JavaCard OS

I am running into a problem about passing object as parameter between server and client applet.
The client applet will pass a key to server applet for authentication purpose. I wonder if is there any security issues using the global apdu buffer?

If client applet and server applet belong to the same package, they can "share" an object or array via a class variable, because they belong to the same context.

Otherwise, using javacard.framework.Shareable you can provide methods for transferring the data.

Copy the contents of your object to the global apdu buffer, and then pass this between your server and client applets. By the way, I don't think there are any security issues using the global APDU buffer.