Monday, August 27, 2007
Thoughts on Microsoft and Federated Identity
This is my third conversation in the last couple of weeks where I noted that while Microsoft software has the capability of supporting federation via ADFS that many folks cannot use it. Apparently, in early Microsoft documentation, they encouraged large enterprises to come up with non-routable domain names for their Active Directory Forests. One popular choice I keep hearing about is how many enterprises choose .local.
The ability to generate a certificate that is signed by a root CA when your domains aren't routable is somewhat problematic. Microsoft did step up and provide the capability of renaming a domain but that doesn't really address this particular issue as it is easy but not lightweight.
Would be curious to know if others have also observed this problem space in large enterprises or am I seeing an early trend that folks will rather exercise their right to remain silent on?
Links to this post: