From what I've read on the subject, the Google Chrome sandboxing method (as implemented on Windows XP) can theoretically be used for applications other than Chrome or Chromium. Could it be used for arbitrary applications in practice though? If so, what would be required for that? Could the "token" method be e.g. used to sandbox a web server, along the lines of a properly managed chroot, or a FreeBSD jail?