Skip to main content
Sign In |
  Help (new window)
 

BONDI

Go Search
Home
BONDI Bugs
Website Bugs
Widget Gallery
Policy Library
  
BONDI > BWiki > Architecture and Security  

Architecture and Security

View All Site Content

Recent Changes

Defining the Technical Back-bone of BONDI

At the heart of BONDI is the concept that users should be able to surf in safety. Whilst giving people web access to cool features on the phone, access to sensitive device APIs exposes users to an increased risk of malware and existing threats from the web.

Why is Security Necessary?

Creating a solution that can be used across many different operating systems and platforms solves a lot of problems for developers and users but could create the perfect storm for them too. The mobile industry has had many security successes, particularly through the effective use of application signing and application security frameworks. One of the factors that has helped has been the number of open platforms and the subsequent fragmentation. For the low incidents of malware that have occurred, these could have been much worse had they been able to hit a larger base of handsets. The motivation for creating malware will increase with the introduction of BONDI, not just because of the large number of handsets that could be hit, but because of the functions that could be accessed. Existing dialler and messaging frauds could be transferred to web applications making fraudsters millions. It is for these reasons that OMTP have pushed for users to have increased security when using the mobile web, whilst still enjoying the great features that will be enabled.

About the Architecture

The architecture of BONDI is designed to be secure for the user, but also flexible so that the user can choose which security policy they want to apply. Descriptions of the terminology used are available in the public A&S documentation which can be found here.

The main areas of architecture are:

  • Application Delivery: deploying and provisioning of content, discovery and packaging
  • API Access: the architecture for enabling access to JavaScript APIs
  • Security Framework for API Access: the detail of the security framework
  • Security Policy Management: how to manage the functionality of BONDI

The Architecture and Security requirements list are their status in the Reference Implementation can be found here.

Task Leads

The work is being chaired by Paddy Byers (Aplix). The OMTP office contact for this task is David Rogers.

Last modified at 15/11/2011 14:30  by System Account