Unified mechanism for two related problems:
- Federation: windows from remote WayRay servers appear in local
desktop (B2B invites, cross-org app sharing, visiting consultants)
- Sandboxing: windows from isolated local environments (illumos zones,
containers) appear alongside trusted local windows
Three display modes:
- Desktop-in-desktop (full remote session in a window)
- Merged windows (seamless per-window integration with local WM)
- App embedding (future: subsurface portal)
Trust-level visual indicators (Local/Trusted/Sandboxed/Untrusted),
input isolation per trust level, B2B invite flow, server-to-server
mutual TLS federation, and OIDC-based dynamic trust chains.
Same ForeignWindow protocol for both remote (QUIC) and local (Unix
socket) sources. illumos zones as natural sandboxing primitive.
