Be the first to like this
ISSE - Information Security Solutions Europe. London (London, 2001)
SSL/TLS, X509v3, PKIX, PKCS#7/11 and WTLS, WPKI, WMLSCrypt, WIM; many buzzwords come along with security technologies for E- and M-Business. Their diversity appears to create a general impression that different means of service provision such as Web and WAP lead to distinct security architectures.
From a business process owner point-of-view, different service provision technologies – e.g. supplying classical Web-based or emerging wireless services – are often means to deliver the same business process. From this perspective, the security architecture complexity should correlate with the diversity of provided business services rather than the diversity of service provisioning means.
Emerging mobile network technologies such as GPRS and UMTS as well as continuously improving handset capabilities are likely to cause the alignment of WAP approaches towards Web technologies. Thus, security architectures that exploit synergies are important to protect investments.
This contribution examines the question whether and to which extend unified security architectures for Web and WAP are possible. An emphasis is being laid on infrastructure aspects such as PKI and security token as well as network access systems. Unified security architectures that deviate only on a need-to basis are encouraged.