There are five key components to a secure environment: authentication, data integrity, confidentiality, authorization, and nonrepudiation. When implementing a secure environment, remember that a system is only as secure as its weakest point. Therefore, you have to protect every gap in your solution to ensure that unauthorized users cannot gain access to your system. In order to accomplish this, you may be required to implement a variety of security technologies, including public key cryptography, digital certificates, digital signatures, and PKI. Other measures such as firewalls, VPN, biometrics, and a corporate security policy are also helpful for maintaining a secure environment.
For thin client development, WAP incorporates WTLS for transport-layer security. Just keep in mind that even though it is a strong protocol, WAP suffers from a security problem often referred to as the WAP gap. This gap is on the gateway when WTLS is translated into TLS. WAP 2.x addresses this issue by removing the conversion between protocols.
Smart client applications do not suffer from such limitations. Smart client application developers have full control over the security technology they implement. They can make the enterprise solution as secure (or insecure) as required for the data and applications being developed. When you evaluate smart client technology vendors, make sure security is part of your selection criteria.
The next chapter, the first in Part II, "Building Smart Client Applications," provides an overview of the smart client architecture, highlighting the main components for building a successful smart client solution.