Evidence is the set of information that constitutes input to security policy decisions, such as what permissions can be granted to code. Common forms of evidence include signatures and location of origin of code, but can potentially be anything.
Objects of any type that are recognized by security policy represent evidence. Security policy is composed of code groups; a particular assembly (the basic unit of code for granting security permissions) is a member of a code group if it satisfies its membership condition. Evidence is the set of inputs to policy that membership conditions use to determine what code groups an assembly belongs to.
The Evidence class is a collection (ICollection) that holds a set of objects that represent evidence. (Herein big-e Evidence refers to the class; little-e evidence to objects that represent generic evidence.) The Evidence class holds two sets: host evidence and assembly evidence, corresponding to the source of the evidence.
Policy can get evidence from two different sources in evaluating permissions for code.
Host evidence is provided by the host, and can only be provided by hosts granted the SecurityPermission.ControlEvidence permission. Typically, this is evidence of location of origin of the code and digital signatures on the assembly.
Evidence about location origin typically includes URL, Site, and Zone evidence. Signatures refer to software publisher (AuthentiCode?) and strong name identities. Both kinds of digital signature based identity are built into the assembly, but must be validated and passed to policy by the host; when loaded the security system verifies the signature and only if it is valid will the corresponding evidence be collected and passed to policy.
Assembly evidence is part of the assembly itself. Developers or administrators can attach custom evidence to the assembly to extend the set of evidence for policy. (Note that signed assemblies may not be modified, and hence cannot have additional evidence added without breaking the existing signature.)
Object
Evidence
[Visual Basic] NotInheritable Public Class Evidence Implements ICollection, IEnumerable [C#] public sealed class Evidence : ICollection, IEnumerable [C++] public __gc __sealed class Evidence : public ICollection, IEnumerable [JScript] public class Evidence implements ICollection, IEnumerable
The following drawing shows how various kinds of evidence are collected.
Namespace: System.Security.Policy
Assembly: mscorlib.dll