008
7 ETSI ES 282 004 V2.0.0 (2008-02)
2.2 Informative references
[7] ETSI TR 121 905: "Digital cellular telecommunications system (Phase 2+); Universal Mobile
Telecommunications System (UMTS); Vocabulary for 3GPP Specifications (3GPP TR 21.905
Release 7)".
[8] ETSI ES 282 007: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); IP Multimedia Subsystem (IMS); Functional architecture".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
authentication: property by which the correct identity of an entity or party is established with a required assurance
NOTE: The party being authenticated could be a user, subscriber, home environment or serving network (see
TR 121 905 [7]).
authorization: granting of permission based on authenticated identification (see ISO/IEC 7498-2 [4])
NOTE: In some contexts, authorization may be granted without requiring authentication or identification
e.g. emergency call services.
Customer Network Gateway (CNG): gateway between the Customer Premises Network (CPN) and the Access
Network
NOTE: A Customer Network Gateway may be in its simplest form a bridged or routed modem, and in a more
advanced form be an IAD.
explicit authentication: authentication that requires that the party to be authenticated performs an authentication
procedure (to verify the claimed identity of the party)
NOTE: For example, in IMS security (TS 133 203 [1]), explicit authentication is provided with full AKA directed
towards the IMS client entity (represented by IMPI/IMPU and USIM/ISIM) and also implicit
authentication is provided by means of the IPsec security associations.
implicit authentication: authentication based on a trusted relationship already established between two parties, or based
on one or more outputs of an authentication procedure already established between two parties
line identification: process that establishes the identity of the line based on the trusted configuration
NASS user: entity requesting authorization, authentication and allocation of the IP-Address from the NASS
User Equipment (UE): one or more devices allowing a user to access services delivered by TISPAN NGN networks
NOTE: This includes devices under user control commonly referred to as CPE, IAD, ATA, RGW, TE, etc., but
not network controlled entities such as access gateways.
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AAA Authentication Authorization and Accounting
AF Application Functions
AMF Access Management Function
AN Access Network
API Application Programming Interface
A-RACF Access-Resource and Admission Control Function
ARF Access Relay Function
ETSI
---------------------- Page: 9 ----------------------
SIST ES 282 004 V2.0.0:2008
8 ETSI ES 282 004 V2.0.0 (2008-02)
ASF Application Server Functions
ATM Asynchronous Transfer Mode
BGF Border Gateway Function
CLF Connectivity session Location and repository Function
CNG Customer Network Gateway
CNGCF CNG Configuration Function
CPE Customer Premises Equipment
CPN Customer Premises Network
DHCP Dynamic Host Configuration Protocol
DNS Domain Name Server
EAP Extensible Authentication Protocol
EP Enforcement Point
FQDN Fully Qualified Domain Name
IBCF Interconnection Border Control Function
IMS IP Multimedia SubSystem
IP Internet Protocol
LIF Location Information Forum
NACF Network Access Configuration Function
NASS Network Attachment Subsystem
PAA PANA Authentication Agent
PaC PANA Client
PANA Protocol for carrying Authentication for Network Access
P-CSCF Proxy-Call Session Control Function
PDBF Profile Data Base Function
PNA Presence Network Agent
PPP Point-to-Point Protocol
RACS Resource Admission Control Subsystem
RCEF Resource Control Emulation Function
TE Terminal Equipment
UAAF User Access Authorization Function
UE User Equipment
VC Virtual Circuit
VP Virtual Path
4 General Description of NASS
4.1 High level functional overview
The Network Attachment Subsystem provides the following functionalities:
• Dynamic provision of IP address and other user equipment configuration parameters (e.g. using DHCP).
• User authentication, prior or during the IP address allocation procedure.
• Authorization of network access, based on user profile.
• Access network configuration, based on user profile.
• Location management.
ETSI
---------------------- Page: 10 ----------------------
Other networks
User Equipment
SIST ES 282 004 V2.0.0:2008
9 ETSI ES 282 004 V2.0.0 (2008-02)
The location of this subsystem in the overall TISPAN architecture can be found in ES 282 001 [2] and is shown here for
information in figure 4.1.
Applications
Service Layer
Other
Subsyst ems
User
profiles
Core IMS
PSTN/ISDN
Emulat ion
Subsyst em
Transport Layer
Network
Attachment
Resource and
Subsyst em
Admission Control
Subsyst em
Transport processing functions
Figure 4.1: TISPAN NGN Architecture overview
4.2 High level concepts of NASS
The Network Attachment Subsystem (NASS) provides registration at access level and initialization of
User Equipment (UE) for accessing to the TISPAN NGN services. The NASS provides network level identification and
authentication, manages the IP address space of the Access Network and authenticates access sessions. The NASS also
announces the contact point of the TISPAN NGN Service/Applications Subsystems to the UE.
Network attachment through NASS is based on implicit or explicit user identity and authentication credentials stored in
the NASS.
4.3 Mobility, Nomadism
Mobility management functions provided by the NASS in the current TISPAN NGN release are limited to the ability of
a terminal to be moved to different access points and access networks (which may be owned by a different access
network provider) and a user to utilize different terminal, access points and access networks to retrieve their TISPAN
NGN services (even from another network operator). The current TISPAN NGN release does not require the support of
handover and session continuity between access networks without excluding autonomous mobility capabilities provided
within the access networks.
The impact of these nomadism requirements are defined in clause 6.
4.4 Access network level registration
NASS registration involves the identification, authentication, and authorization procedures between the UE and the
NASS to control the access to the NASS. Two authentication types are defined for NASS: Implicit authentication, for
example based on line identification, and explicit authentication, for example based on EAP. The relationship between
the identity and the credentials used for authentication must be known to the NASS for any authentication solution to be
possible.
ETSI
---------------------- Page: 11 ----------------------
SIST ES 282 004 V2.0.0:2008
10 ETSI ES 282 004 V2.0.0 (2008-02)
Explicit authentication is required between the UE and the NASS. It requires a signalling procedure to be performed
between the UE and the NASS. Implicit authentication may be performed by the NASS based on the line identification
of the connection to the UE. It is a matter of operator policy which form of authentication is applied.
Both implicit authentication and explicit authentication may be used independently as NASS authentication
mechanisms.
4.4.1 Implicit authentication
Depending on the access network configuration, especially for wired broadband access networks, the implicit access
authentication may rely only on an implicit authentication through physical or logic identity on the layer 2 (L2)
transport layer. A UE can directly gain access to access network without an explicit authentication procedure.
A CNG shall be able to directly access an access network without an explicit authentication procedure.
Which implicit authentication method applies depends on the operator policies.
4.4.1.1 Line authentication
Line authentication is a form of implicit authentication. Line authentication ensures that an access line is authenticated
and can be accessed from the CNG. Line authentication shall be based on the activation of the L2 connection between
the CNG and the access network.
Line authentication ensures that an access line is authenticated and can be accessed from the CNG. The line ID shall be
used for line authentication. The operator's policy shall decide whether line authentication applies.
4.4.2 Explicit authentication
In case the CNG is a routing modem and the Customer Premises Network (CPN) is a private IP realm, authentication
shall be initiated from the CNG. In case the CNG is a bridge, each UE shall authenticate with the NASS as the IP realm
in the CPN is known to the access network.
The relationship between the identity and the credentials used for authentication must be known to the NASS for any
explicit authentication solution to be possible. The identity used for explicit authentication may depend on the
authentication mechanism applied and on the access network which the UE is connected to. Two examples of these
identities are:
• User identity and credentials.
• UE identity.
The type of explicit authentication mechanisms used shall depend on the access network configuration and on the
operator policy.
4.4.3 CNG remote network configuration
This procedure is needed for the initialization of the CNGs accessing to the TISPAN NGN service subsystems.
4.4.4 TISPAN NGN Service/Applications Subsystems discovery
As part of the network registration process, the NASS shall have the possibility to announce the contact information of
the TISPAN NGN Service/Applications Subsystems to the UE. In case the TISPAN NGN Subsystem is the IMS, the
contact information provided by the NASS shall identify the P-CSCF.
The contact information provided by the NASS should either be in the form of the IP address of the contact point or in
the form of the FQDN of the contact point (in which case the NASS provides the IP address of the DNS server that is
able to resolve this FQDN into the IP address of the contact point).
Alternatively, the contact point to the TISPAN NGN Service/Applications Subsystems may be sta
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.