AppDirs for config and sandboxing
Normally, a ROX AppDir is a read-only directory containing program code. This makes it easy to manage programs using the filer. However, it's hard to manage configuration, which goes in various hidden files (hopefully under ~/.config).
With 0install, the program's code goes in a shared cache instead, allowing it to be shared automatically, and leaving the application directory almost empty.
This opens up the possibility of reusing the appdir for configuration. Instead of making it easy to manage code with the filer, this makes it easy to manage configurations.
It also makes sandboxing easier, because we can simply grant every program read/write access under its own application directory. If you want several instances of a single program, each with a different configuration, just create several appdirs for it.
I've created ebox, a proof-of-concept system to demonstrate this. It works a little like AddApp: given the 0install URI of a program, it creates a new appdir for it. The application cannot read or write to ~/.config, or anywhere else outside of its own directory without permission from the user.
Programs also need permission to access the network:
Currently, it only works with programs designed for it, but hopefully it could be generalised in future.