 
 
 
 
 
 
   
 Next: The JavaScript Programmer's View
 Up: The End User's View
 Previous: The End User's View
Netscape Navigator 4 and later versions support digitally signed scripts that can request privileges, and, subject to user approval, lift certain security restrictions while executing. A digital signature allows the browser to securely establish the author of a signed JavaScript program (see [N98]).
Cryptographically signed scripts are not yet very popular, partly because
average users find it hard to grasp the privilege-granting process or
the implications of granting a particular privilege.
For future versions of browsers we propose to integrate code signing 
into our model, by having specific security policies that go into effect if 
a signed script is downloaded from a particular site. For example, 
a Fidelity policy for the user's interaction with the brokerage house 
might allow reading and writing files in a specific directory, so that the 
user can study his account offline.
Alain Mayer
8/30/1999