Navigation
This form does not yet contain any fields.
    Login
    « I have an unusual love of math humor. | Main | A feature request for the LiveMeeting Offline Viewer toy. »
    Thursday
    May222008

    On federation and overloaded keywords

    DateThursday, May 22, 2008 at 04:53PM

    So what's the first thing we need to know about AD FS?

    It's not AD.

    Problem is, that I don't really think this message has made it sufficiently out into the world. And this creates a bit of an issue, because if an organization is going to deploy AD FS for the first time, who do you suppose is going to own the project?

    In almost all cases?  It's going to be the AD guy.1 (Where "guy" can be colloquialized to include your author, naturally.)

    And the AD guy is going to attempt to frame an understanding of AD FS based on their current understanding of AD.  (It's in the name, after all.)

    So put on your AD hat for a moment, and tell me how you would respond to the following edict:

    "I need you to set up a trust policy with a remote network into which you have no visibility and over which you have no administrative control. And I need you to do so over the Internet, running over port 80, with no VPNs or other secure tunneling involved."

    If you're like me?  You will have started screaming inside as soon as you heard the word "trust", so that you didn't actually hear the word "policy". And your response, based on your understanding of setting up an Active Directory trust  within the scenario described above, is going to involve the words "over", "dead", "my", and "body."

    So that's why I wish we weren't calling it a "trust".  Trust has a very specific meaning that will create some very specific FUD amongst AD guys who are dipping their toes into the federation wading pool.

    The counter-argument?  Is that there is legitimate cause to overload the word "trust" as it pertains to AD and AD FS; it really is the correct choice for each, from a simple standpoint of the English language.  (I mean, what else are we going to call it...an AD FS "Fred"?)

     

     

    [1] Anyone who didn't say "The AD guy", let me know who you think would. I'm legitimately curious.  Updated: Whether the AD guy is the person who should be doing the AD FS deployment is another discussion; I'm simply positing that a company new to AD FS will likely take a stance of "Okay, AD guy, go deal with this AD FS thing since it's like the same thing as AD, right?"

    AuthorLaura E. Hunter | CommentPost a Comment |
    in

    Reader Comments

    There are no comments for this journal entry. To create a new comment, use the form below.

    PostPost a New Comment

    Enter your information below to add a new comment.

    My response is on my own website »
    Author Email (optional):
    Author URL (optional):
    Post:
     
    All HTML will be escaped. Hyperlinks will be created for URLs automatically.
    Alert
    Comment Moderation Enabled
    Your comment will not appear until it has been cleared by a website editor.

    Notify me of follow-up comments via email.