Policy uses security configuration based on evidence from code to decide if it is safe to run it, and if so to grant permissions to it. This document describes the policy model, how the policy mechanism works, and the programming model for administration of policy.
Security policy allows the administrator to restrict the permissions granted to code running on the machine. The policy system looks at evidence about all managed code – where it comes from, name or publisher identity, and so forth – as the basis of a trust decision about the code, that results in a set of permissions the system is willing to grant the code. The code itself may require certain permissions, and only when policy grants all permissions required is the code actually allowed to run. Additionally, code may optionally request more permissions or may explicitly refuse to be granted certain permission. Thus, the interplay between security policy and code requests provides a negotiation of permissions suitable to both the system as configured and the code itself.