In my last post I talked about the two different security rule sets supported by the v4 CLR. At a high level, level 1 is the v2.0 security transparency model, and level 2 encompasses the updated v4 security transparency model. Digging down a little deeper, it’s interesting to look at some of the exact details that change between the various transparency models. For fun, let’s also compare both rule sets to Silverlight.
A couple of interesting things to notice – the level 2 rules look quite similar to the Silverlight rules. This means that you can basically learn one set of core security enforcement rules and apply them to both desktop and Silverlight development. As I mentioned previously, it’s also interesting to note that the penalty for transparency violations in level 2 transparency are generally hard failures, while the penalty in level 1 was generally triggering a full trust demand. That means that many of the level 1 transparency violations are generally more expensive (since they incur a runtime check at each invocation, rather than a single JIT time check). They also have a tendency to hide on you, since runtime checks can sometimes succeed during testing, and fail once you deploy your app to a new environment.
In the interest of completeness, I’m going to list several things in this table that I have yet to blog about. (Although, you’ll recognize many of the core transparency rules covered here.) Over the next few weeks, I should cover the various interesting pieces of this table – but rather than waiting to blog about them before adding them here, I think it would be more useful to list the full table now.
I’ll also note that while level 1 transparency is supported in the v4 runtime, it exists solely for compatibility with existing code. No new code should be written using the level 1 rule set, and over time existing code should consider moving to the level 2 rule set as well. (That is, don’t necessarily treat this chart as a way to select which security rule set you want to work with, but rather as a way to compare the evolution of transparency from .NET 2.0, to Silverlight 2, and finally into .NET 4).