Windows Live ID Authetication Documentation
 
This set of instructions will lead you through the installation and configuration of the Windows Live ID Authentication provider for SharePoint.  The documentation will show step by step what process to follow, and should cover known trouble areas.  Please submit any issues that do come up to the Known Issues list for review and the documentation can be updated or the issue can be scheduled to be resolved.
 
Download the SharePoint Solution
 
The first step of the installation is to download the WSP solution file.  You can download the current version here.
 
Deploy the SharePoint Solution
 
In order to deploy the solution you need to make sure the WSP file is on the SharePoint server file system.  Then you should:
Open a command prompt
Change directory in to the directory you have downloaded the WLA.wsp file
Type: "C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\bin\stsadm.exe" -o addsolution -filename CKS.MembershipProvider.WindowsLiveAuthentication.wsp
Type: "C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\bin\stsadm.exe" -o deploysolution -name CKS.MembershipProvider.WindowsLiveAuthentication.wsp -immediate -allowgacdeployment
Type: "C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\bin\stsadm.exe" -o execadmsvcjobs 
This will install:
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\LAYOUTS\liveinfo.aspx
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\LAYOUTS\liveauth-handler.aspx
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\CONFIG\stsadmcommands.addwindowsliveauth.xml
GAC: WindowsLiveAuth.dll
These files will be installed on all servers in the farm.

Register a Windows Live ID Application

Once the solution is installed you must make sure that you have registered your application with live.com.  Doing this will give you an Application ID and a secret key that you will use to identify your users to live.com and authenticate the response that will determine if the user is valid.

Login to https://msm.live.com/app/default.aspx 
Click on the Register an Application link 
The Application Name is a name you will use to identify your application 
The Return URL must be set to http://your.servername.com/_layouts/liveauth-handler.aspx 
The Secret Key is the "password" that will be used to sign the authentication responses (this is the AppKey you will need later) 
Submit the registration 
Click on the Manage My Applications link
Using the Manage My Applications page you should remember the Application ID  (this is the AppId you will need later)along with the Secret Key you used when registering the application.

Configure the Authentication Provider
 
Once you have the provider installed and the application registered you need to configure the system to use this information.  A new STSADM command has been added to help with this process.  To complete the configuration you must:
Go to the Central Administration home page 
Click on the Application Management tab 
Click on the Authentication providers link in the Application Security section 
Use the Web Application drop down to ensure that the correct web application is selected 
In the Zones list pick the zone you want to enable Live ID Authentication on (Default is probably going to be what you are looking for) 
Select the Authentication Type of Forms 
Enter a Membership provider name of LiveID 
Enter a Role manager name of LiveRoles 
Click the Save button
This has configured SharePoint to use the new Membership and Role providers, however there is one more configuration steps to configure the web applications to recognize the new providers.  You must:

Open a command prompt
Type: "C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\bin\stsadm.exe" -o addwindowsliveauth -appid <application id> -appkey <application secret key> -appmode <http/https - this is what url your users use> -profsite <URL of site that contains the profile list> -proflist <user profile list name> -locked <URL to send locked users to> -url <URL of the Web Application>
You must run this command for every Web Application you wish to have access to this user list (i.e. the Web Application that will authenticate Live ID users and Central Administration if you want Live ID users to be able to own site collections etc).  The one difference when running the command for different Web Applications will be the -url parameter.
Finally you need to add the defaultProvider for the Web Application that will authenticate Live ID users, you will replace the following in the web.config for the Web Application:
<membership> with <membership defaultProvider="LiveID">
<roleManager> with <roleManager defaultProvider="LiveRoles" enabled="true" cacheRolesInCookie="true" cookieName="liveroles">
You can find an example portion of the complete web.config here
Perform an IISRESET and you are done
Note: As a best practice you will want to have the profsite parameter set to a site that has restricted access as it will allow contributors to lock users.

Note: As a best practice the locked parameter should be a URL that has anonymous access and ideally has contact information about how to become unlocked.

Note: Live ID users will need to have the Edit Personal User Information  permission added to whatever role they have on the site to have access to change their personal information.