Windows Server 2003 R2 Identity Management

Windows Server 2003 R2, a forthcoming interim release of Windows Server, includes a new technology called federated identity that will help organizations securely share Web applications and services with authorized external customers and partners. R2 will also include improvements for managing user identities with Active Directory Application Mode and UNIX Identity Management. Together, these improvements could help organizations secure which users have access to which resources. However, the first release of Microsoft’s federated identity technology, called Active Directory Federation Services (originally code-named TrustBridge), supports access only to Web-based applications, and may require changes to some of those applications.

What Is Federated Identity?

Federated identity is designed to make it easier for an organization to share its internal resources with authorized users from other organizations, such as customers and partners. For example, a software company might want to allow its public relations firm to read technical specifications and marketing plans for an upcoming product, hosted on the software company’s secured Web servers. However, the software company must somehow authenticate (verify the identity of) the PR firm’s users to ensure they can be trusted. Ideally, users at the PR firm could access the information with a single sign-on (SSO), without having to log on first at the PR firm and then again at the software company.