Here's an “ouch that hurts” posting by Jackson Shaw at Quest:
I received this email today regarding my identity partner's account that I have at Microsoft. Isn't it unfortunate that given Active Directory Federation Services (ADFS) and CardSpace that I have to do this?
Shaw, Jackson, The password for the extranet account issued to blah\JShaw will expire on Mar 15 2007. Please proceed to the following URL to change the password: https://Home.EP.Microsoft.com/login.aspx
NOTE: Failure to change the password before the expiration date will result in the account being locked and access will no longer be provided.
Thank you, The Extranet Management Tool Team
For assistance, please contact your administrator, site owner or support team.
I have zero time to figure out who my administrator, site owner or support team is.
I do know my Quest userid and password and wouldn't it be nice if that just worked??
Jackson is right. Everything about this is bizarre. I too love those “contact your administrator” messages – best of all, when I'm the administrator, but in all other cases too.
Anyway, we are now getting close to the point where Microsoft marketing and other sites will start to light up.
With the sheer number of sites we have, and the attacks on our perimeter, our IT guys have to go about this in an organized way. I spoke with Microsoft's internal IT security architects not long ago and was amazed at how well they have thought through the implications of the claims-based approach, privacy issues, uses for CardSpace, and so on.
Meanwhile a lot of our sites are tied to Windows Live ID, so when it turns on Information Card support, the benefits should start to be widely felt.
I installed WinFX the other night on my Windows XP system and created my own Information Cards and then used one to logon to Kim's blog – it worked! [He's so surprised? – Kim]
Now if I could a Quest property or two to accept either OpenIDs or InfoCards…
Hey, Jackson – let's get some live company-to-company interaction happening with the technologies we all want to introduce. Why don't we approach the Extranet Management issue from both ends – you from the quest end, me from this end? Maybe others would want to jump on as well… The proof of the shoe is in the walking.
UPDATE: Here is a posting on our progress in getting ADFS (Federation Services) going on our extranet, so the collaboration proposed above should be “way simple”. And it's good to see that Brian Puhl not only listened to your original comment but did so much to move things ahead.