"This Recommendation provides authentication and authorization requirements for next generation networks (NGN) based on [ITU-T Y.2012]. This includes requirements for authentication and authorization across the user-to-network interface (UNI)@ the network-to-network interface (NNI) and the application-to-network interface (ANI) as well as any entities internally with a network that may require authentication and authorization. The scope of this Recommendation includes: 1) Authentication and authorization of user for network access (e.g.@ authentication and authorization of an end user device@ a home network gateway@ or an enterprise gateway to obtain access or attachment to the network) 2) Service provider authentication and authorization of user for access to service/application (e.g.@ authentication and authorization of a user@ a device or a combined user/device where the authentication and authorization apply to NGN service/application access) 3) User authentication and authorization of Network (e.g.@ user authenticating the identity of the connected NGN network or of the service provider) 4) User peer-to-peer authentication and authorization (e.g.@ authentication and authorization of the called user (or terminating entity)@ authentication and authorization of the originating entity@ or data origin authentication as network functions) 5) Mutual network authentication and authorization (e.g.@ authentication and authorization across NNI interface at the transport level@ or service/application level) 6) Authentication and authorization of service/application provider 7) Use of 3rd party authentication and authorization service 8) Authentication of objects (e.g.@ application process@ message content and data content identifiers). The items above include authentication of flows of the signalling@ bearer and management traffic as applicable. In addition@ this Recommendation also provides reference models for NGN authentication and authorization. NOTE 1 ?C NGN authentication and authorization is viewed as part of the broader topic of NGN identity management (IdM). Specifically@ the authentication and authorization functions and capabilities described in this Recommendation should be used to support identity assurance capabilities for NGN IdM. NOTE 2 ?C In this Recommendation@ the use of the term ""user"" is not intended to be restricted to a person. A user could be a person@ groups@ companies@ or juridical entities. NOTE 3 ?C Authentication of an entity is not intended to indicate positive validation of a person."