I have a short follow up post to my post titled: "A Virtual Directory is not just for 'legacy' applications".
I am sure some folks will read that post and still think that virtual directories are still only about LDAP applications. On top of that they will probably say to themselves that Federation will solve these problems of abstracting the application from the directory.
To the latter point, yes Federation does provide a level of abstraction, but there are many other factors to consider. The Federation server (what ever it is) still needs to authenticate the user somewhere. In the case of Microsoft's AD FS server, it can only authenticate to Active Directory.
If you utilize Optimal IdM's Virtual Identity Server for Federation Services, however, you can now have an AD FS infrastructure that can authenticate users ANYWHERE. Our Federation component is an Identity Provider (IP) that leverages our Virtual Identity Server (VIS) virtual directory to authenticate users in whatever data store they reside. It doesn't matter if they are in another directory such as Sun or eDirectory or even in databases.
Have multiple Active Directory forests? Yep, leveraging our solution we make that a snap too. No need for a ton of AD FS servers, trusts, etc. Think about it this way. With a virtual directory any application whether it is SharePoint, CRM, or ADFS no longer needs to worry about multi-forest or where users are stored for that matter. That is a compelling statement when you think about it.
Also, a virtual directory makes it very easy to source identity data (Claims in the Microsoft world) from ANY data source. AD FS can only source claims from AD or SQL. By plugging our solution in with ADFS, ADFS no longer needs to worry about getting the data from disparate data sources. The same thing rings true for a host of other applications.