Next generation mobile networks are poised to transition from monolithic structures owned and operated by single mobile network operators into multi-stakeholder networks where various parties contribute with infrastructure, resources, and services. However, a federation of networks and services brings along a crucial challenge: Guaranteeing secure and trustworthy access control among network entities of different administrative domains. This paper introduces a novel technical concept and a prototype, outlining and implementing a 5G Service-Based Architecture that utilizes Decentralized Identifiers and Verifiable Credentials instead of traditional X.509 certificates and OAuth2.0 access tokens to authenticate and authorize network functions among each other across administrative domains. This decentralized approach to identity and permission management for network functions reduces the risk of single points of failure associated with centralized public key infrastructures. It unifies access control mechanisms and lays the groundwork for lesser complex and more trustful cross-domain key management for highly collaborative network functions in a multi-party Service-Based Architecture of 6G.

翻译：下一代移动网络正从单一移动网络运营商拥有和运营的单体结构，向多方贡献基础设施、资源和服务的多利益攸关方网络转型。然而，网络与服务的联邦化带来一项关键挑战：如何确保不同管理域网络实体间安全可信的访问控制。本文提出了一种新颖的技术概念与原型，设计并实现了一种基于5G服务架构的方案——利用去中心化标识符与可验证凭证替代传统X.509证书和OAuth2.0访问令牌，实现跨管理域网络功能间的身份认证与授权。这种面向网络功能的去中心化身份与权限管理方法，降低了集中式公钥基础设施引发的单点故障风险。它统一了访问控制机制，为6G多方服务架构中高度协作的网络功能奠定了更简单、更可信的跨域密钥管理基础。