Red Hat

Mobile Security With PicketLink

Why is mobile security important?

With the increasing reliance on mobile devices compared to desktop computers, it has become a critical need to look at Mobile Security.

What are the important challenges with Mobile Security?

The important challenges are:

  • Authentication of the user.

  • Authentication of the device.

  • Device registration.

  • Device Loss.

  • Data Privacy including confidentiality (Encryption)

According to OWASP, the top 10 mobile security controls are listed in the following diagram:

Courtesy: OWASP Mobile Security Project: https://www.owasp.org/index.php/OWASP_Mobile_Security_Project

PicketLink enables JavaEE developers to write secure mobile applications. Please take a look at the quickstarts.

Please take a look at the following page on Mobile Contacts Application secured with PicketLink Mobile Contacts App With PicketLink

In addition, please have a look at

as different aspects of an application will become evident.

What about the tokens?

IETF OAuth2 is the preferred standard for tokens in the mobile world.

PicketLink has support for OAuth2. http://picketlink.org/federation/oauth/oauth/

References

Mobile Cloud Identity Profile v1.0

PicketLink founder, Anil Saldhana has worked with industry experts to create a Mobile Cloud Identity Profile v1.0 document that you will find very useful. ( http://docs.oasis-open.org/id-cloud/IDCloud-mobile/v1.0/IDCloud-mobile-v1.0.html )

back to top