# Summary of S4-260190: Considerations on Security Aspects for Avatar Phase 2

## Document Overview
This contribution from Nokia addresses security-related gaps in the Rel-20 study item FS_Avatar_Ph2_MED, specifically focusing on security mechanisms for Avatar communications in 3GPP systems.

## Background and Context

### Study Item Scope
The Rel-20 SID FS_Avatar_Ph2_MED (approved at SA#110, December 2025) aims to address gaps from previous work and resolve open points identified in TS 26.264 Rel-19. Objective 6 specifically mandates collaboration with SA3 to study security implications including:
- Identification and authentication (including schemes for Avatar-related APIs)
- Privacy preservation
- Content protection (e.g., watermarking and DRM)
- Secure distribution mechanisms for Avatar data

### Current Status in Specifications

**TS 26.264 Gaps:**
- No dedicated security clause exists
- Clause 5.6.2.2 NOTE 2 identifies content protection aspects as FFS

**TR 26.813 Coverage:**
- Clause 8 describes Access Protection mechanisms for BAR API
- Clause 9 addresses security and privacy aspects
- However, no exploration of how these methods apply to Avatar calls in 3GPP systems
- Conclusion acknowledges need for robust authentication, encryption, and DRM mechanisms with further SA3 collaboration

**TS 33.328 Limitations:**
- New Annex R (Rel-19) specifies security for IMS avatar communication
- Covers procedures to prevent UE from providing unauthorized Avatar IDs
- Covers authorization for avatar downloads from BAR
- **Does not cover** security controls to prevent sending UE from using fake avatar representations not belonging to the user

## Key Observations

- The Rapporteur's base CR (S4aV260006, presented at 27 January 2026 SA4 Video SWG telco) does not address Objective 6
- Security aspects remain critical for avatar communications and require dedicated study
- Collaboration with SA3 is necessary for appropriate solutions

## Technical Proposal

The contribution proposes adding a new sub-clause (suggested as 8.3.4) to the base CR for TR 26.813, specifically under Clause 8 (Avatar integration into 3GPP services and enablers). This new sub-clause should:

- Be dedicated to addressing security aspects
- Focus primarily on security mechanisms and solutions for Avatar calls via the generalized IMS DC architecture
- Cover authentication, encryption, and content protection mechanisms