The present document specifies the authentication service for all kind of users involved in a TMN. Normally, one can
distinguish between three types of authentication: (human) user authentication, peer-to-peer entity authentication and
data origin authentication. The main scope of the present document is peer-to-peer entity authentication, even if human
user authentication is also partly addressed. Data origin authentication will not be addressed as an explicit TMN
authentication service for reasons described later in the present document.
The authentication service shall be realized by employing one of a set of various security mechanisms based on
password and/or cryptographic means. The main focus of the present document is the description of security
mechanisms for peer entity authentication even if these mechanisms may also be applicable for human user
authentication. Authentication mechanisms, that may be applicable only for human user authentication, are outside the
scope of the present document.
The content of the present document is applicable to communication between any two TMN system entities (e.g.
Operations System (OS) and Network Element (NE)) that communicates via a TMN Q3-or an X-interface. The present
document addresses peer-to-peer entity authentication at the OSI application layer (layer 7) through the use of ACSE. It
does not attempt to cover authentication schemes that may be appropriate for lower OSI layers or other protocol stacks.
This does not necessarily restrict the usability of the described authentication services (or part of them) at lower OSI
layers or with other protocol stacks.
To the extent that human user authentication is covered, it will be related to the TMN F-interface.
The present document does not describe the relationships between authentication service and other security services, the
features for managing the authentication service and the authentication s (...abbreviated)