SI and SL Security
4/8/2010
By default, SLs load and run services (except cache action) without notifying the user. Windows Mobile provides security policies to enable the mobile operator to configure SI and SL handling. The SI and SL security policies are designed to minimize the security risks and provide a better user experience.
Note
SL is ON by default. For an example of how to disable SL, see Security Policy Settings.
At the security module, certain security roles are assigned to SI and SL notifications according to which Push Initiator and Push Proxy Gateway are sending the notifications. For a list of the possible security roles, see Security Roles.
Note
Do not put SECROLE_USER_UNAUTH security role in Service Loading (SL) Message Policy. For more information, see Security Best Practices for Windows Mobile Devices.
SI and SL policies are role mask policies, which means that specific roles must be assigned to them in order to be processed. The roles are used by the device to perform security policy checks. The device compares the role that was assigned to the notification by the security module against the stored list of acceptable roles for SI and SL notifications. If the roles do not match, the notification is discarded.
The device must check the security policy first when an SI or SL notification is received. SI and SL do have separate policies. For more detailed information about the security policies, see Security Policies.
See Also
Concepts
Message Structure
Provisioning XML Considerations
OTA Provisioning Considerations