While it is clear to me how the standard homegroup functionality is implemented in windows 7, I have found no information about the way the linked online id functionality is implemented. I am referring to the windows 7 feature that allows you to link your online id to your windows 7 account so that some other windows 7 pc on the homegroup can share a file only with the user account that is linked with your online id account, leaving it unshared for the rest of the homegroup users. While for the standard homegroup functionality the windows 7 homegroup services create a new account with the same username (the name is "HomeGroupUser$") on all windows 7 pcs and generate a random password if the homegroup is created for the first time(the homegroup password), password that needs to be saved in every pc that wants to join the specific homegroup, and consequently the homegroup services are able to access to the other homegroup pcs using that username and that password using the classical workgroup authentication method, how can you achieve the same authentication using the linked online id(s)? I mean, when I link my windows 7 account to my windows live id account, my windows live id password is saved in my pc but (I hope) it is not saved on another homegroup specific pc that wants to share a specific file exclusively with my windows live id account, so how can I be authenticated when I try to access that specific file if that specific pc doesn’t have my windows live id credentials stored in it? I hope I have been enough clear. Thanks for any helpMichele

I found myself the answer to my question in the microsoft technet website at http://technet.microsoft.com/en-us/library/dd560634(WS.10).aspx Extracting from that article:" PKU2U protocol The PKU2U protocol in Windows 7 and Windows Server 2008 R2 is implemented as an SSP. The SSP enables peer-to-peer authentication, particularly through the Windows 7 media and file sharing feature called Homegroup, which permits sharing between computers that are not members of a domain. How PKU2U works Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides whether to use Kerberos or NTLM for authentication. The extension SSP for Negotiate, Negoexts, which is treated as an authentication protocol by Windows, supports Microsoft SSPs including PKU2U. You can also develop or add other SSPs. When computers are configured to accept authentication requests by using online IDs, Negoexts.dll calls the PKU2U SSP on the computer that is used to log on. The PKU2U SSP obtains a local certificate and exchanges the policy between the peer computers. When validated on the peer computer, the certificate within the metadata is sent to the logon peer for validation and associates the user's certificate to a security token and the logon process completes." I think that this is s a great new feature of windows seven that really makes a big improvement in the security related to online and homegroup files shares and i think that microsoft should put more enphasys on this subject, since, in a way, it has similarities to the smart card authentication framework of the active directory, that is it is based on digital certificates too (ok, not in a smart card but on pc, but if you use bitlocker with tpm it's almost like if you had it on a smart card) Michele