Existing cache systems for the Internet typically provide very limited support to access control of server contents: for example, only allowing the same user to access the document again. Using cache applets, the server can gain the benefits of proxy caching without sacrificing the access control.
The cache applet, upon receiving a request from the user, checks whether the user request is accompanied with an access authorization. An access authorization is a cookie that contains a signed statement from the server. If not, the request is sent to the server (whose response would include a cookie for future requests if the user is allowed to access the contents). Otherwise, using the server's public key, the applet verifies whether the server has signed the certificate. If so, the applet grants access to the document. If not, the applet merely returns -1 and the request is redirected to the server, who will send the appropriate access violation messages.