9.7 .NET MyServices

Originally codenamed 'Hailstorm,' Microsoft .NET MyServices are a proposed range of XML-based consumer services designed to make the management and dissemination of personal information easy but secure.

Microsoft has gained considerable experience in running large Webbased services, such as Hotmail and the Microsoft Passport authentication site. It was apparent that there was a possible business model in extending these services to cover other areas, which, in turn, could become a revenue opportunity for the organization. At the time of writing, Microsoft has defocused its efforts around .NET MyServices while it reevaluates the proposed business model. The underlying technology still stands and acts as an example of how Web services will start to revolutionize development and deployment across the Web.

How .NET MyServices Will Work

It's no surprise to find out that .NET MyServices will be a collection of XML-based Web services accessed by sending and receiving SOAP messages through HTTP or DIME using Microsoft Passport as the authentication service (see Figure 9.6).

Figure 9.6: .NET MyServices in action.

Web sites that use .NET Passport sign-in services have what is called a scarab on their site page that users click onto and then enter their Passport sign-in name and password. The hosting site then initiates a request to the Passport site for a ticket granting ticket (TGT). If the password and sign-in name are correct, .NET Passport will grant the TGT, which, in turn, indicates to users that they have successfully signed in. The TGT will be cached for later use.

The TGT is then presented to .NET Passport, which is now acting as a ticket granting server (TGS), and a session ticket is requested for the appropriate .NET MyServices being used. .NET Passport will use the TGT to verify who the client is and that the client has not expired; then, it returns a session ticket and session key to .NET MyServices. All of the encryption between the client and service will now be encrypted using this session key. Access to the various services within .NET MyServices will be granted according to the session ticket.