What you write sounds exactly what you'd get with JRE and Python which worked ever since the Win9x days. My questions are about the differences that make this necessary.
Microsoft is moving to same security model as Android and iOS where individual applications request (and can be denied) permissions to do things. One example is triggering desktop notifications. If you get a notification you can see exactly which application sent it and then prevent that application from ever sending you another one.
What you get with JRE and Python in the Win9x days is that the executable is "java.exe" or "python.exe" which isn't helpful when the actual application is what is being run by these programs. Granting a permission to python.exe is not what you intend when you're wanting a notification from helloworld.py.
That would easily be solved with an API call that says "Hey, i'm helloworld.py". It wouldn't solve the sandboxing stuff, but TBH i do not see that working for desktop applications (in that the sandboxing wont be mandatory for backwards compatibility - the main reason people keep using Windows - and most desktop applications wont bother restricting themselves).
The whole effort reminds me of W3C doubling down on XHTML despite everyone else ignoring it (and it isn't like XHTML wasn't nice on paper, but real world has other concerns beyond doing some things the theoretically "right way").
> That would easily be solved with an API call that says "Hey, i'm helloworld.py".
That's what this is! "Hey, I'm helloworld.py and I'm a Python application". Just an API call isn't going to work because every application is potentially hostile.
Windows 10X is sandboxing Win32 application through a virtualization layer.
Win9x didn't have the app store with a sandbox, one click to install, and auto-updates. If you installed a Python or a Java app without having the corresponding runtime, it just didn't work. If you had the runtime installed - which had to be done separately - and then later the user tried to uninstall them, they wouldn't get any warnings, but all apps relying on them would be broken. Not to mention versioning.