Active Directory Federation Services (AD FS) is a server role in Windows Server 2008 that provides highly scalable and secure authenticated access solutions that can operate on different platforms. Even when user accounts and applications are located in different networks or enterprises, AD FS provides browsing-based customers, protected, Internet-facing paths within and outside the network.
In the usual scenario: the application is on a network, and the user account is on another network. When a user tries to access a drink, the user asks to type a second identity. However, it is not always important to have an AD FS second account. In contrast, a trust relationship can be used to protect the digital identity of a user and to access the rights of a trusted partner. In a federated environment, each enterprise continues to manage its identity, but each enterprise can safely protect and accept the identity of another enterprise.
By configuring a joint service across multiple enterprises, business-Business (business-to-business) transactions can promote trusted cooperative ventures. Companies that own and manage resources available from the Internet can configure the AD FS federation server and AD FS-activated network servers to manage protected resources only for trusted partners.
AD FS includes policy import/export features that make it easier to establish trust relationships among joint partners. Member vendors allow Windows SharePoint Services (WSS)-licensed roles and RMS users from federated partners. Administrators can control federated service deployments through Group Policy. Settings that support different authentication recalls are now available.
In addition, companies that own and manage user accounts can configure the AD FS federation server, authorize local users, and create security tokens. Federated servers in a resource enterprise can use these security tokens for authorization decisions.