Signed rich Internet applications (RIAs) display security warnings when the user tries to launch and use the RIA. When users are trying to access a simple RIA, security dialog boxes might unnerve them and turn them away from the application. Hence, sign your RIA only if you need to (for example, when accessing native libraries).
Recent enhancements to the RIA technology eliminate the need to sign your RIA in the following cases:
Accessing services on web sites other than the RIA's own domain – In the past, RIAs could only communicate with the server from which they were launched. The Java Plug-in software and the Java Web Start software now support cross-domain policy files. If a third-party site has set up cross-domain policies and allows access from other domains, your unsigned RIAs can invoke services from this site.
Setting trusted Java Virtual Machine arguments and secure properties – You do not need to sign your RIA to set trusted Java Virtual Machine arguments or secure properties. You can set secure arguments and properties in the Java Network Launch Protocol (JNLP) file. See System Properties for more information.
Accessing certain client resources – RIAs that are launched by using JNLP can access the client's resources with the user's permission. See JNLP API for details on how to use the JNLP API to access the client.
See the following topics for more security related information about RIAs.