© Charles Chandler
Note that this proposal introduces the concept of "application" rights, which is something that is not present within any existing operating system. An implementation of this proposal could be faked with user rights, assuming the OS vendor wanted to do the wrapper work that would be required. Essentially, existing operating systems provide a way of assigning rights to files on a per-user (or per-group) basis. To instantiate app rights within this framework, the installation process would have to create a new user for the application being installed, and give that user complete control over that application's files. When the (human) user launches that app, the app will then run not as the (human) user, but as the app user, to gain read/write rights within the app and app data folders. The (app) user will also have read/write rights within the (human) user's folders, so that user files can be created and modified.
If these "app" users can be hidden from the existing rights management interfaces, this sort of implementation would not present any additional inconvenience to the user or administrator.