Abstract: Some embodiments are directed to controlling interactions between a host software program and a computer system by providing a managed execution environment running within the host software program. In one embodiment, a computer system integrates a managed execution environment within a host software program. The computer system uses the managed execution environment to interact with one or more features of the host software program. The managed execution environment includes interface controls configured to interface between the computer system and the host software program. The compute system alters one or more of the various software program features based on code that is identified in downloaded content.

Abstract: Some embodiments are directed to controlling interactions between a host software program and a computer system by providing a managed execution environment running within the host software program. In one embodiment, a computer system integrates a managed execution environment within a host software program. The computer system uses the managed execution environment to interact with one or more features of the host software program. The managed execution environment includes interface controls configured to interface between the computer system and the host software program. The compute system alters one or more of the various software program features based on code that is identified in downloaded content.

Abstract: Some embodiments are directed to controlling interactions between a host software program and a computer system by providing a managed execution environment running within the host software program. In one embodiment, a computer system integrates a managed execution environment within a host software program. The computer system uses the managed execution environment to interact with one or more features of the host software program. The managed execution environment includes interface controls configured to interface between the computer system and the host software program. The compute system alters one or more of the various software program features based on code that is identified in downloaded content.

Abstract: In one embodiment, a computer system performs a method for accessing a trusted assembly from a virtualized location. A computer system detects receipt of a request to access an assembly. The address of the assembly is expressed in the request as a virtualized location. The computer system resolves the virtualized location to a physical location where the assembly is physically stored. The resolving includes accessing an information store that maintains the current physical location corresponding to the requested assembly's virtualized location. The computer system determines whether the requested assembly qualifies as a trusted assembly by verifying that the assembly sufficiently complies with information encoded within the assembly. Lastly, upon determining that the requested assembly is trusted, the computer system accesses the requested assembly from the physical location.

Abstract: A declarative model for specifying appropriate transformations that may occur at the input and output of each service of a sequence of services that accomplish a more complex task. Each of the services may have access to the appropriate transformation declarations, and may interpret the declarations to thereby be appropriate directed on transforms to occur in its input data and/or output data. In order to change a transformation, the transformation declaration may be altered.

Abstract: The present invention extends to methods, systems, and computer program products for accessing network resources outside a security boundary. The present invention can provide a modules running within a security boundary (e.g., sandboxed client-side scripts) access to network resources at computer systems other than the computer system where the module originated. When network access is permitted, the properties of network request can be adjusted so that security information of the client system and the originating computer system for the module are not divulged. Thus, a module can obtain content for inclusion in a Web page from third party servers in a more secure meaner. Network e access decisions can be made based on ambient data already accessible to a host environment such that network access decisions can be made in a more automated manner.

Abstract: The present invention extends to methods, systems, and computer program products for accessing file resources outside a security boundary. The present invention can provide a modules running within a security boundary (e.g., sandboxed client-side scripts) access to a file outside the security boundary without divulging security information related the file. When file access is permitted, a file stream including relevant portions of the file (and potentially only those portions needed) for performing a requested file operation is generated. The module is returned a reference to file stream to give the module access to the relevant portions of the file. File access decisions can be made based on ambient data already accessible to a host environment such that file access decisions can be made in a more automated manner.

Abstract: The present invention extends to methods, systems, and computer program products for accessing network resources outside a security boundary. The present invention can provide a modules running within a security boundary (e.g., sandboxed client-side scripts) access to network resources at computer systems other than the computer system where the module originated. When network access is permitted, the properties of network request can be adjusted so that security information of the client system and the originating computer system for the module are not divulged. Thus, a module can obtain content for inclusion in a Web page from third party servers in a more secure meaner. Network e access decisions can be made based on ambient data already accessible to a host environment such that network access decisions can be made in a more automated manner.

Abstract: Some embodiments are directed to controlling interactions between a host software program and a computer system by providing a managed execution environment running within the host software program. In one embodiment, a computer system integrates a managed execution environment within a host software program. The computer system uses the managed execution environment to interact with one or more features of the host software program. The managed execution environment includes interface controls configured to interface between the computer system and the host software program. The compute system alters one or more of the various software program features based on code that is identified in downloaded content.

Abstract: In one embodiment, a computer system performs a method for accessing a trusted assembly from a virtualized location. A computer system detects receipt of a request to access an assembly. The address of the assembly is expressed in the request as a virtualized location. The computer system resolves the virtualized location to a physical location where the assembly is physically stored. The resolving includes accessing an information store that maintains the current physical location corresponding to the requested assembly's virtualized location. The computer system determines whether the requested assembly qualifies as a trusted assembly by verifying that the assembly sufficiently complies with information encoded within the assembly. Lastly, upon determining that the requested assembly is trusted, the computer system accesses the requested assembly from the physical location.