Is it possible to restrict access to a persistent token extension, i.e. to block use of keys hosted by a managed app from an unmanaged app? Something like the allowOpenFromManagedToUnmanaged/allowOpenFromUnmanagedToManaged pair is what I was looking for.
