One of Windows Server R2's cool things I think is Active Directory Federation Services (ADFS) and is based on the Web Services standard WS-Federation (PDF). Theres even third party tools that are supporting it now like Centrify's DirectControl which support J2EE webservers like JBoss, BEA WL, Websphere etc...Youve seen the problem before with extranets right? One organisation typically sets it up and gets the benefit of seamless and true SSO based (token) authentication. The other doesnt and you have to create logons for them. For the "other" organisation thats a pain. Even worse they are completely disconnected from either primary AuthN source and no-one gets SSO.

One of ADFS's quick wins is the ability to setup a fully token based SSO collaboration extranet using Windows SharePoint Services, specifically the SP2 version of it. Theres some limitations with it that relates to WebDAV but all the other web based stuff works great and is full token authentication based. Anyhow heres the article that lists the known issues etc http://support.microsoft.com/default.aspx?scid=kb;en-us;912492

Try it out!