ADFS: TNG, and one more for the quote book.
Friday, April 4, 2008 at 08:43AM At least, that's what I'm choosing to call it until there's a "real" name for it.
For those of you who weren't at DEC, you missed a demo of the next version of AD FS from one Stuart Kwan (of the Ottawa Kwans). The demo consisted of Mssr. Kwan clicking a single button on his magickal mystery laptop...
...and then a bunch of windows flashed up on the screen and went away again before you could see what they were doing, after which, *poof*! AD FS had just kind of...happened.
"Whoa, hang on a minute", says I, "that's gotta be hand-waving. There's got to be more to it than that...right?" "Not so much, really, no", says Qui-gon Kwan.
At which point my head basically exploded. For reasons that I had a hard time explaining at the time, the notion of a "one-click AD FS" scared the boots off of me. I'm now thinking that this was my AD admin brain talking, in terms of "But this is a trust relationship1, I'm giving some random organization the ability to get to my stuff and I'm not even needing to think/work all that hard to do it!"
I mentioned this on an ActiveDir thread yesterday, and Joe Kaplan2 had the following to say, which put it in perspective while simultaneously making me snort iced tea through my nose3 from laughing so hard:
"Once you've actually been doing federation for a while, the thing that
will scare you more is contemplating all the meetings you have to
attend to get one of these things set up for what amounts to a 2
minute configuration change on the server. I for one welcome our new
push button federation setup overlords. :)"
[1] Albeit not in the Active Directory sense of the word.
[2] One of the smartest AD FS people I know.
[3] Yes, that's as uncomfortable as it sounds.
Reader Comments