Web Services Architect : Articles : Hailstorm

Friday May 25 2001

HailStorm

Microsoft and the future of user-centric Web Services

Johann Dumser

Web Services and the SOAP protocol are new trends, and the applications based on these technologies lack maturity. Few, if any, deal in any significant way with security (which is absent from the SOAP specification) or user identification. Try a search for Web Services applications, and you'll most like find only the simplest of implementations - GetTemp, ConvertMeterToFeet, etc.

However, Microsoft sees big things in the rise of Web Services - which aid machine-to-machine communication over the Internet. According to its vision, Web Services should enable web sites to become less isolated while managing functions such as user authentication and personal details, thus enhancing the customer service potential of a given site. Ultimately, users should be able to connect to the Internet from any type of device, access a given Web Service, be instantly recognized and perform certain operations which would be executed automatically between machines hosting the Web Services. Finally, when this process is concluded, centralized user information would be updated.

These Web Services (Codenamed HailStorm - the white paper is online) supply users with more control over access to their personal information on the Web and aim to enrich applications for a better quality service. With Hailstorm, Microsoft offers a powerful solution to answer the basic question: "How can user information on the Internet best be handled?" Microsoft's answer is surprisingly simple: provide a unique place to store and retrieve information via SOAP Web Services.

HailStorm (User-centric Web Services)

In launching these Web Services at the beginning of 2002 (the .Net platform is due out in Novemebr 2001), Microsoft kills two birds with one stone:

  • It offers basic user-centric Web Services and helps centralize user information available on the Internet.
  • It provides user authentication for SOAP Web Services calls.

Included in the 14 services scheduled for the HailStorm release are:

  • myProfile (name, nickname, special dates, picture).
  • myContacts (electronic relationships/address book).
  • myNotifications (notification subscription, management and routing).
  • myCalendar (time and task management).
  • myDocuments (raw document storage).
  • myWallet (receipts, payment instruments, coupons and other transaction records).
  • myDevices (device settings, capabilities).

Key features of this solution include:

Security: HailStorm enables simple and complete user identification across numerous web sites that are registered with the HailStorm service. The user is recognized on the Internet and visited sites call the latest updated user information via SOAP messages. Microsoft Passport guarantees the security of transactions through encryption and the privacy policy, which follows the Code of Fair Information Practices.

Moreover, HailStorm handles privacy over the Internet in a different way. It gives users control over their personal and environmental information that they share on the Web. This smart software enables people to:

  • Determine who or which services have access rights to their data.
  • Share data at will with any party and revoke sharing/access privileges at will.
  • Arrange for sharing that expires at a given time: system-managed, time-based data access revocation.

Openness: It is possible to cross platforms, OS and languages. HailStorm Web Services benefit from .NET technology and architecture enabling applications, devices and services to work together. All HailStorm Web Services will use SOAP and be based on XML. Furthermore, no Microsoft tool or environment will be required to make them run.

By taking advantage of Microsoft's substantial time-and-money investment in HailStorm, developers will be able to create user-centric solutions that help them focus more on value-added features than on basic development. For instance, one company has to create a just a SOAP message to call the myProfile Web Service. The interface for myProfile comes SOAP-enabled, allowing any device to reach it. This reduces development time, which can be shifted to focus on customized features that will add value for the end user.

Basic services: Major HailStorm services will use this architecture (myProfile, myContacts...) to manage basic electronic user information, such as calendars, personal documents or even profiles. Simply put, HailStorm-based solutions eliminate the common user headache of entering and saving information from one site to the next. Developers will be equally pleased. No longer will they have to create proprietary and isolated basic systems (such as user identification) for each application they develop.

HailStorm is designed to enable companies to deliver solutions that collaborate and work together on behalf of users in order to provide customized, next-generation services. And a lot is riding on its success. Major partners like American Express, Click Commerce, eBay, Expedia.com and Groove Networks have already climbed aboard.

To help with Hailstorm's evolution, Microsoft has announced an application-enriching program (Open Process Extensible) to carry out the development of upcoming services (myPhotos, myPortfolio).

The following diagram synthesizes the HailStorm's components:

HailStorm architecture

Web sites take advantage of HailStorm when users connect to the applications, benefiting from customized, secure and updated services regardless of the user's connecting device.

Conclusion

Clearly the success of HailStorm will depend in large part on the cooperation of users - i.e., the number of Microsoft Passport subscribers - and the number of partners that propose HailStorm-enabled services. Nevertheless, the project may very well take off and its launch, at least, should cause a blaze of publicity. Here's why:
  • Security (Microsoft Passport). Users will have total control over the personal information they share on the Internet.
  • Openness (SOAP). All HailStorm Web Services are SOAP-enabled, which virtually eliminate technology requirements or limitations. In principle, any company can use it as a client.
  • Basic Services (myWallet, myProfile, myNotifications...). Rich user information will clearly identify distinct users.
  • Centralization (unique place to store and retrieve relevant information). Applications, services and devices can collaborate and work together by sharing common information, which is available at all times.

By providing user-centric Web Services, Microsoft not only creates a new line of business, but also finds a way to struggle against piracy - or to reduce piracy - by allowing access to software based on user identity recognition.

Even though some will argue that Microsoft's strategy is an attempt to get a jump on the competition, their solution currently represents the best of breed in the soon-to-be hotly contested Web Services marketplace. And whatever your opinion of Microsoft, HailStorm could represent the real start of the Web Services era.

Johann Dumser is a freelance consultant and publishes reports and analyses on Web Services.

© Web Services Architect
Terms and Conditions