LCAF

Location Client Authorization Function

Services
Introduced in R99
A network function within the Location Services (LCS) architecture that authorizes requests from external or internal clients to obtain the location of a mobile device. It verifies the client's identity and checks if it has permission to locate a specific target subscriber, enforcing privacy and security policies.

Description

The Location Client Authorization Function (LCAF) is a critical logical component within the 3GPP Location Services (LCS) architecture, defined initially for GSM and evolved through UMTS and LTE/5G. Its primary role is to act as a gatekeeper for location requests. When an LCS Client (which could be an external application, a value-added service provider, or an internal network service) submits a request to locate a Mobile Station (MS) or User Equipment (UE), the request is routed to the LCAF. The LCAF performs authorization by validating the client's credentials and checking the request against the privacy profile of the target subscriber. The subscriber's privacy profile, often managed by a separate function like the Location Client Privacy Function (LCPF) or GMLC, defines who is allowed to request the subscriber's location and under what conditions (e.g., only in emergencies, only specific clients, time-of-day restrictions).

Operationally, the LCAF interfaces with the Gateway Mobile Location Centre (GMLC), which is the main entry point for external location requests. The LCAF may be co-located with the GMLC or implemented as a separate entity. Upon receiving a location request, the LCAF authenticates the LCS Client using identifiers like Client ID and passwords, or more advanced certificates in later releases. It then retrieves the target subscriber's privacy settings from the Home Location Register (HLR) or Home Subscriber Server (HSS). Based on this check, the LCAF either grants authorization, denies it, or may apply specific limitations (e.g., provide only approximate location). If authorized, the request is forwarded to the appropriate network elements (e.g., MSC, SGSN, MME, or AMF) to initiate the positioning procedure with the radio access network.

The LCAF is essential for complying with legal and regulatory requirements for user privacy, such as the EU's GDPR or regional telecom regulations. It ensures that a user's location—a highly sensitive piece of personal data—is not disclosed without proper consent or legal authority. In the evolved architecture for 5G, location services are defined in the Service-Based Architecture (SBA) context, with the Network Exposure Function (NEF) often acting as the gateway for external applications. The authorization principles of the LCAF are embedded within the NEF's capabilities, where the NEF authenticates and authorizes Application Functions (AFs) requesting location information, checking policies stored in the Unified Data Repository (UDR). This evolution maintains the core LCAF principle of client authorization within a modern cloud-native framework.

Purpose & Motivation

The LCAF was created to address the fundamental privacy and security challenges inherent in providing network-based location services. When mobile operators first deployed services like E-911 in the US or similar emergency services elsewhere, they needed a mechanism to allow authorized emergency services to locate callers while preventing unauthorized tracking by other entities. Beyond emergencies, commercial location-based services (LBS) like fleet management, friend-finder apps, and location-based advertising emerged, creating a need for a standardized way to manage client access. Without the LCAF, there would be no standardized, secure method to control which clients can request location data, leading to potential privacy violations and regulatory non-compliance.

Its introduction, dating back to the GSM era (R99), solved the problem of how to open up the network's location capability to third parties in a controlled manner. Prior informal methods were insecure and non-scalable. The LCAF established a formalized authorization layer that separates the client request from the positioning technology itself. This allows operators to enforce subscriber privacy preferences (opt-in/opt-out), meet lawful intercept requirements, and create commercial frameworks for LCS. It enabled the growth of the entire LBS ecosystem by providing a trusted, standardized interface that assured subscribers their location data would be protected according to their wishes and the law.

Key Features

  • Authenticates LCS Clients using standardized credentials
  • Evaluates requests against subscriber privacy profiles from HLR/HSS
  • Enforces location service authorization policies
  • Can be integrated with the Gateway Mobile Location Centre (GMLC)
  • Supports differentiation between emergency, value-added, and internal clients
  • Provides authorization results (grant, deny, restrict) to the LCS system

Evolution Across Releases

R99 Initial

Introduced the Location Client Authorization Function as a core component of the GSM/UMTS Location Services (LCS) architecture. Defined its role in authorizing external LCS Client requests by verifying client identity and checking against the target Mobile Station's privacy settings stored in the HLR.

TS 03.071TS 23.171TS 23.271
Rel-15

The functional principles of the LCAF were absorbed and evolved within the 5G Service-Based Architecture. The Network Exposure Function (NEF) now performs the client authorization role for location services, authenticating and authorizing Application Functions (AFs) using policies and subscriber data from the Unified Data Repository (UDR), aligning with modern API-based exposure and cloud-native principles.

TS 03.071TS 23.171TS 23.271

Defining Specifications

SpecificationTitle
TS 03.071 3GPP TR 03.071
TS 23.171 3GPP TS 23.171
TS 23.271 3GPP TS 23.271