Sun Microsystems Inc’s JavaSoft unit explained a bit about what it is doing to enable access outside the Java VM sandbox. The first is the digital signature technology made available with JDK 1.1 last week. But looking ahead, JavaSoft security staff engineer Marianne Mueller said the company has been working closely with the WorldWide Web Consortium, as well as some of its closer friends – Netscape Communications Corp among them – on JavaSoft’s Manifest File Format – MFF, which is included in JDK 1.1. The WorldWide Web Consortium’s DSig digital signature common manifest file format is based on MFF. The idea of the format is that single signatures can be assigned to multiple objects, and a manifest can point to a manifest which then points to an object and so on. So a set of variables could be attached to an object defining it still further. JavaSoft is expecting all licensees of JDK 1.1 to support MFF, but hasn’t got dates from the likes of Netscape or Microsoft Corp yet. Netscape for its part says it Object Signing technology is compliant with JDK 1.1, meaning anything signed with JDK’s digital signature stuff will be readable by Communicator, and vice versa. JavaSoft’s fledgling digital signature effort this time around includes its Applet Viewer, a kind of cut-down browser that enables users to view the applet tag and debug the applet if necessary – or possible. At this stage it’s an all or nothing approach: you download the applet and it’s allowed full access. So JavaSoft is working on ways of permitting finer grained access control and that’s what the JavaSoft security team is concentrating on for the next JDK release, which has no release date yet. There’s also a need for intranet administrators to be able to control and dictate a security policy for their network, and that’s not possible with the current all or nothing approach.