scope:

The present study investigates the security aspects of the service requirements specified by SA1 in TS 22.101 [11] clause 26, on the integration of SSO frameworks with 3GPP networks for various operator authentication configurations (e.g. configurations using GBA or not using GBA).

In particular, this study evaluates existing interworking solutions between SSO frameworks and 3GPP authentication mechanisms against the SA1 service requirements. The study is not limited to evaluation of existing interworking solutions and new interworking solutions may be developed as appropriate.

The study covers the security requirements to enable the operator to become the preferred SSO Identity Provider by allowing the usage of credentials on the UE for SSO services, as well as ways for the 3GPP operator to leverage its trust framework and its reliable and robust secure credential handling infra-structure to provide SSO service based on operator-controlled credentials.