Personal electronic devices such as personal computers, personal digital assistants (PDA), wireless telephones and pagers have become prevalent in recent years. These devices may communicate over wireless and/or wireline networks using various capabilities related to data, voice and video communication. The networks provide interconnection of these devices with information sources as well as other similar devices. Commonly, the networks include communication over the Internet.
Typically, users of such personal electronic devices obtain access to the networks using a service provider. The service provider provides a data channel allowing the user access to the network. The data channel may not be accessible by the user until the service provider verifies the identity of the user. This is typically done through a user id and password. Upon verification, the user is provided access to the data channel for transmittal and/or receipt of information. In addition, personalized data and functionality may also be provided.
Verification of the identity of the user is performed by a centralized security architecture. The centralized security architecture requires all the user information be stored, modified, and authenticated/authorized through a central server and/or server cluster. Such centralized architecture requires a powerful server (server cluster) that may not scale well in the presence of heavy usage. In addition, providers of centralized security architectures and corresponding security services, may have almost unlimited control of the user information. This level of control may raise privacy concerns for users.
Due to the inherent mobility of many of these devices, migration of an application among different devices is possible. Migration allows an application to move from one computing device to another computing device while maintaining the state of the application. For example, a user working with a calendar application on his desktop personal computer to plan a business trip may migrate the application to his PDA to continue working when he leaves his desk. In these situations, the application may be transferred over the network from one device to another.
Problems with security, authorization and authentication may occur when an application migrates. This is especially true where a first user elects to access the network using a device belonging to a second user. In this situation, data belonging to the first user may need to be downloaded to the device belonging to the second user. Encryption and decryption may be difficult if the second user's device does not include the appropriate encryption/decryption capability. In addition, security of the application during the migration as well as authentication that the first user is allowed to perform the migration are concerns.
Privilege levels within a device hosting a migrated application may also need to be restricted depending on the user. For example, air time or website access restrictions for a wireless telephone may be desirable for some users. Other users, however, may need more relaxed or eliminated restrictions when running the same application on the same device. In addition, restrictions of an application running on some devices may not be required when the application is run on other devices. For example, airtime restrictions for a wireless telephone may not be necessary when a desktop computer is accessing the network using wirelines.