Abstract: Examples of the disclosure remotely activate a secure device for application development. A request is received at a device entitlement component for a developer kit from a secure device in a user mode via a network. A determination is made as to whether the secure device is in at least one allowed development group. In response to determining that the secure device is in the at least one allowed development group, a certificate is generated defining a permissions level associated with the developer identifier for the secure device. The certificate is transmitted to the secure device, including a key that interacts with a security processor of the secure device to convert hardware capabilities of the secure device to provide a developer mode at the secure device.

Abstract: Examples of the disclosure remotely activate a secure device for application development. A request is received at a device entitlement component for a developer kit from a secure device in a user mode via a network. A determination is made as to whether the secure device is in at least one allowed development group. In response to determining that the secure device is in the at least one allowed development group, a certificate is generated defining a permissions level associated with the developer identifier for the secure device. The certificate is transmitted to the secure device, including a key that interacts with a security processor of the secure device to convert hardware capabilities of the secure device to provide a developer mode at the secure device.

Abstract: The database (namespace) for storing component metadata for an application that is to be run in an isolated environment is isolated by an operating system by storing the component metadata in a local set of information associated with the isolated application instead of in a global namespace. The operating system utilizes this local metadata instead of the global database when components are employed. Registration data for components is placed within a manifest, enabling the operating system to determine the relationship between an application and a component or set of components used by the application.

Abstract: The operating system manages software entities by creating a construct called a context that organizes and manages software-related state and configuration settings of applications. A context may comprise an installation service, a configuration service and an activation service. Contexts can be linked or arranged hierarchically to form parent-child relationships. Hierarchies may be used to affect accessibility of software items, to satisfy dependencies, to control the visibility/invisibility of software items, to provide access to configuration settings and to override software availability, dependencies and configuration settings. An override may be applied to set policy when more than one context has a configuration setting, dependency or access to a software entity.

Abstract: The operating system organizes software so the set of extensions for an extendable application can be dynamically discovered and the extension can be run securely. Extensions are run as separate applications instead of within the extendable application's process. Extensions are discoverable to an activated extendable application by querying a category catalog. A category provides at least a partial description of a contract between an activating software entity and a software entity that is activated by the activating software entity. The category may enumerate a set of configuration settings associated with the contract that may be used to set up an isolated execution environment for the activated software entity. The category may also specify one or more extension points to be used for communication between the activating and activated software entities. The category may also include a list of software entities that implement the category.

Abstract: The resources needed by an application to execute are declared by the application. When the application is activated, only the declared resources are made available to the application because only the declared resources are connected to the execution environment. Accessibility to resources may be controlled by the operating system by making the resource visible or invisible to the executing software by mapping a local name used by the executing software to a global resource, possibly limiting the type of access allowed. Because the executing software relies on the mapping function performed by the operating system for access to resources, and the operating system only maps names declared by the software, the operating system can isolate the software, and prevent the application from accessing undeclared global resources.

Abstract: A system is presented that allows a single message to be sent to two groups of users, each group of user selecting a different quality of service. For one group of users, the message may be sent by a point-to-point protocol to ensure each user receives the message. For the other group, the message may be sent by multicasting so that each user in that group receives the message at approximately the same time. Both qualities of service may be handled by a single API.