Comment Feed for Shawn Farkas: CLR 4 - Inside the new Managed Security Model (Charles on Channel 9)

Re: Shawn Farkas: CLR 4 - Inside the new Managed Security Model

Eric Aguiar — Tue, 27 Oct 2009 14:19:30 GMT

This security model reminds me a lot like how monads control side effects at a language level for I/O and managing complexity. I watched this video once more just to verify with Haskell's type system model as the parallel, and I found this to be ~80% mappable to the monad model. Maybe an opt-in plug-able type system for the CLR/DLR for security that includes these sort of checks based on Haskell's unmatchable type system may be a fun project to explore :P

Re: Re: Re: Shawn Farkas: CLR 4 - Inside the new Managed Security Model

Allan Lindqvist — Fri, 29 May 2009 09:09:41 GMT

i love you [and your team] :)

Re: Re: Shawn Farkas: CLR 4 - Inside the new Managed Security Model

Shawn Farkas — Thu, 28 May 2009 19:52:25 GMT

Yep - since we're not applying CAS policy to apps that you just run as .exes by default anymore, there won't be any need to play with caspol to get those working.

-Shawn

Re: Re: Shawn Farkas: CLR 4 - Inside the new Managed Security Model

Shawn Farkas — Thu, 28 May 2009 19:03:28 GMT

I don't think we interned together, but we did work on ClickOnce together back in the .NET 2.0 / VS 2005 days :)

Re: Shawn Farkas: CLR 4 - Inside the new Managed Security Model

Mike Sampson — Thu, 28 May 2009 16:42:16 GMT

Hey, we interned at the same time and started here in the same year!

I thought he looked familiar...

Re: Shawn Farkas: CLR 4 - Inside the new Managed Security Model

Allan Lindqvist — Thu, 28 May 2009 15:52:49 GMT

so no more caspol? :O i *hate* caspol :)

Re: Shawn Farkas: CLR 4 - Inside the new Managed Security Model

stevo_ — Thu, 28 May 2009 11:32:48 GMT

Personally the security model in .NET has mostly gone over my head.. I think its because in asp.net (where I spend most of my time), you get along perfectly fine without needing to understand it.. the only security concepts I really understand in asp.net world is trust levels (configured permission sets?) because most shared hosting implies medium trust and thus you need to be aware of operations that require full trust (and in some cases different hosts have 'variants' of medium trust, where permissions are stricter).

Edit: forgot to comment about the video, which was great- the silverlight security model is easy to understand (although I'm not entirely sure what that competes with).

Re: Shawn Farkas: CLR 4 - Inside the new Managed Security Model

Simo — Thu, 28 May 2009 10:49:59 GMT

"There's a lot of very useful information in this conversation with plenty of whiteboarding."

I read that sentence as "... with plenty of water-boarding." Sheesh, sign of the times.

Re: Shawn Farkas: CLR 4 - Inside the new Managed Security Model

cdwatkins — Wed, 27 May 2009 20:24:17 GMT

Thank God! Well done guys! As someone that has been working with the silverlight security model for some time now, I have to say its a hell of a lot easier to understand and work with. Glad to see that getting back into the core clr.

Re: Shawn Farkas: CLR 4 - Inside the new Managed Security Model

Bent Rasmussen — Wed, 27 May 2009 19:42:27 GMT

Lovely informational. I remember having used CAS and scratching my head a few times. The new model looks much simpler.