Difference between revisions of "Native App"
From MgmtWiki
(→References) |
(→References) |
||
Line 20: | Line 20: | ||
==References== | ==References== | ||
#IETF RFC 8252 ''OAuth 2.0 for Native Apps'' https://tools.ietf.org/html/bcp212#section-7.2 | #IETF RFC 8252 ''OAuth 2.0 for Native Apps'' https://tools.ietf.org/html/bcp212#section-7.2 | ||
+ | #Apple ''App Store Review Guidelines'' https://developer.apple.com/app-store/review/guidelines/ | ||
[[Category:Glossary]] | [[Category:Glossary]] |
Revision as of 09:25, 6 August 2018
Full Title or Meme
A digital Entity that is operating on a User Device, but is typically supplied by the Web Site or some Federation.
Context
- When discussing the use of the internet by a user, what is really meant is the presence of the user's agent on an internet connection.
- Typically the Native App will run on a User Device in the user's physical possession, but it is possible that the agent is running on a service in The Cloud.
- The Native App may act like a browser and supply an HTTP user agent string, but it should not be considered to be a User Agent.
Problems
- Nearly any application running on a user's device is allowed to access the internet and claim that it represents the user. There is no built-in mechanism to test this assertion by an internet connected service. The internet was designed to connect computer systems, and that is all it can be relied upon to do.
- Any Web Site that wishes to create a Persistent Identifier for a User will need to take responsibility for any necessary Assurance that the Native App has not been compromised by an attacker.
- Most of the larger enterprises operating on The Web prefer to supply a Native App to the users device to improve the User Experience for that site.
- To be sure that the User's intent is expressed by the Native App appears to be an insurmountable obstacle.
Solutions
- Certification of the Native App please refer to page Native App Security.
- The Native App should perform all Authentication of the user by way of a browser (User Agent) selected by the user and running on the user's device using a trusted Identifier or Attribute Provider.
References
- IETF RFC 8252 OAuth 2.0 for Native Apps https://tools.ietf.org/html/bcp212#section-7.2
- Apple App Store Review Guidelines https://developer.apple.com/app-store/review/guidelines/