BPuhl’s Blog

A little bit of everything without actually being much of anything

Archive for October, 2006

Identity and Access Webcast Series

Posted by BPuhl on October 31, 2006

Here’s some info on some upcoming webcasts…  This first series is for the “Technical Decision Makers”, but I’ll post the “IT Pro” series when they get announced.



Microsoft offers a broad range of technologies and products to enable a customer’s identity and access infrastructure. This web-cast and virtual lab series is designed to educate Technical Decision Makers (TDMs), and IT Professionals about Microsoft’s IDA solution areas centered around the following products:

  • Windows Rights Management Services (RMS)
  • Active Directory Federation Services (ADFS)
  • Microsoft Identity Integration Server MIIS)
  • Certificate Lifecycle Manger (CLM)
  • Active Directory (AD)

These webcasts are structured under different categories. The categories take attendees from Product/Solutions Overview, what the product is and how it can help the customer’s infrastructure, to Deployment, and through the different categories to, “What is New for the Future”.  

Our kickoff webcast by Peter Houston, and Product/Solution Overview webcasts are for the Technical Decision Makers, while the following webcasts categories will be for IT Professionals.

Join our webcast series to help plan for the future, deploy new solutions, manage and optimize your existing IT infrastructure

As Technical Decisions Makers you should attend (a) our kickoff webcast IDA Vision and Strategy, and (b) Product Overview webcasts segment, to see how our IDA products can be improve cost, increase protection for your IT infrastructure Then encourage your IT Professionals to attend our following webcasts on deeper IT content.

We will be announcing more upcoming webcasts for IT Professionals very soon.

First IDA Webcasts:

(a) IDA Vision Webcast

Title: Microsoft Identity and Access (IDA) Vision and Strategy

Description: Identity and access in connected systems has gone beyond a technical concern and become a top business issue as organizations look to reduce security risk, decrease operational costs, satisfy regulatory requirements, and deepen their electronic relationships with customers and partners. In this session, learn about Microsoft’s vision for identity and access technology, including the evolution of Active Directory (AD), Microsoft Identity Integration Server (MIIS), ‘CardSpace’, and Certificate Lifecycle Manager (CLM). You will also gain insight into Microsoft’s vision for IDA in the future.

Presenter: Peter Houston

Date/Time: 11/10/2006, 10:00Am – 11:00PM Pacific Time

Click here to Register: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032315361&Culture=en-US

(b) Product Overview Webcasts:

Title: Information Protection with Windows Rights Management Services (RMS)

Description: Protecting confidential information and intellectual property, such as e-mail and documents, is critical to the success of many organizations…

Presenter: Tim Upton

Date/Time: 11/16/2006, 1:00 PM – 2:00PM Pacific Time

Click here to Register: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032313768&Culture=en-US

Title: Introduction to Microsoft Certificate Lifecycle Manager

Description: Join this webcast to learn about the new Microsoft Certificate Lifecycle Manager (CLM)…

Presenter: Amesh Mansukhani

Date/Time: 11/20/2006, 1:00 PM – 2:00PM Pacific Time

Click here to Register: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032313484&Culture=en-US

Title: Web Single Sign-On and Identity Federation with Active Directory Federation Services

Description: As organizations extend their information technology (IT) infrastructures to provide partners with access to Web-based applications, they face difficult administrative and security challenges…

Presenter: Howard Ting

Date/Time: 11/27/2006, 11:00 AM – 12:00PM Pacific Time

Click here to Register: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032313783&Culture=en-US

Title: Identity Life-Cycle Management with Microsoft Identity Integration Server 2003

Description: Join this webcast to see how Microsoft Identity Integration Server (MIIS) 2003 enables the automation of identity life-cycle management in the enterprise…

Presenter: Lori Craw

Date/Time: 11/29/2006, 11:00 AM – 12:00PM Pacific Time

Click here to Register: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032313486&Culture=en-US


Posted in Active Directory, ADFS, Random Tecnical Stuff | Leave a Comment »

ADFS Documentation

Posted by BPuhl on October 20, 2006

Wouldn’t it be cool if there was a blog where someone was posting documentation about ADFS?

Well looky here – apparently this has been around for a while, but since I just recently discovered it I thought I’d share…


Posted in ADFS | Leave a Comment »

Who’s on… huh?

Posted by BPuhl on October 15, 2006

(As I was migrating this to my new blog, I noticed the following comment from ‘Myself’:  “It would have been proper that you at least indicate that you lifted this from somewhere. Recreating it here without attribution is improper usage.” 

Yes, you’re right I guess…if it wasn’t completely apparent before, no, I’m not this creative (just easily entertained).  I have no idea who wrote this, but it wasn’t me. 

There…now go away.)

If Bud Abbott and Lou Costello were alive today, their infamous sketch, “Who’s on First?” might have turned out something like this:


ABBOTT: Super Duper computer store. Can I help you?
COSTELLO: Thanks. I’m setting up an office in my den, and I’m thinking about buying a computer.
COSTELLO: No, the name’s Lou.
ABBOTT: Your computer?
COSTELLO: I don’t own a computer. I want to buy one.
COSTELLO: I told you, my name’s Lou.
ABBOTT: What about Windows?
COSTELLO: Why? Will it get stuffy in here?
ABBOTT: Do you want a computer with Windows?
COSTELLO: I don’t know. What will I see when I look in the windows?
ABBOTT: Wallpaper.
COSTELLO: Never mind the windows. I need a computer and software.
ABBOTT: Software for Windows?
COSTELLO: No. On the computer! I need something I can use to write proposals and track expenses and run my business. What do you have?
ABBOTT: Office.
COSTELLO: Yeah, for my office. Can you recommend anything?
ABBOTT: I just did.
COSTELLO: You just did what?
ABBOTT: Recommend something.
COSTELLO: You recommended something?
COSTELLO: For my office?
COSTELLO: OK, what did you recommend for my office?
ABBOTT: Office.
COSTELLO: Yes, for my office!
ABBOTT: I recommend Office with Windows.
COSTELLO: I already have an office with windows! OK, let’s just say I’m sitting at my computer and I want to type a proposal. What do I need?
COSTELLO: What word?
ABBOTT: Word in Office.
COSTELLO: The only word in office is office.
ABBOTT: The Word in Office for Windows.
COSTELLO: Which word in office for windows?
ABBOTT: The Word you get when you click the blue “W”.
COSTELLO: I’m going to click your blue “w” if you don’t start with some straight answers. What about financial bookkeeping? You have anything I can track my money with? ABBOTT: Money.
COSTELLO: That’s right. What do you have?
ABBOTT: Money.
COSTELLO: I need money to track my money?
ABBOTT: It comes bundled with your computer.
COSTELLO: What’s bundled with my computer?
ABBOTT: Money.
COSTELLO: Money comes with my computer?
ABBOTT: Yes. No extra charge.
COSTELLO: I get a bundle of money with my computer? How much?
ABBOTT: One copy.
COSTELLO: Isn’t it illegal to copy money?
ABBOTT: Microsoft gave us a license to copy Money.
COSTELLO: They can give you a license to copy money?

(A few days later)

ABBOTT: Super Duper computer store. Can I help you?
COSTELLO: How do I turn my computer off?
ABBOTT: Click on “START.”

Posted in Babbling and Blabbering | Leave a Comment »

First Post with Live Writer

Posted by BPuhl on October 9, 2006

Don’t expect a whole lot here – I just installed Live Writer and wanted to see what it was going to be like.

Feels vaguely similar to Onenote, which is good, since I like Onenote – I think I’ll keep it… maybe it will help me blog more often.

This post will self destruct in 5






Posted in Babbling and Blabbering | Leave a Comment »

ADFS and Liability Continued…

Posted by BPuhl on October 3, 2006

hmm…let’s see…I wrote a blog, Pam left a comment, I replied to her comment with another blog, and so (if you haven’t seen it yet) Pam posted her own blog entry here…  This is actually kind of fun!

You should read (all of) her posts anyways, but to save some screen flipping here’s the meat of it:

…When I read this, I felt like jumping up and down like the goody-two-shoes in the second row, me me me me oh I know the answer pick me!!!

If they were to use an Information Card for the active confirmation prior to a user making changes, users wouldn’t need to remember a password at all. You would get the impediment of requiring credentials, without the support burden attached to maintenance of a rarely-used password. Alternatively, if you felt the need to have a password, you could require a managed information card. In that case, the user would be authenticating to the home IdP instead of to the outside application, taking the password management burden off of your partner and consolidating password use to a single centralized source that would theoretically be much more commonly used, and therefore less likely to require frequent recovery. Not to mention that the Enterprise could audit use of the managed infocard in this context.

This seems to me to be a perfect scenario to envision a hybrid passive/active federation combination instead of passive federation for 85% of user activity, and partner-managed password authentication for the remaining 15%. Yes? If so, it just goes to show that the scenarios are out there, and for more than just the eBusiness world.

Brian, what do you think?

So…let’s see…What do I think? 

I don’t think the problem is in the way that the credentials are stored.  Let’s suppose it’s an InfoCard from some Identity Provider, then the liability would then fall on that Identity Provider if/when a users account gets compromised.  Why would someone sign up for that?  In the case that we’re dealing with internally, Microsoft is the Identity Provider, and our lawyers don’t want to sign up for the risk – why would anyone else?

Thinking about this slightly differently – Our lawyers have the problem, because if someone hijacks my corporate user account, and goes into my 401k and wipes out my retirement savings – who is ultimately responsible?  If Microsoft did the authentication, Microsoft is, if the partner did it, they are, and if some 3rd party identity provider did the authentication – then THEY are responsible (would we even consider a 3rd party – umm…let’s hope not)

So let’s say we use an infocard.  And not only that, but we use a Managed infocard.  Ok, so now I’ve got a managed card on my machine – So when someone hacks my account, selects the highlighted infocard, and THEN wipes out my 401k… Now who’s responsible?

I can absolutely see where an InfoCard can help the end user – but I’m the IT Geek who’s trying to deploy the infrastructure.  How do I sell being an Identity Provider to my CIO?

Posted in ADFS, Digital Identity, Identity and Access, InfoCards | Leave a Comment »