> All is fine and well if the application is provisioning its own data > (keys in my case). But that doesn't scale well so there will be a > common key-provisioning facility which is a part of the mobile platform.
Applications provisioning their own data doesn't scale well? It's been going ok so far... > Now the trick is to make it possible to "mark" keys during provisioning > so that they can only be used by certain applications. Android has a mechanism for doing this: permissions and signatures. A key storage Service could store keys for apps, and then (as an example of just one possible policy) serve the key out to any client application signed with the same signing certificate as the app that originally stored the key. Alternately, as an example of another possible policy, it could require that clients have been granted some particular permission. Still, one would have to ask, what exact real-world problem are you trying to solve? I've never, in several years, heard you state a specific problem that you are faced with that can only be solved through some brand new mechanism that still eludes our grasp... -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
