Upload
touaiti
View
10
Download
0
Embed Size (px)
DESCRIPTION
sd
Citation preview
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 1/52
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 2/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.2
3.6 Add / Remove Event Trigger through Policy 51
3.7 QoS-selection obligation 52
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 3/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
3
1 Basic Examples
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 4/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.4
1.1 Target: first example
Problem:
Policy is applicable when Category is equal "silver" AND PricingPlan is equal "TierA"
Fig. 1
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 5/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
5
1.2 Target: second example
Problem:Policy is applicable when Category is equal "silver" OR PricingPlan is equal "TierA"
Fig. 2
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 6/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.6
1.3 Target: third example
Problem:Policy is applicable when Category is equal: "silver" OR "gold" OR "bronze".
Fig. 3
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 7/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
7
1.4 Compare one data from Context with oneArgument
Problem:
Policy is applicable for any Client. If Category is "silver", then apply Charging Rule:"CH1".
Category = gold
Access Permit
Obligat ion
(on Permit)
Rule
( Effect:Permit)
Condi t ion
(string equal)
AccessRule_1_OnlyOneArgument
yes
Subject Attribute
Designator
Attribute
Value
Fig. 4
Function: "string-equal":
This function SHALL take two arguments of type "string” and SHALL return a type:"boolean”. The function SHALL return "True" if and only if the value of both of itsarguments are of equal length and each string is determined to be equal byte-by-byteaccording to the function “string-equal”.
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 8/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.8
SubjectAttributeDesignator: :
SubjectAttributeDesignatorType complex type is the type for elements andextensions that identify attributes. An element of this type contains properties by
which it MAY be matched to attributes in the request context. This SHALL evaluate toa bag of a specific primitive type (e.g. string). If the required attribute cannot belocated, then the value of the element SHALL be set to an empty bag of the inferredprimitive type (e.g. string).
Function: "string-one-and-only:
This function SHALL take an argument of a bag of string values and SHALL return avalue of string. It SHALL return the only value in the bag. If the bag does not haveone and only one value, then the expression SHALL evaluate to "Indeterminate".
Fig. 5
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 9/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
9
1.5 Compare two data from Context with twoArguments
Problem:
Policy is applicable for any Client. If Category is "silver" and Pricing Plan is TierA,then apply Charging Rule: "CH1".
Category = gold
and
PricingPlan=TierA
Access Permit
Obligation
(on Permit)
Rule
( Effect:Permit)Condit ion
(and)
AccessRule_2_Compare2Arguments
yes
Subject Attribute
Designator
Attribute
Value
Apply-string-equal
Apply-string-equal
Fig. 6
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 10/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.10
gold
Fig. 7
Function: and:
This function SHALL return "True" if it has no arguments and SHALL return "False" ifone of its arguments evaluates to "False". The order of evaluation SHALL be fromfirst argument to last. The evaluation SHALL stop with a result of "False" if anyargument evaluates to "False", leaving the rest of the arguments unevaluated. In anexpression that contains any of these functions, if any argument is "Indeterminate",then the expression SHALL evaluate to "Indeterminate".
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 11/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
11
1.6 Compare one data from Context with list ofArguments (1)
Problem:
Policy is applicable for any Client. If Category is gold, silver or basic23, then applyCharging Rule: "CH31".
Use function: "string-at-least-one-member-of".
- Category
Fig. 8
Function: string-at-least-one-member-of
This function SHALL take two arguments that are both a bag of string values. Theexpression SHALL evaluate to "True" if at least one element of the first argument iscontained in the second argument.
Function: string-bag
This function SHALL take any number of arguments of a single string-type and returna bag of string values containing the values of the arguments.
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 12/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.12
1.7 Compare one data from Context with list ofArguments (2)
Problem:
The same as in previous example
Use function: "string-is-in".
- Category
Fig. 9
Function: string-is-in
This function SHALL take an argument of string-type type as the first argument and abag of string values as the second argument. The expression SHALL evaluate to"True" if the first argument matches by to any value in the bag.
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 13/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
13
1.8 Compare one data from Context with list ofArguments (3)
Problem:
The same as in previous example
Use function: "any of".
Fig. 10
Function: any-of
This function applies a Boolean function between a specific primitive value and a bagof values, and SHALL return "True" if and only if the predicate is "True" for at leastone element of the bag. This function SHALL take three arguments:
1. The first argument SHALL be a <Function> element that names a Boolean functionthat takes two arguments of primitive types.
2. The second argument SHALL be a value of a primitive data-type (string,integer…).
3. The third argument SHALL be a bag of a primitive data-type.
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 14/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.14
1.9 Compare two data from Context with 2 lists (1)
Problem:Policy is applicable for any Client. If Category is equal to gold or silver andPricingPlan is TierA or TierB, then implement Charging Rule: "CH04".
- Category
Fig. 11
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 15/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
15
1.10 Compare two data from Context with 2 lists (2)
Problem:The same as in previous example
- Category
Fig. 12
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 16/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.16
1.11 Compare one data from the Context with oneArgument and second data from the Context witha list of Arguments
Problem:
Policy is applicable for any Client. If Category is equal gold and Pricing Plan is equalto TierA or TierA B or TierC, then implement Charging Rule: "CH05".
Fig. 13
NOTEInstead of function "any-of" is possible to use function:" string-at-least-one-member-of" or "string-is-in"
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 17/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
17
1.12 Add(1)
Problem:Policy is applicable for any Client.
If Used Volume is grater or equal of 100GB, then implement Charging Rule: "CH06".
If Used Volume is les then 100GB, then implement Charging Rule: "CH08"
TotalVolume=AccumulatedCharge+VolumeUsage
Rule1:
AccumulatedCharge+VolumeUsage>=100
Rule2:
AccumulatedCharge+VolumeUsage<100
Fig. 14
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 18/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.18
1.13 Add(2)
Problem:Policy is applicable for any Client.
If Used Volume is grater then ConsuptionLimit, then implement Charging Rule:"CH06". If not, then CH08.
Used Volume= AccumulatedCharge +VolumeUsage
Rule1:
AccumulatedCharge +VolumeUsage>= ConsuptionLimit
Rule2:
AccumulatedCharge +VolumeUsage>= ConsuptionLimit
Fig. 15
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 19/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
19
1.14 AccessRuleQuotaLimitAndClassForPlan (1)
ProblemIf Client has PricingPlan "TierA" or Category="silver", then check Upload andDownload Usage. If Download or Upload Usage exceeds the quota limit, then sendSMS to the Client and degrade QoS
Pricing Plan=TierA
or Category= silver
Degrade QoSsend SMS to the Client
Obligation
(on Permit)
Rule
(Effect:Permit)Condit ion
AND
UploadUsage>100OR
DownloadUsage>100
AccessRuleQuotaLimitAndClassForPlan
yes
yes
Subject Attribute
Designator
Attribute
Value
Subject Attribute
Designator
Subject Attribute
Designator
Subject Attribute
Designator
Attribute
Value
Attribute
Value
Attribute
Value
Fig. 16
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 20/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.20
Fig. 17
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 21/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
21
1.15 AccessRuleQuotaLimitAndClassForPlan (2)
ProblemThe same as in previous example.
Category and PricingPlan checking put in "Target".
Fig. 18
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 22/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.22
1.16 AccessRuleForVolumeBased
Problem:If Client has BillingPlan "PREPAID" and PricingPlan "TierA", then check Category ofthe Client.
If Category is "silver", check Total Used Quota. If TotalUsedQuota exceeds 1000,then block the service and send SMS to the Client.
When Category is gold, then check TotalUsedQuota. If TotalUsedQuota exceeds2000, then change QoS and send SMS to the Client.
Change QoS Profile
Send SMS to the Client
Category?
silver gold
BillingPlan:REPAID„
Pricing Plan: „TierA
Total Used Quota>1000 Total Used Quota>2000
Access denied
Send SMS to the Client
Polic e Target
(Subjecct Match)
Rule 1 (Effect:Permit)
Obligation
for Rule 1
(on Permit)
Obligation
for Rule 2
(on Deny)
Rule 2 (Effect:Deny)
Rule Target
(Subjecct Match)
Condi t ion
(greather then)
Condit ion
(greather then)
AccessRuleForVolumeBased
Fig. 19
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 23/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
23
Fig. 20
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 24/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.24
1.17 AccessRuleForTimeOfDay
Problem:If Client has Billing Plan "PREPAID", then check Pricing Plan of the Client.
If Pricing Plan is "TierA" or Category: "silver", then check current time.
If current time is between 23:00 and 5:00, then change QoS and send SMS to theClient.
BillingPlan:“PREPAID“
Police Target
(Subjecct Match)
AccessRuleForTimeOfDay
Pricing Plan=TierA
OR
Category= silver
yes
Subject Attribute
Designator Attribute
Value
Subject Attribute
Designator
Attribute
Value
Change QoS Profile
Send SMS to the Client
Obligation
(on Deny)
Rule
(Effect:Deny )Condit ion
AND
UserTime between:
5:00
23:00
Environment Attribute
Designator
Attribute
Value
Attribute
Value
Fig. 21
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 25/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
25
Fig. 22
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 26/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.26
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 27/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
27
2 VoLTE Policies
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 28/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.28
2.1 Emergency call
To establish Emergency call some operators uses fall back to circuit switchingnetwork. But some "green field operators" are relaying on 4G network and useVoLTE. According to government regulation, PCS support IMS emergency sessionsbased to 3GPP standards (TS 22.101). Calls to Police, Ambulance, Fire Brigade,Marine Guard, Mountain Rescue etc are treated as emergency calls. Operator shallspecify preferred emergency call numbers according to numbering plan, (e.g. 991 or110, 111…).
Emergency call is treated differently than normal call. Following cases is supported:
UE is subject of service restrictions. For example, UE is in the cell in a forbiddenPLMN or in a forbidden LA.
UE is without a SIM card. Emergency call should be established even in case of high load. Due to their high
priority, emergency session should get certain fixed QoS. Based on the operatorrequirement, the session may be given higher priority (ARP)
PCS recognizes emergency call according to:
AVP on Gx Interface: Called station Id (Emergency APN). This contains actualEmergency APNs from vendor to identify Gx session as emergency.Example:emergency.lte.mnc099.mcc234.lte
emergency.lte.mnc099.mcc234.gprs AVP on Rx Interface: Service URN. This contains actual Service-URNs provided
by the vendor to identify Rx session as emergencyExample:sos.fire, sos.ambulance.This AVP is normally not changed from country to country, from operator tooperator
A new tag Allow-Emergency-Services-Over-Non-Emergency-Gx is introduced inPCS_GeneralConfigParams.xml, under <Gq-or-Rx-Interface> tag. A configurableparameter for handling the case where, Service URN is received on Rx interface
(making it an emergency service) but Gx session is not an emergency session,then PCS can allow/discard the message handling based on this operatorconfigured flag.
These AVP's are defined in the PCS, via PCM: PCS_GeneralConfigParams.xml:
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 29/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
29
PCS_GeneralConfigParams.xml
<List-of-Emergency-Info>
<Emergency-Info>
<Emergency-Id> emergency.lte.mnc099.mcc234.lte </Emergency-Id>
</ Emergency-Info >
< Emergency-Info >
< Emergency-Id >emergency.lte.mnc099.mcc234.gprs</Emergency-Id >
</ Emergency-Info >
<\ List-of-Emergency-Info >
<List-of-Emergency-Info>
<Emergency-Info>
<Emergency-Id>sos.fire</Emergency-Id>
</ Emergency-Info >
< Emergency-Info >
< Emergency-Id >sos.ambulance</Emergency-Id >
</ Emergency-Info >
<\ List-of-Emergency-Info >
1. Add list of Emergency APNs in PCS_GeneralConfigParams.xml as part of <Gx-Interface> tag.
2. Add list of service URNs in PCS_GeneralConfigParams.xml as part of <Gq-or-Rx-Interface> tag.
Fig. 23
Fig. 24
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 30/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.30
In addition, two internal session attributes are introduced to identify the session asemergency in the policy evaluation:
Gx session: “pcsIsGxEmergencyCall” .
Rx session: “pcsIsRxEmergencyCall” .
Attribute data type is string.
Attribute values can be “TRUE” or “FALSE”.
To segregate policies for emergency calls, APN or Service-URN or session’s
emergency indication shall be sent to policy evaluation.
To influence the QoS (especially priority level) of the IPCAN session associated withemergency calls, existing policy framework can be used.
SPR based policies are not expected as SPR access is not done for emergencycalls. Only interface attributes based policies are expected.
Call flow for Emergency Call
1. UE sends request for the session to GW (PCEF).
2. GW sends CCR to PCS. PCS compares APN - AVP from message with configuredemergency APNs. If matched, PCS marks the session as emergency call.SPR query is not performed.
3. In CCA is sent preconfigured QoS through Policy (default bearer).
5. According to SIP Invite, PCEF recognize Emergency call and sends
6. AAR with Emergency Service URN to the PCS.PCS verifies UE IP associated with EC on Gx.PCS makes authorization and policy decisions configured by operator forEmergency Call.
8. PCS sends RAR to modify Emergency Bearer with QoS defined for Emergencycall.
9. GW confirms with RAA.
Messages that follow are like in normal VoLTE call flow.
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 31/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
31
Call Flow
1. Create Session Req
2. CCR-I
3. CCA-I
4. Create Session Resp
5. Sip Invite/Registration
6. AAR
7. AAA
8. RAR
9. RAA
10. 183
UE PCSGW AF
. . . . . . . . . . .
Fig. 25
Decision Logic
Rx Service URN == sos Rx Service URN != sos
Gx
Called Station Id == Emergency APN
Allow Reject the call with 5066
GxCalled Station Id != Emergency
APN
Config_param == true
Allow the Call as non-emergency
Config_param == false
Reject the call with 5066
NA
Config_param = Allow-Emergency-Services-Over-Non-Emergency-Gx
Result code 5066: UNAUTHORIZED_NON_EMERGENCY_SESSION
Fig. 26
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 32/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.32
2.2 Multimedia priority Service (MPS)
Priority CallPriority call is generated by priority user. Priority user should be authorized byoperator. It is normally members of Government, Policy or Army. Multimedia PriorityService (MPS) allows priority users to obtain radio and network resources withpriority. When invoked, the user of such service should be given preferentialtreatment. For this purpose, PCS supports IMS MPS services as per 3GPPstandards (3GPP TS 24.229). MPS session is normally given higher priority.
Priority call should never fail, apart from network (over)load condition.
To support MPS, PCS will need:
Extension Package
Policy
MPS can be:
SPR based:priority user is defined with SPR attribute: MPS Id
Rx based:1. MPS-Identifier AVP, in in AA-Request.2. Reservation-Priority, in AA-Request (session level) or in Media-Component-Description AVP to assign (priority is assign to the IP flow).
Addition of attributes to OneNDS schema
MPS IdentifierParameter to identify a Priority calls on Gx.
VoLTE SubscriptionDifferentiates if a subscriber has VoLTE service active.
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 33/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
33
SPR based Priority
CCR-I
Read Subscriber Record
MPS Id, Res Priority
SPR Attr : MPS Id
Attr Datatype = String
Attr Value == NGN GETS
CCA-I [Default-EPS-Bearer-QoS ]
PCEF PCSSPR
Policy evaluation
QCI/ARP decided by Policy
AF
Fig. 27
SPR based Priority call: session modification
PCEF PCSSPR
RAR [Default-EPS-Bearer-QoS ]
Read Subscriber Record
MPS Id, Res Priority
SPR Attr : MPS Id Attr Datatype = String Attr Value == NGN GETS
QCI/ARP decided by Policy
RAA
Normal Default estb.
SOAP Trigger [MPS id modified]
AF
Fig. 28
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 34/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.34
Rx based: priority
P-CSCF can receive an authorised Resource-Priority header field or a temporarily
authorised Resource-Priority header field. In both cases appropriate priority value inSIP signaling is included. If the P-CSCF then recognizes the need for priority thenshall include:
MPS-Identifier AVP,which contains the national variant for MPS service name indicating MPS session.If the PCRF receives the MPS-Identifier AVP indicating an MPS session, thePCRF may take specific actions on the corresponding IP-CAN to ensure that theMPS session is prioritized.
Reservation-Priority AVP:This AVP can be present in AA-Reqest or in Media-Component-Description AVP.Reservation-Priority in AA-Request provides the relative priority for a session whilethe Reservation-Priority at the media-component-description provides the relativepriority for an IP flow within a session.If the priority value is unknown, then is populates with default value.In the PCS V8, this AVP is still not supported.
.
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 35/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
35
Rx based Priority call
PCEF PCSSPR AF
RAR [Default-EPS-Bearer-QoS ]
AAR-Initial [MPS Id]
Interface Attr : Rx MPS Id
Attr Datatype = String
Attr Value == NGN GETS
RAA
AAA
RAR [Dynamic Rules – QoS based on Priority]
RAA
Default Bearer Upgradeand Dedicated Bearer
creation can be done in a
single RAR
Fig. 29
Rx Priority call –
termination
STR
STA
RAR to terminate Dedicated Bearer
Check if Priority user
RAR [ Default-EPS-Bearer-QoS Downgrade]
If [Not Priority user]
PCEF PCSSPR AF
Fig. 30
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 36/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.36
Multimedia priority Service (MPS)
Gx Interface
Rx Interface
Fig. 31
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 37/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
37
2.3 SIP Forking
In VoLTE scenario there are cases, where a given request to a destination issimultaneously forked to multiple end-points. In such a case, it gives the called user aflexibility to answer the call from a desired endpoint.
Forking also can happen for personalized ringtone or network announcements. Forthis purpose, PCS supports SIP-Forking as per 3GPP TS 23.228. The related UEprocedures are described in 3GPP TS 24.229.
Example:
SIP requests is routed to a specific Public User Identity: abc @net.com
This call is proxied to multiple registered contact addresses:
[email protected] [A mobile phone client]
[email protected] [A laptop client]
+49-89-12345678 [A land-line client]
P-CSCF becomes aware of the forking only when a subsequent provisional responsearrives for a new early dialogue. Then the P-CSCF shall use an AA request within theexisting Diameter session containing the SIP-Forking-Indication AVP with valueSEVERAL_DIALOGUESWhen receiving an AA request containing the SIP-Forking-Indication AVP with value
SEVERAL_DIALOGUES, the PCRF shall identify the existing authorizationinformation for that AF session..The PCRF shall authorize the maximum bandwidth required by any of the dialogues,but not the sum of the bandwidths required by all dialogues. Thus, the QoSauthorized for a media component is equal to the highest QoS requested for thatmedia component by any of the forked responses.
SIP-Forking-Indication AVP
The SIP-Forking-Indication AVP (AVP code 523) is of type Enumerated, anddescribes if several SIP dialogues are related to one Diameter session. Possible
values are: SINGLE_DIALOGUE (0)
This value is used to indicate that the Diameter session relates to a single SIPdialogue. This is the default value applicable if the AVP is omitted.
SEVERAL_DIALOGUES (1)This value is used to indicate that the Diameter session relates to several SIPdialogues
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 38/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.38
SIP Forking
SIP
Forking
Indicator
Single Dialogue
Handle as Normal call
Several Dialogues
-
• Check the Bandwidth against which it was previously allocated
• Assign whichever is greater
if previous one was greater, no need to change
If this one is greater, this one needs to be assigned
• Similar check for flow status(enabled if previously enabled)
3GPP TS 23.228
Fig. 32
Forking call Flow
AAR
AAARAR
RAA
IP-Can Session Established
AAR
AAARAR
RAA
Session Id 1
SIP Forking Ind
MCD
MCD-Number 1
Media-Type Audio
C ode c-da ta 5 03 30 R TP
Max DL 10K
Max UL 20K
MSCD
Flow-Number 1
F lo w- us ag e 0 (R TP )
F lo w- st at us E na bl ed
Charging Rule
Install
Rule Rame 30
Flow Status ENABLED
QoS Info
Max DL 10K
Max UL 20K
QCI 4
ARP 1Session Id 1
SIP Forking Ind
Several-
Dialogues
MCD
MCD-Number 1
Media-Type Audio
Codec-data 50330 RTP
Max DL 20K
Max UL 10K
MSCD
Flow-Number=1 1
Fl ow -u sa ge 0 ( RT P)
F lo w- st at us D is ab le d
Charging Rule
Install
Rule Rame 30
Flow Status ENABLED
QoS Info
Max DL 20K
Max UL 20K
QCI 4
ARP 1
PCRF applies higher QoS from whichever existing flow ornew flow with SIP-Forking indication, and install it to PGW.
PCEF PCSSPR AF
Fig. 33
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 39/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
39
How to define Policy Obligation:
AttributeId=Qos-Selection
Value=Requested:: ||Media::Highest||
Fig. 34
QCI will be granted based on Media Type.
Go to file: "PCS_QosAndChargingSelection" and according to Media Type
The other possibility is according to 3gpp specification as below:
2 > 1 > 4 > 3 > 5 > 6 > 7 > 8 > 9”
For Flow Status:
Flow-status=MAX(Current-Flow-status, Previous-Flow-Status) where “Enable” >“Disable”
Which method will be used, depend on parameter in"PCS_GeneralConfigParams.xml"
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 40/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.40
1
2
3
Fig. 35
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 41/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
41
3 Policy Obligation: Examples
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 42/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.42
3.1 SPR Update
Fig. 36
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 43/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
43
Fig. 37
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 44/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.44
3.2 Round of volume accumulation:
Obligation value for Round-off-Required has to be Yes (case-insensitive).:
Round of volume accumulation
Fig. 38
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 45/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
45
3.3 Usage Monitoring Info
For Gx interface, the granted volume and time units are sent using Usage-Monitoring-Information AVP. This obligation is used to fill the Usage-Monitoring-Information AVP
Sequence of parameters in Usage-Monitoring-Information:
MonitoringKey::TotalOctets::InputOctets::OutputOctets::Support::Report::GrantedTime
Example:
Session Level-::500000-$TotalUsedQuota$::-::-::Disabled::Enabled::-
Service Level10::100-$usedquota_10$::50-$useduplinkquota_10$::50-$useddownlinkquota_10$::-::Enabled::
Fig. 39
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 46/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.46
3.4 Reporting
Reminder:The Reporting of the data from PCS towards plug-in will be done based on Policyevaluation. If the policy evaluation results in an obligation defined above then, PCSwill report all the attributes that are configured for the specific Reporting Type to theplug-in.
Reporting plug-in allows:
External third party DB Update On Policy Action
Statistics Collection
Logging
For the reporting plug-in, the operator has to define:
Plug-in data via PCS_HostSpecificConfigParams.xml file
Access Rule with Obligation for reporting
Attributes to be reported, in Attribute.xml file
PCS_HostSpeci f icConfigParams.xml:
<Plugin><Plugin-ID>1</Plugin-ID><Plugin-Class-Name> com/nsn/reporting/plugin/PluginManagerHandler
</Plugin-Class-Name><Plugin-Type>REPORTING</Plugin-Type><Plugin-JarFile>
/advdata/Plugin/jar/ReportPlugin.jar:/advdata/Plugin/jar/log4j-1.2.15.jar</Plugin-
JarFile></Plugin>
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 47/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
47
Example: Interface attribute:
Create a New Attribute or copy from existing one with :
Attribute Name: any NameType: “REPORTING”
Id: Name as defined in Dictionary.xml
ObjectClassName: “INCOMING” or “OUTGOING” “INCOMING”: for attributes that are part of incoming Message ( CCR/RAR) “OUTGOING” for attributes that are part of outgoing message ( CCA/RAA)
Reporting Type could be any of the following:LOGGINGDB_UPDATESTATISTICS
Reporting Name – (Optional )Used if a different Name has to be appeared in the Reporting Data
PCS_Attr ibute.xml
Fig. 40
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 48/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.48
Obligation
New Obligation: Reporting is defined for the AccessRule.
A new Obligation Reporting is defined in PCS whose value can be one of the belowLOGGING
STATISTICS
DB_UPDATE
How to define Reporting Obligation
Fig. 41
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 49/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
49
3.5 SPR Plugin
Reminder:PCS_HostSpeci f icConfigParams.xml:
<Plugin><Plugin-ID>2</Plugin-ID><Plugin-Class-Name>com/nsn/pcs/plugin/SPRPlugin</Plugin-Class-
Name><Plugin-Type>DBA_SPR_DATA</Plugin-Type><Plugin-
JarFile>/advdata/Plugin/jar/SPRPlugin.jar:/advdata/Plugin/jar/log4j.jar</Plugin-JarFile>
</Plugin>
PCS_Attr ibutes.xml:
Send-To-SPRThis field is used to indicate if the parameter should be sent to the SPR-Plugin. The“value” in this field is the “name” of the attribute as required by the SPR Plugin.
Example: How to create an PROFILE Attribute to sendto SPR Plugin
Attributes.xml Name of the SPR
Attribute – as to be
used in Policy
Attribute type =
PROFILE
Plugin-Interface
Name of the SPR
Attribute (as required
by the Plugin)
1. Value assigned directly
2. Value assigned from an existing
Attribute
3. Value derived from an expression of
existing Attributes
Can be:
"READ“
“WRITE“
“RESET”
Fig. 42
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 50/52
XACML Examples
FN42434EN80GLA0
© Nokia Solutions and Networks 2015.50
Example How to create an INTERFACE Attribute to
send to SPR Plugin
Attributes.xmlName of the
Attribute – as to be
used in Policy
Attribute type =
INTERFACE
Id (as required based
on dictionary)
1. Value assigned directly
2. Value assigned from an
existing Attribute
3. Value derived from an expr. of
existing Attributes
Can be:
"READ“
“WRITE“
“RESET”
Name of the
Attribute (as
required by the
Plugin)
Fig. 43
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 51/52
XACML Examples
FN42434EN80GLA0 © Nokia Solutions and Networks 2015.
51
3.6 Add / Remove Event Trigger through Policy
It is possible to define Event Triggers over Gx Interface via PCM (static definition)and via Policy, in Obligation (dynamic definition).
Event Trigger Obligation:
<AttributeAssignment DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="AddEventTriggers">6,7</AttributeAssignment>
<AttributeAssignment DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId=“RemoveEventTriggers">5,8</AttributeAssignment>
Multiple values can be given for this obligation separated by comma operator.
There is no limit for the number of values given for this obligation
7/21/2019 04 Fn42434en80gla0 Xacml Examples
http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 52/52
XACML Examples
3.7 QoS-selection obligation
Rx based QoS SelectionPCRF may use session and media related information received from AF to generatePCC Rules. This data are received via Rx Reference Point in AA-Request, in Media-sub-component-description AVP.
QoS for PCC rules is decided based on the policy definition from the operator. Forpolicy writing for deriving QoS for PCC rules, QoS-selection obligation is defined.
Selection of the quality of service can be decided at three levels (associating eachlevel with independent selection algorithm):
Bandwidth _defines the bandwidth for the flows to be enforced.
QCI _defines if a new dedicated bearer or an existing bearer shall be used. ARP _Allocation and retention priority associated with the bearer. Rx
Fig. 44