In SDM, each service is run on behalf of some principal, the CodeExecutor, who takes the responsibility for that service. In particular, given a remote service running on a machine at a port (mapping to a URL), there is an authoritative CodeExecutor responsible for that service. Implementation of SDM requires that the JDK1.2 domain model be extended to include principals, so that each CodeSource will also have a principal associated with it. One domain will be formed for each such <CodeExecutor, CodeSource>. Further authentication and access control (and delegation) may then be based on the CodeExecutor.
To support PrincipalDomains, the Java runtime system must maintain a
mapping from <CodeSource, CodeExecutor> pair to their
protection domains and also the mapping between protection domains and
their privileges. This could, for example, be implemented at the
execution stack level with the aid of class blocks and the executing
environment frame, as illustrated in Figure
. More complete
details can be found in [6].