Many organizations are partnering with businesses to efficiently deliver products and services. As businesses form these alliances, there needs to be a secure method of authenticating users from the partners' organizations. Part of the challenge to allowing authentication into your network is the security needed to maintain the connection between partners while keeping hostile entities at bay. In the past, this was possible with several tools and utilities, none of which appeared to work well with each other.
Active Directory Federation Services (AD FS) extends Active Directory to the Internet while guaranteeing the authenticity of the accounts attempting to authenticate. Using this technology will not only enable organizations to work with partner organizations more efficiently; it will also allow interoperability with a with range of applications and platforms, such as Netegrity, Oblix, and RSA, as well as leverage client systems that can utilize Simple Object Access Protocol (SOAP)-based command sets.
When using AD FS, an organization can allow users that exist within separate forests, as well as among partner organizations, to have access to the organization's web applications and use a single sign-on. AD FS is based on the Web Services (WS-*) architecture that is being developed with the cooperation of several companies, including IBM and Microsoft. Chapter 10, "Managing Access with Active Directory Services," will cover managing and maintaining AD FS integration between organizations and within an organization.
Was this article helpful?