Verify signed JAR files
Allow class loader to load jar files
Determine if presented authentication credentials should be trusted
Challenge the user for credentials
Make policy decisions based on the trustworthiness of mobile code