Make policy decisions based on the trustworthiness of mobile code
Verify signed JAR files
Challenge the user for credentials
Allow class loader to load jar files
Determine if presented authentication credentials should be trusted