- Questions, remarks or comments about GBA:
gba [at] open-ims [dot] org
- Contactlist concerning the FOKUS Open IMS Playground in general, as well as all its components
GBA - The FOKUS Generic Bootstrapping Architecture
The 3GPP Generic Bootstrapping Architecture (GBA) is part of the Generic Authentication Architecture (GAA) and is used to bootstrap a short term security association based upon short term credentials between an HTTP client and server. In that sense, it is very well suited to allow authenticated access to converged applications of an IMS network that are not to be contacted over SIP.
FOKUS Generic Bootstrapping Architecture
The authentication is done based on a long term security association shared between the client and the server. On the client side, the long term secret is stored in a tamper resistant module such as a Universal Integrated Circuit Card (UICC). On the server side, the long term secret is stored along with other profile data in the Home Subscriber Server (HSS). During the bootstrapping process, the long term security association is used to create short term, server specific credentials that can be used to secure service access.
The GBA enables IMS operators for one to offer a single sign-on (SSO) experience for services but it also allows them to participate in existing SSO and identity federation systems as an Identity Provider by supplying strong authentication. This approach seems especially interesting for large operators as they can re-use their identity silos to enable SSO for a variety of HTTP services. GBA is just the last missing piece in the IMS puzzle to truly merge the mobile domain with the Internet by relying on strong and UICC-based authentication to secure HTTP traffic and offering full SSO access to the Web 2.0 space.
| back top |
- Questions, remarks or comments about GBA:
gba [at] open-ims [dot] org
- Contactlist concerning the FOKUS Open IMS Playground in general, as well as all its components