Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Question/Discussion: Mapping between refrence points and OpenAPI specs and/or paths #63

Open
Alestrix opened this issue Sep 12, 2023 · 0 comments

Comments

@Alestrix
Copy link

Alestrix commented Sep 12, 2023

For authentication between network functions the 3GPP standard suggests - apart from OAuth2 - that a form of "static authorization" would be a feasible approach, without stating what is meant by that.

An approach that I am looking into is to allow access to certain API functions only from the sources that are supposed to access that function by configuring kubernetes ingress policies. Ingress policies cannot match on the vague idea of "API functions", but they can match on URL paths, so the difficulty arises when one tries to map the consumer network functions (or reference points) to paths. The approach I am trying is to use the OpenAPI specs to identify those paths.

E.g. these are some reference points where AMF is a producer:

  • N1: Reference point between the UE and the AMF.
  • N2: Reference point between the (R)AN and the AMF.
  • N8: Reference point between the UDM and the AMF.
  • N14: Reference point between two AMFs.
  • N15: Reference point between the PCF and the AMF

Now how do I map those reference points to the respective OpenAPI spec of the producer NF? Can such a mapping even exist? From there I could then probably identify ingress rules based on paths.

I understand there are overlaps in the paths defined in the different OpenAPI spec files, but it's the best approach I could come up with. Maybe a direct mapping between reference point and path is more useful, but that would require even more detailed 5G knowledge, which I clearly lack.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant