Single sign-on has been one the technologies that has been heavy on hype and light on results over the past five years. Microsoft’s Passport service (aimed mostly at consumers and individual users) has been one of the underperformers in the single sing-on arena. However, Microsoft has a server technology called Active Directory Federation Services (which is coming as part of Windows Server 2003 R2) that has a chance to legitimately extend single sign-on to extranet sites and other far-flung Web sites. The great part is that ADFS can handle not only authentication, but can also allow for other permissions to be part of the authentication process.

This has tremendous potential for organizations that rely primarily on Active Directory for authentication. However, it does not currently have much potentially for integration with non-Active Directory systems such as various Linux/UNIX authentication systems and Novell eDirectory (which John Sheesley reminded me has had ADFS-like technology for several years). That will limit the effectiveness of ADFS as an industry-wide solution.