ust as third-party developers were a key reason for the success of Windows, HailStorm's success depends on attracting lots of third-party developers and HailStorm-compatible services. Microsoft is well positioned to succeed with HailStorm, because it already has a large number of third-party developers and a broad set of development tools. Developers can easily create applications that access HailStorm services. By using Passport for user authentication, developers have immediate access to the calendar, preferences, and notification services from within the applications they are creating. HailStorm services are more than just a centralized version of the standard Web services in .NET.
Visual Studio.NET simplifies the process of creating and modifying Web services for .NET based applications, and Microsoft will work to make it the preferred development tool for HailStorm developers. As part of this plan, Visual Studio.NET will automatically create all necessary SOAP interfaces to communicate with HailStorm services. Microsoft will also provide live testing environments to HailStorm developers for a small fee, with the intent to encourage HailStorm development. Other development environments already provide functionality similar to .NET's for creating SOAP and Web services in general. The question is, will they be able to match Microsoft tools by creating the precise HailStorm SOAP envelope at compile time or will developers have to tweak the code manually? The answer probably depends on how successful HailStorm is.
The availability of HailStorm-compatible services across the entire Internet provides a level of infrastructure that simplifies the development process of creating and marketing Web services. Third-party services must obtain a security certificate from Microsoft to be granted permission to access HailStorm services and data. Microsoft will make these security certificates available at minimal cost. The marketing model is similar to that used by Visual Basic control vendors, who have been selling aftermarket controls for some time.
Developers who want to get a head start on HailStorm development can begin by downloading the Passport SDK from Microsoft now, and should start working with Web services and XML as soon as possible. Successful developers will learn to query and interface with XML documents in addition to relational databases. Listing 1 shows an example of a standard HailStorm XML document.
The HailStorm SDK will be available to developers at the Microsoft Professional Developers Conference in Los Angeles, October 22–26, 2001. Microsoft is focusing on delivering a stable product so that developers will have a good first impression and can begin developing with HailStorm right away. Large companies in the U.S. and elsewhere are already creating HailStorm-compatible services.
HailStorm's Architecture
HailStorm uses PUIDs (Pairwise Unique IDs) for data storage and exchange with HailStorm partners, SOAP for service access, XML documents for data access, XML Schemas for data layouts and exchange, and a modified version of Kerberos for security.
Microsoft will hold user data for the core HailStorm services and will control the flow of traffic between HailStorm partners but will not know what data the partners hold. HailStorm partners request HailStorm user data by passing a PUID to Microsoft. Microsoft returns the requested data to the HailStorm partner only if the user has granted that vendor access to the user's data.
Here's how the HailStorm architecture looks to a developer. After a user has been authenticated by Passport, the entire set of HailStorm services is available for that User ID or Group ID. The services and stored data also have a consistent interface. For example, both the calendar and the contact service expose similar methods and properties to developers. HailStorm uses SQL Server for storage in a way optimized to send XML in and get XML back. Table 1 lists the consistent operations exposed by all HailStorm services. Both Table 1 and Listing 1 are taken from MSDN's Web-based The .NET Show (dated June 7, 2001), which contains more detail on the HailStorm architecture. To retrieve data, developers use query strings expressed as XPATH expressions or as XML query strings. HailStorm data resides on multiple servers in varying locations.
Both the calendar and contact service reside on the Web and can aggregate different contact lists and message stores. For example, the HailStorm contact service may contain all contacts from a user's Palm device and e-mail program. The Inbox may contain all the messages from the user's e-mail program and voicemail system. All this data will be stored centrally and accessible from any HailStorm device. Listing 1 contains a sample data document for HailStorm's address service, which uses a standard XML schema.
Microsoft has embraced XML as a critical part of both .NET and of interoperable services interacting across the Web and across devices. XML schemas are the key to making this happen. In Microsoft's HailStorm Announcement on March 19, 2001, Bill Gates provided some foresight into this vision:
Schema is the technical term you're going to be hearing again and again in this XML world. It's through schemas that information can be exchanged, things like schemas for your appointments, schemas for your health records. The work we're announcing today is a rather large schema that relates to things of interest to an individual. And you'll recognize very quickly what those things are, things like your files, your schedule, your preferences, all are expressed in a standard form. And so, by having that standard form, different applications can fill in the information and benefit from reading out that information. And so it's about getting rid of these different islands.
In the following paragraph from the same HailStorm announcement, Mark Lucovsky, HailStorm's primary architect of HailStorm, explains the architectural structure for developers:
We have a thing that we're calling the "service fabric," which is the glue that holds [HailStorm], that makes this system possible. It's a common infrastructure that we've built that all these services to run under. It's a common way to name the services. It's a common way to think about the services. It's a common set of interfaces that if you're writing a HailStorm service, that service must expose in order to have uniform query across all the different services, to have uniform data manipulation. So if I want to add a chunk of XML to a service, I don't have to learn a new way [to do it] for Calendar versus an Address Book. It's the same add method. The data might be different. The schema for that particular service might be different, but the programming model and the service fabric and the glue that holds it all together is uniform.
Components and Availability
Listed below are the services currently planned for inclusion in HailStorm, copied from Microsoft's recent white paper on HailStorm:
- myAddress: electronic and geographic address for an identity
- myProfile: name, nickname, special dates, and picture
- myContacts: electronic relationships/address book
- myLocation: electronic and geographical location and rendezvous
- myNotifications: notification subscription, management, and routing
- myInbox: inbox items such as e-mail and voicemail, including existing mail systems
- myCalendar: time and task management
- myDocuments: raw document storage
- myApplicationSettings: application settings
- myFavoriteWebSites: favorite URLs and other Web identifiers
- myWallet: receipts, payment instruments, coupons, and other transaction records
- myDevices: device settings and capabilities
- myServices: services provided for an identity
- myUsage: usage report for the above services
Microsoft plans to make the initial set of HailStorm services available in a broad developer beta in late 2001, with full release in 2002. HailStorm is designed so that additional services and extensions can come online in an incremental fashion after the core infrastructure is in place. Additional namespaces and services will become available as they are completed via the Microsoft Open Process.
Microsoft created the naming conventions and data layouts for the current HailStorm services unilaterally, but plans to work more closely with third-party companies to open the process in the future. A centralized committee will provide structure—for example, to avoid the creation of unnecessarily duplicative services. This process will help ensure that HailStorm services are added in an organized way. At present, information about the balance of power between third-party committee vendors and Microsoft, and about the identity of committee vendors, is not available. Therefore, there's no way to know how much control Microsoft will have.
Passport and Notification services will be available for Windows and Office XP in a preliminary form (planned for July, 2001) before the final release of the rest of the HailStorm services. Paul Thurrott of Win2000mag.net reported in a recent .NET Update newsletter that Microsoft will ship a .NET version of Hotmail and MSN Calendar sometime this summer (2001). Both of these require Passport for authentication. It's unclear how those relate to the HailStorm InBox and Calendar services. We'll have to wait until Microsoft releases a beta version of HailStorm at its Professional Developers Conference this fall.
Security and Privacy
HailStorm's very nature raises obvious privacy and security concerns due to the fact that one company would store and maintain so much critical data—a company that has a reputation for being shrewd to a fault. The magnitude of the damage that could be caused by a hacker is frightening. Furthermore, HailStorm requires consumers and businesses to trust Microsoft and its partners not to profit unethically from this data. Many people believe that putting one company in control of all of one's important data is a mistake. They say that data should be distributed among some combination of governments, peer-to-peer consortiums, companies, and non-profit agencies.
Passport (and thus HailStorm) uses Kerberos for security, which requires the service to determine the client's identity without asking the client, and the client to determine the service's identity without asking the service. The Microsoft implementation requires the identity of the application and location of the requester. Microsoft was forced to create its own security system for HailStorm because the SOAP specification still lacks a security definition. The Kerberos security model provides an end-to-end security framework for HailStorm.
Because Microsoft operates the HailStorm services, it is also responsible for operational security. Microsoft is building mechanisms to permit it to detect and kill out-of-control requests, and has invested heavily in creating a distributed hosting environment. This is a challenge for Microsoft, which has already faced uptime lapses this year due to attacks on its Web properties.
HailStorm will operate under an affirmative-consent ("opt-in") privacy model. This means that users own all of their HailStorm data; it cannot be used without their permission. The data will not be mined or sold unless the user authorizes it. Even though these services are hosted by Microsoft, the user (not Microsoft) owns the data. Microsoft decided that it's better to charge end users for the services provided to them—and let end users own the data—rather than provide the service for free in exchange for the right to sell or mine the data to make a profit. (Read Passport's privacy statement on their site.)
Users have some control over their data. They can monitor access, set time limits and other constraints on when others can view their data, and rescind rights to view or access their data at any time. This is possible because all sites access user data through HailStorm; they don't have their own copies of the data. Microsoft is working to create a sophisticated user interface that will handle this complicated task without sacrificing ease of use. The interface will include the ability to create views so that users can see who has access to their data. While it remains to be seen how users respond to these capabilities, HailStorm has the potential to be a major improvement over the current process, where every site has its own policies and cannot afford to create elaborate security maintenance programs.
Part I: What Is HailStorm? 
Part III: How Will HailStorm Affect You? 
Part II: HailStorm's Design and Structure 
From an enterprise viewpoint, do you think that companies will or should allow Microsoft to collect so much personal data? Do you have alternative suggestions? Do you believe that Microsoft can keep user data secure? Tell us your ideas or raise your concerns in the security.internet discussion group.