Conclusions

There has been a lot of fuss about security in the WAP world, some of it justified, but most of it being misinformation and misunderstanding. I have often heard it observed that WAP 1.1 does not include security. This is an example of the misinformation that has been around in the industry: WTLS was part of WAP 1.1 and is almost unchanged in WAP 1.2. Security has been there all the time. What is true is that not all vendors have implemented all parts of the specification, and WTLS has often not been implemented at all or has only been implemented at class 1. This will be resolved in time, as vendor's products become more mature and robust, and as the public need for robust security implementation forces vendors to include security in their product offerings.

Even if your WAP gateway does not include WTLS, a WTLS gateway can be obtained from some reliable security solution vendors, like Baltimore Technologies, which will sit on your network between the mobile device and your WAP gateway to provide a WTLS implementation. This type of solution is only feasible if you are hosting your own WAP gateway.

WAP can and does provide a robust, secure environment in which an organisation can conduct m-commerce or communicate securely. Attention does need to be paid at this stage to the specifics of the implementations, so I would advise a thorough evaluation before committing to a particular vendor's implementation. However, there are robust products our there that you can use to implement a secure environment.