Dear Rhys Smith,
According to the action in IETF#81, I summarized the use case in
draft-wei-abfab-fcla-00 as an input to draft-ietf-abfab-usecases-01.
Please review it.
Thanks!
Yinxing Wei
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4.x. Federated Cross-Layer Access
Telecom operators have a communication network infrastructures to
provider users with a wealthy of access methods. Telecom operators
have a huge number of registered users, and they can provide trusted
identity and higher security. Therefore they have a natural advantage
to act as an Identity Provider (IdP) to serve for service providers.
On the contrary most service providers on the Internet have limited
amount of users and can not assure the security of user identity, but
they can provide abundant kinds of service. Furthermore, user is
reluctant to register too many accounts because it is inconvenient to
remember dozens of passwords.
Telecom network supports Web or non-Web application. In some cases
user prefers to choose non-Web application, e.g. Messaging service,
VoIP, EMail service, etc. Based on the result of network stratum
authentication and authorization, User equipment (UE) can access
applications without doing another authentication and authorization
procedure. In this way, the system can implement federated cross-layer
access. Firstly mutual authentication is performed between UE and
Network, secondly UE accesses Application based on the result of
network stratum's authentication. In this case, a federation is formed
between Network and Application. The brief steps are as follows:
1. When UE attaches the Network, mutual authentication is performed
master session key is created between them.
2. UE visits non-Web Application, e.g Messaging service, VoIP
service, or Email service.
3. Application has no information about the UE. The Application
contacts Network to validate the authentication result in the
network stratum. Application can find Network according to the
configuration or dynamical discovery protocol.
4. Network responds to Application with authentication result.
5. UE is authorized to access the Application.
For federated cross-layer access, Network can assure the Application
of the authenticity of user's identity, share some of use profile
with Application. These can bring some benefits to stakeholders:
o For telecom operators, they can provide identity service, trusted
security service, mobile payment service and sharing some user
profiles according user's preferences. Telecom operators is not
just providing pipeline for communication, but also become a part of
service value chain as an Identity Provider.
o For service providers, they can focus on core business and reuse
capabilities provided by telecom operators without worrying about
sources of users.
o For end users, they can enjoy seamless service experiences and
improve security and privacy.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--------------------------------------------------------
ZTE Information Security Notice: The information contained in this mail is
solely property of the sender's organization. This mail communication is
confidential. Recipients named above are obligated to maintain secrecy and are
not permitted to disclose the contents of this communication to others.
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If
you have received this email in error please notify the originator of the
message. Any views expressed in this message are those of the individual sender.
This message has been scanned for viruses and Spam by ZTE Anti-Spam system.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
