Beyond Certificates: 6G-ready Access Control for the Service-Based Architecture with Decentralized Identifiers and Verifiable Credentials

In 6G, mobile networks are poised to transition from monolithic structures owned and operated by single mobile network operators into multi-stakeholder networks where various parties contribute with infrastructure, resources, and services. This shift brings forth a critical challenge: Ensuring secure and trustful cross-domain access control. This paper introduces a novel technical concept and a prototype, outlining and implementing a 5G Service-based Architecture that utilizes Decentralized Identifiers and Verifiable Credentials to authenticate and authorize network functions among each other rather than relying on traditional X.509 certificates or OAuth2.0 access tokens. This decentralized approach to identity and permission management for network functions in 6G reduces the risk of a single point of failure associated with centralized public key infrastructures, unifies access control mechanisms, and paves the way for lesser complex and more trustful cross-domain key management for highly collaborative network functions of a future Service-based Architecture in 6G.