Greg, > > For example, we don't have mechanisms which would allow a > ServiceUI client, to "see" a service in the registrar, and > only after seeing it and its source, signify trust, and then > download code. The original design has always been around > the concept of "you start the VM with the trust asserted" and > then it can only do what you've entrusted it with.
Exactly. Different trust evalutation is essential in the ServiceUI case. We have had these problems many times. This is a very different mode of operation from that of the original Jini programmatic clients only view. Zoltan
