NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Introduction to NGWS Runtime Security Permissions

This document is structured to answer the following questions:

Permissions in the runtime are implemented as objects that describe a set of operations the can be secured for a given resource. A permission object describes operations or access subject to security control, it does not represent a right to do such operations or access in and of itself. Permissions are used by both application code and the runtime security system as the building blocks of the runtime security system in many ways.

Standard permissions are defined by the runtime to secure resources that are exposed by the base class libraries that are a part of the runtime. These standard permissions should always be used to secure access to the resources corresponding to these permissions – for example, the FileIOPermission for file access, and so forth. Custom permissions may be defined to control access to other resources, and used in exactly the same manner standard permissions are used.

Most applications that use basic resources via the standard class libraries need only to request the right set of permissions which in turn need to be granted before the code can be safely run. (A separate policy spec describes the grant in detail.) Only code that exposes – and therefore must protect – resources that are controlled by permissions needs to use permissions other than simply request them.

In addition to resource protection there are identity permissions that provide a secure way to determine the identity of managed code, such as its software publisher by signature, web site of origin, and so forth. Identity permissions are granted based on evidence from the application code, and are never requested.