|
Posted by Roger Abell [MVP] on October 13, 2005, 10:34 pm
If you were Registered and logged in, you could reply and use other advanced thread options
The "traditional" way, as you outlined with the AD trust, has since the
intoduction of Adam had an alternative, and, depending on the resource
access needs this Adam alternative can also be combined with a more
restrictively used AD trust so the protocol transitioning out of Adam
can also allow "gated" access to those resource using Windows principals.
The other yes is that you definitely should evaluate what ADFS v1 in
the R2 release cycle will bring as added alternatives.
> We are currently planning to setup an AD forest in the perimeter network
> to accomodate a number of front/back end Sharepoint servers and DC's, etc.
> The idea is that if extranet users need to access Sharepoint from the
> extranet, they could authenticate using accounts existing in such
> "Domain-Perimeter" and avoid coming "inside" my organization for future
> access. Such "Domain-Perimeter" would be setup in a separate Forest with
> an one-way trust relationship to my corporate domain.
>
> I just thought more about it:
> How about instead of setting up an entire domain infrastructure to
> accomodate such security need of account isolation, I just setup an AD/AM
> structure in a Sharepoint servers "inside" my organization. That way I
> could accomplish the same goal of providing external users with "isolated"
> accounts from my corporate domain and I could make the whole
> implementation much easier.
>
> Let me know your thoughts and whether that would work.
>
| 
XML site map