Explorer Full Token -‐ All groups/privileges -‐ High integrity Filtered Token -‐ Safe groups/privileges -‐ Medium integrity Login FT cmd.exe notepad FT FT devenv.exe FT MicrosoF Account MS Account Token -‐ Access to MicrosoY Online Services
• CapabiliCes – Apps declare them – The Store verifies them – Users need to review them – Opera9ng system needs to enforce them • IsolaCon between Apps – Memory, disk, network • Signature verificaCon
Handlers Tiles Cryptography … App Container 1 Local context Web context AppData Local Temp Roaming App Container 2 Local context Web context AppData Local Temp Roaming CapabiliCes CapabiliCes
easy protecCon of data – encryp9on – integrity protec9on – key management • Protected data scoped to – local user/machine – domain user/group – web login
var result = await CredentialPicker.PickAsync(options); if (result.CredentialSaveOption == CredentialSaveOption.Selected) { var credential = new PasswordCredential( "MyBackEnd", result.CredentialUserName, result.CredentialPassword); var vault = new PasswordVault(); vault.Add(credential); }