The code-centric authorization model of the Java 2 platform security architecture was based on the assumption that the user had to be protected from the world.