The use of digital signatures as a mechanism for verifying that code comes from a trusted source could play an important part in the future of Java security. Currently there is no built in mechanism for allowing code that is verified to have come from a trusted source have special access to resources. The current Java security mechanism does seem flexible enough to allow the addition of digitally signed Applets. The ClassLoader class can be subtyped to create a SignedClassLoader which first does the digital signature verification, and then does the actual loading of the class. The various SecurityManager methods can then check if the call is in the dynamic scope of a SignedClassLoader in order to determine whether access should be allowed or denied. Thus, the current mechanism certainly allows the writers of Web browsers to add special access for digitally signed code. One might hypothesize that it is only for legal rather than technical reasons that this scheme is not part of the current release.