随着更多的应用转移到云层和在线服务,你将看到农业工程和其他加热的特性技术的使用增加。 拥有主动名录投资的组织可能会由于所有权成本低而转向这一解决办法。

这是一种持久的技术,值得投资(特别是较小的公司(<50 ppl))吗?

• If you plan on either providing hosted services to other companies or plan on taking advantage of them yourselves ADFS provides a fairly painless way to take advantage of your current security infrastructure.
• If properly implemented it should be fairly simple to replace on federation product with another.

那里是否有任何大公司正在积极利用这一点?

• I m only familiar with a government organization I ve worked on, but I m sure there are others. The nature of federated identity make if difficult to externally identify who.

How likely is it that a partner would be willing to setup an STS if we wanted someone else to provide authentication for their company as a trusted issuer? Is there going to be a lot of push-back here? Is this going to end up being a configuration nightmare?

• Configuration is the most difficult part of ADFS. However, once you have the trust relationships built and policies created configuration will be hands off.
• Other companies will either have the infrastructure in place to support ADFS or won t. Even .NET applications require configuration changes to support ADFS and more likely will require code changes to fully support the federated identity model. If your partners have this in place it is likely they ll happily trust your STS.
• Ask your what your partners have in place, they may already have or be planning infrastructure today.

在决定是否执行这一规定时,是否还有其他陷阱?

• The most difficult problem I ran into was changing application developer practices.
• Applications need to either be designed around Federation or will need to be retrofitted with it.
• You can t logout of an ADFS application without logging out of all ADFS applications.
• When a federated session expires you must send a user back to the federation service for a new ticket. This could cause loss of post data if not handled properly.

根据我的经验:

农研中心与世界投资论坛共同提出:

• 伙伴关系的标准“外包”认证/批准。 NET应用软件。 一旦发现申请,你就可以在综合食品安全局/综合食品安全局方面作出改变,申请不会改变。

• • 向联邦机构提供非网络解决办法,例如开放式SSO和Tivoli。

• 允许(通过ACS)利用现有的标识,例如 页: 1

• 提供向云层迁移的申请的潜力。

• 2010年股东点标准要求信息功能。

我所看到的执行主要针对大型公司,它们试图建立某种总体的I&AM。 当公司有这两条时,这尤其有用。 已有网和 Java应用程序。

另外,在新西兰,我们有一夫一妻制,它为所有政府部门提供了一个标志,这可以成为“使用现有标识”而不是创建具体公司的一个可能候选国。 igovt与ADFS合用。

我经验中的主要陷阱是,它没有为传统协会工作。 它必须是伙伴关系。 NET。

回答你的其他问题:

• 想要允许外部查阅其申请的大型公司,远非执行STS,而不是在其身份存放处提供外部用户。

• 配置不是微不足道的,但肯定不会变成梦.。