NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Security Requirements

App Domains can be created from either fully-trusted or semi-trusted code. Fully trusted hosts must be able to supply evidence when creating a domain. This evidence is mapped through security policy to establish a "top of stack" permission set for all code running in the domain. Partially trusted hosts cannot present evidence, but they can explicitly specify the "top of stack" permission set. This permission set must be equal to, or a subset of, the permissions of the host.

Hosts with the appropriate level of trust must also be able to establish security policy to be applied to all code running in the domain. For example, a host may use the domain-specific policy to only load code that comes from a particular location. Domain-specific policy is ”merged with” the per-machine and per-user security policy at Runtime.