摘要 |
Controlling resource access by entities hosted by an execution extension environment via entity identifiers associated with the resources or with the execution extension environment. Policy sets define the access to the resources. Each policy set includes a principal identifier for execution extension environment, a resource identifier for one of the resources, and access rights. The principal identifier or the resource identifier includes one of the entity identifiers. Access requests from entities are evaluated by comparing the entity identifiers to the policy sets. In some embodiments, the policy sets implement access control for web browsers hosting executable code that attempts to access resources on a computing device. |