The use of networkAccessIdentifier in B2B2X Use Cases

[brettrhill]

I see a similar thread in Issue 560 regarding IoT devices but starting this one as unrelated to IoT.

There are B2B2X scenarios like Network Slicing where the CSP cannot use MSISDN due to PII and privacy constraints. I’m looking for clarification on using the networkAccessIdentifier and whether other device/subscription identifiers can be supplied here.

When a mobile service is provisioned it could receive an opaque UUID, let’s call it NetworkAccessID, which is unique to the service and persists for its lifetime, even if the MSISDN changes. It’s privacy‑safe and stable for routing/policy. Looking for guidance if using something like a NetworkAccessID as networkAccessIdentifier and if this would be CAMARA compliant?

Does the networkAccessIdentifier require the @domain suffix (e.g., 550e8400-e29b-41d4-a716-446655440000@operator.com)? I imagine this might be useful for Aggregator use cases but wondering if the local UUID is sufficient.

[tlohmar]

Interesting, so you are generally looking for an alternative identifier for cases, when the MSISDN cannot be used because of PII.

@rartych was pointing out in the other Issue, that CAMARA's NAI is defined in RFC 7542. 3GPP refers to RFC 4282 for the External Identifier (RFC 4282 is actually obsoleted by RFC 7542).

Looking into RFC 7542 Section 2.2 (link), you find the following syntax for the NAI

nai            =   utf8-username
nai            =/  "@" utf8-realm
nai            =/  utf8-username "@" utf8-realm

meaning, that the NAI can be either only the user part or only the domain part (prefixed with an @) or user @ domain. There are some NAI Length considerations in RFC 7542, Section 2.3, but no length restrictions.

Does the networkAccessIdentifier require the @Domain suffix (e.g., 550e8400-e29b-41d4-a716-446655440000@operator.com)? I imagine this might be useful for Aggregator use cases but wondering if the local UUID is sufficient.

From my interpretation of RFC7542 and the current definitions in CAMARA: Using just a UUID (e.g. 550e8400-e29b-41d4-a716-446655440000) as a value of the NAI looks ok.

[shilpa-padgaonkar]

An old doc under supporting material, where some of this was discussed in the past https://github.com/camaraproject/Commonalities/blob/main/documentation/SupportingDocuments/UE-Identification.md