This is an excellent whitepaper for understanding the challenges and solution for Supply Chain Collaboration as implemented by the Entertainment and Devices (EDD) division in Microsoft. EDD leverages a complex supply chain of over 300 partners, suppliers, and distributors. Supporting the EDD business model requires a secure, easy, and scalable infrastructure to collaborate with multiple companies. Microsoft Office SharePoint Server 2007 provides the technology platform for EDD’s global supply network. The platform incorporates Business Intelligence solutions, workflows, and support for legacy solutions. It enables accurate decision making based on timely and trustworthy information, and supports seamless collaboration with business partners. Standardization and the reuse of existing information technology investments reduce complexity.
The fig above illustrates how EDD integrates its SharePoint environment with important enterprise applications, such as the ERP system, the company’s sales system (MS Sales), and the central customer relationship management (CRM) system. In most areas, EDD uses service-oriented architectures based on Web services for interoperability. The Web services provide direct connectivity or encapsulate further components within the communication channel, such as Windows® Communication Foundation (WCF) services for communication across security boundaries. Business Data Catalog also includes a direct Microsoft SQL Server® database connection based on ADO.NET to the company’s most important data warehouse.
The figure above shows the claims-based authentication and authorization architecture that EDD recently implemented to support external access based on a Windows Live™ ID. This architecture eliminates the need for extranet accounts while EDD employees can continue to use their corporate accounts to access SharePoint resources. To authorize authenticated users, EDD developed a custom Security Token Service (STS) based on the "Geneva" Framework. The STS generates claims (that is, security tokens) based on CRM attributes. A CRM authorization provider then processes these Windows Live ID tokens and CRM tokens and grants permissions similar to SharePoint roles. This claims-based authentication and authorization architecture is extensible. It can support additional claims from trusted partners in the future, such as from partners running "Geneva" Server as their Windows-based STS provider.