Abstract: A method for over-the-top, OTT, management in a communication network is presented. The method is performed in a packet data network gateway, PGW. The method comprises receiving (S200) a request for an application network interaction protocol, ANIP, service from an application client, sending (S210) the received request to a global ANIP server, wherein the request is extended with a public land mobile network, PLMN, identity, receiving (S220) an address to a local ANIP server from the global ANIP server, and sending (S230) the received address to the local ANIP server to the Send request for application client. Methods, a PGW, an application client, an ANIP server, computer programs, and a ANIP service computer program product for OTT management in a communication network are also presented.

Abstract: A method for over-the-top (OTT) management in a communication network is presented. The method is performed in an application client. The method comprises sending a request for activation of a policy for an application network interaction protocol (ANIP) service to a packet data network gateway (PGW) wherein the request indicates an address to a local ANIP server; receiving a set of rules related to the requested activation of the policy from the PGW, wherein the set of rules are defined for a packet data network (PDN) session applicable for the ANIP service; and communicating over the communication network based on the received set of rules. Methods, application clients, PGWs, ANIP servers, computer programs, and a computer program for OTT management in a communication network are also presented.

Abstract: A method performed by a communication device in a network comprising mobile networks operated by mobile network operators, MNOs, is provided. The method includes signaling to a first server to discover a second server having information about a public land mobile network identifier and a network service of a MNO. The second server has a first fully qualified domain name, FQDN, pointing to a provider domain. The method further includes receiving a response including a resolution or a redirection of the FQDN; signaling to discover the information about the network service; and receiving a response from the second server including a first identification of the information about the network service of the MNO or a second identification that the network service is not available. Corresponding methods performed by a first server and a second server are also provided.

Abstract: A method and apparatus for device authentication and authorisation, wherein the method comprises: receiving, at an authentication and authorisation node, a device authorisation request comprising identity information for an application executed by a device and a first application specific container containing application specific information; identifying, using the device authorisation request, the application to which the request relates, and checking the authorisation status of the application; if the application is for use, transmitting an authorisation approval, the authorisation approval comprising the first application specific container containing application specific information.

Abstract: A method performed by a communication device in a network comprising mobile networks operated by mobile network operators, MNOs, is provided. The method includes signaling to a first server to discover a second server having information about a public land mobile network identifier and a network service of a MNO. The second server has a first fully qualified domain name, FQDN, pointing to a provider domain. The method further includes receiving a response including a resolution or a redirection of the FQDN; signaling to discover the information about the network service; and receiving a response from the second server including a first identification of the information about the network service of the MNO or a second identification that the network service is not available. Corresponding methods performed by a first server and a second server are also provided.

Abstract: A method performed by a communication device in a network comprising mobile networks operated by mobile network operators, MNs, is provided. The method includes signaling to a first server to discover a second server having information about a public land mobile network identifier and a network service of a MNO. The second server has a first fully qualified domain name, FQDN, pointing to a provider domain. The method further includes receiving a response including a resolution or a redirection of the FQDN; signaling to discover the information about the network service; and receiving a response from the second server including a first identification of the information about the network service of the MNO or a second identification that the network service is not available. Corresponding methods performed by a first server and a second server are also provided.

Abstract: A method and apparatus for device authentication and authorisation, wherein the method comprises: receiving, at an authentication and authorisation node, a device authorisation request comprising identity information for an application executed by a device and a first application specific container containing application specific information; identifying, using the device authorisation request, the application to which the request relates, and checking the authorisation status of the application; if the application is for use, transmitting an authorisation approval, the authorisation approval comprising the first application specific container containing application specific information.

Abstract: A method for over-the-top (OTT) management in a communication network is presented. The method is performed in an application client. The method comprises sending a request for activation of a policy for an application network interaction protocol (ANIP) service to a packet data network gateway (PGW) wherein the request indicates an address to a local ANIP server; receiving a set of rules related to the requested activation of the policy from the PGW, wherein the set of rules are defined for a packet data network (PDN) session applicable for the ANIP service; and communicating over the communication network based on the received set of rules. Methods, application clients, PGWs, ANIP servers, computer programs, and a computer program for OTT management in a communication network are also presented.

Abstract: A method for over-the-top, OTT, management in a communication network is presented. The method is performed in a packet data network gateway, PGW. The method comprises receiving (S200) a request for an application network interaction protocol, ANIP, service from an application client, sending (S210) the received request to a global ANIP server, wherein the request is extended with a public land mobile network, PLMN, identity, receiving (S220) an address to a local ANIP server from the global ANIP server, and sending (S230) the received address to the local ANIP server to the Send request for application client. Methods, a PGW, an application client, an ANIP server, computer programs, and a ANIP service computer program product for OTT management in a communication network are also presented.

Abstract: A node in a first network domain and a method performed thereby for transmitting a data packet to a VPN client in a second network domain, the node and the VPN client being part of a VPN, wherein the first and second network domain are connected by means of a third network domain are provided. The method comprises receiving, from an application server, a first packet comprising a first IP header and a payload; and determining a DCSP. The method further comprises adding a second header comprising the determined DCSP and an IP address of a VPN client resulting in a second packet and encrypting the second packet. Further the method comprises adding a third header to the encrypted second packet resulting in a third packet, the third header comprising a destination address of a node in the second network domain, and transmitting the third packet in an IP tunnel terminating at the node in the second network domain.

Abstract: A node in a first network domain and a method performed thereby for transmitting a data packet to a VPN client in a second network domain, the node and the VPN client being part of a VPN, wherein the first and second network domain are connected by means of a third network domain are provided. The method comprises receiving, from an application server, a first packet comprising a first IP header and a payload; and determining a DCSP. The method further comprises adding a second header comprising the determined DCSP and an IP address of a VPN client resulting in a second packet and encrypting the second packet. Further the method comprises adding a third header to the encrypted second packet resulting in a third packet, the third header comprising a destination address of a node in the second network domain, and transmitting the third packet in an IP tunnel terminating at the node in the second network domain.