Rajeev Angal wrote an interesting answer in an email when asked the question What is the advantage of using the Fedlet versus installing a policy agent on the partner website? I thought the information was worth double-dipping.
A Fedlet allows you to:
Use SAMLv2 standards to accomplish single sign-on - keeping the partner domains separate.
Add privacy and security characteristics to the deployment involving loose coupling between the partner
Integrate with an existing application that already has session management.
A policy agent is a better option if:
The two domains are owned by the same business.
You want session and related services (user profile, configuration etc) to be accessible from the partner domain.
Access between the agent in one domain and the OpenSSO server on the other is secure.
NOTE: If you also have the option to install an instance of OpenSSO in the partner domain, the two servers connect using SAMLv2 (just like the Fedlet/OpenSSO case) except that the domain can make full use of the session and other facilities (isolated from OpenSSO in the other domain) although at the cost of a slightly more complex deployment at the partner end.
Today, in honor of the 56th Presidential inauguration and the ascension of Barack Obama and Joseph Biden to the offices of President and Vice President respectively, here is a music video I created during the campaign. The song is A Change in the Wind and is sung by Face to Face. The images speak for themselves.
Over on my personal blog, you might be interested in my experiences getting a ticket for the Obama Tour 2008. I'll be at INVESCO Field in Denver Thursday night for the big acceptance speech - my first moment in history, I think.