What I learned Day 1

  • Article

I managed to attend a few sessions yesterday.  One was a session on ADFS "2".  The speaker talked about how the new version of ADFS integrates with CardSpace and showed an interesting demo.  Having spent some time in a past job looking at SAML, this was fairly familiar.  On the other hand, I was never fully acquainted with ADFS 1, so I'm not sure how this product has changed...

I went to a session on Home Server that ended up being cancelled when the presenter never showed up!  There were about 400 people in the room and I can tell you they weren't pleased...  I assume the presenter had a big problem to 1) not make his own session, and 2) not be able to let someone know/fill in for him...

I attended a cool chalk talk on how ADFS and RMS work together, especially in the Windows Server 2008 time frame.  The presenter talked about secure collaboration scenarios, some of which I'm looking at for my upcoming project.  Several new features are coming for RMS in Longhorn.  First, RMS is a server role in the new product, making set up much easier.  In addition, whereas RMS had a web-based configuration previously, it is now configured through the standard management interfaces in the new server.  Finally, it integrates much better with ADFS in this new version.  I'm sure there are lots of other new features that I didn't pick up here, but it sounds much better than before.  RMS is a great technology that just needs to get easier to deploy and use, and hopefully this new version will help make that happen.

Finally, I spent some time talking to the ISA/IAG guys about Microsoft's firewall product.  I'm going to admit that I didn't know just how many people where running ISA.  It apparently a lot more that I thought!  Anyway, the IAG (formerly Whale) provides an SSL-based clientless VPN capability for internal web applications.  This is pretty cool: I log into the ISA server that hosts IAG and based on my credentials, I get access to the appropriate internal sites.  When I click on a site, I get taken to that site as if I were on the internal network.  I've dogfooded this at work and it is pretty nice, and takes a lot less time to get connected to than our VPN.  An additional capability is that you can install a bit of software and actually run thick client applications over the IAG-based VPN tunnel.  When the application notices that you have a live connection to the IAG, it routes packets intended for the internal network to the VPN tunnel that IE has set up with the ISA server running IAG.  (Don't quote me on the technical details, but this is generally what happens).  Long story short, once you've used your browser to connect to the IAG gateway, you can run fat client applicaitons on your remote client as if you were logged in locally.  It makes the VPN client much less complicated...

Anyway, those are some highlights from Day 1.  I'll be back with more...