[http://creativecommons.org/licenses/by/3.0/]
This work is licensed under a CC
Attribution 3.0 Unported License [http://creativecommons.org/licenses/by/3.0/]
Continuing the topic of security in mobile settings, we look at the two main applications in mobile security, which are securing communications with SSL/TLS in HTTP, and securing application code via digital signatures. Another important concept in access control and authentication is that of third-party access to access-controlled resources. We look at OAuth, which is one way of managing access in scenarios where applications want to gain access to resources that are hosted by other services and are access-controlled.
handshake)
record layer)
levelsof certificates
lock iconallows users to inspect security
trusted 3rd partiesin this scenario is not easy
external site verification[http://www.verisign.com/trust-seal/faq/index.html] can easily be forged
lock-inare important questions
trusted computing platform
Jailbreakingthe iPhone is disabling this authentication chain
unsignedapplications
mash-ups
mash-apps