Revision as of 02:59, 31 March 2007 by hartti (Talk | contribs)

Java Security Domains

From Nokia Developer Wiki
Jump to: navigation, search

MIDP 2.0 specification defines 4 security domains the MIDlet can be installed

  • third party protection domain (untrusted 3rd party)
  • identified third party protection domain (trusted 3rd party)
  • operator protection domain
  • manufacturer protection domain

Each of the protection domains have certain level of access to the protected (sensitive APIs). The access rights are grouped to a funtion groups:

  • Net access (MIDP spec also defines low-level net access, but this has been combined on many phones to the Net access function group)
  • Messaging (MIDP spec alse defines restricted messaging)
  • Application auto-start
  • Local connectivity
  • Multimedia recording
  • Read user data (including files and PIM)
  • Write/Edit user data (including files and PIM)
  • Location
  • Landmark store
  • Smart card communication
  • Authenticaton
  • Call control
  • Phone call

The Java specifications include a number of versions for the available API access rights

A MIDlet which has not been signed will be placed in the untrusted domain, which has most restrictions for accessing certain APIs. If the MIDlet has been signed and the corresponding certificate is stored in the certificate store of the phone, the MIDlet will be placed in the protection domain to which the certificate has been tied to. (There are some complex checks which are done at the installation time, please see the MIDP 2 specification for more info.

If your application passes Java Verified testing, it will be signed with UTI root certificate, which will place your MIDlet to trusted 3rd party domain. Other common certificates placing your MIDlet to trusted 3rd party domain are available from:

  • Thawte
  • Verisign

As the MIDP spec security domain policy is just a recommendation, some operators have defined their own security domains and API access rights. These include

  • AT&T (Cingular)
  • China Unicom
  • Hutchinson 3G
  • Sprint
  • T-Mobile U.S.

Also the generic phones have different versions of the API access rights implemented.

649 page views in the last 30 days.

Was this page helpful?

Your feedback about this content is important. Let us know what you think.


Thank you!

We appreciate your feedback.