Rating: 7.5 / 10
(Vision: 9/10, Implementation Maturity: 6/10)
Verdict: Adopt if you are a consortium of telcos or neutral hosts. Avoid if you are a single enterprise building a private edge. gsma fs.38
FS.38 is the most sophisticated attempt yet to create the "roaming" for edge computing (similar to what SS7 did for voice). However, it currently solves the technical problem of federation better than the commercial problem of federation. Expect widespread deployment only when cross-operator billing standards are added in a future release (FS.38.2). For now, it is excellent for reference architecture but requires heavy customization for production. Rating: 7
Where FS.38 excels:
| Feature | GSMA FS.38 | ETSI MEC (Multi-access Edge Compute) | LF Edge (OpenHorizon) | | :--- | :--- | :--- | :--- | | Primary Focus | Federated trust & roaming | Network integration (UPF, RAN) | Device & software management | | Inter-Provider | Excellent (Built for roaming) | Poor (Single operator only) | Moderate (Requires custom adapters) | | Maturity | Spec v1.0 (2023) | Commercial deployments (v2.x) | Mature (IBM origin) | | Best Use Case | Cross-operator edge roaming | Single operator / on-prem edge | Large-scale device fleets | However, it currently solves the technical problem of
The next revision of GSMA FS.38 (expected 2025/2026) will likely include:
| # | Control | Description | |---|---|---| | 8 | Authentication & Authorization | The device must uniquely authenticate to the network and any application server. Use of GSMA’s IoT SAFE (SIM Applet for Secure End-2-End Communication) is recommended. | | 9 | Resilience Against Input Attacks | Input validation to prevent buffer overflows, injection attacks, or malformed packet crashes. | | 10 | Wireless Interface Security | For Bluetooth, Wi-Fi, or LoRa interfaces, implement least-privilege pairing and disable insecure legacy modes (e.g., WPA2-PSK with weak passphrases). | | 11 | Privacy Controls | Minimize data collection. Ensure user consent is obtained. Use anonymization or pseudonymization where personally identifiable information (PII) is transmitted. |