You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For authentication between network functions the 3GPP standard suggests - apart from OAuth2 - that a form of "static authorization" would be a feasible approach, without stating what is meant by that.
An approach that I am looking into is to allow access to certain API functions only from the sources that are supposed to access that function by configuring kubernetes ingress policies. Ingress policies cannot match on the vague idea of "API functions", but they can match on URL paths, so the difficulty arises when one tries to map the consumer network functions (or reference points) to paths. The approach I am trying is to use the OpenAPI specs to identify those paths.
E.g. these are some reference points where AMF is a producer:
N1: Reference point between the UE and the AMF.
N2: Reference point between the (R)AN and the AMF.
N8: Reference point between the UDM and the AMF.
N14: Reference point between two AMFs.
N15: Reference point between the PCF and the AMF
Now how do I map those reference points to the respective OpenAPI spec of the producer NF? Can such a mapping even exist? From there I could then probably identify ingress rules based on paths.
I understand there are overlaps in the paths defined in the different OpenAPI spec files, but it's the best approach I could come up with. Maybe a direct mapping between reference point and path is more useful, but that would require even more detailed 5G knowledge, which I clearly lack.
The text was updated successfully, but these errors were encountered:
For authentication between network functions the 3GPP standard suggests - apart from OAuth2 - that a form of "static authorization" would be a feasible approach, without stating what is meant by that.
An approach that I am looking into is to allow access to certain API functions only from the sources that are supposed to access that function by configuring kubernetes ingress policies. Ingress policies cannot match on the vague idea of "API functions", but they can match on URL paths, so the difficulty arises when one tries to map the consumer network functions (or reference points) to paths. The approach I am trying is to use the OpenAPI specs to identify those paths.
E.g. these are some reference points where AMF is a producer:
Now how do I map those reference points to the respective OpenAPI spec of the producer NF? Can such a mapping even exist? From there I could then probably identify ingress rules based on paths.
I understand there are overlaps in the paths defined in the different OpenAPI spec files, but it's the best approach I could come up with. Maybe a direct mapping between reference point and path is more useful, but that would require even more detailed 5G knowledge, which I clearly lack.
The text was updated successfully, but these errors were encountered: