These days, I'm working on SyncML and Sync4J for Apogee synchronization
purpose. I discovered some interesting points summed  up  in this
article.


What is SyncML ?


SyncML is the specification of a synchronization protocol. Defined by the
Open Mobile Alliance, it covers a large group of features. This protocol is
mostly defined for connecting mobile devices like handhelds or mobile
phones: thus it provides a lot of features oriented in this way. SyncML
features includes:



  • Several modes for synchronization

  • Mobile device configuration and management


What happens during a synchronization ?


Basically, the synchronization is composed of three steps:



  1. Exchange of device capabilities and authentication

  2. Data exchange (client modifications first)

  3. Data ids update


The third step might be strange. In fact SyncML defines two kinds of
identifiers: the device local ones and the global ones. Then, when a new
data is added on a client, it gets a local ID that needs to be
"globalified".


What about authentication ?


SyncML defines a cred tag where to put the user id and password for the
database. In this way a user can be logged on the database.


There is an other mecanism to allow some users to synchronize on some
devices. This is contained in the SyncML header.


In both cases, the password could be in plain text or hashed using
MD5.

What about Sync4J ?


Sync4J is a free implementation of the SyncML standard. Provided by
funambol it is composed of:



  • a Data Synchronization Server to handle data synchronization

  • a Device Management Server to configure the access and configuration of different
    devices

  • an API for client applications in Java or C++

  • an application for server configuration

  • some database connectors


The server is an EJB and the messages are exchanged using HTTP, even if
SyncML provides infos on other transport protocols. The authentication of
the devices for synchronization is managed by a couple user/device called
"Principals".


The Sync4J users are contained in a separate database. Even if I still
didn't found it, it should be possible to replace it by a custom one... I
hope. I didn't found any example about database authentication in the Sync4J
demo set, by I imagine that it is implemented because it's defined in the
specifications.


(Post originally written by Cedric Bosdonnat on the old Nuxeo blogs.)