ETSI TS 129 109 V7.10.0 (2008-06)

ETSI TS 129 109 V7.10.0 (2008-06)
Technical Specification

Digital cellular telecommunications system (Phase 2+);
Universal Mobile Telecommunications System (UMTS);
Generic Authentication Architecture (GAA);
Zh and Zn Interfaces based on the Diameter protocol;
Stage 3
(3GPP TS 29.109 version 7.10.0 Release 7)



R
GLOBAL SYSTEM FOR
MOBILE COMMUNICATIONS

---------------------- Page: 1 ----------------------
3GPP TS 29.109 version 7.10.0 Release 7 1 ETSI TS 129 109 V7.10.0 (2008-06)



Reference
RTS/TSGC-0429109v7a0
Keywords
GSM, UMTS
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2008.
All rights reserved.

TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
ETSI

---------------------- Page: 2 ----------------------
3GPP TS 29.109 version 7.10.0 Release 7 2 ETSI TS 129 109 V7.10.0 (2008-06)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://webapp.etsi.org/IPR/home.asp).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP).
The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or
GSM identities. These should be interpreted as being references to the corresponding ETSI deliverables.
The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under
http://webapp.etsi.org/key/queryform.asp.
ETSI

---------------------- Page: 3 ----------------------
3GPP TS 29.109 version 7.10.0 Release 7 3 ETSI TS 129 109 V7.10.0 (2008-06)
Contents
Intellectual Property Rights.2
Foreword.2
Foreword.5
1 Scope.6
2 References.8
3 Definitions, symbols and abbreviations .9
3.1 Definitions.9
3.2 Symbols.9
3.3 Abbreviations.9
4 GBA Bootstrapping Zh interface .11
4.1 Generic bootstrapping network architecture.11
4.2 Protocol Zh between BSF and HSS.11
4.3 Protocol Zh between BSF and HLR.14
5 GAA Application Zn interface.16
5.1 Applications" network architecture .16
5.2 Protocol Zn between NAF and BSF based on Diameter .17
5.3 Protocol Zn between NAF and BSF based on Web Services .20
6 Diameter application for Zh and Zn interfaces.22
6.0 Introduction.22
6.1 Command-Code values.22
6.2 Result-Code AVP values.22
6.2.1 Success.22
6.2.2 Permanent failures.22
6.2.2.1 DIAMETER_ERROR_IMPI_UNKNOWN (5401).22
6.2.2.2 DIAMETER_ERROR_NOT_AUTHORIZED (5402).23
6.2.2.3 DIAMETER_ERROR_TRANSACTION_IDENTIFIER_INVALID (5403).23
6.2.2.4 Void.23
6.2.2.5 Void.23
6.2.2.6 Void.23
6.2.2.7 Void.23
6.3 AVPs.23
6.3.1 Common AVPs.24
6.3.1.1 GBA-UserSecSettings AVP.24
6.3.1.2 Transaction-Identifier AVP.24
6.3.1.3 NAF-Id.24
6.3.1.4 GAA-Service-Identifier AVP.24
6.3.1.5 Key-ExpiryTime AVP.24
6.3.1.6 ME-Key-Material AVP.24
6.3.1.7 UICC-Key-Material AVP.24
6.3.1.8 GBA_U-Awareness-Indicator.24
6.3.1.9 BootstrapInfoCreationTime AVP.25
6.3.1.10 GUSS-Timestamp AVP.25
6.3.1. 11 GBA-Type.25
6.4 User identity to HSS resolution.25
7 Use of namespaces .26
7.1 AVP codes.26
7.2 Experimental-Result-Code AVP values.26
7.3 Command Code values .26
Annex A (normative): GBA-UserSecSettings XML definition .27
Annex B (normative): GAA Service Type Codes.31
ETSI

---------------------- Page: 4 ----------------------
3GPP TS 29.109 version 7.10.0 Release 7 4 ETSI TS 129 109 V7.10.0 (2008-06)
Annex C (normative): GAA Authorization flag codes.32
Annex D (normative): Web Services Definition for Zn interface .33
Annex E (informative): Liberty authentication context definitions for GBA.35
E.1 Introduction.35
E.2 GBA Authentication context statement data model .35
E.3 GBA authentication context statement schema.36
E.4 GBA authentication context classes.37
E.4.1 GBAOneFactorUnregistered.37
E.4.1.1 Associated 3GPP URI.37
E.4.1.2 Class schema.37
E.4.2 GBATwoFactorUnregistered.38
E.4.2.1 Associated 3GPP URI.38
E.4.2.2 Class schema.38
E.4.3 GBAOneFactorContract.39
E.4.3.1 Associated 3GPP URI.39
E.4.3.2 Class schema.39
E.4.4 GBATwoFactorContract.40
E.4.4.1 Associated 3GPP URI.40
E.4.4.2 Class schema.40
Annex F (informative): SAML authentication context definitions for GBA .42
F.1 Introduction.42
F.2 GBA authentication context declaration data model.42
F.3 GBA authentication context declaration types.43
F.4 GBA authentication context declaration classes .44
F.4.1 GBAOneFactorUnregistered.44
F.4.1.1 Associated 3GPP URI.44
F.4.1.2 Class schema.44
F.4.2 GBATwoFactorUnregistered.46
F.4.2.1 Associated 3GPP URI.46
F.4.2.2 Class schema.46
F.4.3 GBAOneFactorContract.48
F.4.3.1 Associated 3GPP URI.48
F.4.3.2 Class schema.48
F.4.4 GBATwoFactorContract.50
F.4.4.1 Associated 3GPP URI.51
F.4.4.2 Class schema.51
Annex F (informative): Change history .54
History .55

ETSI

---------------------- Page: 5 ----------------------
3GPP TS 29.109 version 7.10.0 Release 7 5 ETSI TS 129 109 V7.10.0 (2008-06)
Foreword
rd
This Technical Specification has been produced by the 3 Generation Partnership Project (3GPP).
The contents of the present document are subject to continuing work within the TSG and may change following formal
TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an
identifying change of release date and an increase in version number as follows:
Version x.y.z
where:
x the first digit:
1 presented to TSG for information;
2 presented to TSG for approval;
3 or greater indicates TSG approved document under change control.
y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections,
updates, etc.
z the third digit is incremented when editorial only changes have been incorporated in the document.
ETSI

---------------------- Page: 6 ----------------------
3GPP TS 29.109 version 7.10.0 Release 7 6 ETSI TS 129 109 V7.10.0 (2008-06)
1 Scope
The present stage 3 specification defines the Diameter based implementation for bootstrapping Zh interface (BSF-HSS)
and Dz interface (BSF-SLF) for HSS resolution for the BSF, and GAA Application Zn interface (BSF-NAF) in Generic
Authentication Architecture (GAA). This specification also defines the Web Services based implementation for GAA
Application Zn reference point (BSF-NAF). The definition contains procedures, message contents and coding. The
procedures for bootstrapping and usage of bootstrapped security association are defined in 3GPP TS 33.220 [5].
This specification is a part of the Generic Authentication Architecture (GAA) specification series.
The diameter based implementation is based on re-usage of Cx interface Multimedia-Auth-Request/Answer messages
originally between CSCF and HSS.  These messages are defined in 3GPP TS 29.229 [3]. The 3GPP IMS mobility
management uses the same definitions between CSCF and HSS. The present document defines how the defined
messages are used with the bootstrapping and GAA application procedures (e.g. subscriber certificates) and the
application logic that is needed in GAA network elements (BSF, HSS, and NAF).
Figure 1.1 depicts the relationships of these specifications to the other specifications.

GAA System Description TR 33.919
IMS
Stage 2
TS 23.228
GAA GBA TS 33.220
3GPP
GAA Zh and Zn IMS MM
Stage 3
TS 29.109 TS 29.228
Zh Zn Cx
IETF
IMS Cx Diameter message definitions
with
TS 29.229
3GPP
Diameter Base Protocol  RFC 3588
IETF
SCTP
IP

Figure 1.1: Relationships to other specifications
Figure 1.2 provides an informal overall quick introduction to the whole signalling procedures in GAA system. The
important identifiers are marked bold and optional data items are italicised. The Ub and Ua interfaces, not defined in
this TS , are simplified.

ETSI

---------------------- Page: 7 ----------------------
Dz
3GPP TS 29.109 version 7.10.0 Release 7 7 ETSI TS 129 109 V7.10.0 (2008-06)
SLF
GAA Security
Domain
(1) (2) IMPI
IMPI
Ub BSF Zh
(4)
B-TID AV, IMPI
(7)
(3)
Key-Lifetime GUSS(USS*(UID*))
USS*(UID*)
Ks_(ext)_NAF
B-TID
UE HSS
Key-Expirytime
GSID*
Zn
BootstrapInfoCreationTime
NAF-Id
Ks_int_NAF
IMPI
(6)
[9] if needed:
(5)
B-TID, UID
Sh, GUP, etc.
Auth.Proxy
Appl.Spec.
Ua
NAF
Servers
(8)
GAA Application
Domain
Bold=Important Identity.   Italic=optional items. Ub and Ua interfaces are simplified.

Figure 1.2: The whole signalling procedure in GAA system
ETSI
IMPI

---------------------- Page: 8 ----------------------
3GPP TS 29.109 version 7.10.0 Release 7 8 ETSI TS 129 109 V7.10.0 (2008-06)
2 References
The following documents contain provisions that, through reference in this text, constitute provisions of the present
document.
• References are either specific (identified by date of publication, edition number, version number, etc.) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including
a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same
Release as the present document.
[1] IETF RFC 3588, "Diameter Base Protocol".
[2] 3GPP TS 29.228: "IP Multimedia (IM) Subsystem Cx and Dx Interfaces; Signalling flows and
message contents".
[3] 3GPP TS 29.229: "Cx and Dx interfaces based on the Diameter protocol".
[4] 3GPP TR 33.919 "Generic Authentication Architecture (GAA); System Description".
[5] 3GPP TS 33.220 "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture".
[6] 3GPP TS 33.221 "Generic Authentication Architecture (GAA); Support for Subscriber Certificates".
[7] 3GPP TS 24.109: "Bootstrapping interface (Ub) and Network application function interface
(Ua);Protocol details".
[8] 3GPP TS 29.230: "Diameter applications; 3GPP specific codes and identifiers"
[9] IETF RFC 3589: "Diameter Command Codes for Third Generation Partnership Project (3GPP)".
[10] 3GPP TS 23.008: "Organisation of subscriber data"
[11] 3GPP TS 33.222: "Generic Authentication Architecture (GAA); Access to network application
functions using secure hypertext transfer protocol (HTTPS)".
[12] 3GPP TS 23.228: "IP Multimedia Subsystem (IMS); Stage 2"
[13] W3C: "Web Services Activity", http://www.w3.org/2002/ws/.
[14] W3C: "Web Services Description Language (WSDL) Version 2.0 Part 0: Primer",
http://www.w3.org/TR/2005/WD-wsdl20-primer-20050803/.
[15] 3GPP TR 33.980: "Liberty Alliance and 3GPP Security Interworking; Interworking of Liberty
Alliance ID-FF, ID-WSF and Generic Authentication Architecture".
[16] Liberty Alliance Project: "Liberty ID-FF Authentication Context Specification".
[17] 3GPP TS 33.110: "Key establishment between a Universal Integrated Circuit Card (UICC) and a
terminal"
[18] 3GPP TS 33.259: "Key establishment between a UICC Hosting Device and a Remote Device"
[19] 3GPP TS 29.002: "Mobile Application Part (MAP) Specification"
[20] 3GPP TS 33.102: "3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; 3G Security; Security architecture".
[21] 3GPP TS 23.003: "Numbering, addressing and identification".
[22] OASIS Standard: "Authentication Context for the OASIS Security Assertion Markup Language
(SAML) V2.0 OASIS Standard, 15 March 2005, saml-authn-context-2.0-os".
ETSI

---------------------- Page: 9 ----------------------
3GPP TS 29.109 version 7.10.0 Release 7 9 ETSI TS 129 109 V7.10.0 (2008-06)
3 Definitions, symbols and abbreviations
3.1 Definitions
For the purposes of the present document, the terms and definitions given in 3GPP TS 23.008 [10], 3GPP TR 33.919
[4], 3GPP TS 33.220 [5] apply with following additions.
Bootstrapping information (Bootstrapped data) in a BSF consists of a bootstrapping transaction identifier (B-TID), a key
material (Ks), the key lifetime (expiry time), the boostrapinfo creation time, the IMPI and the GUSS (if received from HSS)
with BSF control information. Each bootstrapping procedure creates a bootstrapped data entity with B-TID as retrieval
key.
GAA application is an application that uses the security association created by GBA Bootstrapping procedure.
GAA service is an operator specific end user service that uses the security association created by GAA Bootstrapping
procedure. GAA services are identified by GAA Service Identifiers. A GAA service is implemented using some
standardised or propriatary GAA application defined by GAA application type.
NAF specific Bootstrapping information transferred from a BSF to a NAF contains NAF and its service specific parts
from bootstrapped data and needed key information derived from the bootstrapped data.
Service/Application. The term service is used here in its common meaning. A service is something that a MNO offers
to subscribers. GAA Services are identified by GAA Service Identifier (GSID). In stage 2 documents ([4], [5], [6] and
[11]) the term application is used in the same meaning i.e. MNOs offer applications to subscribers. There is a reason to
avoid the usage of the term application here. The application is an already reserved term in Diameter. In Diameter
applications are identified by Application Identifiers.
3.2 Symbols
For the purposes of the present document, the terms and definitions given in 3GPP TS 23.008 [10].
3.3 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AK Anonymity Key
AKA Authentication and Key Agreement
AUTN Authentication token
AV Authentication Vector. 3GPP AV=[RAND,AUTN,XRES,CK,IK].
AVP Attribute-Value-Pair in Diameter messages.
BIA BootstrappingInfo-Answer message
BIR BootstrappingInfo-Request message
BS BootStrapping Procedure
BSF Bootstrapping server functionality
BSF is hosted in a network element under the control of an MNO.
B-TID Bootstrapping Transaction Identifier
CA Certificate Authority
CK Confidential Key
FQDN Full Qualified Domain Name in URI (e.g. http://FQDN:80)
GAA Generic Authentication Architecture
GBA Generic Bootstrapping Architecture
GSID GAA Service Identifier
GUSS GBA User Security Settings
HSS Home Subscriber System
IK Integrity Key
IMPI IP Multimedia Private Identity
IMPU IP Multimedia Public Identity
Ks Key Material
Ks_ext_NAF MEbased key for a specific NAF
MNO Mobile network operator
ETSI

---------------------- Page: 10 ----------------------
3GPP TS 29.109 version 7.10.0 Release 7 10 ETSI TS 129 109 V7.10.0 (2008-06)
NAF Operator-controlled network application function functionality.
NAF is hosted in a network element under the control of an MNO.
RAND Random challenge in authentication
REQ In Diameter header indicates that the message is a Request.
SCTP Stream Control Transmission Protocol
SLF Subscription Location Function
SSC Subscriber Certificate Procedure
Ua UE-NAF interface for GAA applications
Ub UE-BSF interface for bootstrapping
UE User Equipment
Ks_int_NAF UICC based key for a specific NAF
USS User Security Settings (a part of GUSS)
XRES Expected response in authentication
Zh BSF-HSS interface for bootstrapping procedure
Zn BSF-NAF interface for GAA applications.
ETSI

---------------------- Page: 11 ----------------------
3GPP TS 29.109 version 7.10.0 Release 7 11 ETSI TS 129 109 V7.10.0 (2008-06)
4 GBA Bootstrapping Zh interface
4.1 Generic bootstrapping network architecture
The network architecture of the Bootstrapping procedure is presented in Figure 4.1. The interface Ub (bootstrapping) is
defined in 3GPP TS 24.109 [7] and the interface Zh in this specification.
UE BSF HSS
Ub Zh

Figure 4.1: Network architecture of bootstrapping procedure
The protocol stack of the Zh interface in Bootstrapping procedure is presented in Figure 4.2. The Diameter Base
protocol is defined in [1] and the Diameter application in 3GPP TS 29.229 [3]. The requirements for Zh interface are
defined in 3GPP TS 33.220 [5].

BSF HSS
Zh Zh
application logic application logic
in BSF in HSS
Diameter Diameter
application application
Diameter Diameter
Base Protocol Base Protocol
SCTP SCTP
IP IP
Zh

Figure 4.2: Protocol stack of Zh interface
4.2 Protocol Zh between BSF and HSS
The requirements for Zh interface are defined in 3GPP TS 33.220 [5].
The Bootstrapping Zh interface performs the retrieval of an authentication vector and possibly GBA User Security
Settings from the HSS. The overall Bootstrapping procedure is depicted in Figure 4.3. The basic procedure is:
A) A UE starts the bootstrapping procedure by protocol Ub with a BSF giving the IMPI of the user (see 3GPP TS
24.109 [7]).
B) The BSF starts protocol Zh with user"s HSS
• The BSF requests user"s authentication vector and GBA User Security Settings(GUSS) corresponding to
the IMPI.
• The HSS supplies to the BSF the requested authentication vector and GUSS (if any).
NOTE: If there is more than one HSS deployed within the network, the BSF may have to contact the SLF using
the Dz interface prior to sending the request for information to the HSS (see section 6.4).
C) The BSF continues the protocol Ub with the UE (see 3GPP TS 24.109 [7]).
ETSI

---------------------- Page: 12 ----------------------
3GPP TS 29.109 version 7.10.0 Release 7 12 ETSI TS 129 109 V7.10.0 (2008-06)

Ub Zh
UE BSF HSS
If non-IMS subriber
...