Hailstorm: Open Web Services Controlled by Microsoft
Pages: 1, 2, 3
Less obvious but potentially more dangerous are the engineering risks in a single, global schema, because there are significant areas where developers might legitimately disagree about how resources should be arranged. Should business users record the corporate credit card as a part of myWallet, alongside their personal credit card, or as part of myBusinessPayments, alongside their EDI and purchase order information? Should a family's individual myCalendars be a subset of ourCalendar, or should they be synched manually? Is it really so obvious that there is no useful distinction between myTV (the box, through which you might also access DVDs and even WebTV) and myFavorite TVShows (the list of programs to be piped to the TiVo)?
Microsoft proposes to take over all the work of defining the conceptual entities of the system, promising that this will free developers to concentrate their efforts elsewhere:
By taking advantage of Microsoft's significant investment in HailStorm, developers will be able to create user-centric solutions while focusing on their core value proposition instead of the plumbing.
Unmentioned is what developers whose core value proposition is the plumbing are to do with HailStorm's global schema. With Hailstorm, Microsoft proposes to divide the world into plumbers and application developers, and to take over the plumbing for itself. This is analogous to the split early in its history when Microsoft wrote the DOS operating system, and let other groups write the software that ran on top of DOS.
Unlike DOS, which could be tied to a single reference platform -- the "IBM compatible" PC -- HailStorm is launching into a far more heterogeneous environment. However, this also means that the competition is far more fragmented, and given the usefulness of HailStorm to developers who want to offer Web services without rethinking identity or authentication from the ground up (one of the biggest hurdles to widespread use of Sun's JXTA), and the possible network effects that a global credentials schema could create, HailStorm could quickly account for a plurality of Internet users. Even a 20% share of every transaction made by every Internet user would make Microsoft by far the dominant player in the world of Web services.
Non-Microsoft Participation
|
Also in Clay Shirky -- Decoding P2P:
Interoperability, Not Standards P2P Smuggled In Under Cover of Darkness | |||
With HailStorm, Microsoft has abandoned tying its major software offerings to its client operating systems. Even if every operating system it has -- NT/Win2k, PocketPC, Stinger, et al -- spreads like kudzu, the majority of the world's non-PC devices will still not be controlled by Microsoft in any short-term future. By adopting open standards such as XML and SOAP, Microsoft hopes to attract the world's application developers to write for the HailStorm system now or soon, and by owning the authentication and schema of the system, they hope to be the mediator of all HailStorm users and transactions, or the licenser of all members of the HailStorm federation.
Given the decentralization on the client-side, where a Java program running on a Linux box could access Hailstorm, the obvious question is "Can a HailStorm transaction take place without talking to Microsoft owned or licensed servers?"
The answer seems to be no, for two, and possibly three, reasons.
First, you cannot use a non-Passport identity within HailStorm, and at least for now, that means that using HailStorm requires a Microsoft-hosted identity.
Second, you cannot use a non-Microsoft copyrighted schema to broker transactions within HailStorm, nor can you alter or build on existing schema without Microsoft's permission.
Third, developers might not be able to write HailStorm services or clients without using the Microsoft-extended version of Kerberos.
At three critical points in HailStorm, Microsoft is using an open standard (email address, Kerberos, SOAP) and putting it into a system it controls, not through software licensing but through copyright (Passport, Kerberos MS, HailStorm schema). By making the system transparent to developers but not freely extensible, Microsoft hopes to gain the growth that comes with openness, while avoiding the erosion of control that also comes with openness.
This is a strategy many companies have tried before -- sometimes it works and sometimes it doesn't. Compuserve collapsed while pursuing a partly open/partly closed strategy, while AOL flourished. Linux has spread remarkably with a completely open strategy, but many Linux vendors have suffered. Sun and Apple are both wrestling with "open enough to attract developers, but closed enough to stave off competitors" strategies with Solaris and OS X respectively.
Hailstorm will not be launching in any real way until 2002, so it is too early to handicap Microsoft's newest entrant in the "open for users but closed for competitors" category. But if it succeeds at even a fraction of its stated goals, Hailstorm will mark the full-scale arrival of Web services and set the terms of both competition and cooperation within the rest of the industry.
Showing messages 1 through 16 of 16.
-
Hailstorm ROI
2002-01-28 08:51:53 bgage [Reply | View]
What escapes me is what the stated advantages of using Hailstorm are over another authentication web-service? I can understand the explicit tie-in to .NET technology, but with the current revenue model Microsoft has with regards to this service (i.e. charging for use), what benefits does Hailstorm offer over a subsequent authentication web-service that is potentially free?
-
Better applications
2001-07-09 09:11:28 rikardlinde [Reply | View]
To succeed in becoming the standard platform for web services you need applications. I recommend reading Joel Spolsky's strategy letter about this (the chicken and egg problem as he calls it):
http://www.joelonsoftware.com/stories/storyReader$117
Applications is the way to compete with MS. If the open source platform for web services produce better services (than MS) people will choose the open source alternative and become members of that platform instead of .NET This might seem obvious but in the end it's the one thing that decides if users end up in our lap or in Bill's (or is it Steve's).
So how do we do that? Well, except for the fact that open source software is free there are Three things that I think will get people to choose an open source platform:
1. Elastic Anonymity
The default of any framework identification service should be anonymity. This means more than simply choosing an ID. It means you should have a different ID for every service you access. If you need to connect two services to create a third you also create/ get a third ID. When you submit data from your bank account it is tagged with an anonymous ID. That way the service provider doesn't know who you are but is still able to serve you, using very sensitive data without risking your integrity or privacy. Many services, that MS won't dare to implement, are made possible this way.
This might sound messy but connecting IDs can and should be done automatically (connecting IM services with a Jabber Transport is an example). An open standard for connecting services also means there will be plenty of freeware that solves associated interface issues.
Anonymity will create trust for companies and developers who make good services.
2. Opt-in and out.
A service should not be able to connect to another if the user hasn't asked for the combination. A service should also have an "import/ export" function built in so that a user easily can try a service and discard it without risking format problems.
This prevents lock-in.
3. Standardized installation
This is a superset of "2. Opt-in and out". It defines certain criteria for presentation of a service and service agreement and installation procedure. A service provider must present a policy on security, notification, the users access to collected data and the users choices concerning these data. What service does the user get? What does the user give (age, sex, email address...)?
A vague presentation of requirements and results is a classic MS problem. No user knows what to ask, and demand of, MS because they don't understand what MS says/ promises.
Rikard Linde
www.metriko.com and www.sprinterface.com
-
.Net to the rescue?
2001-06-15 12:16:10 jeffmm [Reply | View]
Read your article on .Net. I found this quote:
"...because, according to Microsoft, any device using SOAP will be able to participate in HailStorm without prejudice -- "no Microsoft runtime or tool" will be required, though the full effect of this client-insensitivity will be determined by how much Microsoft alters Kerberos or SOAP in ways that limit or prevent other companies from writing HailStorm-compliant applications."
This is the crux: whther MS alters Kerberos. If you have read the news lately, Microsoft has done just that. The e-Gov't initiative in Great Britain has shown that Microsoft intends to create closed, gated communities with it's .Net architecture. This is very sad.
Because of this happening, I am sure this is only a foreshadowing of things to come. I don't trust Microsoft. period. There is, indeed, a danger here of Microsoft co-opting the internet with .Net and Hailstorm.
J.M.
-
email address as an identifier
2001-06-07 13:56:37 grantm [Reply | View]
This article makes the broad statement:
"... an email address is guaranteed to be globally unique ..."
While the statement is true, the accompanying implication that this provides a globally unique identifier for a person is not.
There are many families who share a home PC and ISP account - multiple people, one email address. While they may share a home, a PC and an email address, they probably don't share a wallet and certainly don't share medical histories.
On the other side of the coin, many people have multiple email addresses - a home address, a work address, one or more web-based mail addresses.
Microsoft have already solved this problem though - lets just assign everyone a GUID :-)
-
Jumping off the M$ Express
2001-06-06 06:00:08 rparkin [Reply | View]
I just have to get this off my chest.
I began my career working on a Microsoft/PC platform. Over the years I have watched as Microsoft's "typical audacity" has reared its' head time and time again. As always, it is Microsoft's way or the highway. What it can't control today, it tries to subvert for its' use tomorrow. The Goal? M$ Tax on every user.
I am serving notice. No XP and no .NET for me, thank you very much. My goal is to wean myself away from Microsoft products and services and learn to leverage Open Source technologies.
So, to every developer I say, don't bother with "embrace and extend" -- I won't buy your latest software if it depends on the latest Microsoft platform. I'm sure as heck not going to pay for your beta program, buy your shrinkwrap, and then pay to actually use the software in the box I bought. To every marketer I say, don't bother peddling your wares on .NET -- I'm not entrusting my personal information and internet identity to Microsoft. Nor will I adapt my computing needs to Microsoft's dictate. I'll throw my PC out the window first. When Microsoft learns to play the market instead of owning it, then maybe we'll talk.
Signed, Richard Parkin.
-
a true 'user centric' data model
2001-06-04 03:35:43 andrewweir [Reply | View]
Here's an alternative I feel more comfortable with.
I control my personal data and I either store it locally (one something like an iButton) or on a hosted server by someone I really trust (an impartial service provider).
Clearly there's a need for someone to define an open schema and access semantics for getting at this data, but beyond this let the market of service providers out there develop services which assumes this framework.
Local data storage on a device I carry around with me gives me the opportunity of authenticating any transaction when needed (e.g. by a fingerprint sensor on the face of my wristwatch which holds the data). It also reassures me no-one gets to that data without my permission.
Remote data storage by a disinterested 3rd party ensures 100% network availability, but raises concerns about authentication.
Almost all my personal data today is carried around on my person - credit card, driver's license, passport, ATM card, ...
It's a relatively small step to making this all digital (in an openly agreed schema) and storing it all on a smart card - and in a few years storing it in your wristwatch.
The trouble with Hailstorm (which I think is a remarkably smart piece of thinking from MSoft) is that AOL and others will feel compelled to offer alternative 'data storage' and 'service provision' services which will fragment the marketplace. I'm already tired of carrying around so many cards in my wallet - let's not let it happen in cyberspace too ! -
You're assuming...
2001-07-24 19:43:02 skew [Reply | View]
You're assuming everyone has the same habits as yourself. What about those of us who don't wear watches and don't want to? Not all of us are gadget geeks, you know.
No, this isn't a red herring. I'm serious. There are some folks who will happily carry around their personal info on a card or device, and then there are others of us who will refuse to be happy little techno-branded cattle.
I personally won't settle for my personal info being collected anywhere for the sake of marketing and commerce, whether I hold it (in some format convenient for others) or someone else holds it. And I don't believe even American consumers (as lax as they are) would allow the law to change to allow businesses they patronize to incorporate their personal info into a central repository w/o their knowledge and consent.
I'll simply avoid businesses and services that rely upon a centralized repository. No one has managed to convince me that Hailstorm offers enough advantages to a company to outweigh the distrust that many consumers will feel, especially given the current climate of anti-corporate sentiment.
-
Thanks Clay
2001-06-02 14:39:53 jabbarfagan [Reply | View]
You have made the intent behind Hailstorm much clearer.
-
rather inconsequetial
2001-06-02 06:17:10 annie2701 [Reply | View]
I plan to wage a full scale infowar on this system. It's counter to the American way, and must be destroyed.
If you own stock in companies that depend on hailstorm: Feed your kids, sell now.
-
Web Services are not P2P!
2001-05-31 02:03:41 cilux [Reply | View]
First, the September P2P conference is to include 'Web Services', and now an article appears in openp2p about HailStorm - a Web Service.
But Web Services are not P2P! Look: Web Services are client-server. P2P are client-client.
The only, tenuous, link Clay Shirky provides is in this vague notion of 'de-centralization'. So running Linux to access Hailstorm - the use of open access standards like email addresses, Kerberos, XML and SOAP - is somehow 'de-centralizing' and therefore somehow
related to P2P. But P2P and SOAP are quite different: P2P is client-client and SOAP is client-server. DNS (used in email) is very client-server oriented. Kerberos is primarily a client-server protocol.
Perhaps because, in Clay Shirky's lights, P2P is defined as 'giving autonomy to the devices on the edge of the network'? But P2P is about much more than the autonomous right of these devices not to be owned by Microsoft!
I would be very eager for someone to show me where I'm missing the point here. Or to promise me there'll be no Web Services presentations in Washington!
-
Web Services are not P2P!
2001-06-01 17:15:57 cshirky [Reply | View]
Of _course_ there will be Web SErvices presenations in DC -- its too early to take anything but a big tent attitude here. I have worked as hard as anyone to provide a coherenet definition of P2P, but even I am not interested in a litmus test that would exclude technologies likely to be of interest to developers interested in decentralized applications.
Adn don't get hung up on narrow definitions of client/server -- that would exclude Napster and a number of other P2P apps that use client/server architectures. The real question is: cabn the same machien be both client *and server. And if the answer is yes, its interesting to us.
SOAP is important here because it has the potential to turn _all_ clients that use it into servers of a sort, because anything that speaks XML can now both invoke and receive procedure calls remotely. For that reason if No other, HailStorm is worth watching, because its embrace of SOAP for end-user devices sets up a potentially huge corporate battle over how open or closed uses of those SOAP-compatible devices will be.
-clay
-
Open Standards/Closed Mind
2001-05-30 23:58:13 kurt_cagle [Reply | View]
Hotmail is, by certain measures, one of the largest email systems in the world. It is also universally derided by ISP managers as being the one most filled with spam, pornography, and illicit activity, simply because there is no real control on the creation and distribution of email addresses there. A hotmail address immediately confers upon the user, even if the user is legitimate, an immediate sense of distrust.
Microsoft has made a number of fairly questionable decisions about Hailstorm that will come back to haunt them:
1) Paid services - Microsoft has never had much success with creating a paid service - MSN limped along for years as a paid service before they ended up placing much of the content outside of the gate, and the number of active paid participants within MSN is still far smaller than the amount that MS claims, since they no doubt use the metric of the free service as their baseline. If I as a user am charged $19.95 a month for the privilege of not having to type information in web forms (something I do primarily to download free software, btw, not to shop) then I'm paying far too much -- especially only if one form in five happens to reside within a Passport boundary. There will be all too few people who do decide its worth their time and money.
2) With Windows, if you wanted to write applications for it, you had no real choice but to write to the Windows APIs; vendors that produced third party products still had to cooperate very closely with Microsoft to stay on top of the latest changes in the OS, or risk having products that would die on the next upgrade. Indeed, one of the ways that Microsoft leveraged it's OS was to keep critical APIs evolving internally until fairly late in the cycle, giving their own developers an automatic window of opportunity of several months to develop into a new niche before a competitor could.
The Internet, on the other hand, has a strong set of standards bodies that do not automatically bow down before Microsoft, and that have been working to keep the critical components of the web as simple as possible. Given that these bodies are made up in great part from Microsoft's competitors, this means that it is unlikely that they will cede the power of API, especially as Microsoft has a reputation for playing poorly in shared API arenas.
3) Hailstorm is partially designed to place Microsoft between the consumers and the banks and credit card services that authorize payment (and consequently perform a certain level of user authorization as well). The last time that that Microsoft tried to do that, with their Microsoft Money fiasco that tried to do an end run around the Banking and Credit industries, the industry as a whole closed ranks and adopted Quicken instead. MS Money is now something of a joke without a punchline. I do not anticipate, in a tightening economy and given that most such institutions now have or are developing their own online services, that things will turn out any differently.
4) The highly centrallized nature of the web services approach makes Hailstorm incredibly susceptible to denial of service attacks. If people cannot purchase something several days running because Microsoft's services are DDOSed then you'll see people (and vendors) leaving the program with all haste. Moreover, all it takes is one disgruntled programmer working for a Hailstorm third party provider to leak any relevant access codes to the web, and the entire system becomes compromised. Given the current formenting animosity within the developer community for Microsoft's less than savory business practices, and such attacks are inevitable.
5) Back in the mid 1990's, when Internet hype was first starting to really move into overdrive, an idea that was in vogue for about six months was the Internet Mall, where several businesses would band together to form a virtual shopping portal. They all failed. They failed because there was a confusion between physical and virtual proximty, they failed because no company wanted to cede too many "trade secrets" to other companies, and they failed because these were closed systems in what was (and hopefully will remain) a fundamentally open one - the non-proprietary world was only a single click away, and that made whatever attempt at cohesiveness irrelevant.
In a lot of respects, Hailstorm is the Internet Mall of the 00's, but it rests on even shakier ground. The first is the question of the copyrightability of schemas, something that has not yet been tested in court. Given recent decisions concerning the principle of patent extensibility (generally favoring derivative works), the ability to enforce such copyrights remains suspect. Hailstorm would also have to attract a large enough number of vendor participants, who would have to essentially give up on their own efforts to create sustainable in-house offerings. Most of these same companies are now in positions where they have invested the significant amount of their IT budget for tech modernization, and will be cool at best to the notion of buying into yet another Microsoft initiative.
6) Finally, Hailstorm is emblamatic of both Microsoft's vision and its myopia. It is an audacious, ambitious project that will, if it works, be a technological marvel. It is also a mediocre solution to something that's very little a problem in most people's lives - bad Internet shopping - compared to the more serious issues of invasion of privacy, an uncertain economic, an increasing sense of frustration with corporate greed, and a waning interest in the use of the Internet across most sectors. Web services have their place (they are in fact ideal for intra-application enterprise development), but their use in consumer to business applications is dubious at best.
-- Kurt Cagle
-- Author, Professional XSL, Wrox
-- (360) 951-6159
-
The Mark of the Beast
2001-05-30 22:34:32 rberger [Reply | View]
Boy that is a really scary future scenario. We have joked about Microsoft being evil, but the Passport tie-in is REALLY EVIL!
Are people going to be stupid enough to go for this? Are they going to sell their virtual soul (their online identity) to Microsoft and then have to lease it back?
Its increadible and so much centralized control should not be allowed...
-
Pervert/Change the technologies?
2001-05-30 19:11:51 knuckleswanny [Reply | View]
This article, as well as a recent blurb at IBM concerning Microsoft working with Apache, makes me wonder if this is another ruse. Meaning, is MS going to work with other companies on things like SOAP and UDDI just up until the point where they've changed it enough to make it Microsoft dependant. A similiar situation comes to mind something along the lines of MS using JAVA and changing some of the core classes so that apps written using their API's would only run using an MS operating system. Daily, my dislike for their business practices grow and grow.
