Who am I?
Mobile and embedded software developer. Loves technology and loves to help people.
Calendar
Recently...
- Meet some package owners, but don't forget your towel
- Another chance to get access to the Symbian developer website beta
- The Future Symbian UI - the most important thing not discussed in Monaco
- Qt to be completely free for everyone!
- Qt on S60 Open Source Project - Bluemapia
- Multi-language Programming, Python, Flash Lite, C++, Java, Widgets
- Symbian getting open source friendly - almost there
- Thoughts on Smartphone Show 2008
- Code Camps - a great way to learn a new environment
- Python for Series 60 Community Edition!
Categories
- Browsing [1]
- Business Opportunities/Services [0]
- CDMA [0]
- Connectivity [0]
- Enterprise [0]
- Entertainment [0]
- Event [2]
- Flash [3]
- Games [4]
- General [20]
- Java [1]
- Location Based Services [1]
- Maemo [2]
- Messaging [0]
- Open C [3]
- Python [3]
- S60 [9]
- Series 40 [0]
- Series 80 [0]
- Symbian C++ [11]
- Testing [4]
- Web Run-Time (WRT) [2]
- Widget [1]
Mark Wilcox's Forum Nokia Blog
Symbian Signed - a proposal
Sorcery-ltd | 29 May, 2008 22:20
OK, so it's easy to criticise Symbian Signed but they have been improving things. I still think there's further to go so here's my simple proposal for the next step.
I'll call it Free Signed.
Free Signed is just like Express Signed except that it's free and there're no test criteria.
Here are the compromises I'd suggest:
- Like Express Signed, you can't access the most sensitive capabilities with it - there really are good reasons why the developers need to be trusted for those.
- You still need a publisher ID (or someone with one) to sign your application - without some kind of chain of identity verification there can be no trust, without trust there is no security model.
- All applications that go through Free Signed have to have a warning box on installation that says they aren't Symbian Certified, you are installing the application at your own risk and if you have any problems with your device after installation then you should remove the application and/or contact the supplier before contacting your device vendor or network operator. This could be just a text file in the SIS initially but later enforced by the software installer in new device firmware. For the text file option this could be spot checked and anyone omitting it could have their publisher ID blocked.
- (Implied by 3) Free Signed is identifiable by the certificate such that software distributors can set a policy on the signing methods that they will allow.
I think this method could replace a lot of the current usage of Open Signed (although I see no reason to remove that option) and could be very useful for freeware and open source, friendly user and public trials for commercial software and also in future, internal projects in large organisations (for whom mobile will become a growing part of their IT strategy).
To really make this work for freeware and open source though we'd need a network of publisher certifiers. I'd suggest one ideal source of those are people who run popular blogs and websites about mobile applications - being able to supply installable copies of free applications could drive more traffic to their sites. They get sent a copy of the application and test it anyway, if they have no major problems with it they can sign it for wider distribution. There may also be other Forum Nokia Champions who are willing to do this and probably some staff at various companies in the Symbian ecosystem who also have a personal interest in the technology.
The key issues would be zero or extremely limited cost and liability for the publisher certifiers. They could sign something to say they would provide their best effort to help track down the originator of any malware or cracked application that they inadvertently sign.
There - a dull post with no links, pictures or videos! Just an idea.
What do you think?
Mark
General, S60, Symbian C++, Testing |
Permalink |
Comments (7) |
Trackbacks (0)
