I understand that Protection Domain is a set of 'Allowed' and/or 'User' permissions. I have following confusions :
1. Is developer responsible for defining protection domain ? 2. A protection domain and a security policy file are one and the same thing? 3. Where to keep this security policy file and while delivery of application - how to deliver along with protection domain.