...
A system's security policy determines which information is sensitive. Sensitive data may include user information such as social security or credit card numbers, passwords, or private keys. When components with differing degrees of trust share data, the data are said to flow across a trust boundary. Because Java allows components under different trusted domains to communicate with each other, data can be transmitted across a trust boundary. Systems must ensure that data is not transmitted to a component in a different trusted domain, if authorized users in that domain are not permitted access to the data. This may be as simple as not transmitting the data, but it may also involve filtering sensitive data from data that can flow across a trust boundary . as illustrated by Figure 1.2 illustrates .
Figure 1.2. Filtering Data.
...