Abstract: Computer-based systems and methods are disclosed for a comprehensive security model for managing active content downloaded from a computer network. The security model includes the configuration of a system security policy that is stored on a host computer. The system security policy is configured by security zone in progressively “finer grain” levels with each level associated with and defining the previous level. These levels may include: protected operations; user permission sets, permissions, parameters and primitives. In the disclosed method and systems, a publisher of active content specifies a requested permission set that includes a list the permissions (defined by parameters, which are defined by primitives) that the active content requires in order to run on the host system. The requested permission set is external to the active content so that it is not necessary to run the active content in order to discover the permissions that the active content requires in order to run.

Abstract: Computer-based systems and methods are disclosed for a comprehensive security model for managing active content downloaded from a computer network. The security model includes the configuration of a system security policy that is stored on a host computer. The system security policy is configured by security zone in progressively “finer grain” levels with each level associated with and defining the previous level. These levels may include: protected operations; user permission sets, permissions, parameters and primitives associated with parameters. A requested permission set is provided by the publisher of active content that lists the permissions that the active content requires in order to run on the host system. The requested permission set is automatically compared to one or more user permission sets to determine the permissions, if any that will be granted on the host system.

Abstract: Computer-based systems and methods are disclosed for a comprehensive security model for managing foreign content downloaded from a computer network. The methods and systems include the configuration of a system security policy that is stored on a host computer. The system security policy includes one or more independently configurable security zones. Each security zone corresponds to a group of network locations and may have one or more associated configurable protected operations that control the access to the host system by foreign content downloaded from the computer network. A protected operations may have one or more associated configurable permissions that define the capabilities of the protected operation. Each permission may be defined by one or more parameters and each parameter may be defined by one or more primitives. The permissions may be defined to enable the permission, disable the permission, or prompt the user when the permission is required.