Chapter 7 - AAA in the IMS pdf

Chapter 7

AAA in the IMS

Authentication and authorization are generally linked in the IMS. In contrast, accounting

is a separate function executed by different nodes. This was the reason why we decided

to separate the description of authentication and authorization from the description of

accounting. Section 7.1 discusses authentication and authorization, and Section 7.4 discusses

accounting.

7.1 Authentication and Authorization in the IMS

Figure 7.1 shows the IMS architecture for performing authentication and authorization

functions. There are three interfaces over which authentication and authorization actions

are performed (namely the Cx, Dx, and Sh interfaces).

The Cx interface is specified between a Home Subscriber Server (HSS) and either an

I-CSCF or an S-CSCF. When more than a single HSS is present in a home network there is a

need for a Subscription Locator Function (SLF) to help the I-CSCF or S-CSCF to determine

which HSS stores the data for a certain user. The Dx interface connects an I-CSCF or S-CSCF

to an SLF running in Diameter redirect mode.

The Sh interface is specified between an HSS and either a SIP Application Server or

an OSA Service Capability Server (for a complete description of the different types of

Application Server in the IMS, see Section 5.8.2).

In all of these interfaces the protocol used between any two nodes is Diameter (specified

in RFC 3588 [96]) with an IMS-specific tailored application. Such a Diameter application

defines new Diameter command codes and new Attribute-Value Pairs (AVPs).

7.2 The Cx and Dx Interfaces

The Cx interface is specified between an I-CSCF and an HSS or between an S-CSCF and an

HSS. Similarly, the Dx interface is specified between an I-CSCF and an SLF or between an

S-CSCF and an SLF. The only difference between these interfaces is that the SLF implements

the functionality of a Diameter redirect agent, whereas the HSS acts as a Diameter server.

In either case, both the I-CSCFs and S-CSCFs act as Diameter clients.

In networks where there is more than a single HSS, Diameter clients (S-CSCF, I-CSCF)

need to contact the SLF to find out which of the several HSSs in the network stores the user

information for the user identified by the Public User Identity. The Diameter command the

ıa- ´ Martın´

The 3G IP Multimedia Subsystem (IMS): Merging the Internet and the Cellular Worlds Third Edition

Gonzalo Camarillo and Miguel A. Garc

© 2008 John Wiley & Sons, Ltd. ISBN: 978- 0- 470- 51662- 1