Previous Next |
Installing a MIDlet SuiteOne of the first places a user encounters security issues is during MIDlet suite installation. At a minimum, the user should always be presented with the trust level of the MIDlet suite before the suite is installed, as shown in Screenshot. In addition, the MIDlet must be assigned to a protection domain and, depending on the needs of the MIDlet suite and the protection domain's permissions, the user may be asked to grant permissions during the installation. Screenshot Trust Level on Confirmation Screen during InstallationCommunicating a MIDlet Suite's Level of TrustA user should be asked for confirmation before a MIDlet suite is installed. This would typically be done after the JAD file is downloaded but before the JAR file is downloaded. In MIDP 2.0, the Confirmation screen should also include any information on the trust level of the MIDlet suite. One place that trust information can be found is in any certificate used to sign the MIDlet suite. Screenshot shows a mock-up of a Confirmation screen with some security information. MIDP Implementors
Authenticating a MIDlet under a Protection DomainDuring installation, a MIDlet suite authenticates under a particular protection domain. That is, each protection domain has a different entry criterion. One protection domain might be for MIDlets signed by a particular entity, another might be for MIDlets from a particular web site, and so on. A MIDlet that meets the entry criterion for a domain is said to authenticate under that protection domain. MIDlets that cannot authenticate under any of the device's trusted protection domains (but have no other problems with their MIDlet suite packaging and could otherwise be installed) are assigned to the untrusted protection domain. MIDP Implementors
Protection domains may not be an issue for MIDlet suites that do not use protected functions. These MIDlet suites can run in the same way whether they are in a trusted or an untrusted domain. Other MIDlet suites, though, must be installed in a domain that can grant them access to the protected functions they require. app Developers
AuthorizationTrying to grant permissions, whether by the device or the user, is called authorization. If permission is granted, it is a successful authorization. One of the times that a MIDlet suite is authorized is during installation. If the authorization is not successful, the MIDlet cannot be installed. Authorization during the installation process occurs after the MIDlet suite is authenticated under a domain. The MIDP implementation can then check the permissions requested by the MIDlet suite against the permissions that the protection domain could grant. So that it can be authorized, a MIDlet suite should specify its needs for protected APIs in its JAR manifest or JAD file. (See Programming Wireless Devices with the Java 2 Platform, Micro version [17] for more information on these files.) In these files, a MIDlet suite can specify that certain permissions are required and that others, while nice to have, are not required. app Developers
MIDP Implementors
|
Previous Next |