Third Party Authorized Entity

Description

The Third Party Authorized Entity (TPAE) is a security and architectural concept introduced in 3GPP Release 17, primarily within the framework of service enabler architecture layer (SEAL) and network exposure. It represents an external application provider or service entity that has been granted explicit authorization by a mobile network operator (MNO) or a network function (like the Network Exposure Function - NEF) to access certain network capabilities, APIs, or user-related data. The TPAE is not part of the 3GPP network trust domain but operates in a trusted relationship established through formal authorization processes. Its identity and permissions are validated before any interaction, ensuring that third-party access is controlled, auditable, and compliant with regulatory requirements like GDPR.

Architecturally, the TPAE interfaces with the 3GPP core network, typically through the NEF in the 5G core (5GC). The NEF acts as a secure gateway and policy enforcement point, exposing network APIs (e.g., Nnef services) to authorized external entities. The TPAE must authenticate itself using credentials (like certificates) and is assigned specific scopes of access based on its authorization. These scopes define which network functions it can invoke, what data it can request (e.g., location information, quality of service adjustments), and under what conditions. The TPAE's requests are subject to policy controls, including user consent verification, rate limiting, and charging, which are enforced by the NEF and other policy control functions (PCF).

Key components involved with TPAE operation include the NEF, which manages the exposure and security; the Unified Data Management (UDM) or Authentication Server Function (AUSF), which may assist in authentication; and the PCF, which provides policy rules. The TPAE itself is characterized by its application identity, security credentials, and the authorized service profile. Its role is critical for enabling innovative services like edge computing applications, where a third-party edge application provider needs low-latency access to user plane functions, or IoT verticals that require real-time device status. By formalizing the TPAE concept, 3GPP provides a standardized, secure model for third-party integration, moving beyond ad-hoc interfaces to a managed ecosystem that protects network integrity and user privacy.

Purpose & Motivation

The TPAE was created to address the growing demand for secure and standardized third-party access to 5G network capabilities. Historically, service providers outside the operator's domain had limited or proprietary ways to interact with the network, often requiring complex bilateral agreements and custom integrations, which hindered innovation and scalability. With the rise of edge computing, IoT, and network slicing, there was a clear need for a controlled mechanism to allow external entities to leverage network functions—such as quality of service management, location services, or event monitoring—without compromising security or operational control.

This concept solves the problem of how to safely open up the network to a broader ecosystem of application developers and vertical industries while maintaining the operator's authority over their assets. It establishes a trust framework where third parties can be authenticated, authorized, and audited, ensuring that access is granted only for intended purposes and in compliance with user consent and data protection regulations. The TPAE model enables new business models, such as network-as-a-service, by providing a clear technical and procedural foundation for third-party partnerships, thereby fostering an open innovation environment in the 5G era.