| |
Part I: What Is HailStorm?
Microsoft's first foray into .NET services promises private access to personal information
by Robert Eisenberg
|
 ailStorm is a new set of Web services from Microsoft that provide a centralized way to store and access user data. Currently, a user's data is tied to many individual devices and applications. A centralized system such as HailStorm potentially increases the ease and convenience of Internet usage exponentially.
Microsoft maintains that HailStorm's data gathering, analysis, and ubiquitous access capabilities provide benefits far beyond mere centralization. Initial HailStorm services will include a calendar, wallet, notification, and preference system, all of which are accessible from any device connected to the Internet. HailStorm marks Microsoft's official entry into the software-as-a-service market, solidifies its .NET initiative by making concrete the abstract vision of Web services creation, and places it in firm competition with AOL—in particular with AOL Instant Messenger.
But there are three requirements that may hinder or even stop HailStorm adoption:
- HailStorm users must log in through Microsoft's Passport authentication service, an initiative that has swirled with controversy since its announcement. With Passport, Microsoft can accumulate information about when users are online and where they're browsing.
- HailStorm services are fee-based, which will help Microsoft make a significant transition from a packaged software vendor to a subscription-based company.
- Microsoft plans to run HailStorm services and store user data on Microsoft servers, which raises security and privacy concerns for many businesses, private citizens, and governments agencies that are (properly) concerned about giving a single vendor access to and control over consumers' e-mail, calendar entries, and personal information. It brings Microsoft's ethics and security capabilities under a microscope. Microsoft adamantly maintains that it will not use the data without permission from the user.
On the other hand, HailStorm offers some significant advantages that users will likely find difficult to refuse. For example, it provides access to e-mail and calendar data from any Web client or application. HailStorm can read a user's calendar and provide useful notifications about scheduled events. Businesses will like HailStorm because it removes the necessity (and expense) of gathering, cleaning, verifying, and storing customer data and because it uses public standards (XML, UDDI, SOAP, and WSDL) for retrieving and manipulating a user's data programmatically. Application software vendors have traditionally provided notification and preference services as part of their applications, but they may now use HailStorm services instead, relieving them of a significant burden. For example, a travel agency could insert travel itineraries directly into a customer's calendar. A PBX vendor could pass an incoming call to the HailStorm system, where the calendar, device settings, and historical usage data combine to let HailStorm decide whether to route the call to the person's cell phone or voicemail.
| |
 | Figure 1. HailStorm's Relationship with Passport and Other Applications. Click here.
|
HailStorm services will find strong demand from the business market and will become widely used in the consumer market as increasing bandwidth creates always-connected users who will be ready to use the consumer services offered by Microsoft. This demand may result in these services becoming a cash cow in a way that Microsoft Office, which accounts for 50 percent of Microsoft's revenue, was during the last decade. Figure 1 shows an overall picture of HailStorm's services, its relationship with Passport, and its integration with other HailStorm-compatible applications.
HailStorm's Purpose
Some sources claim that HailStorm is Microsoft's vision of XML-based Web services and .NET coming to fruition. Others claim that HailStorm is Microsoft's way of competing with AOL's Instant Messenger. Both of these claims are at least partially correct, although it's unclear which is more important to Microsoft. The list below may provide you with a more complete picture of what HailStorm is and what it's trying to accomplish.
Here's what HailStorm is:
- Microsoft's entry into software-as-a-service—changing to a subscription-based business model.
- The first release of building-block services for .NET.
- A validation of .NET and Web services.
- Microsoft's first release of interoperable XML Web services.
- A competitor of AOL and, in particular, AOL Instant Messaging.
- A way for Microsoft to gain control or take firm leadership of the Internet platform, depending on your view of Microsoft.
- Microsoft's entry into personal services residing on the Internet, referred to as PCS (personal context services) by Gartner.
- A way to access data from any devices or platforms.
- A large potential market for Microsoft to sell these services to consumers and businesses.
- Microsoft's use of open standards, leveraging the 160 million (and growing) users using its Passport authentication service and benefiting from its installed base of users of its desktop products.
How Open Is HailStorm?
Microsoft claims that HailStorm services are nothing more than "industry standard" Web services. Although they use Microsoft Passport for authentication, any platform can access HailStorm services because they rely on industry standards such as XML, SOAP, UDDI, and WSDL. To back up this claim, Microsoft has already demonstrated HailStorm services running on Palm, Macintosh, Sun Solaris, and Linux systems. No doubt, more will follow, because any platform that can generate and receive industry-standard SOAP messages can access these services.
Despite the use of industry standards, Microsoft has stated repeatedly that HailStorm services will run best and be easiest to develop on Microsoft products, even though they do not require any Microsoft product or runtime. The use of Passport is particularly controversial: Microsoft could have chosen to perform HailStorm authentication using third-party authentication services or allowing a UDDI lookup for other available identity services. Clearly, Microsoft has every intention of leveraging its installed base of 160 million-plus users.
One option available in Windows XP permits simultaneous login into Windows XP and Passport. With this option, users can log in once to gain access to Windows, HailStorm, and all Passport sites. Further, the Windows XP notification service is based on the HailStorm notification service.
Third-party vendors can obtain a certificate from Microsoft that allow them to create HailStorm-compatible services that can access HailStorm data, based on the security model. Details on the exact policy have not yet been released.
Microsoft is adamant that it is competing in an open environment—that the only way to win under these conditions is to create the best products, and that they will do so.
Because you don't need proprietary Microsoft software to access HailStorm services, Microsoft insists there's a level playing field; it has to build the best products to be successful. The competition fears that Microsoft will, over time, increase the complexity of accessing the services by extending the SOAP or security requirements and using proprietary hooks and bundling, making it very easy to call these services from its own products but more difficult from other products. The SOAP and Kerberos security requirements must remain standard and straightforward so that all parties can access HailStorm services with equal effort. The level to which Microsoft competes on HailStorm's published interfaces as opposed to unpublished (and therefore competitively advantageous) proprietary functionality and bundling is the key determinant in how open HailStorm actually is.
It's Storming Already
Some companies are already using or implementing the Passport and Notification service and performing beta work with other HailStorm services.
For example:
- American Express uses Passport and Notification to inform card members of payment dates, payment confirmations, and vendor backorders when products are ordered from merchants equipped with Passport and Notification. They are also using it to alert customers to potential fraudulent activity.
- eBay wants to turn its e-commerce site into a platform and turn its API into a Web service so that other sites and devices can access eBay auctions more easily. eBay is also working to integrate the Notification and Device Setting services, permitting eBay to focus on its core functionality without having to build complicated custom versions of those services in the future.
- Using HailStorm's group identity and preference abilities, company travel policies can be stored and enforced. For example, travelers logged in under their business identity would see only flights for which they are eligible; often this would not include first-class flights.
Microsoft has posted a transcript of the HailStorm announcement on March 19, 2001, which discusses these services in more detail. You can read about Passport case studies on Microsoft's Passport Case Studies Page.
|
Part I: What Is HailStorm? 
Part III: How Will HailStorm Affect You? 
Part II: HailStorm's Design and Structure 
HailStorm (and Passport) promise to make development easer by simplifying the login process, eliminating problems associated with storing user data, and providing a standard API to access user data. Microsoft plans to make this process seamless through .NET. As a developer, do you see HailStorm in a positive or negative light? As an individual do you see it differently? Let us know in the vb.dotnet.discussion group.