Tonge, Rzepa, Yoshida, page 7

try {
if (inNavigator) {
saveDialog.show();
dirName = saveDialog.getDirectory();
filName = dirName + saveDialog.getFile();
}
out = new PrintWriter(new FileWriter(filName));
add out.println() code here to write
to local file
out.close();
} catch (Exception e) {
outText.appendText("\nUnable to write local PDB file. " + e); }

Disable privileges for this method only

if(inNavigator)
PrivilegeManager.revertPrivilege("UniversalFileWrite");

// //

//
//
//

} }

Step 2. Get Digital Certificate from a Certification Authority.

There are a number of organisations known as Certification Authorities (CAs) whose own root certificates are either already installed (Netscape) or pointed to (Internet Explorer) on browsers. These organisations will provide two types of service. Firstly, anindividual or company can obtain an object signing certificate based on s--called X.509 standards¹¹for distributing code over the Internet upon proof of status such as a copy of a driving licence or a passport. Alternatively, the CA can delegate the proof of status requirements to a so-called Registration Authority (RA) which can act on behalf of individuals. Certification authorities currently include Thawte, VeriSign and GlobalSign (formerly BelSign). We have used GlobalSign for the examples shown here.¹²

To establish the trust which GlobalSign act as a proxy for, we note here that formal documentation describing the terms under which Imperial College was constituted as a University together with documentary evidence of the individuals in whose names the certificates were to be issued, was sent by secure delivery to GlobalSign. Certain types of certificates may in addition only be granted by the applicant presenting themselves in person to the Registration Authority. In addition to the object-signing certificates described below, it is also possible for an individual to obtain digital certificates for signing email messages. These personal certificates can also be used to provide that individual with transparently authenticated access to a remote network resource such as an application server or electronic document collection or journal as an alternative to the more conventional account/password combination. From our experiences, we believe this system can be used to establish a level of trust comparable with e.g. the use of passports for authentication.

Step 3. Sign the Applet Archive.

Both Netscape and Microsoftprovide software signing tools¹³which allow you to create signed archives of Java class files once you have installed a relevant valid certificate. Microsoft tools can only be run from a DOS prompt on Windows NT/95, while the Netscape tools can