The ambient authority proposals by Netscape and Microsoft address the problem of granting code from identified sources, access to portions of the host resources. (Netscape and Microsoft once called these proposals "capability based" but that is in conflict with established usage.)

These proposals fail to provide a programming environment where it is easy, natural and efficient for trusted programs to do the right thing. Ironically the Java language has solved a difficult technical problem that has limited application of known solutions to these problems. Yet the Java designers have failed to apply these known solutions to the security problems that now plague them.

We claim that (classic) capability based systems provide just such an environment and that the Java language supports these naturally.