Mobile devices are often deployed into an environment that requires management of the device. For example, a device may be managed to enforce policies such as security levels for password, encryption of data, use of certain features on the device, among other options for management. In some cases the management is for the entire device and in some cases the management is just for a portion of the device.
The purpose of management of the device is to control the use of the device and to ensure that the way a device, or at least a part of the device that operates within the management restrictions, complies with policies stipulated by the relevant management authorities.
A device may have a plurality of domains, which are distinct areas on the device and may have their own virtualized operating system. A domain may be the part of the device being controlled and a device may operate with at least one domain and zero or more domain authorities that control the domain.
A user who wishes to monitor or control the device or a user that wishes to restrict or protect its own device may configure a domain authority on the device. In some cases the user may wish to enroll/authenticate a device with an enterprise/enterprise network, and in order to do this, the enterprise needs to provision a management authority onto the device. To do this, the device may have a mechanism to deploy a trusted domain authority onto a device. Such device may potentially already have other domains that are already managed by domain authorities.