This is an interesting use case because it show how an Enterprise can provide secure, protected access to Microsoft RMS protected documents even when the partner identities are stored in CA Siteminder – the answer is to utilize a security gateway to provide a layer of protection, authentication, and credential mapping. It also provides a nice way to segment the network for security purposes. If partner access needs to be shut down due to increased risk, it can be done at the gateway rather than fiddling with code.
In many cases this same authentication could happen with ADFSv2, but what happens when ADFSv2 isn’t an option in the DMZ?
Another cool aspect of this use case is that the partner clients are thick office clients sending in web services requests, which I thought was interesting.