IEF

Identity Event Function

Security →
Introduced in Rel-16

IEF is a 5G network function that acts as a trusted intermediary for secure, privacy-preserving identity verification between an Identity Provider and a Relying Party.

Category
Security
Introduced
Rel-16
Where
Core Network › 5G Core
Specifications
2 specs
IEF Description Purpose Detected Changes Specifications

Description

The Identity Event Function (IEF) is a core component of the 3GPP identity management and authentication framework, standardized from Release 16 onwards. It operates as a service within the 5G system architecture, specifically defined for facilitating secure and privacy-enhanced identity verification transactions. The IEF's primary role is to mediate between a Relying Party (RP)—an entity that requires verification of a user's attributes (like age or membership status)—and an Identity Provider (IdP), which holds the user's identity information. It does so by processing identity events, which are requests for verification of specific user attributes or credentials.

Architecturally, the IEF is defined as a network function with a service-based interface, typically the Nidf_IdentityEventManagement service. It interacts with the User Equipment (UE), the Relying Party, and the Identity Provider. The workflow begins when a Relying Party, needing to verify a user attribute, sends an Identity Event Request to the IEF. The IEF then communicates with the UE (via the user) to obtain consent and necessary credentials. It may also interact with the IdP to validate these credentials. Crucially, the IEF ensures minimal disclosure; it only confirms whether the user's attributes satisfy the RP's policy (e.g., "user is over 18") without revealing the actual attribute value or other personal data. This is achieved through token-based mechanisms and cryptographic protocols.

The IEF is a key enabler for 3GPP's vision of the mobile network as a trusted platform for digital identity. It leverages the inherent security of the 3GPP subscription (e.g., the SIM/USIM) and the network's authentication infrastructure. By providing a standardized, network-based function for identity verification, it allows service providers (RPs) to outsource complex identity checks to the operator's network in a compliant and interoperable manner. This is detailed in specifications 33.127 and 33.128, which cover the security framework and protocols for identity event management. The IEF supports various credential formats and can work with both 3GPP (e.g., 3GPP credential) and non-3GPP identity providers.

Purpose & Motivation

The IEF was created to address the growing need for secure, user-consent-driven, and privacy-preserving digital identity verification in online services. Prior to its introduction, identity verification often involved users directly sharing sensitive personal data (like scans of ID documents) with numerous online Relying Parties, creating significant privacy risks and data breach vulnerabilities. There was no standardized, network-level function to facilitate minimal disclosure of attributes. The motivation stemmed from regulations like GDPR, which emphasize data minimization and user consent, and from the industry need to combat fraud while improving user experience.

Historically, identity management was fragmented, with proprietary solutions or reliance on social login providers that could track user activity across services. The 3GPP IEF provides a carrier-grade, standardized alternative that leverages the mobile operator's trusted role and existing customer verification processes (Know Your Customer). It solves the problem of how to prove aspects of one's identity without revealing the entire identity, a concept known as verifiable credentials or selective disclosure. By creating a dedicated function within the 5G architecture, 3GPP enables mobile networks to offer identity-as-a-service, opening new revenue streams for operators while providing users with greater control and privacy.

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (18 CRs across 4 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Rel-16 4 changes

In Release 16, the specifications for the Identity Event Function (IEF) were enhanced with corrections and clarifications for identifier association reporting. Specifically, this included fixes and clarifications for its role in providing events to the Identifier Caching Function (ICF) over the LI_XER interface and for its management by the LICF via the LI_XEM1 interface. These updates also covered the IEF's involvement in lawful interception query procedures, such as those handled by the IQF over the LI_HIQR interface.

  • Clarification of LMF and GMLC Event Reporting at the AMF TS 33.127CR0091
  • Fixing Target Identity Extensions TS 33.128CR0150
  • Identity Association Corrections TS 33.128CR0157
  • Identity Association correction and clarification LI_HIQR and LI_XQR TS 33.128CR0160
Rel-17 3 changes

In Release 17, the specification introduced clarifications and corrections for the Identity Event Function (IEF) to ensure consistent terminology, distinguishing it from the ICF and IQF, and to rectify inconsistent use of "identity" versus "identifier." Furthermore, the definition of the `IdentityAssociationTargetIdentifier` parameter was enhanced by adding a missing "Owner" field, and the management of IEF activation states by the LICF over the LI_XEM1 interface was explicitly detailed.

  • Inconsistent use of IEF, ICF and IQF terminology TS 33.127CR0165
  • Inconsistent use of the terms "identity" and "identifier" in context with the topic "identifier association" TS 33.128CR0336
  • Missing "Owner" field in the IdentityAssociationTargetIdentifier parameter definition TS 33.128CR0295
Rel-18 9 changes

In Release 18, the IEF (Identity Event Function) saw enhancements including the introduction of new IRI events for reporting PDN Connection events from a combined SMF+PGW-C and the support for location reporting for Identity Association Records. Furthermore, the release aligned event reporting between network functions like the MME and AMF and introduced an option in the LI_HIQR interface to handle identity association requests without the ObservedTime parameter.

  • IRI Events for reporting PDN Connection events from the combined SMF+PGW-C TS 33.128CR0373
  • Location Reporting for Identity Association Record TS 33.128CR0376
  • LI_HIQR: Adding option to support P2T identity association requests without ObservedTime parameter TS 33.128CR0614
  • Alignment of events reported out of the MME with AMF events TS 33.127CR0226
  • Alignment of 33.127 and 33.128 AMF IRI Events TS 33.127CR0230
  • Correction to have a proper reference to the list of events TS 33.128CR0660

+ 3 more changes

Rel-19 2 changes

In Release 19, the IEF (Identity Event Function) was enhanced to ensure the GPSI (Generic Public Subscription Identifier) is included within its event parameters, correcting a previous omission at the architectural Stage 2 level. Additionally, updates were made to provide proper normative references to the defined list of events that the IEF reports to the Identifier Caching Function (ICF) over the LI_XER interface.

  • GPSI Missing from IEF Event Parameters at Stage 2 TS 33.127CR0258
  • Correction to have a proper reference to the list of events TS 33.128CR0662

Explore further

Broader topics and technologies where IEF plays a role.

Topics
SON (Self-Organizing Networks)Authentication (5G-AKA, EAP)Encryption & IntegrityPrivacy (SUPI, SUCI)MEC (Edge Computing)LTE / LTE-Advanced
Technologies
LTE5G

Defining Specifications

3GPP specifications that define or reference IEF, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 33.127 vj50 Lawful Interception Architecture and Functions Rel-19
TS 33.128 vj50 3GPP TS 33.128: Lawful Interception Protocols Rel-19