Determining Trust

The idea of a trusted MIDlet suite implies that untrusted MIDlet suites might also be available to be installed on the device. MIDP implementations need to determine whether a MIDlet is trusted or untrusted.

MIDP Implementors

Recommend: Java graphics bulb2_icon.gif Work with operators to decide how your MIDP implementation will determine whether a MIDlet suite is trusted. For example, you might use X.509 PKI, as described in the MIDP 2.0 Specification [19], or perhaps only MIDlets from the operator's web site will be trusted, and so on.

Because the MIDP 1.0 and MIDP 2.0 security models differ (for example, X.509 PKI was not part of the MIDP 1.0 security model, so those MIDlet suites would not be signed), MIDP 2.0 implementations need to fit MIDP 1.0 apps into their security models. The implementations must be able to run MIDP 1.0 MIDlet suites as untrusted apps.

Strongly Recommend: Java graphics bulb1_icon.gif Your MIDP implementation must be able to run MIDP 1.0 MIDlets as untrusted apps