(20##) 10 9 8 7 6 5 4 3 2 1 0 <
DesktopWeb FormText   the sandbox gapMon, 03 Oct 2005 16:22:34 GMT # 

the 'sandbox gap' is the gap between what permissions are allowed in a certain sandbox (e.g. Internet Zone) versus the ability of .NET class libraries to support AllowPartiallyTrustedCaller code to run in this scenario. i.e. the sandbox will allow you to do more than what the assembly will. specific examples from WinFX are that WCF, WWF, and Speech will require full trust to run; while WPF and Ink will run in a partially trusted sandbox. ClickOnce solves this problem for the enterprise, but is not intended for internet scenarios. for the internet, our applications will have to prompt the user to ask for the proper permissions to run. of course users are going to automatically say 'yes' because they know the application will not run otherwise. personally, i agree with David Platt, and think this is the wrong model. if the application will not run in the sandbox, then i think it should just display a dialog that it wont run, and make the user go out of there way to do an install. along with that, the class libraries should be able to run in the sandbox so that well behaved apps can run without having to prompt the user at all.

the specific sceneraio i'm thinking about is Media Center Edition (MCE). MCE currently has the Online Spotlight area for premier 3rd party sites. right now they are all HTML applications ... lame. do you really want to view an HTML page on your 50 inch television. hell no. even the addition of Atlas will come up short for a visually rich UI. this is where WPF shines. all the gratuitous chrome we've been seeing from WPF is perfectly suited for MCE. these are always on, powerful machines, with superior graphics cards and a broadband connection. plus they are definitely running IE and .NET because the shell is currently written in Managed DirectX. so the WinFX Web Browser Application (WBA) model is begging to be exploited in this arena. the Online Spotlight partners will retool with WPF to get this radically improved user experience. but the problem comes when they want to call back to the server from where the application was served, because they will not be able to use WCF. instead they will have to revert back to System.Net. and if they've componentized their applications to use WWF, then they will have to rebake that control logic into their application. yes, we can prompt the user to allow the application to run, but is that really the right model for couch potatos with a remote in their hand?

i know its too late for the next release of WinFX, but for the Orcas time frame i really hope that the base class libraries change tactics and provide libraries that will let us use the permissions provided to us by the sandbox. WCF could let us do this by allowing us to call back to the servers from where the applications were served. some security could even be used by letting the app switch to using managed crypto algorithms. it would be even better of the InfoCard UI would work as well. WWF could provide a client safe runtime that persisted long running workflows to IsolatedStorage. and the Speech API could possibly limit the application interaction to command and control scenarios, or require a tap and talk user interaction for dictation to be active. in the short term, i'll definitely exploit WCF and WWF on the server ... but on the client i'll have to revert to legacy libraries. long term, i hope this changes ...