The NGWS runtime verifies the shared name signatures at the following points (using StrongNameSignatureVerification):
If an assembly is deployed to the global assembly cache, the signature is verified when the assembly is placed in the cache.
If an assembly is deployed to the application directory (or a subdirectory thereof), the signature is verified when security policy is evaluated IF there is any policy defined based on the shared name corresponding to the public key stored in the assembly manifest. Also, for Beta2 we are considering adding a configuration setting that will force shared names to always get verified when an assembly is loaded.