From the security perspective the proxy is merely a filter deciding whether or not data must be passed through Plasma in this architecture; it searches for a Plasma identification tag in each data packet it receives. Data containing the Plasma identification tag are passed on to Plasma, otherwise the proxy passes the data on to the browser or the server, respectively, without interacting with Plasma.
In order to maintain the full functionality of a ``normal'' proxy while embedding the necessary functionality, a CERN HTTPD 3.0 was used as a base for embedding the Plasma modifications. Porting these modifications to other proxy architectures should be fairly easy since these are well embedded. The drawback inherent in this approach is the necessity to follow standard operating procedures, i.e. each browser request must be followed by a response from the server.
Since the browser knows nothing of the security enhancement of the communications channel, all transactions must be performed between the proxy and the server. Each request for Plasma services must contain such a string which allows the proxy to intercept it and send it to the Plasma application; the same goes for incoming data from the server; therefore the identification string is inserted by the CGI program.