Statement of Compliance towards 3GPP Technical Specification 29.335 (Release 13)

Ericsson Service-Aware Policy Controller

Introduction
General Considerations
Scope, References and Abbreviations
Protocol Stack
General Messages
User Data Convergence Messages
- General
- Query
- Create
- Delete
- Update
- Subscribe
- Notify
- Abandon Operation
Information Elements
- Information Element Types with LDAP
- Information Elements for Subscriptions and Notifications
Security
Annex A (Normative): SOAP Subscription and Notification
Annex B (Informative): LDAP Message Flows and Transaction Flows for UDC
Annex C (Informative): Messages Based on SOAP
Annex D (Informative): Change History
Reference List

1 Introduction

This document describes to what extent Ericsson Service-Aware Policy Controller (SAPC) implementation of Policy Charging Rule Function role, when accessing an external database, i.e. when acting as a Front-End (FE) conforms with the Technical Specification 29.335 V13.1.1 (2016-06) standard 3GPP Technical Specification User Data Convergence (UDC); User Data Repository Access Protocol over the Ud Interface; Stage 3, 29.335 with the exemptions or additions stated in this document.

2 General Considerations

This document is structured following the chapters of the 3GPP Technical Specification 29.335 V13.1.1 (2016-06) .

The following terms explain the columns in the fill-in tables in the document:

Qualifier		Defines whether the implementation of a certain entity is mandatory (M), optional (Op) or conditional (C).

Compliance		Defines whether the implementation of a certain entity is Compliant by the system.

Comment		It may contain additional information.

No requirement (NR)		The TS statement contains general information for the understanding of other statements not applicable to the SAPC (the statements may be applicable for other nodes).

One of the following statements (with the associated interpretation) is given to each of the requirements of the Technical Specification:

Not compliant (NC)		The TS statement is not fulfilled.

Compliant (C)		All of the TS statements are fulfilled.

Partially compliant (PC)		Not completely all of the TS statements are fulfilled, the exceptions are described.

In this context, 'is/shall/will' statements are considered as mandatory, 'may' statements are considered as optional, and 'can' statements are considered as conditional.

3 Scope, References and Abbreviations

3.1 Scope

No requirement

3.2 References

No requirement

3.3 Definitions, Symbols and Abbreviations

3.3.1 Definitions

No requirement

3.3.2 Symbols

No requirement

3.3.3 Abbreviations

No requirement

4 Protocol Stack

4.1 General

Table 1 Protocol Stack General
Text	Qualifier	Compliance	Comment
Data access messages on the Ud interface shall make use of IETF RFC 4510 [4] and IETF RFC 4511 [8].	M	C
Subscription messages and Notification messages on the Ud interface shall make use of SOAP [6].	M	PC	The SAPC does not use SOAP-based subscriptions.

4.2 Protocol Stack for Ud Data Access Messages

Compliant

4.3 Protocol Stack for Ud Subscriptions/Notifications

Partially compliant

The SAPC does not support subscriptions.

5 General Messages

5.1 General

No requirement

5.2 Open Link for a LDAP Session

Table 2 Open Link for a LDAP Session
Text	Qualifier	Compliance	Comment
To initiate a LDAP session, a Front-End shall first establish a transport connection with the UDR. The transport connection shall be a TCP connection.	M	C
When IPsec is used, an IPsec connection may support several TCP connections, each supporting a LDAP session.	Op	NC	The SAPC does not use IPsec when accesing the UDR.
After establishment of the transport connection, the FE shall initiate a LDAP session by sending a LDAP BindRequest message. The establishment of the LDAP session shall comply with IETF RFC 4511 [8]. It shall be done before sending any other LDAP message. FE Identifier or FE Cluster Identifier shall be included in the BindRequest message.	M	C

5.3 Close Link for a LDAP Session

Table 3 Close Link for a LDAP Session
Text	Qualifier	Compliance	Comment
Termination of the LDAP session may be initiated by the FE by sending an UnbindRequest message. The termination of the LDAP session shall comply with IETF RFC 4511 [8].	Op	C

5.4 Transactions

Not compliant

The SAPC does not use transactions when accessing the UDR.

5.5 SOAP Authentication

Not compliant

6 User Data Convergence Messages

6.1 General

Table 4 General
Text	Qualifier	Compliance	Comment
The Query, Create, Delete and Update messages for UDC shall comply with IETF RFC 4511.	M	C

6.2 Query

Table 5 Query
Text	Qualifier	Compliance	Comment
Query request messages shall be coded as LDAP SearchRequest messages.	M	C

6.3 Create

Table 6 Create
Text	Qualifier	Compliance	Comment
Create request messages shall be coded as LDAP AddRequest messages or as LDAP ModifyRequest messages with the "operation" field set to "add", depending on the data to be created.	M	C

6.4 Delete

Table 7 Delete
Text	Qualifier	Compliance	Comment
Delete request messages shall be coded as LDAP DelRequest messages or as LDAP ModifyRequest messages with the "operation" field set to "delete", depending on the data to be deleted.	M	C
The LDAP assertion control as specified in IETF RFC 4528 [9] may be used for conditional delete operation if the FE knows that the UDR supports the corresponding control.	Op	NC

6.5 Update

Table 8 Update
Text	Qualifier	Compliance	Comment
Update request messages shall be coded as LDAP ModifyRequest messages with "operation" field set to "replace".	M	C
The LDAP assertion control as specified in IETF RFC 4528 [9] may be used for conditional update operation if the FE knows that the UDR supports the corresponding control.	Op	NC

6.6 Subscribe

Not compliant

6.7 Notify

Table 9 Notify
Text	Qualifier	Compliance	Comment
Notify request messages shall make use of the HTTP Post method and contain a SOAP message envelope.	M	C
Notify response messages shall be coded as HTTP response message and shall contain a SOAP message envelope.	M	C
Notify request and response messages shall contain a SOAP message envelope header with a header block containing the following elements: - serviceName This optional element identifies a service in the Front End. The value is copied from the Subscribe message or pre-configured in the UDR. The serviceName is of type string with up to 20 characters. - msgId This element uniquely identifies the Notify message request – response pair within a connection. The msgId is of type integer. The UDR shall allocate the value and use it together with the connId (if any) to correlate a received notify response with a sent notify request. - connId This optional element identifies the connection between the UDR and the FE. The connId is of type integer. If used, the value is allocated by the UDR and is used together with the msgId to correlate a notify response with a notify request.	M	NC	The SAPC ignores these elements
Application Front Ends shall copy the SOAP Envelope Header received in the Notify request and send it unmodified in the Notify response.	M	C
Notify response messages shall contain an empty SOAP message envelope body. Only the HTTP status code in the Notify response message is used to indicate success or failure.	M	PC	The SAPC returns both SOAP fault code and HTTP status code (200 OK/500 internal server error) for application errors.

6.8 Abandon Operation

Table 10 Abandon Operation
Text	Qualifier	Compliance	Comment
When a FE wishes to abandon an uncompleted operation towards the UDR, it shall send a LDAP AbandonRequest message.	M	NC	The SAPC does not trigger Abandon.

7 Information Elements

7.1 Information Element Types with LDAP

No requirement

7.2 Information Elements for Subscriptions and Notifications

Table 11 Information Elements for Subscriptions and Notifications
Text	Qualifier	Compliance	Comment
Information elements and their type to be used for subscriptions and notifications about data changes shall also follow the rules specified above in 7.1 and according to the formats/schemas defined in Annex A.	M	NC	The SAPC does not use subscriptions to notifications and the schema for notifications does not comply with the one defined in Annex A.

8 Security

Table 12 Security
Text	Qualifier	Compliance	Comment
Ud interface shall provide security with the methods specified in 3GPP TS 33.210.	M	NC	The SAPC does not offer IPSec.
Application sensitive data (e.g. permanent authentication keys K/Ki) shall be stored encrypted in the UDR and transferred encrypted over Ud. All FEs (e.g. HLR/HSS/AuC) handling sensitive data, accessing the same UDR and handling the same users (e.g. belonging to the same cluster) shall use the same mechanism and key for decrypting these data. The Application FEs shall support at least AES [17] as a common algorithm, and may support additional algorithms. The key for encryption/decryption is not subscriber-specific.	M	NR	The SAPC does not handle subscriber sensitive data.

9 Annex A (Normative): SOAP Subscription and Notification

Not compliant

SAPC neither supports subscriptions nor complies with the XML schema for notifications.

10 Annex B (Informative): LDAP Message Flows and Transaction Flows for UDC

No requirement

11 Annex C (Informative): Messages Based on SOAP

No requirement

12 Annex D (Informative): Change History

No requirement

13 Reference List

Standard

3GPP Technical Specification User Data Convergence (UDC); User Data Repository Access Protocol over the Ud Interface; Stage 3 - 29.335

Copyright	© Ericsson AB 2018. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.
Disclaimer	The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.
Trademarks	All trademarks mentioned herein are the property of their respective owners. These are shown in the document Trademark Information.