NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Encoding

Many managed objects used by security need to be represented in a persistent form encoded as a sequence of bytes. Roughly, objects with this requirement fall into two groups: permissions – such as for use in security declarations or code requests – and policy which is a superset of these including policy levels, code groups, and so forth.

There are two formats supported which satisfy differing requirements corresponding to various usages within the system:

Binary serialization of security objects uses the standard binary serialization facility. Refer to serialization specification for details of the format and how it is processed.

Security objects use a unique format for representation in XML that is different from the standard “XML serialization format” for objects. The primary reasons security is different derive from some unique aspects of the design of the code access security infrastructure. Primarily, security policy must typically be evaluated early on for every application that runs managed code: for this reason it is important that the security overhead be held to a minimum for optimum performance. Further, since policy uses managed code to run, it is important to minimize the amount of managed code involved in spinning up the security system – if security policy computations involve references to other assemblies that must be loaded to execute, then policy in turn needs to be evaluated in order for that code to run – it is easy to get into an avalanching situation handling policy for the very code that is part of the policy system.