Difference between revisions of "Native App"

From MgmtWiki
Jump to: navigation, search
(Solutions)
(Solutions)
Line 16: Line 16:
 
==Solutions==
 
==Solutions==
 
*Certification of the [[Native App]].
 
*Certification of the [[Native App]].
*The [[Native App]] should perform all [[Authentication]] of the user by way of a browser selected by the user and running on the user's device.
+
*The [[Native App]] should perform all [[Authentication]] of the user by way of a browser selected by the user and running on the user's device using a trusted [[Identifier or Attribute Provider]].
  
 
==References==
 
==References==

Revision as of 10:25, 19 July 2018

Full Title or Meme

A digital Entity that is operating on a User Device, but is typically supplied by the Web Site or some Federation.

Context

  • When discussing the use of the internet by a user, what is really meant is the presence of the user's agent on an internet connection.
  • Typically the Native App will run on a User Device in the user's physical possession, but it is possible that the agent is running on a service in The Cloud.
  • The Native App may act like a browser and supply an HTTP user agent string, but it should not be considered to be a User Agent.

Problems

  • Nearly any application running on a user's device is allowed to access the internet and claim that it represents the user. There is no built-in mechanism to test this assertion by an internet connected service. The internet was designed to connect computer systems, and that is all it can be relied upon to do.
  • Any Web Site that wishes to create a Persistent Identifier for a User will need to take responsibility for any necessary Assurance that the Native App has not been compromised by an attacker.
  • Most of the larger enterprises operating on The Web prefer to supply a Native App to the users device to improve the User Experience for that site.
  • To be sure that the User's intent is expressed by the Native App appears to be an insurmountable obstacle.

Solutions

References