Isolated storage uses evidence to specify a unique storage area for use in an application or component. Filesystems refer to files by explicit pathnames (e.g. c:\temp\myapp\temp.txt), however, there is nothing to prevent other code from accessing “myapp”’s files. Isolated storage provides true isolation in that the identity of “myapp” (detailed below) uniquely determines the root of a virtual file system that only “myapp” can access. Thus, rather than many applications and components sharing a common resource like a file system (or the registry), instead each has its own file area inherently assigned to it, and fully isolated from other applications making it essentially private.
This approach provides benefits to both programmers and administrators, and should result in better applications for users. By using application identity information to define a unique data compartment for the application and/or component, IsolatedStorage makes administration easier in two distinct ways. First, applications have a standard place to store their data – programmers don’t have to use ad hoc techniques to take a corner of the file system for their use, this also lets administrators remove data for an application when uninstalling it. Also, from a security point of view, by isolating each application’s data into compartments, this approach protects against other code getting at another’s data.