The ``philosophy'' of the World Wide Web can be summed up as follows: a client establishes a channel to a WWW server using an URL request. The server responds to this request by sending the requested information back to the client (if possible) and closing the communications channel immediately thereafter. If the client wants to direct another request to the server, a new communications channel must therefore be established.
World Wide Web servers can call external programs via the CGI, for example to perform database accesses or to activate security software. The CGI specification uses a simple scheme for such calls; the CGI program must terminate once it has processed the data and returned it to the web server. The server in turn passes the data generated by the CGI program on to the client and ``forgets'' everything about the transaction. Under normal circumstances this should not be a problem - unless a CGI program needs to maintain state between two calls.
If one wants to use Plasma to secure web communications on the server side, this means that, for example, the server sends the request for the first authentication token to Plasma via a CGI call. After serving this request, the CGI program terminates, therefore Plasma terminates as well. All data that would have to be stored to maintain a secure link between client and server are then lost (this includes public keys and certificates as well as session keys etc.).
Therefore Plasma must run permanently on the server side and it must not terminate once the CGI application terminates when returning data to the web server. The Plasma system is therefore turned into a daemon process; this allows it to maintain state information for several communications links across several CGI calls within Plasma. Similar considerations apply to the client side; since the proxy also maintains only transient processes for each request, the state information for a secure communications link must be maintained in a Plasma application as well.