Here's an “ouch that hurts” posting by Jackson Shaw at Quest:
I received this email today regarding my identity partner's account that I have at Microsoft. Isn't it unfortunate that given Active Directory Federation Services (ADFS) and CardSpace that I have to do this?
Shaw, Jackson, The password for the extranet account issued to blah\JShaw will expire on Mar 15 2007. Please proceed to the following URL to change the password: https://Home.EP.Microsoft.com/login.aspx
NOTE: Failure to change the password before the expiration date will result in the account being locked and access will no longer be provided.
Thank you, The Extranet Management Tool Team
For assistance, please contact your administrator, site owner or support team.
I have zero time to figure out who my administrator, site owner or support team is.
I do know my Quest userid and password and wouldn't it be nice if that just worked??
Jackson is right. Everything about this is bizarre. I too love those “contact your administrator” messages – best of all, when I'm the administrator, but in all other cases too.
Anyway, we are now getting close to the point where Microsoft marketing and other sites will start to light up.
With the sheer number of sites we have, and the attacks on our perimeter, our IT guys have to go about this in an organized way. I spoke with Microsoft's internal IT security architects not long ago and was amazed at how well they have thought through the implications of the claims-based approach, privacy issues, uses for CardSpace, and so on.
Meanwhile a lot of our sites are tied to Windows Live ID, so when it turns on Information Card support, the benefits should start to be widely felt.
Today Jackson did a piece outlining the Laws of Identity and concludes:
I installed WinFX the other night on my Windows XP system and created my own Information Cards and then used one to logon to Kim's blog – it worked! [He's so surprised? – Kim]
Now if I could a Quest property or two to accept either OpenIDs or InfoCards…
Hey, Jackson – let's get some live company-to-company interaction happening with the technologies we all want to introduce. Why don't we approach the Extranet Management issue from both ends – you from the quest end, me from this end? Maybe others would want to jump on as well… The proof of the shoe is in the walking.
P.S. Why don't you talk with Pamela about getting onto blogging software that accepts Information Cards too? Mike Jones has done it.
UPDATE: Here is a posting on our progress in getting ADFS (Federation Services) going on our extranet, so the collaboration proposed above should be “way simple”. And it's good to see that Brian Puhl not only listened to your original comment but did so much to move things ahead.
— Well, I was going to leave the comments on Jackson's blog, but I wasn't going to sign up for a gmail account or a blogger account to do so. I'll leave it here, and we'll see what happens —
Hey Jackson –
We've done a lot of work and recently enabled ADFS in our extranet, and are now starting to evangelize it. I'd be happy to help work with you, or whoever, at Quest to get that set up.
If you happen to have a TechNet Magazine subscription, you can view Jim Guthrie's article on how we're using ADFS in our extranet (or you can view on online at http://www.microsoft.com/technet/technetmag/ look for the inside microsoft.com article)
Brian Puhl
Never mind the fact that the email that JShaw received looks to me like a phishing email (click the link in this email and give us your username and password to continue) and should be immediately deleted. If this is in fact a legitimate email from Microsoft, they should be ashamed of themselves for such sloppy practices.
I'm so excited! My first comment via a Cardspace login!!
Kim – I never doubted that *your* product would work. I doubted Jackson's ability to make everything work! It was much more about the driver than the car – believe me!
Brian – I appreciate your comments and will take a look at Jim's article. I may also take you up on your offer.
James – Interesting comment indeed. I never thought that the e-mail could be interpreted that way but you are completely right. In addition to all the daily WaMu, PayPal and eBay phising scams I get I need to be worried about this type of a message too. Crickey.
Jackson, one day I'm going to tell everyone how strong a technical background you actually have and completely break your cover! I still remember when you ran a university computer center.
James, you are completely right. This is a great example of a web site designer inadvertantly teaching people to be phished.