scope:

The present document specifies the authentication service for all kind of users involved in a TMN. Normally, one can distinguish between three types of authentication: (human) user authentication, peer-to-peer entity authentication and data origin authentication. The main scope of the present document is peer-to-peer entity authentication, even if human user authentication is also partly addressed. Data origin authentication will not be addressed as an explicit TMN authentication service for reasons described later in the present document. The authentication service shall be realized by employing one of a set of various security mechanisms based on password and/or cryptographic means. The main focus of the present document is the description of security mechanisms for peer entity authentication even if these mechanisms may also be applicable for human user authentication. Authentication mechanisms, that may be applicable only for human user authentication, are outside the scope of the present document.