The following assumptions contributed to the design of the security mechanism and ensured ample flexibility in its implementation:
MIDlets do not need to be aware of the security policy except for security exceptions that may occur when using APIs.
A MIDlet suite is subject to a single protection domain and its permissible actions. (See Section 18.3.3, “Protection Domain,” for an explanation of protection domains.)
The internal representation of protection domains and permissions is implementation specific. (See Section 18.3.1, “Permissions,” for an explanation of permissions.)
The user interface for presenting configuration settings and the results of authentication attempts to the user is implementation-dependent and outside ...