{\rtf1\ansi\ansicpg1252\uc1 \deff0\deflang1033\deflangfe1033{\fonttbl{\f0\froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f1\fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f16\froman\fcharset238\fprq2 Times New Roman CE;}{\f17\froman\fcharset204\fprq2 Times New Roman Cyr;}{\f19\froman\fcharset161\fprq2 Times New Roman Greek;}{\f20\froman\fcharset162\fprq2 Times New Roman Tur;}{\f21\froman\fcharset186\fprq2 Times New Roman Baltic;}{\f22\fswiss\fcharset238\fprq2 Arial CE;}{\f23\fswiss\fcharset204\fprq2 Arial Cyr;}{\f25\fswiss\fcharset161\fprq2 Arial Greek;}{\f26\fswiss\fcharset162\fprq2 Arial Tur;}{\f27\fswiss\fcharset186\fprq2 Arial Baltic;}}{\colortbl;\red0\green0\blue0;\red0\green0\blue255;\red0\green255\blue255;\red0\green255\blue0;\red255\green0\blue255;\red255\green0\blue0;\red255\green255\blue0;\red255\green255\blue255;\red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0;\red128\green0\blue128;\red128\green0\blue0;\red128\green128\blue0;\red128\green128\blue128;\red192\green192\blue192;}{\stylesheet{\nowidctlpar\widctlpar\adjustright \fs20\lang2057\cgrid \snext0 Normal;}{\s1\sb240\sa60\keepn\nowidctlpar\widctlpar\adjustright \b\f1\fs28\lang2057\kerning28\cgrid \sbasedon0 \snext0 heading 1;}{\s3\sb240\sa60\keepn\nowidctlpar\widctlpar\adjustright \f1\lang2057\cgrid \sbasedon0 \snext0 heading 3;}{\*\cs10 \additive Default Paragraph Font;}}{\*\listtable{\list\listtemplateid134807567\listsimple{\listlevel\levelnfc0\leveljc0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'02\'00.;}{\levelnumbers\'01;}\fi-360\li360\jclisttab\tx360 }{\listname ;}\listid71515472}}{\*\listoverridetable{\listoverride\listid71515472\listoverridecount0\ls1}}{\info{\title Security Requirements}{\author Malcolm Box}{\operator Malcolm Box}{\creatim\yr2000\mo8\dy24\hr17\min21}{\revtim\yr2000\mo8\dy24\hr17\min56}{\version3}{\edmins2}{\nofpages1}{\nofwords0}{\nofchars0}{\*\company Symbian}{\nofcharsws0}{\vern71}}\paperw11906\paperh16838 \widowctrl\ftnbj\aenddoc\formshade\viewkind1\viewscale117\viewzk2\pgbrdrhead\pgbrdrfoot \fet0\sectd \linex0\headery709\footery709\colsx709\endnhere\sectdefaultcl {\*\pnseclvl1\pnucrm\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl2\pnucltr\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl3\pndec\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl4\pnlcltr\pnstart1\pnindent720\pnhang{\pntxta )}}{\*\pnseclvl5\pndec\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl6\pnlcltr\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl7\pnlcrm\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl8\pnlcltr\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl9\pnlcrm\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}\pard\plain \s1\sb240\sa60\keepn\nowidctlpar\widctlpar\outlinelevel0\adjustright \b\f1\fs28\lang2057\kerning28\cgrid {Security Requirements

\par }\pard\plain \s3\sb240\sa60\keepn\nowidctlpar\widctlpar\outlinelevel2\adjustright \f1\lang2057\cgrid {Requirements for 1.05

\par }\pard\plain \nowidctlpar\widctlpar\adjustright \fs20\lang2057\cgrid {The main requirement for 1.05 is that services can register their security settings and the security manager will then enforce these.  There will be no support for device-specific overrides or custom security settings.

\par To minimise the changes for the 1.05 delivery, the existing stack to secman interfaces will be retained.  RFCOMM will add security requests as is done with L2CAP today.

\par 

\par }\pard\plain \s3\sb240\sa60\keepn\nowidctlpar\widctlpar\outlinelevel2\adjustright \f1\lang2057\cgrid {Requirements for 1.1

\par }\pard\plain \nowidctlpar\widctlpar\adjustright \fs20\lang2057\cgrid {The security manager for 1.1 will implement the service security settings as for 1.05 and add device-specific security overrides.  The requirement for custom security overrides to allow a user to change the settings that a service has set is no longer required.

\par }\pard\plain \s3\sb240\sa60\keepn\nowidctlpar\widctlpar\outlinelevel2\adjustright \f1\lang2057\cgrid {Design implications

\par }\pard\plain \nowidctlpar\widctlpar\adjustright \fs20\lang2057\cgrid {As a result of this, all storage of service data will be volatile.  The \{service name, UID, custom settings\} tuple that was originally going to be stored in the Commdb will no longer be stored there.  So that the UI can display a name for a service when the security manager asks for a prompt,  the service still needs to register the name somewhere.  This will now be done by using the RNotifier mechanism to pass the \{UID, name\} pair over to the UI notifier element.

\par 

\par This requires that the Authorisation dialog implementation must also implement the name registration notification API so that it can store the name for later use in a prompt dialog.  This is acceptable because the service name is only useful when there is a service listening on a Bluetooth socket.  While there is a socket listening, there is a good chance that the bluetooth UI dialogs will be needed, so it\rquote s OK for the service to hold open a connection to the authorisation dialog.

\par 

\par An additional design discussion was had as to whether the Registry should use the commdb or talk directly to DBMS.  This issue was not resolved for the 1.1 delivery, but for the 1.05 it is clear that the Registry should talk to the Commdb.

\par 

\par }\pard\plain \s3\sb240\sa60\keepn\nowidctlpar\widctlpar\outlinelevel2\adjustright \f1\lang2057\cgrid {Open Issues

\par {\pntext\pard\plain\fs20\cgrid \hich\af0\dbch\af0\loch\f0 1.\tab}}\pard\plain \fi-360\li360\nowidctlpar\widctlpar\jclisttab\tx360{\*\pn \pnlvlbody\ilvl0\ls1\pnrnot0\pndec\pnstart1\pnindent360\pnhang{\pntxta .}}\ls1\adjustright \fs20\lang2057\cgrid {Should the registry use DBMS directly rather than Commdb

\par {\pntext\pard\plain\fs20\cgrid \hich\af0\dbch\af0\loch\f0 2.\tab}}\pard \fi-360\li360\nowidctlpar\widctlpar\jclisttab\tx360{\*\pn \pnlvlbody\ilvl0\ls1\pnrnot0\pndec\pnstart1\pnindent360\pnhang{\pntxta .}}\ls1\adjustright {Do we need global settings (e.g. refuse all connections from unpaired devices, refuse all connections, allow everything)?

\par }\pard \nowidctlpar\widctlpar\adjustright {

\par }}