Untrusted MIDlet Suites). Finally, if a signed MIDlet fails authentication
or authorization, it does not run as an untrusted MIDlet, but rather is not
installed by the AMS. For more information on the security model, see
the MIDP specification.
2.5.9 Recommended Security Policy
The Recommended Security Policy defines a set of three protection
domains (Manufacturer, Operator and Trusted Third Party) to which
trusted MIDlet suites can be bound (and which a compliant device may
For a trusted domain to be enabled, there must be a certificate on
the device, or on a WIM/SIM, identified as a trust root for MIDlet
suites in that domain, i.e. if a signed MIDlet suite can be authenticated
using that trust root it will be bound to that domain. For example,
to enable the Manufacturer protection domain, the manufacturer must
place a certificate on the device. This is identified as the trust root for
the Manufacturer domain. A signed MIDlet suite will be bound to the
Operator domain if it can be authenticated using a certificate found on
the WIM/SIM and identified as a trust root for the Operator domain. A
signed MIDlet suite will be bound to the Trusted Third Party protection
domain if it can be authenticated using a certificate found on the device
or on a WIM/SIM and identified as a trust root for the Trusted Third Party
protection domain. Verisign and Thawte code-signing certificates usually
fit the latter situation.
As already mentioned, the recommended security policy is not a
mandatory requirement for an MIDP 2.0-compliant device. An imple-
mentation does not have to support the RSP in order to install signed
MIDlet suites; it simply has to implement the MIDP security model and
support at least one trusted protection domain.
2.6 Networking and General Connection Framework
Now that we have considered in detail the MIDP Security Model, let's
learn more about the networking APIs in the specification, provided
through the Generic Connection Framework (GCF).
Symbian's implementation of MIDP complies with the specification,
providing implementations of the following protocols: