It is possible to grant some applet permissions using grant signedBy
if the certificate which was used to sign the applet is being stored in
a keystore on disk. However, if the browser keystore of IE is being
used, then this does not work.


keystore "somecerts","jks";

grant signedBy "someone", codebase "https://somepath/someapplet.jar"
{
   permission java.io.FilePermission "<<ALL FILES>>", "read,execute,write";
   permission java.util.PropertyPermission "user.home", "read";
};

AFAIK the browser keystore, unlike standard keystores, doesn't feature aliases.
Hence it could well be that the above is simply impossible.

-------------------------------------------------------------------------------
http://java.sun.com/docs/books/tutorial/security/toolsign/wstep3.html

To grant code signed by |susan| permission to read any files in the |C:\TestData|
directory, you need to create a policy entry granting this permission. Note
that "Code signed by |susan|" is an abbreviated way of saying "Code in a
class file contained in a JAR file, where the JAR file was signed using the
private key corresponding to the public key that appears in a keystore
certificate in an entry aliased by |susan|."
-------------------------------------------------------------------------------

If the above was true then this would be merely a bug against the documentation:

http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/keystores.html

-------------------------------------------------------------------------------
Overview

Java Plug-in and Java Web Start support browser keystore in Internet Explorer and Mozilla; certificates and keys in browser keystores are used for the following purpose:

    * Signature signing verification
    * HTTPS server authentication
    * HTTPS client authentication
-------------------------------------------------------------------------------