![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Welcome to Vista Forums we are your forum to discuss Windows Vista x64 and x86 systems. Whether you need help or just want to post an idea you have on Vista, this is the forum for you.
br>
|
|
|||||||
![]() |
|
|
Thread Tools | Display Modes |
|
|
#1 | ||
|
Guest
Posts: n/a
|
I've read the blog entry "WinFS Mailbox II", which cuts a bit into the topic
of item security. However how will this be exposed by the UI? In my ideal world, items in the store would be assigned to application/system contexts. Each application can access its own context without restrictions. While other applications could search the files residing in other contexts, accessing them however would spawn a system dialog asking if you want to grant the application access to the single file, the whole context of the other application or plain out deny the access. Add a checkbox to make the decision permanent. This would put the data security in the hands of the user and notify him immediately when an application tries funny business. This would give for instance secure sensitive data of your Money version on WinFS the protection it needs while giving other applications the ability to access them under the control of the user. There should also be a system context, where the system files would reside, which are accessible by everyone under the control of the system, and a root context for global things that you want to be accessible without restrictions. That'd be contacts, mails and other insensitive items. Regards. -mg |
||
|
|
|
|
|
|
#2 | ||
|
Guest
Posts: n/a
|
Applicaton isolation has been widely investigated as a security feature for
Vista. However, it has not been fully implemented - MIC provides a level of isolation in Vista. True App identity is postponed to subsequent OS releases. WinFS aligns its security model with NT and leverages security mechanisms availabe in the OS for its authentication, authorizaiton, auditing and administration to improve better inter-operability with other components in the ecosystem. Until App isolation becomes a native mechanism in the OS, WinFS recommends the classic namespace based isolation (for isntance, Infopath uses the following folder for storing content specific to Infopath - c:\Documents and Settings\simonsk\Application Data\Microsoft\InfoPath). -- Simon Skaria [MSFT] simonsk@microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights "Mario Goebbels [489782]" <fa001478@skynet.be.MAPS> wrote in message news:eAy9F%23EQGHA.3872@TK2MSFTNGP15.phx.gbl... > I've read the blog entry "WinFS Mailbox II", which cuts a bit into the > topic of item security. However how will this be exposed by the UI? > > In my ideal world, items in the store would be assigned to > application/system contexts. Each application can access its own context > without restrictions. While other applications could search the files > residing in other contexts, accessing them however would spawn a system > dialog asking if you want to grant the application access to the single > file, the whole context of the other application or plain out deny the > access. Add a checkbox to make the decision permanent. This would put the > data security in the hands of the user and notify him immediately when an > application tries funny business. This would give for instance secure > sensitive data of your Money version on WinFS the protection it needs > while giving other applications the ability to access them under the > control of the user. > > There should also be a system context, where the system files would > reside, which are accessible by everyone under the control of the system, > and a root context for global things that you want to be accessible > without restrictions. That'd be contacts, mails and other insensitive > items. > > Regards. > > -mg > |
||
|
|
|
|
|