Jeffrey Schwartz of Redmond Magazine published an in-depth story discussing how the new Active Directory Federation Services 2.0 for Windows Server simplifies secure access to applications and services in the cloud.
The article is a good read, providing perspective from a variety of companies – most highly supportive of ADFS 2.0, some slightly critical. Overall, Schwartz says, “Numerous Windows IT pros and security experts are bullish” on the new technology and what it can do. In the article, Kevin von Keyserling of Certified Security Solutions does a good job of summing up ADFS 2.0’s benefits:
"The end user can have the same experience in the cloud as if they were inside their own network; that's one of the advantages or drivers for these large enterprises looking at taking up the Federation Services and extending it. It provides cloud services without having to stop and deal with password resets and credential management, and allows [companies] to focus on the execution of their business strategy versus the day-to-day nuances of dealing with security issues."
Patrick Harding, CTO of Ping Identity, says "ADFS 2.0 is a big deal because it validates that federated identity management is important; it's going to become a must-have for cloud computing and SaaS computing."
"The bottom line is we're streamlining how access should work and how things like single sign-on should work from on-premises to the cloud." John Chirapurath, Senior Director, Microsoft
A real-world example of ADFS 2.0 in action (not in the article) is Thomson Reuter’s Treasura web service to help professional treasurers handle cash and liquidity management, forecasting, payments and compliance.
Using Windows Identity Foundation - an extension to the Microsoft .NET Framework – and ADFS 2.0, Thomson Reuters was able to provide single sign on access to Treasura and related software through identity federation with its customers. Customers can log on to their computers once and navigate to the Treasura site and among Treasura applications without having to sign in again. They can manage and control their own authentication and access policies just once, on their own networks. The Treasura team also provided SSO access to other Thomson Reuters products, even ones that are built using Sun OpenSSO or other third-party technologies instead of Active Directory.
Because Windows Identity Foundation provides their application developers with the same familiar Windows development tools to provide single sign on without having to write custom authentication code, Thomson Reuters expects to save an average of three months of development time.
And offering one shared authentication infrastructure improves security, because developers can focus their efforts on making applications and services the best they can be, without worrying about creating authentication silos in each application that must be managed separately.