Security Policy Model
The .NET Framework security policy model comprises the following elements:
- Security policy levels: enterprise, machine, user, and sometimes application domain.
- A hierarchy of code groups within the enterprise, machine, and user policy levels.
- Named permission sets associated with each code group.
- Evidence that provides information about the identity of code.
- Application domain hosts that provide evidence about code to the common language runtime.
Each security policy level has its own hierarchy of code groups that provides a framework for establishing and configuring security policy. Code groups map evidence to a set of allowed permissions. Often, code groups are associated with a named permission set that specifies the allowable permissions for code in that group. The runtime uses evidence provided by a trusted host or by the loader to determine which code groups the code belongs to and, therefore, which permissions the code is granted.