Name: me32167 Date: 11/02/99


Subdivide the "system security domain" so that each core class in the Java
runtime has the least set of privileges required to perform its function.
This includes the native methods.

Identify the security permission(s) required of code calling an entry point
(static or instance methods) into the JRE. Permissions are typically
allocated based on CodeSource (the signers/code base URL). Also, any
SecurityManager.check*() method calls since not all SecurityManagers call
AccessController.checkPermission().

Identify those permissions required of middleware or application classes to
run in a JRE/JDK. This includes the identification of calls to
SecurityManager.check*() methods.

Identify whether middleware needs to run with a SecurityManager by
analyzing application code to see whether it makes calls which require
security permissions. If the application code does not make calls that
would result in security authorization decisions via the SecurityManager,
the middleware does not need to install a SecurityManager, resulting in
improved JRE throughput.

======================================================================