Application Architecture Guide 2.0 - CH 19 - Mobile Applications(2)

本文翻译Authentication and AuthorizationCachingCommunicationConfiguration Management部分。


Authentication and Authorization

Designing an effective authentication and authorization strategy is important for the security and reliability of your application. Weak authentication can leave your application vulnerable to unauthorized use. Mobile devices are usually designed to be single-user devices and normally lack basic user profile and security tracking beyond just a simple password. Other common desktop mechanisms are also likely to be missing. The discoverability of mobile devices over protocols such as Bluetooth can present users with unexpected scenarios. Mobile applications can also be especially challenging due to connectivity interruptions. Consider all possible connectivity scenarios, whether over-the-air or hard-wired.




Consider the following guidelines when designing authentication and authorization:

Design authentication for over-the-air, cradled synchronization, Bluetooth discovery, and local SD card scenarios.

Consider that different devices might have variations in their programming security models, which can affect authorization to access resources

Do not assume that security mechanisms available on larger platforms will be available on a mobile platform, even if you are using the same tools. For example, access control lists(ACLs) are not available in Windows Mobile, and consequently there is no operating system–level file security.

Ensure that you require authentication for access by Bluetooth devices.

Identify trust boundaries within your mobile application layers; for instance, between the client and the server or the server and the database. This will help you to determine where and how to authenticate.



•在编程安全模式上,不同的设备可能有所差异,这就会影响资源获取的认证。即使使用了相同的工具,也不要认为在大平台上的安全机制就可以用在移动平台上。例如,在Windows Mobile平台上,访问控制表是不可用的,因此就没有操作系统级的文件安全机制。





Use caching to improve the performance and responsiveness of your application, and to support operation when there is no network connection. Use caching to optimize reference data lookups, to avoid network round trips, and to avoid unnecessarily duplicated processing. When deciding what data to cache, consider the limited resources of the device; you will have less storage space available than on a PC.




Consider the following guidelines when designing caching:

Identify your performance objectives. For example, determine your minimum response time and battery life. Test the performance of the specific devices you will be using. Most mobile devices use only flash memory, which is likely to be slower than the memory used in desktop machines.

Cache static data that is useful, and avoid caching volatile data.

Consider caching the data that the application is most likely to need in an occasionally connected scenario.

Choose the appropriate cache location, such as on the device, at the mobile gateway, or in the database server.

Design for minimum memory footprint. Cache only data that is absolutely necessary for the application to function, or expensive to transform into a ready-to-use format. If designing a memory-intensive application, detect low-memory scenarios and design a mechanism for prioritizing the data to discard as available memory decreases.









Device communication includes wireless communication (over the air) and wired communication with a host PC, as well as more specialized communication such as Bluetooth or Infrared Data Association (IrDA). When communicating over the air, consider data security to protect sensitive data from theft or tampering. If you are communicating through Web service interfaces, use mechanisms such as the WS-Secure standards to secure the data. Keep in mind that wireless device communication is more likely to be interrupted than communication from a PC, and that your application might be required to operate for long periods in a disconnected state.




Consider the following guidelines when designing your communication strategy:

Design asynchronous, threaded communication to improve usability in occasionally connected scenarios.

If you are designing an application that will run on a mobile phone, consider the effects of receiving a phone call during communication or program execution. Design the application to allow it to suspend and resume, or even exit the application.

Protect communication over untrusted connections, such as Web services and other over-the- air methods.

If you must access data from multiple sources, interoperate with other applications, or work while disconnected, consider using Web services for communication.

If you are using WCF for communication and need to implement message queuing, consider using WCF store and forward.








Configuration Management

When designing device configuration management, consider how to handle device resets, as well as whether you want to allow configuration of your application over the air or from a host PC.

Consider the following guidelines when designing your configuration-management strategy:




Design for the restoration of configuration after a device reset.

If you have you enterprise data in Microsoft SQL Server 2005 or 2008 and desire an accelerated time to market, consider using merge replication with a “buy and configure” application from a third party. Merge replication can synchronize data in a single operation regardless of network bandwidth or data size.

Due to memory limitations, choose binary format over Extensible Markup Language (XML) for configuration files

Protect sensitive data in device configuration files.

Consider using compression library routines to reduce the memory requirements for configuration and state information.

If you have a Microsoft Active Directory® directory service infrastructure, consider using the System Center Mobile Device Manager interface to manage group configuration, authentication, and authorization of devices. See the Technology Considerations section for requirements for the Mobile Device Manager.


•如果你在Microsoft SQL Server 2005 或者2008拥有企业级的数据,同时期望缩短上市时间,那么就考虑使用第三方“buy and configure”的应用来进行合并复制。合并复制可以通过单步操作来同步数据,而不管网络带宽或者数据大小。




•如果你拥有Microsoft Active Directory®服务基础设施,那么就考虑使用System Center Mobile Device Manager接口来管理设备的群组配置、认证和授权信息。请参考Technology Considerations节中关于Mobile Device Manager需求的部分。

posted on 2009-01-13 15:54  施炯  阅读(1770)  评论(2编辑  收藏