One of the interesting things about my new job is that I get out a lot and talk to customers who are struggling to build real systems and understand their problems. I love customers; they just say what they think and what they are trying to do simply and clearly. When you see a lot of them as I do you can start to see patterns of common problems and interests which can surface in very strange ways when mapped onto what the IT industry is providing. So as an example I see a huge number of customers interested in Active Directory and to a lesser extent in MIIS. Talking to people attending our Technet Events on these topics it appears that actually what they are interested in is how to map their Organisational Topology onto the technology. What I mean by that is that organisations have structure, roles, permissions, policies, employees, suppliers, customers etc all with relationships to one another and policies between them. These have to be mapped to directories, databases, and security systems etc, a non trivial task. If the mapping is incorrect then it can cause huge organisational and business problems however there is very little help in how to do this from an organisational standpoint.
Whilst we have many technologies to support this mapping (Kerberos, IDM, AD, ADAM, MIIS ADFS, ESSO etc) and explain (in some cases in excruciating detail IMHO) how to use them we don’t explain how to use them all in concert to support a complete organisational topology. In fact we give very little guidance on how to map an organisation or when to use the different technologies associated with this area.
I was over at a major Microsoft internal training event in the US two weeks ago and sat through an excellent ESSO talk where the Product manager had a valiant stab at doing this mapping as the single sign on people clearly had found a lot of confusion as to the difference between ESSO and some of the other technologies in this area. I caught him afterwards and pointed the issue of our multiple, independent, technologies in this space confusing customers and he was interested and said he would follow it up. I will email him and find out what has happened but in the meantime I am working on pulling it all together in my own mind.
Not the scope you are looking for, but I thought this .Net show on ADFS helped understand some of the problem space - http://msdn.microsoft.com/theshow/episode047/default.asp
Thanks bill, I will take a look