In the past couple of years there has been an explosive growth in the Internet, and in particular of the World-wide Web (WWW or Web), which is one of the facilities provided on top of the Internet. The WWW comprises many pages or files of information, distributed across many different servers. Each page is identified by a Universal Resource Locator (URL). The URL denotes both the server machine, and the particular file or page on that machine. There may be many pages or URLs resident on a single server.
In order to use the WWW, a client runs a piece of software known as a Web browser, such as WebExplorer.RTM. (provided as part of the Operating System/2 (OS/2).RTM. IBM Corporation), or the Navigator.RTM. program available from Netscape Communications Corporation. The client interacts with the browser to select a particular URL, which in turn causes the browser to send a request for that URL or page to the server identified in the URL. Typically the server responds to the request by retrieving the requested page, and transmitting the data for that page back to the requesting (The client server interaction is performed in accordance with the hypertext transfer protocol ("HTTP")). This page is then displayed to the user on the client screen. The client may also cause the server to launch an application, for example to search for WWW pages relating to particular topics. In some instances, servers may not be reachable due to security mechanisms such as firewalls which filter access to users allowing only privileged users to access the information. In these cases, proxy servers or proxy applications may be used to help administer such accesses. Proxy servers can be viewed as an entity which straddles protected and unprotected network areas and facilitates passing traffic between these areas based on the users involved and the privileges configured for those users. The network connections used are termed sockets which are simply where data-streams from the network are sent or received. Numbered ports on the server can be opened to listen to particular socket data-streams.
Most WWW pages are formatted in accordance with a language known as HTML (hypertext mark-up language). Thus a typical page includes text together with embedded formatting commands, referred to as tags, which can be used to control the font size, the font style (for example, whether italic or bold), how to lay-out the text, and other page options. A Web browser parses the HTML script in order to display the text in accordance with the specified format. In addition, an HTML page can also contain a reference, in terms of another URL, to a piece of multimedia data, for example, an image, a video segment, or an audio file. A Web browser responds to such a reference by retrieving and displaying or playing the data. Alternatively, such multimedia data may form its own WWW page, without any surrounding HTML text.
Most WWW pages also contain one or more references to other WWW pages, which need not be on the same server as the original page. Such references may generally be activated by the user selecting particular locations on the screen, typically by (double) clicking a mouse control button. These references or locations are known as hyperlinks, and are typically flagged by the browser in a particular manner (for example, any text associated with a hyperlink may be in a different color). If a user selects the hyperlink, then the referenced page is retrieved and replaces the currently displayed page.
Further information about HTML and the WWW can be found in "World Wide Web and HTML" by Douglas McArthur, p18-26 in Dr Dobbs Journal, December 1994, and in "The HTML SourceBook" by Ian Graham, (John Wiley, New York, 1995).
As so far described, and broadly speaking as currently implemented, the WWW suffers from the disadvantage that pages downloaded from a server to a client are essentially passive, in other words, they do not contain code which is executed at the client machine. One implication of this is that the server cannot offload onto the client any of the processing associated with the interaction between the client and the server. Thus if the client is completing a form with their telephone number for example, then any formal checks such as to the number of digits in the telephone number must be performed at the server. This results firstly in a heavier processing burden at the server, and secondly in time-consuming extra communications between the server and client should there be any mistakes to correct. Moreover, the inability of the server to download code for execution at the client is a significant limitation on the type of applications that can be created to exploit the WWW.
Recent developments, based particularly on the Java "JAVA" is a trademark of Sun Microsystems, Inc.) technology from Sun Microsystems Inc., have sought to overcome the above difficulties. The Java technology comprises primarily (i) a new programming language, somewhat similar to C and C++, and (ii) a virtual machine. Essentially, programs written in the Java programming language can be compiled into byte code form, and then interpreted at runtime on the Java virtual machine executing on the client. The Java virtual machine converts the byte codes into instructions that can be executed by the underlying physical machine.
Programs written using Java can be downloaded over the WWW in the form of byte codes for execution on a Java virtual machine at the client. Such programs are known as "applets". The use of the Java technology for downloading code over the WWW has two major benefits. Firstly, an applet can be platform independent, if we assume that each client has a copy of the Java virtual (The virtual machine at the client's system is typically incorporated either into the operating system, or into the Web browser itself). In other words, there is no need for a server to have different versions of the code for downloading to clients according to their respective operating systems and machines. Therefore, only a single version of the relevant code needs to be written and maintained, which makes life much simpler for software developers. Secondly, because the applet executes on a virtual machine, rather than a physical machine, security is greatly improved. Thus, when downloading code over the network, there is always a risk that it will include some malicious code (accidentally or otherwise) that may damage data or programs stored at the client. The virtual machine however can monitor the operation of the applet, and so detect and prevent such malicious activity.
It will be noted that the concept of downloading software from a server to a client in the form of byte codes for execution on a virtual machine was also known independently of the Java technology, see for example U.S. Pat. No. 5,347,632.
In order to invoke a Java applet, a Web page of HTML text contains an &lt;APPLET&gt; tag, which identifies the URL containing the applet. A browser responds to this tag by retrieving and running the applet. Also defined is a &lt;PARAM&gt; tag, which is contained within a pair of corresponding &lt;APPLET&gt; and &lt;/APPLET&gt; tags, and which can be used to specify parameters that are passed to the applet at run-time. (Note that the APPLET and PARAM tags are not formally incorporated into the HTML standard, but are nevertheless recognised by many Web browsers). Further information about the Java technology and applets can be found in "Teach Yourself Java in 21 Days" by Laura Lemay and Charles Perkins (Sams.net Publishing, Indianapolis, USA, 1996).
A significant restriction of such applets is that the standard Java model only allows the applets to talk to the servers they were downloaded from. This is referred to as the Java "sandbox" security restriction. It provides some security benefits but also severely restricts Java use for some applications. For example, this is undesirable for applets whose main purpose is connectivity where the goal is to accomplish communications with many other systems in the network (networking applets). Recent Java releases such as the Java Development Kit (JDK) version 1.1 provide a solution to this called trusted applets, but this solution does not work for all scenarios. First, it does not address users of prior JDK versions such as 1.02. Second, leading web browsers have yet to fully comply with JDK 1.1. Third, and most importantly, network administrators do not want their users to connect to any arbitrary host in their network. Instead they want the flexibility of multi-host applet communication with the advantage of administrative control and security capabilities. No solution is available which provides all of these advantages.