04 Fn42434en80gla0 Xacml Examples

7/21/2019 04 Fn42434en80gla0 Xacml Examples

http://slidepdf.com/reader/full/04-fn42434en80gla0-xacml-examples 1/52



XACML Examples

FN42434EN80GLA0

© Nokia Solutions and Networks 2015.2

3.6 Add / Remove Event Trigger through Policy 51

3.7 QoS-selection obligation 52



XACML Examples

FN42434EN80GLA0 © Nokia Solutions and Networks 2015.

3

1 Basic Examples



XACML Examples

FN42434EN80GLA0


1.1 Target: first example

Problem:

Policy is applicable when Category is equal "silver" AND PricingPlan is equal "TierA"

Fig. 1



XACML Examples


5

1.2 Target: second example

Problem:Policy is applicable when Category is equal "silver" OR PricingPlan is equal "TierA"

Fig. 2



XACML Examples

FN42434EN80GLA0


1.3 Target: third example

Problem:Policy is applicable when Category is equal: "silver" OR "gold" OR "bronze".

Fig. 3



XACML Examples


7

1.4 Compare one data from Context with oneArgument

Problem:

Policy is applicable for any Client. If Category is "silver", then apply Charging Rule:"CH1".

Category = gold

Access Permit

Obligat ion

(on Permit)

Rule

( Effect:Permit)

Condi t ion

(string equal)

AccessRule_1_OnlyOneArgument

yes

Subject Attribute

Designator

Attribute

Value

Fig. 4

Function: "string-equal":

This function SHALL take two arguments of type "string” and SHALL return a type:"boolean”. The function SHALL return "True" if and only if the value of both of itsarguments are of equal length and each string is determined to be equal byte-by-byteaccording to the function “string-equal”.



XACML Examples

FN42434EN80GLA0


SubjectAttributeDesignator: :

SubjectAttributeDesignatorType complex type is the type for elements andextensions that identify attributes. An element of this type contains properties by

which it MAY be matched to attributes in the request context. This SHALL evaluate toa bag of a specific primitive type (e.g. string). If the required attribute cannot belocated, then the value of the element SHALL be set to an empty bag of the inferredprimitive type (e.g. string).

Function: "string-one-and-only:

This function SHALL take an argument of a bag of string values and SHALL return avalue of string. It SHALL return the only value in the bag. If the bag does not haveone and only one value, then the expression SHALL evaluate to "Indeterminate".

Fig. 5



XACML Examples


9

1.5 Compare two data from Context with twoArguments

Problem:

Policy is applicable for any Client. If Category is "silver" and Pricing Plan is TierA,then apply Charging Rule: "CH1".

Category = gold

and

PricingPlan=TierA

Access Permit

Obligation

(on Permit)

Rule

( Effect:Permit)Condit ion

(and)

AccessRule_2_Compare2Arguments

yes

Subject Attribute

Designator

Attribute

Value

Apply-string-equal

Apply-string-equal

Fig. 6



XACML Examples

FN42434EN80GLA0


gold

Fig. 7

Function: and:

This function SHALL return "True" if it has no arguments and SHALL return "False" ifone of its arguments evaluates to "False". The order of evaluation SHALL be fromfirst argument to last. The evaluation SHALL stop with a result of "False" if anyargument evaluates to "False", leaving the rest of the arguments unevaluated. In anexpression that contains any of these functions, if any argument is "Indeterminate",then the expression SHALL evaluate to "Indeterminate".



XACML Examples


11

1.6 Compare one data from Context with list ofArguments (1)

Problem:

Policy is applicable for any Client. If Category is gold, silver or basic23, then applyCharging Rule: "CH31".

Use function: "string-at-least-one-member-of".

- Category

Fig. 8

Function: string-at-least-one-member-of

This function SHALL take two arguments that are both a bag of string values. Theexpression SHALL evaluate to "True" if at least one element of the first argument iscontained in the second argument.

Function: string-bag

This function SHALL take any number of arguments of a single string-type and returna bag of string values containing the values of the arguments.



XACML Examples

FN42434EN80GLA0



Problem:

The same as in previous example

Use function: "string-is-in".

- Category

Fig. 9

Function: string-is-in

This function SHALL take an argument of string-type type as the first argument and abag of string values as the second argument. The expression SHALL evaluate to"True" if the first argument matches by to any value in the bag.



XACML Examples


13


Problem:

The same as in previous example

Use function: "any of".

Fig. 10

Function: any-of

This function applies a Boolean function between a specific primitive value and a bagof values, and SHALL return "True" if and only if the predicate is "True" for at leastone element of the bag. This function SHALL take three arguments:

1. The first argument SHALL be a <Function> element that names a Boolean functionthat takes two arguments of primitive types.

2. The second argument SHALL be a value of a primitive data-type (string,integer…).

3. The third argument SHALL be a bag of a primitive data-type.



XACML Examples

FN42434EN80GLA0


1.9 Compare two data from Context with 2 lists (1)

Problem:Policy is applicable for any Client. If Category is equal to gold or silver andPricingPlan is TierA or TierB, then implement Charging Rule: "CH04".

- Category

Fig. 11



XACML Examples


15

1.10 Compare two data from Context with 2 lists (2)

Problem:The same as in previous example

- Category

Fig. 12



XACML Examples

FN42434EN80GLA0


1.11 Compare one data from the Context with oneArgument and second data from the Context witha list of Arguments

Problem:

Policy is applicable for any Client. If Category is equal gold and Pricing Plan is equalto TierA or TierA B or TierC, then implement Charging Rule: "CH05".

Fig. 13

NOTEInstead of function "any-of" is possible to use function:" string-at-least-one-member-of" or "string-is-in"



XACML Examples


17

1.12 Add(1)

Problem:Policy is applicable for any Client.

If Used Volume is grater or equal of 100GB, then implement Charging Rule: "CH06".

If Used Volume is les then 100GB, then implement Charging Rule: "CH08"

TotalVolume=AccumulatedCharge+VolumeUsage

Rule1:

AccumulatedCharge+VolumeUsage>=100

Rule2:

AccumulatedCharge+VolumeUsage<100

Fig. 14



XACML Examples

FN42434EN80GLA0


1.13 Add(2)

Problem:Policy is applicable for any Client.

If Used Volume is grater then ConsuptionLimit, then implement Charging Rule:"CH06". If not, then CH08.

Used Volume= AccumulatedCharge +VolumeUsage

Rule1:

AccumulatedCharge +VolumeUsage>= ConsuptionLimit

Rule2:

AccumulatedCharge +VolumeUsage>= ConsuptionLimit

Fig. 15



XACML Examples


19

1.14 AccessRuleQuotaLimitAndClassForPlan (1)

ProblemIf Client has PricingPlan "TierA" or Category="silver", then check Upload andDownload Usage. If Download or Upload Usage exceeds the quota limit, then sendSMS to the Client and degrade QoS

Pricing Plan=TierA

or Category= silver

Degrade QoSsend SMS to the Client

Obligation

(on Permit)

Rule

(Effect:Permit)Condit ion

AND

UploadUsage>100OR

DownloadUsage>100

AccessRuleQuotaLimitAndClassForPlan

yes

yes

Subject Attribute

Designator

Attribute

Value

Subject Attribute

Designator

Subject Attribute

Designator

Subject Attribute

Designator

Attribute

Value

Attribute

Value

Attribute

Value

Fig. 16



XACML Examples

FN42434EN80GLA0


Fig. 17



XACML Examples


21

1.15 AccessRuleQuotaLimitAndClassForPlan (2)

ProblemThe same as in previous example.

Category and PricingPlan checking put in "Target".

Fig. 18



XACML Examples

FN42434EN80GLA0


1.16 AccessRuleForVolumeBased

Problem:If Client has BillingPlan "PREPAID" and PricingPlan "TierA", then check Category ofthe Client.

If Category is "silver", check Total Used Quota. If TotalUsedQuota exceeds 1000,then block the service and send SMS to the Client.

When Category is gold, then check TotalUsedQuota. If TotalUsedQuota exceeds2000, then change QoS and send SMS to the Client.

Change QoS Profile

Send SMS to the Client

Category?

silver gold

BillingPlan:REPAID„

Pricing Plan: „TierA

Total Used Quota>1000 Total Used Quota>2000

Access denied


Polic e Target

(Subjecct Match)

Rule 1 (Effect:Permit)

Obligation

for Rule 1

(on Permit)

Obligation

for Rule 2

(on Deny)

Rule 2 (Effect:Deny)

Rule Target

(Subjecct Match)

Condi t ion

(greather then)

Condit ion

(greather then)

AccessRuleForVolumeBased

Fig. 19



XACML Examples


23

Fig. 20



XACML Examples

FN42434EN80GLA0


1.17 AccessRuleForTimeOfDay

Problem:If Client has Billing Plan "PREPAID", then check Pricing Plan of the Client.

If Pricing Plan is "TierA" or Category: "silver", then check current time.

If current time is between 23:00 and 5:00, then change QoS and send SMS to theClient.

BillingPlan:“PREPAID“

Police Target

(Subjecct Match)

AccessRuleForTimeOfDay

Pricing Plan=TierA

OR

Category= silver

yes

Subject Attribute

Designator Attribute

Value

Subject Attribute

Designator

Attribute

Value

Change QoS Profile


Obligation

(on Deny)

Rule

(Effect:Deny )Condit ion

AND

UserTime between:

5:00

23:00

Environment Attribute

Designator

Attribute

Value

Attribute

Value

Fig. 21



XACML Examples


25

Fig. 22



XACML Examples

FN42434EN80GLA0




XACML Examples


27

2 VoLTE Policies



XACML Examples

FN42434EN80GLA0


2.1 Emergency call

To establish Emergency call some operators uses fall back to circuit switchingnetwork. But some "green field operators" are relaying on 4G network and useVoLTE. According to government regulation, PCS support IMS emergency sessionsbased to 3GPP standards (TS 22.101). Calls to Police, Ambulance, Fire Brigade,Marine Guard, Mountain Rescue etc are treated as emergency calls. Operator shallspecify preferred emergency call numbers according to numbering plan, (e.g. 991 or110, 111…).

Emergency call is treated differently than normal call. Following cases is supported:

UE is subject of service restrictions. For example, UE is in the cell in a forbiddenPLMN or in a forbidden LA.

UE is without a SIM card. Emergency call should be established even in case of high load. Due to their high

priority, emergency session should get certain fixed QoS. Based on the operatorrequirement, the session may be given higher priority (ARP)

PCS recognizes emergency call according to:

AVP on Gx Interface: Called station Id (Emergency APN). This contains actualEmergency APNs from vendor to identify Gx session as emergency.Example:emergency.lte.mnc099.mcc234.lte

emergency.lte.mnc099.mcc234.gprs AVP on Rx Interface: Service URN. This contains actual Service-URNs provided

by the vendor to identify Rx session as emergencyExample:sos.fire, sos.ambulance.This AVP is normally not changed from country to country, from operator tooperator

A new tag Allow-Emergency-Services-Over-Non-Emergency-Gx is introduced inPCS_GeneralConfigParams.xml, under <Gq-or-Rx-Interface> tag. A configurableparameter for handling the case where, Service URN is received on Rx interface

(making it an emergency service) but Gx session is not an emergency session,then PCS can allow/discard the message handling based on this operatorconfigured flag.

These AVP's are defined in the PCS, via PCM: PCS_GeneralConfigParams.xml:



XACML Examples


29

PCS_GeneralConfigParams.xml

<List-of-Emergency-Info>

<Emergency-Info>

<Emergency-Id> emergency.lte.mnc099.mcc234.lte </Emergency-Id>

</ Emergency-Info >

< Emergency-Info >

< Emergency-Id >emergency.lte.mnc099.mcc234.gprs</Emergency-Id >

</ Emergency-Info >

<\ List-of-Emergency-Info >

<List-of-Emergency-Info>

<Emergency-Info>

<Emergency-Id>sos.fire</Emergency-Id>

</ Emergency-Info >

< Emergency-Info >

< Emergency-Id >sos.ambulance</Emergency-Id >

</ Emergency-Info >

<\ List-of-Emergency-Info >

1. Add list of Emergency APNs in PCS_GeneralConfigParams.xml as part of <Gx-Interface> tag.

2. Add list of service URNs in PCS_GeneralConfigParams.xml as part of <Gq-or-Rx-Interface> tag.

Fig. 23

Fig. 24



XACML Examples

FN42434EN80GLA0


In addition, two internal session attributes are introduced to identify the session asemergency in the policy evaluation:

Gx session: “pcsIsGxEmergencyCall” .

Rx session: “pcsIsRxEmergencyCall” .

Attribute data type is string.

Attribute values can be “TRUE” or “FALSE”.

To segregate policies for emergency calls, APN or Service-URN or session’s

emergency indication shall be sent to policy evaluation.

To influence the QoS (especially priority level) of the IPCAN session associated withemergency calls, existing policy framework can be used.

SPR based policies are not expected as SPR access is not done for emergencycalls. Only interface attributes based policies are expected.

Call flow for Emergency Call

1. UE sends request for the session to GW (PCEF).

2. GW sends CCR to PCS. PCS compares APN - AVP from message with configuredemergency APNs. If matched, PCS marks the session as emergency call.SPR query is not performed.

3. In CCA is sent preconfigured QoS through Policy (default bearer).

5. According to SIP Invite, PCEF recognize Emergency call and sends

6. AAR with Emergency Service URN to the PCS.PCS verifies UE IP associated with EC on Gx.PCS makes authorization and policy decisions configured by operator forEmergency Call.

8. PCS sends RAR to modify Emergency Bearer with QoS defined for Emergencycall.

9. GW confirms with RAA.

Messages that follow are like in normal VoLTE call flow.



XACML Examples


31

Call Flow

1. Create Session Req

2. CCR-I

3. CCA-I

4. Create Session Resp

5. Sip Invite/Registration

6. AAR

7. AAA

8. RAR

9. RAA

10. 183

UE PCSGW AF

. . . . . . . . . . .

Fig. 25

Decision Logic

Rx Service URN == sos Rx Service URN != sos

Gx

Called Station Id == Emergency APN

Allow Reject the call with 5066

GxCalled Station Id != Emergency

APN

Config_param == true

Allow the Call as non-emergency

Config_param == false

Reject the call with 5066

NA

Config_param = Allow-Emergency-Services-Over-Non-Emergency-Gx

Result code 5066: UNAUTHORIZED_NON_EMERGENCY_SESSION

Fig. 26



XACML Examples

FN42434EN80GLA0


2.2 Multimedia priority Service (MPS)

Priority CallPriority call is generated by priority user. Priority user should be authorized byoperator. It is normally members of Government, Policy or Army. Multimedia PriorityService (MPS) allows priority users to obtain radio and network resources withpriority. When invoked, the user of such service should be given preferentialtreatment. For this purpose, PCS supports IMS MPS services as per 3GPPstandards (3GPP TS 24.229). MPS session is normally given higher priority.

Priority call should never fail, apart from network (over)load condition.

To support MPS, PCS will need:

Extension Package

Policy

MPS can be:

SPR based:priority user is defined with SPR attribute: MPS Id

Rx based:1. MPS-Identifier AVP, in in AA-Request.2. Reservation-Priority, in AA-Request (session level) or in Media-Component-Description AVP to assign (priority is assign to the IP flow).

Addition of attributes to OneNDS schema

MPS IdentifierParameter to identify a Priority calls on Gx.

VoLTE SubscriptionDifferentiates if a subscriber has VoLTE service active.



XACML Examples


33

SPR based Priority

CCR-I

Read Subscriber Record

MPS Id, Res Priority

SPR Attr : MPS Id

Attr Datatype = String

Attr Value == NGN GETS

CCA-I [Default-EPS-Bearer-QoS ]

PCEF PCSSPR

Policy evaluation

QCI/ARP decided by Policy

AF

Fig. 27

SPR based Priority call: session modification

PCEF PCSSPR

RAR [Default-EPS-Bearer-QoS ]

Read Subscriber Record

MPS Id, Res Priority

SPR Attr : MPS Id Attr Datatype = String Attr Value == NGN GETS

QCI/ARP decided by Policy

RAA

Normal Default estb.

SOAP Trigger [MPS id modified]

AF

Fig. 28



XACML Examples

FN42434EN80GLA0


Rx based: priority

P-CSCF can receive an authorised Resource-Priority header field or a temporarily

authorised Resource-Priority header field. In both cases appropriate priority value inSIP signaling is included. If the P-CSCF then recognizes the need for priority thenshall include:

MPS-Identifier AVP,which contains the national variant for MPS service name indicating MPS session.If the PCRF receives the MPS-Identifier AVP indicating an MPS session, thePCRF may take specific actions on the corresponding IP-CAN to ensure that theMPS session is prioritized.

Reservation-Priority AVP:This AVP can be present in AA-Reqest or in Media-Component-Description AVP.Reservation-Priority in AA-Request provides the relative priority for a session whilethe Reservation-Priority at the media-component-description provides the relativepriority for an IP flow within a session.If the priority value is unknown, then is populates with default value.In the PCS V8, this AVP is still not supported.

.



XACML Examples


35

Rx based Priority call

PCEF PCSSPR AF

RAR [Default-EPS-Bearer-QoS ]

AAR-Initial [MPS Id]

Interface Attr : Rx MPS Id

Attr Datatype = String

Attr Value == NGN GETS

RAA

AAA

RAR [Dynamic Rules – QoS based on Priority]

RAA

Default Bearer Upgradeand Dedicated Bearer

creation can be done in a

single RAR

Fig. 29

Rx Priority call –

termination

STR

STA

RAR to terminate Dedicated Bearer

Check if Priority user

RAR [ Default-EPS-Bearer-QoS Downgrade]

If [Not Priority user]

PCEF PCSSPR AF

Fig. 30



XACML Examples

FN42434EN80GLA0


Multimedia priority Service (MPS)

Gx Interface

Rx Interface

Fig. 31



XACML Examples


37

2.3 SIP Forking

In VoLTE scenario there are cases, where a given request to a destination issimultaneously forked to multiple end-points. In such a case, it gives the called user aflexibility to answer the call from a desired endpoint.

Forking also can happen for personalized ringtone or network announcements. Forthis purpose, PCS supports SIP-Forking as per 3GPP TS 23.228. The related UEprocedures are described in 3GPP TS 24.229.

Example:

SIP requests is routed to a specific Public User Identity: abc @net.com

This call is proxied to multiple registered contact addresses:

[email protected] [A mobile phone client]

[email protected] [A laptop client]

+49-89-12345678 [A land-line client]

P-CSCF becomes aware of the forking only when a subsequent provisional responsearrives for a new early dialogue. Then the P-CSCF shall use an AA request within theexisting Diameter session containing the SIP-Forking-Indication AVP with valueSEVERAL_DIALOGUESWhen receiving an AA request containing the SIP-Forking-Indication AVP with value

SEVERAL_DIALOGUES, the PCRF shall identify the existing authorizationinformation for that AF session..The PCRF shall authorize the maximum bandwidth required by any of the dialogues,but not the sum of the bandwidths required by all dialogues. Thus, the QoSauthorized for a media component is equal to the highest QoS requested for thatmedia component by any of the forked responses.

SIP-Forking-Indication AVP

The SIP-Forking-Indication AVP (AVP code 523) is of type Enumerated, anddescribes if several SIP dialogues are related to one Diameter session. Possible

values are: SINGLE_DIALOGUE (0)

This value is used to indicate that the Diameter session relates to a single SIPdialogue. This is the default value applicable if the AVP is omitted.

SEVERAL_DIALOGUES (1)This value is used to indicate that the Diameter session relates to several SIPdialogues

mailto:[email protected]








XACML Examples

FN42434EN80GLA0


SIP Forking

SIP

Forking

Indicator

Single Dialogue

Handle as Normal call

Several Dialogues

-

• Check the Bandwidth against which it was previously allocated

• Assign whichever is greater

if previous one was greater, no need to change

If this one is greater, this one needs to be assigned

• Similar check for flow status(enabled if previously enabled)

3GPP TS 23.228

Fig. 32

Forking call Flow

AAR

AAARAR

RAA

IP-Can Session Established

AAR

AAARAR

RAA

Session Id 1

SIP Forking Ind

MCD

MCD-Number 1

Media-Type Audio

C ode c-da ta 5 03 30 R TP

Max DL 10K

Max UL 20K

MSCD

Flow-Number 1

F lo w- us ag e 0 (R TP )

F lo w- st at us E na bl ed

Charging Rule

Install

Rule Rame 30

Flow Status ENABLED

QoS Info

Max DL 10K

Max UL 20K

QCI 4

ARP 1Session Id 1

SIP Forking Ind

Several-

Dialogues

MCD

MCD-Number 1

Media-Type Audio

Codec-data 50330 RTP

Max DL 20K

Max UL 10K

MSCD

Flow-Number=1 1

Fl ow -u sa ge 0 ( RT P)

F lo w- st at us D is ab le d

Charging Rule

Install

Rule Rame 30

Flow Status ENABLED

QoS Info

Max DL 20K

Max UL 20K

QCI 4

ARP 1

PCRF applies higher QoS from whichever existing flow ornew flow with SIP-Forking indication, and install it to PGW.

PCEF PCSSPR AF

Fig. 33



XACML Examples


39

How to define Policy Obligation:

AttributeId=Qos-Selection

Value=Requested:: ||Media::Highest||

Fig. 34

QCI will be granted based on Media Type.

Go to file: "PCS_QosAndChargingSelection" and according to Media Type

The other possibility is according to 3gpp specification as below:

2 > 1 > 4 > 3 > 5 > 6 > 7 > 8 > 9”

For Flow Status:

Flow-status=MAX(Current-Flow-status, Previous-Flow-Status) where “Enable” >“Disable”

Which method will be used, depend on parameter in"PCS_GeneralConfigParams.xml"



XACML Examples

FN42434EN80GLA0


1

2

3

Fig. 35



XACML Examples


41

3 Policy Obligation: Examples



XACML Examples

FN42434EN80GLA0


3.1 SPR Update

Fig. 36



XACML Examples


43

Fig. 37



XACML Examples

FN42434EN80GLA0


3.2 Round of volume accumulation:

Obligation value for Round-off-Required has to be Yes (case-insensitive).:

Round of volume accumulation

Fig. 38



XACML Examples


45

3.3 Usage Monitoring Info

For Gx interface, the granted volume and time units are sent using Usage-Monitoring-Information AVP. This obligation is used to fill the Usage-Monitoring-Information AVP

Sequence of parameters in Usage-Monitoring-Information:

MonitoringKey::TotalOctets::InputOctets::OutputOctets::Support::Report::GrantedTime

Example:

Session Level-::500000-$TotalUsedQuota$::-::-::Disabled::Enabled::-

Service Level10::100-$usedquota_10$::50-$useduplinkquota_10$::50-$useddownlinkquota_10$::-::Enabled::

Fig. 39



XACML Examples

FN42434EN80GLA0


3.4 Reporting

Reminder:The Reporting of the data from PCS towards plug-in will be done based on Policyevaluation. If the policy evaluation results in an obligation defined above then, PCSwill report all the attributes that are configured for the specific Reporting Type to theplug-in.

Reporting plug-in allows:

External third party DB Update On Policy Action

Statistics Collection

Logging

For the reporting plug-in, the operator has to define:

Plug-in data via PCS_HostSpecificConfigParams.xml file

Access Rule with Obligation for reporting

Attributes to be reported, in Attribute.xml file

PCS_HostSpeci f icConfigParams.xml:

<Plugin><Plugin-ID>1</Plugin-ID><Plugin-Class-Name> com/nsn/reporting/plugin/PluginManagerHandler

</Plugin-Class-Name><Plugin-Type>REPORTING</Plugin-Type><Plugin-JarFile>

/advdata/Plugin/jar/ReportPlugin.jar:/advdata/Plugin/jar/log4j-1.2.15.jar</Plugin-

JarFile></Plugin>



XACML Examples


47

Example: Interface attribute:

Create a New Attribute or copy from existing one with :

Attribute Name: any NameType: “REPORTING”

Id: Name as defined in Dictionary.xml

ObjectClassName: “INCOMING” or “OUTGOING” “INCOMING”: for attributes that are part of incoming Message ( CCR/RAR) “OUTGOING” for attributes that are part of outgoing message ( CCA/RAA)

Reporting Type could be any of the following:LOGGINGDB_UPDATESTATISTICS

Reporting Name – (Optional )Used if a different Name has to be appeared in the Reporting Data

PCS_Attr ibute.xml

Fig. 40



XACML Examples

FN42434EN80GLA0


Obligation

New Obligation: Reporting is defined for the AccessRule.

A new Obligation Reporting is defined in PCS whose value can be one of the belowLOGGING

STATISTICS

DB_UPDATE

How to define Reporting Obligation

Fig. 41



XACML Examples


49

3.5 SPR Plugin

Reminder:PCS_HostSpeci f icConfigParams.xml:

<Plugin><Plugin-ID>2</Plugin-ID><Plugin-Class-Name>com/nsn/pcs/plugin/SPRPlugin</Plugin-Class-

Name><Plugin-Type>DBA_SPR_DATA</Plugin-Type><Plugin-

JarFile>/advdata/Plugin/jar/SPRPlugin.jar:/advdata/Plugin/jar/log4j.jar</Plugin-JarFile>

</Plugin>

PCS_Attr ibutes.xml:

Send-To-SPRThis field is used to indicate if the parameter should be sent to the SPR-Plugin. The“value” in this field is the “name” of the attribute as required by the SPR Plugin.

Example: How to create an PROFILE Attribute to sendto SPR Plugin

Attributes.xml Name of the SPR

Attribute – as to be

used in Policy

Attribute type =

PROFILE

Plugin-Interface

Name of the SPR

Attribute (as required

by the Plugin)

1. Value assigned directly

2. Value assigned from an existing

Attribute

3. Value derived from an expression of

existing Attributes

Can be:

"READ“

“WRITE“

“RESET”

Fig. 42



XACML Examples

FN42434EN80GLA0


Example How to create an INTERFACE Attribute to

send to SPR Plugin

Attributes.xmlName of the

Attribute – as to be

used in Policy

Attribute type =

INTERFACE

Id (as required based

on dictionary)

1. Value assigned directly

2. Value assigned from an

existing Attribute

3. Value derived from an expr. of

existing Attributes

Can be:

"READ“

“WRITE“

“RESET”

Name of the

Attribute (as

required by the

Plugin)

Fig. 43



XACML Examples


51

3.6 Add / Remove Event Trigger through Policy

It is possible to define Event Triggers over Gx Interface via PCM (static definition)and via Policy, in Obligation (dynamic definition).

Event Trigger Obligation:

<AttributeAssignment DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="AddEventTriggers">6,7</AttributeAssignment>

<AttributeAssignment DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId=“RemoveEventTriggers">5,8</AttributeAssignment>

Multiple values can be given for this obligation separated by comma operator.

There is no limit for the number of values given for this obligation



XACML Examples

3.7 QoS-selection obligation

Rx based QoS SelectionPCRF may use session and media related information received from AF to generatePCC Rules. This data are received via Rx Reference Point in AA-Request, in Media-sub-component-description AVP.

QoS for PCC rules is decided based on the policy definition from the operator. Forpolicy writing for deriving QoS for PCC rules, QoS-selection obligation is defined.

Selection of the quality of service can be decided at three levels (associating eachlevel with independent selection algorithm):

Bandwidth _defines the bandwidth for the flows to be enforced.

QCI _defines if a new dedicated bearer or an existing bearer shall be used. ARP _Allocation and retention priority associated with the bearer. Rx

Fig. 44

Documents

04 Fn42434en80gla0 Xacml Examples