There's a few ways to achieve SSO between Domino and AD, but the least painful (its still painful) way is to set up the Lotus Domino 'Websphere' plug-in for IIS. This means that Lotus Notes runs on a windows 2003 or 2008 server, and uses Microsoft IIS (Internet Information Services- their web server) to serve up Domino Content. A number of folks have excellent write ups on this - I used Warren Elsmore's one, because I know he's a genius at this.
So far so fairly indifferent. Domino rich content, Microsoft IIS. One thing hinted at in Warrens article was SSL. That is, you can install an SSL certificate on the Microsoft IIS server (and its a PITA to create a 'self-authenticated' test SSL certificate, believe me), you can have IIS do all the complex and time-consuming SSL stuff. Okay, the same machine is still doing the same work, but different process threads are responsible for different things. Nice.
Of course, Domino web isnt intelligent about caching things like pictures (or other static content), so have a good google for web rules to use with your domino site. You should be able to get to the stage that your entire site is cached on the client, with the exception of dynamic content. At this point, your site should be loading in sub one second, and your users will love you.
One often requested but not yet delivered feature is GZIP compression. Unless you're actually using the original Mozilla client (circa 1989), all your web clients will support the content being GZIPped before download. The file size of a complex domino page - perhaps 180k - will GZip down to under 20k. A huge saving both in terms of bandwidth, as well as latency. In other words - as I have seen - your page load time goes from 0.8 of a second to 0.2 of a second.
This feature is extensively used within iNotes, but not available to us mere app programmers (yet). There are ways of switching it on, but it crashes your server. So dont switch it on, m'kay ? (This feature has been promised for a while. When its actually delivered, I dont know)
But as I found. the MS IIS server does support GZip compression. Just right click on 'Web sites', properties, and enable page compression. Simple, eh
Now, some caveats. This only works on Windows servers, unsurprisingly. There's a huge push to get Linux as our default operating system, but lets face it: over 80% of the domino servers out here are probably running windows. All BES servers are running windows. And if this helps you, then why not ?
Of course, what I really really want (to quote the spice girls) is an open source VMWAre appliance that does SSL, load balancing and GZIP compression for free. Until then, I may just use this IIS malarkey.