Wednesday, February 27, 2008

Commonwealth Bank adopts Adobe AIR

The Australian has published an article about an Adobe AIR application that is being developed by the Commonwealth Bank.  The AIR app will allow the Commonwealth Bank's brokers to prepare loan applications offline and then transferring them for approval when a connection is available.  There have been a number of major players overseas who have developed AIR applications (i.e ebay, The New York Times, BBC etc).   But this is the first major Australian company  to announce  this sort of development.  I think it is also very significant that it is for such a security sensitive use.  This will go a long way to quell any client concerns about AIR's reliability and security.

Blogged with Flock


Anonymous said...

Adobe AIR does not provide any security facilities.

Any security in an AIR application will have to be either developed internally or by relying on open source libraries which currently are very scarce for Flex/air.

geekglue said...

Hi anonymous,

the relationship of AIR (and in fact Flash itself) to security is not as cut and dried as your comment implies. If we are talking about authentication using certificates and keys (SSL etc) then your comment is correct. But AIR does provide security through the concept of sandboxes. The following is quoted from an Adobe AIR Security white paper (yes it's for beta 3 but will still be 99% accurate for the recent release) :

"Although the AIR security model is an evolution of the security model for SWF content running in Flash Player and HTML content running in the browser, the security contract is quite different from the security contract applied to content in a browser. This contract offers developers a secure means of broader functionality for rich experiences with freedoms that would be inappropriate for a browser-based applications."

So to say that AIR doesn't provide any security facilities is mis-leading. It provides similar security facilities to other frameworks for developing native applications. My point was that the Commonwealth Bank is comfortable enough with the level of security that AIR provides and it's ability to integrate with the security model of their web services. This should provide some level of confidence to security conscious clients and therefore open doors for potential AIR developers.

In addition to the white paper (quoted above) there is a good article providing an introduction to AIR security at the Adobe Developer Center.