SyncML®: Synchronizing and Managing Your Mobile Data By Uwe Hansmann, Riku Mettälä, Apratim Purakayastha, Peter Thompson, Phillipe Kahn
Table of Contents
Chapter 8. Security and Authentication
SyncML has taken the viewpoint that it is preferable to have security handled at the transport layer and authentication at the SyncML Representation layer.
There is no point in creating new secure transports when the best minds in the world are busy working to ensure that the current transports are secure. For example, the secure HTTP (HTTPS) protocol is in use worldwide and is under constant scrutiny to make sure it remains secure.
Of the three transports currently supported within SyncML, HTTP [SHB02] and WSP [SWB02] provide explicit extensions for secure transport (HTTPS [RFC2817] and WTLS [WTLS01]). OBEX [OBEX99] is already a fairly secure transport, as it uses one-to-one media such as RS-232 or IrDA®. Security when using OBEX over Bluetooth [BlIR01] is handled similarly to WSP.
Regardless of the transport used, secure transport guarantees the following:
A secure "tunnel" between the client and the server exists, disallowing eavesdropping.
The data is unaltered between the client and the server.