Integrating with Team Foundation Server Security
You can control the notifications you receive by implementing an Eventing Service security plug-in. This way, it is possible either to apply custom logic limiting the information available in an event or deny notification of the event entirely. In other words, you can apply notification security both by limiting subscription and by limiting the published content of events.
You can use tools to control notification by registering the INotificationFilters and ISubscriptionPathValidators interfaces defined in the Microsoft.TeamFoundation.Server assembly. The implementation should be in a plug-in assembly, which is placed, along with supporting assemblies, in the Program Files\Microsoft Visual Studio 2005 Team Foundation Server\Web Services\Services\bin\Plugins directory on the application tier.
At least one class in the assembly should have a default constructor and implement IPlugin. At initialization, the assembly is loaded, one object of each IPlugin is created, and Initialize() is called. At this time the plug-in registers either INotificationFilter or ISubscriptionPathValidator, or both.
Use INotificationFilter to alter the contents of an event (as an XML document) before the notification is generated. Each altered event is returned as a copy of the original event.
Use ISubscriptionPathValidator to check whether a person has permission to subscribe to an area. For instance, if a DefectChangedEvent has a ProjectPath field, the validator can check whether a user has permission to subscribe to DefectChangedEvents where the ProjectPath references \Root\DivisionExample\ProjectX.