scope:

The present document specifies the authentication service for all kind of users involved in a TMN. Normally, one can distinguish between three types of authentication: (human) user authentication, peer-to-peer entity authentication and data origin authentication. The main scope of the present document is peer-to-peer entity authentication, even if human user authentication is also partly addressed. Data origin authentication will not be addressed as an explicit TMN authentication service for reasons described later in the present document.

The authentication service shall be realized by employing one of a set of various security mechanisms based on password and/or cryptographic means. The main focus of the present document is the description of security mechanisms for peer entity authentication even if these mechanisms may also be applicable for human user authentication. Authentication mechanisms, that may be applicable only for human user authentication, are outside the scope of the present document.

The content of the present document is applicable to communication between any two TMN system entities (e.g. Operations System (OS) and Network Element (NE)) that communicates via a TMN Q3-or an X-interface. The present document addresses peer-to-peer entity authentication at the OSI application layer (layer 7) through the use of ACSE. It does not attempt to cover authentication schemes that may be appropriate for lower OSI layers or other protocol stacks. This does not necessarily restrict the usability of the described authentication services (or part of them) at lower OSI layers or with other protocol stacks.

To the extent that human user authentication is covered, it will be related to the TMN F-interface.

The present document does not describe the relationships between authentication service and other security services, the features for managing the authentication service and the authentication support services.