blowdart wrote:Indeed, and to present a consistant user experience that's not easily faked. I admit it did freak me out when it happened on XP for the first time, and it's a bit too easy to crash the CardSpace panel and leave yourself
stuck on the secure deskop.
"the" secure desktop? I was under the assumption there can only be one, the one controlled by csrss.exe, which is why only the GINA shows up there and not other apps, hence why you can't get the Task Manager up on the secure desktop.
Note - CardSpace spins up in its own PRIVATE desktop, not *the* "Secure Desktop".
The Secure Desktop is (as many of you have commented in this thread) a highly protected desktop in which the GINA runs.
Private desktops can be created using the
CreateDesktop Win32 API. If you want yours to be private, you can restrict the level of access and
security attributes that your desktop (and therefore the apps running inside it) supports.
CardSpace runs in its own highly restricted Private Desktop to help shield itself from malicious software that the user might have inadvertantly picked up on their travels around the web. When the desktop is created and CardSpace starts running, it takes a
snapshot of the user's desktop, applies a grey mask and sets it's wallpaper to this grayed bitmap. This provides a strong visual cue to the user that "they're not in Kansas any more" and that something special has happened. The user is now within Windows CardSpace
- a protected environment in which they can more safely manage and control their digital identities.