This chapter explains how the runtime uses security policy to determine which permissions to grant an assembly or application domain based on its identity. We begin with a high-level explanation of security policy and clarify its relationship to evidence and permissions. We describe the structure of security policy and explain how the component elements interact at runtime. We explain how to manipulate security policy programmatically and demonstrate the use of application domain policy. Finally, we continue the development of the CAS extensions started in Chapter 6, showing you how to use custom evidence in security policy configuration.