When pages using Ext.Direct are included in other pages, how can we limit the scope of the included pages's remoting objects? The encompassing page should not be able to invoke other pages' RemotingProviders, unless explicitly designated via a server-side setting.

One thought is to somehow lock down remoting object invocation via a DOM id - top-most id of the page which the remoting object is associated. When a remoting method is invoked client-side, we'd check from where on the page the method was invoked by getting the origin id (Javascript call stack?) and then validate that the DOM element is a child of the lock down element I'm not sure how feasible that is.

Ideas?