The DMAcc Configuration Service Providerand DMS Configuration Service Providershare the same data store, Having different roles could result in elevated privileges. The roles for each should be the same.

The OMA DM implementation requires SSL transport over HTTP with the OMA DM server. Without SSL, information on the device that the OMA DM server can access is vulnerable to interception from a malicious party.

The SSL must provide server certificate-based authentication, data integrity check, and encrypted transport channel authentication.

OMA device management transport client will enforce using SSL transport connecting to the server).

The following table shows the ways OMA DM server can authentication the client.

Authentication type	Description
MD5	An MD5 one-way hashing algorithm used for authentication.
Basic	Based on the model that a client must authenticate itself with a user name and password for each realm. Security Note: Basic authentication provides weak security unless the transport channel is first link-encrypted with SSL or Transport Layer Security (TLS) 1.0.

The server notification Short Message Service (SMS) message that is sent from the server to initiate a DM session is signed with MD5 server credential. The DM client authenticates the server notification message by calculating the message's MD5 digest using the configured server credential, and then compares it with the MD5 hash received in the message.

To ensure that the nonce is renewed for each DM session, the DM client sends the new server nonce for the next session to the server over a Status element in every DM session.

The device does not challenge the server if the server does not send MD5 credentials. In this case, the next nonce is sent to the server using a success SyncHdr Status element.

The DM server that supports OMA DM version 1.2 can support a nonce resynchronization request per the OMA DM specification OMA Device Management Security (OMA-TS-DM_Security-V1_2-20070209-A) available from this OMA Web site . By default, nonce resynchronization is not turned on for Windows Mobile devices. You can turn it on when you bootstrap the device with DM server access information. For more information about nonce resynchronization, see OMA DM MD5 Authentication Nonce.

Access control is done using the Windows Mobile 2003 role-based access control. It only applies to OTA provisioning. The settings exposed in the device user interface (UI) do not conform to these controls.

In the standard DM account object, you should use the Role setting to specify the Security Rolesfor the DM server. If the role is not configured explicitly over provisioning XML, the default security role is the one assigned to the DM account object configuration message. The role specified in this setting is a subset of configuration message roles.

Read-Write permission and access security roles for each configurable setting can be managed over the Microsoft custom properties RWAccess and AccessRole in an OMA DM session. For more information about these settings, see Metabase and OMA DM.

The following list shows the control:

• Remotely, if the device is bootstrapped to allow OMA DM server as the device manager, TPS server has the MANAGER role. For more information, see Bootstrapping To Use An OMA DM Server.
  
  
• Locally, RAPI through desktop depends on the RAPI setting:
  
  0 = Blocked
  
  1 = Open; A request over MAPI has the MANAGER role
  
  2 = A request has USER_AUTH role
  
  
• The role for DMProcessConfigXML API depends on the application that calls it and security model. In two tier device, Privileged has the MANAGER role. NORMAL has USER_AUTH role. In a one tier device, application that is allowed to be run at the device has MANAGER.
  
  
• For a Cab Provisioning Format (.cpf) file, it depends on the signature of the .cab file. The SPC store is used to assign security roles to certificates.
  
  
• During the boot process, the .provxml file is interpreted with the MANAGER role.
  
  

For information about security roles, see Security Roles.