SP1 introduces an extranet feature to Team Foundation Server. Before I link you to the details, though, please accept some cautionary notes (being professionally paranoid when it comes to software security is part of my job description).
Warning the First:
Having stated Warning the First, here's the deal. We have an ISAPI filter that allows the Team Foundation Server to challenge (and accept) remote users to authenticate using Basic or Digest authentication. "But wait," you're - hopefully - saying to yourself, "those are pretty dangerous to use over the internet - my password's sent practically in plaintext!"
Yes, that's why our documentation also walks you through the process to have IIS support (or even require) HTTPS for these connections.
Warning the Second:
Please, please, please do not enable extranet access without also setting up HTTPS (and, if you allow both HTTP and HTTPS, ensure that the HTTP port can only be reached from your intranet). You can, of course, enable HTTPS even if you're not configuring the ISAPI filter (and you can even use HTTPS between the proxy and the server, and the client and the proxy, etc.).
There, Warning the Second also done. If you want to enable the ISAPI filter and *require* HTTPS, go here. If you want to continue to allow both HTTP and HTTPS (remember - you should also restrict external connections to HTTPS via your firewall or other configuration options), go here.
If you can't tell from the layout, both of these will become official documents (updates to the existing HTTPS documents) around the same time that SP1 "RTM" goes live.
You never call me when you're sober...