When running as an applet rather than an application, MICE is subject to the security restrictions of the Java Virtual Machine. Normally an applet is only allowed to run in the "sandbox", a restricted environment which is isolated from the local computer, so that it cannot access local files and cannot connect to the network directly.
In order to use an applet like MICE, which requires access to the local file system and needs to be able to make arbitrary socket connections to other, third party machines, the applet must be signed, before it will be allowed to carry out these potentially insecure actions.
The process of creating a signed applet involves three steps:
The most popular and commonly used web browsers are pre-configured to recognise and accept a number of commercial CA's. Other commercial entities can purchase certificates from these recognised CA's, and then use them to sign their applets. When these applets are downloaded to the common web browsers, the certificate is verified against the known CA's and the user is prompted to accept the certificate.
The MICE applet is a signed applet but it is signed with a certificate that was not issued by one of the commercial CA's. Instead, SDSC has established itself as a CA, and has put in place the mechanisms for issuing certificates for its own employees. These certificates are just as valid and secure as those obtained from commercial CA's, but since the common web browsers are not aware of SDSC as a CA, they will not accept these certificates immediately.
Note: these instructions are specific to Microsoft Windows. Other platforms have slightly different security models and MICE is not yet supported as an applet on these platforms.
In order to get the web browsers to accept certificates from SDSC as valid and secure, the user must import a key from the SDSC CA. Once the key is installed, when the user downloads an applet which has been signed with a certificate that is backed by SDSC, they will be presented with the usual security dialogs that ask them whether or not they wish to allow the applet to run outside of the sandbox.
To download the SDSC Certificate Authority key:
Next that key must be added to the browsers to allow them to recognise certificates that have been issued by the SDSC Certificate Authority. Because of the way the security features of the Java Plugin are implemented under Windows, the SDSC CA key must be imported into the Windows environment using Internet Explorer, even if you intend to run MICE under Netscape. Follow the instructions for importing the key using Internet explorer, and then repeat the process with Netscape.
To be done... Right now it's impossible to remove the SDSC certification authority without crashing the browser, so I can't figure out the steps that are required to install it in the first place. I hope Netscape 6 is an improvement over 4.7...
Once the SDSC CA key has been imported into the Windows environment via Internet Explorer, the plugin will correctly recognise and accept certificates issued by SDSC. To run MICE, visit Apostol Gramada's webpage.
When you visit the page with the MICE applet embedded in it, you should first see a dialog asking if you want to grant permissions for Java3d. The dialog allows you to grant permissions for this session only or from now on. The "grant always" option does not appear to work, so it is important to choose "grant for this session". Once you have granted permission for Java3d, the browser will download the Java3d jar file from SDSC, unpack it, and start the installation procedure.
Note: The Java3d installer will offer to install the runtime files in the default location for version 1.2 of the Java Runtime Enviornment. In order to use Java3d with version 1.3 of the Java Plugin (which is itself required in order for the security features that allow MICE to run as an applet), you must specify a slightly different location for the runtime files. When the installer presents the location for the files, be sure to change "1.2" to "1.3", or the plugin will not find the Java3d files.
With Java3d successfully installed you should next see another java secuity dialog box, asking if you want to grant the MICE applet for this session only, or from to grant permissions permanently. Both options work correctly, so it is up to the user which of the two they wish to use. Granting permissions for the applet permanently will avoid having to download the MICE jar files everytime the appet is run. Once you grant permission, the applet should start and you should see the MICE splash screen appear, followed closely by the application window.