© Charles Chandler
Applications that run as services for other applications would inherit the user's rights as well as the rights of the calling application, and then add whatever additional rights they need in order to function effectively. All services would run as child processes of the calling application, and where two or more apps have launched the same service, there will be two or more instances of that service running, each with a different set of rights.
To follow the same model as other applications, services should be accessible through application hooks created at installation time. The only difference would be that service hooks would not be exposed to the user.
Non-protected (legacy) apps installed into the user area would be callable directly, by filename, but would not have any special application rights.