Merge pull request #22 from wilson30139/main

Update 20230802.md
free5gc · Aug 4, 2023 · a827c50 · a827c50
2 parents 9da27de + f7530f6
commit a827c50
Showing 1 changed file with 18 additions and 15 deletions.
diff --git a/docs/blog/20230802.md b/docs/blog/20230802.md
@@ -1,16 +1,16 @@
 # Authentication Mechanism in NRF: What Is OAuth?
 
 ## Abstract
-Regarding the theme this time, I briefly introduce **OAuth**. OAuth 2.0 defines four types of the authorization flow. I choose the **Client Credentials Flow** to explain because the authentication mechanism in NRF is closely related to the Client Credentials Flow.
+Regarding the theme this time, I will briefly introduce **OAuth**. OAuth 2.0 defines four types of authorization flows. I choose the **Client Credentials Flow** to explain because the authentication mechanism in NRF is closely related to the Client Credentials Flow.
 
-Next, I explain **how to apply the concept of the Client Credentials Flow to NRF** and introduce **`Nnrf_AccessToken Service`** because `Nnrf_AccessToken Service` is closely related to the Client Credentials Flow. 
+Next, I will explain **how to apply the concept of the Client Credentials Flow to NRF** and introduce **`Nnrf_AccessToken Service`**, because `Nnrf_AccessToken Service` is closely related to the Client Credentials Flow. 
 
-Finally, I make **a simple experiment of the authentication mechanism in NRF** and share the environment settings and methods of operation.
+Finally, I will make **a simple experiment of the authentication mechanism in NRF** and share the environment settings and methods of operation.
 
 ## OAuth
-I introduce OAuth before explaining the authentication mechanism in NRF. Regarding the OAuth flow, we can log in to the account through the platform before we want to access an application. After logging in, we agree that an application can limitedly obtain the information of the user on the platform. The application can be LinkedIn, YouTube, etc. The platform can be Google, Facebook, etc.
+Before explaining the authentication mechanism in NRF, I will introduce OAuth. Regarding the OAuth flow, we can log in to the account through the platform before accessing an application. After logging in, we agree that an application can limitedly obtain the information of the user on the platform. The application can be LinkedIn, YouTube, etc. The platform can be Google, Facebook, etc.
 
-The full English name of OAuth is Open standard Authorization. **OAuth** is an **open standard**, and it used to **deal with authorization-related behaviors**. OAuth 2.0 defines four types of the authorization flow. The four types of the authorization flow are:
+The full English name of OAuth is Open standard Authorization. **OAuth** is an **open standard**, and it's used to **deal with authorization-related behaviors**. OAuth 2.0 defines four types of authorization flows. The four types of the authorization flows are:
 
 * Authorization Code
 * Implicit
@@ -19,7 +19,7 @@ The full English name of OAuth is Open standard Authorization. **OAuth** is an *
 
 This article explains the entire authorization of the Client Credentials Flow only, because **the authentication mechanism in NRF adopts the Client Credentials**. 
 
-> If you're interested how authorization mechanism works, please refer to [this article](https://medium.com/%E9%BA%A5%E5%85%8B%E7%9A%84%E5%8D%8A%E8%B7%AF%E5%87%BA%E5%AE%B6%E7%AD%86%E8%A8%98/%E7%AD%86%E8%A8%98-%E8%AA%8D%E8%AD%98-oauth-2-0-%E4%B8%80%E6%AC%A1%E4%BA%86%E8%A7%A3%E5%90%84%E8%A7%92%E8%89%B2-%E5%90%84%E9%A1%9E%E5%9E%8B%E6%B5%81%E7%A8%8B%E7%9A%84%E5%B7%AE%E7%95%B0-c42da83a6015) for more details.
+> If you're interested in how authorization mechanism works, please refer to [this article](https://medium.com/%E9%BA%A5%E5%85%8B%E7%9A%84%E5%8D%8A%E8%B7%AF%E5%87%BA%E5%AE%B6%E7%AD%86%E8%A8%98/%E7%AD%86%E8%A8%98-%E8%AA%8D%E8%AD%98-oauth-2-0-%E4%B8%80%E6%AC%A1%E4%BA%86%E8%A7%A3%E5%90%84%E8%A7%92%E8%89%B2-%E5%90%84%E9%A1%9E%E5%9E%8B%E6%B5%81%E7%A8%8B%E7%9A%84%E5%B7%AE%E7%95%B0-c42da83a6015) for more details.
 
 ## Client Credentials Flow
 ![](./20230802/20230802figure1.png)
@@ -39,7 +39,7 @@ The entire authorization of the Client Credentials Flow can be devided into 3 st
 
 In addition, the Client and the Authorization Server have their own Scope list. The Scope list records a series of the actions. The Client or the Authorization Server is permitted to do the actions for obtaining the user’s name, deleting posts, etc.
 
-I explain how to apply the Client Credentials Flow to NRF after talking about the Client Credentials Flow.
+Below I will explain how to apply the Client Credentials Flow to NRF after talking about the Client Credentials Flow.
 
 ## Client Credentials Flow in NRF
 The Figure 2 and the Figure 3 originate from *the Figure 13.4.1.1-1* and *the Figure 13.4.1.1-2* of the *TS 33.501*. 
@@ -60,7 +60,7 @@ The NF Type can be AMF, SMF, etc. , and the NF Service Name can be `namf-comm`,
 
 NRF verifies the information provided by the NF Service Consumer after it receives the `Nnrf_AccessToken_Get Request`. NRF **generates an Access Token** and **uses the NRF private key to sign on the Access Token** after the verification is successful.
 
-Finally, NRF returns the `Nnrf_AccessToken_Get Response` to the NF Service Consumer. The **NF Service Consumer stores the Access Token within the validity period** after it gets the Access Token. **The services provided by the NF Service Producer are in the Expected NF Service Name.** The NF Service Consumer **don’t need to verify again** when it wants to use the services provided by the NF Service Producer.
+Finally, NRF returns the `Nnrf_AccessToken_Get Response` to the NF Service Consumer. The **NF Service Consumer stores the Access Token within the validity period** after it gets the Access Token. **The services provided by the NF Service Producer are in the Expected NF Service Name.** The NF Service Consumer **doesn’t need to verify again** when it wants to use the services provided by the NF Service Producer.
 
 ![](./20230802/20230802figure3.png)
 <br/>**Figure 3. NF Service Consumer Requesting Service Access with an Access Token**
@@ -69,9 +69,9 @@ The entire flow in Figure 3 is the same as Step 3 in the Figure 1. The role of t
 
 First, the NF Service Consumer sends the `NF Service Request` to the NF Service Producer with the Access Token. Simply put, the NF Service Consumer wants to consume the service provided by the NF Service Producer.
 
-**The NF Service Producer use the NRF public key to verify the signed on the Access Token** after it receives the `NF Service Request`. If the verification is successful, the NF Service Producer will send the `NF Service Response` to the NF Service Consumer.
+**The NF Service Producer uses the NRF public key to verify the signed Access Token** after it receives the `NF Service Request`. If the verification is successful, the NF Service Producer will send the `NF Service Response` to the NF Service Consumer.
 
-I talk about the `Nnrf_AccessToken Service` after explaining how to apply the Client Credentials Flow to NRF.
+Now I will talk about the `Nnrf_AccessToken Service` after explaining how to apply the Client Credentials Flow to NRF.
 
 ## Nnrf_AccessToken Service
 ![](./20230802/20230802figure4.png)
@@ -91,7 +91,7 @@ Definition of type `AccessTokenReq`:
 * `targetNfInstanceId`: The value stores the **ID of the NF Service Producer**.
 * `nfType`: The value stores the **network function name of the NF Service Consumer**. The network function name can be the AMF, SMF, etc. 
 * `targetNfType`: The value stores the **network function name of the NF Service Producer**.
-* `scope`: **It stores the services. The services can be the `namf-comm`, `nsmf-pdusession`, etc.** The NF Service Consumer want to consume the services. The services are provided by the NF Service Producer.
+* `scope`: **It stores the services. The services can be the `namf-comm`, `nsmf-pdusession`, etc.** When the NF Service Consumer requests the services. The services will be provided by the NF Service Producer.
 * `requesterPlmn`: It is mainly used in the **roaming**.
 * `targetPlmn`: It is mainly used in the **roaming**.
 
@@ -194,7 +194,7 @@ The Table 4 is my environment setting. I provide the Table 4 for you. You can re
 ![](./20230802/20230802table4.png)
 <br/>**Table 4. Environment**
 
-You remove the part of the `tls` and add the content of the `cert`, `rootcert` and `oauth` under `sbi` in the `nrfcfg.yaml` before implementing about the Access Token.
+Remove the part of the `tls` and add the content of the `cert`, `rootcert` and `oauth` under `sbi` in the `nrfcfg.yaml` before implementing about the Access Token.
 
 ```yaml
 info:
@@ -230,7 +230,7 @@ logger: # log output setting
 ```
 **nrfcfg.yaml**
 
-You find the `http://127.0.0.10:8000/nnrf-nfm/v1/nf-instances/8f7891b4-b127-4f59-9ec2-b5e6aade5531` in the NRF log, and you get the `8f7891b4-b127-4f59-9ec2-b5e6aade5531`. The `8f7891b4-b127-4f59-9ec2-b5e6aade5531` is the `nfInstanceID`.
+Find the `http://127.0.0.10:8000/nnrf-nfm/v1/nf-instances/8f7891b4-b127-4f59-9ec2-b5e6aade5531` in the NRF log, and you will get the `8f7891b4-b127-4f59-9ec2-b5e6aade5531`. The `8f7891b4-b127-4f59-9ec2-b5e6aade5531` is the `nfInstanceID`.
 
 ```
 2023-08-02T20:07:43.300826205Z [INFO][NRF][NFM] Handle NFRegisterRequest
@@ -240,7 +240,7 @@ You find the `http://127.0.0.10:8000/nnrf-nfm/v1/nf-instances/8f7891b4-b127-4f59
 2023-08-02T20:07:43.325073275Z [INFO][NRF][GIN] | 201 |       127.0.0.1 | PUT     | /nnrf-nfm/v1/nf-instances/8f7891b4-b127-4f59-9ec2-b5e6aade5531 |
 ```
 
-You execute `$curl -X GET {apiRoot}/nnrf-nfm/v1/nf-instances/{nfInstanceID}`, and you obtain the detail information about the `nfInstanceID`. You can see the `nfType` of the `nfInstanceID` is NSSF, and the information about the `nfInstanceID` is used when you implement the Access Token.
+Execute `$curl -X GET {apiRoot}/nnrf-nfm/v1/nf-instances/{nfInstanceID}`, and you will obtain the detail information about the `nfInstanceID`. You can see the `nfType` of the `nfInstanceID` is NSSF, and the information about the `nfInstanceID` is used when you implement the Access Token.
 
 ```
 ubuntu@free5GC:~/free5gc/NFs/nrf$ curl -X GET http://127.0.0.10:8000/nnrf-nfm/v1/nf-instances/8f7891b4-b127-4f59-9ec2-b5e6aade5531
@@ -302,8 +302,11 @@ Finally, you can see 200. 200 means that AUSF sends the `AccessTokenReq` to NRF.
 
 ## Reference
 
-*	https://medium.com/%E9%BA%A5%E5%85%8B%E7%9A%84%E5%8D%8A%E8%B7%AF%E5%87%BA%E5%AE%B6%E7%AD%86%E8%A8%98/%E7%AD%86%E8%A8%98-%E8%AA%8D%E8%AD%98-oauth-2-0-%E4%B8%80%E6%AC%A1%E4%BA%86%E8%A7%A3%E5%90%84%E8%A7%92%E8%89%B2-%E5%90%84%E9%A1%9E%E5%9E%8B%E6%B5%81%E7%A8%8B%E7%9A%84%E5%B7%AE%E7%95%B0-c42da83a6015
+* https://medium.com/%E9%BA%A5%E5%85%8B%E7%9A%84%E5%8D%8A%E8%B7%AF%E5%87%BA%E5%AE%B6%E7%AD%86%E8%A8%98/%E7%AD%86%E8%A8%98-%E8%AA%8D%E8%AD%98-oauth-2-0-%E4%B8%80%E6%AC%A1%E4%BA%86%E8%A7%A3%E5%90%84%E8%A7%92%E8%89%B2-%E5%90%84%E9%A1%9E%E5%9E%8B%E6%B5%81%E7%A8%8B%E7%9A%84%E5%B7%AE%E7%95%B0-c42da83a6015
 * [TS 29.510](https://www.etsi.org/deliver/etsi_ts/129500_129599/129510/15.00.00_60/ts_129510v150000p.pdf)
 * [TS 33.501](https://www.etsi.org/deliver/etsi_ts/133500_133599/133501/15.15.00_60/ts_133501v151500p.pdf)
 * https://blog.techbridge.cc/2019/02/01/linux-curl-command-tutorial/
 * https://github.com/free5gc/free5gc/issues/434
+
+## About
+Hi, my name is Wilson. I am a master’s student. My main area of research is network slicing. In the future, I will introduce more information about 5G. Hope you enjoy it.