Method and apparatus for enabling service-configurable wireless connections

What is claimed is: 1 . A wireless device, the device comprising: a processor; a memory coupled to the processor; a Wi-Fi transceiver coupled to the processor; a local service endpoint of a service, configured to send a request to establish a datapath with another service endpoint on another device; a service discovery module, configured to discover a remote service endpoint on a remote device; and a security mechanism, configured to initialize a Wi-Fi connection's security configuration in response to the request, thereby enabling the local service endpoint to establish a datapath between the local service endpoint and the remote service endpoint over the Wi-Fi connection. 2 . The device of claim 1 , wherein initializing the Wi-Fi connection's security configuration comprises: receiving the local service endpoint's security requirements from the local service endpoint; receiving the remote service endpoint's security requirements from the remote device; and initializing the Wi-Fi connection's security configuration to accommodate the local service endpoint's security requirements and the remote service endpoint's security requirements. 3 . The device of claim 2 , wherein the datapath is an encrypted datapath. 4 . The device of claim 3 , wherein initializing the Wi-Fi connection's security configuration further comprises: exchanging authentication information with the remote device using an out-of-band (OOB) mechanism; and using the authentication information to securely exchange a credential with the remote device. 5 . The device of claim 4 , wherein initializing the Wi-Fi connection's security configuration further comprises: creating a controlled dataport and a data encryption module, wherein the controlled dataport is initially closed; using the credential to generate a data encryption key; installing the data encryption key in the data encryption module; and opening the controlled dataport, thereby enabling the local service endpoint and the remote service endpoint to securely exchange data through the controlled dataport. 6 . The device of claim 1 , wherein the datapath is an unencrypted datapath. 7 . The device of claim 4 , wherein the authentication information comprises at least one of: a public key; and a shared secret. 8 . The device of claim 4 , wherein the credential comprises at least one of: a pre-shared key (PSK); and a pairwise master key (PMK). 9 . A wireless device, the device comprising: a processor; a memory coupled to the processor; a Wi-Fi transceiver coupled to the processor; a local service endpoint of a service, configured to send the local service endpoint's security requirements to a security mechanism; and the security mechanism, configured to: receive the local service endpoint's security requirements; receive, from a remote device, a remote service endpoint's security requirements; and determine, from the security requirements of both service endpoints, whether to perform authentication while attempting to establish a Wi-Fi connection between the device and the remote device. 10 . The device of claim 9 , wherein the attempt fails if one of the local and remote service endpoints requires authentication and another one of the local and remote service endpoints prohibits or does not support authentication. 11 . The device of claim 9 , wherein the attempt results in a secured Wi-Fi connection if one of the local and remote service endpoints requires authentication and another one of the local and remote service endpoints requires authentication or specifies no preference. 12 . The device of claim 9 , wherein the attempt results in an unsecured Wi-Fi connection if one of the local and remote service endpoints prohibits or does not support authentication and another one of the local and remote service endpoints prohibits authentication, does not support authentication, or specifies no preference. 13 . The device of claim 9 , further comprising choosing, based on the security requirements of both service endpoints, one of the device and the remote device to act as a registrar when establishing the Wi-Fi connection. 14 . A wireless device, the device comprising: a processor; a memory coupled to the processor; a Wi-Fi transceiver coupled to the processor; a local service endpoint of a service, configured to send the local service endpoint's security requirements to a security mechanism; and the security mechanism, configured to: receive the local service endpoint's security requirements; receive, from a remote device, a remote service endpoint's security requirements; and determine, from the security requirements of both service endpoints, whether to employ data encryption over a datapath between the local and remote service endpoints, wherein an attempt to establish the datapath would be made over a Wi-Fi connection between the device and the remote device. 15 . The device of claim 14 , wherein the attempt to establish the datapath fails if one of the local and remote service endpoints requires data encryption and another one of the local and remote service endpoints prohibits or does not support data encryption. 16 . The device of claim 14 , wherein an encrypted datapath is established if one of the local and remote service endpoints requires data encryption and another one of the local and remote service endpoints requires data encryption or specifies no preference. 17 . The device of claim 14 , wherein an unencrypted datapath is established if one of the local and remote service endpoints prohibits or does not support data encryption and another one of the local and remote service endpoints prohibits data encryption, does not support data encryption, or specifies no preference. 18 . The device of claim 14 , wherein the attempt to establish the datapath fails if the Wi-Fi connection is a secured Wi-Fi connection and one of the local and remote service endpoints prohibits or does not support data encryption. 19 . The device of claim 14 , wherein an encrypted datapath is established if the Wi-Fi connection is a secured Wi-Fi connection and each of the local and remote service endpoints requires data encryption or specifies no preference. 20 . The device of claim 14 , wherein an unencrypted datapath is established if the Wi-Fi connection is an unsecured Wi-Fi connection and each of the local and remote service endpoints prohibits or does not support data encryption. 21 . The device of claim 14 , wherein if the Wi-Fi connection is a secured Wi-Fi connection and an encrypted datapath is to be established, an encryption key is generated from one of the following: a credential that is delivered using unverified authentication information; and a credential that is delivered using preconfigured authentication information.