scope:

This Recommendation provides authentication and authorization requirements for next generation networks (NGN) based on [ITU-T Y.2012]. This includes requirements for authentication and authorization across the user-to-network interface (UNI), the network-to-network interface (NNI) and the application-to-network interface (ANI) as well as any entities internally with a network that may require authentication and authorization. The scope of this Recommendation includes:

1) Authentication and authorization of user for network access (e.g., authentication and authorization of an end user device, a home network gateway, or an enterprise gateway to obtain access or attachment to the network)

2) Service provider authentication and authorization of user for access to service/application (e.g., authentication and authorization of a user, a device or a combined user/device where the authentication and authorization apply to NGN service/application access)

3) User authentication and authorization of Network (e.g., user authenticating the identity of the connected NGN network or of the service provider)

4) User peer-to-peer authentication and authorization (e.g., authentication and authorization of the called user (or terminating entity), authentication and authorization of the originating entity, or data origin authentication as network functions)

5) Mutual network authentication and authorization (e.g., authentication and authorization across NNI interface at the transport level, or service/application level)

6) Authentication and authorization of service/application provider

7) Use of 3rd party authentication and authorization service

8) Authentication of objects (e.g., application process, message content and data content identifiers).

The items above include authentication of flows of the signalling, bearer and management traffic as applicable. In addition, this Recommendation also provides reference models for NGN authentication and authorization.

NOTE 1 - NGN authentication and authorization is viewed as part of the broader topic of NGN identity management (IdM). Specifically, the authentication and authorization functions and capabilities described in this Recommendation should be used to support identity assurance capabilities for NGN IdM.

NOTE 2 - In this Recommendation, the use of the term "user" is not intended to be restricted to a person. A user could be a person, groups, companies, or juridical entities.

NOTE 3 - Authentication of an entity is not intended to indicate positive validation of a person.