Defining .NET My Services

< BACK  NEXT >
[oR]

.NET My Services consists of a network authentication service together with a group of SOAP-callable Web services. These services are provided by a distributed group of server machines, run by Microsoft (and potentially other organizations as well), that can be accessed over the Internet. Each service stores a particular kind of data or supports a specific function.

For example, allowing a client to prove its identity is essential for a wide range of applications. Accordingly, as in most distributed environments, .NET My Services provides a core authentication service that is used by all other .NET My Services. This service is provided by Microsoft's Passport technology, which in its .NET My Services version is extended to support Kerberos. All clients that access .NET My Services rely on Passport, and thus on Kerberos, for authentication.

Passport authenticates clients that access .NET My Services

Once a client has been authenticated, that client can access other services. Some examples of these services include the following:

  • .NET Profile: Stores various personal information about a user, such as the user's name, telephone number, e-mail address, mailing address, and so on.

  • .NET Calendar: Maintains a user's personal calendar. Applications might use this information for things such as determining when a user is able to receive a delivery; recording a flight that's been scheduled; checking when a user is free to attend a meeting; or synchronizing a user's schedule between his office computer, his home machine, and his PDA.

  • .NET Alerts: Manages a stream of notification messages directed to a particular user. From a developer's point of view, this service provides a standard way to send events asynchronously to a user wherever she might be. The services in .NET My Services themselves can use this you might be notified of an upcoming event on your calendar, for example as can applications that make use of .NET My Services. An auction Web site could use this service to notify you when a higher bid has been received for an item you're interested in, or an application selling tickets might notify you that a friend has purchased two seats for a show and invited you to join her.

  • .NET Contacts: Provides a list of names, addresses, and other contact information for a user, that is, an address book. Stored along with this is information needed by .NET My Services that, among other things, allows mapping from a name to what's required to send an alert to that person.

  • .NET Inbox: Allows access to a user's e-mail. Because it provides programmatic access to mail from any Internet-connected device, this service could potentially allow new kinds of mail applications.

  • .NET Lists: Stores lists of various kinds. Some potential examples include a user's to-do list, a shopping list, and a list of desired gifts posted by a bride-to-be.

  • .NET Documents: Provides Internet-accessible storage for a user's documents, allowing the same information to be accessed (and possibly shared) from multiple devices and multiple users at multiple locations.

  • .NET Presence: Maintains a list of electronic endpoints where a user can be contacted. For example, a user might have an active Instant Messenger client that can receive notifications and other immediate communications. Applications that send alerts can rely on this service to route those messages to a device near the user, such as a desktop computer or PDA.

  • .NET Devices: Maintains a list of devices and device characteristics for a user. For example, an entry for a PDA might indicate its screen and bandwidth limitations. An application could use this information to determine that a particular device isn't appropriate for, say, videoconferencing.

  • .NET Wallet: Contains payment information such as a user's credit card number. A Web site might access this and allow a user to select one of the credit cards contained in the wallet along with ship-to and bill-to addresses. This information could then be transferred to the appropriate fields on a form on the Web site, saving the user from having to enter the information manually.

  • .NET Application Settings: Maintains information about a user's application settings. For example, Office might store settings such as a user's toolbar and dictionary preferences here. This would allow the user to see the same Office environment from any .NET My Services aware system she logs into.

  • .NET Services: Maintains a list of services a user has subscribed to (or in the jargon of .NET My Services, has been provisioned for). This is actually a simple directory used by .NET My Services based applications to locate other services provided by .NET My Services.

.NET My Services stores a variety of information about people

One important fact to grasp about these services is that with the exception of Passport, the information stored in each one is defined using XML and accessed via SOAP. Don't be confused by the similarity between what's provided by .NET My Services and the Internet mail and calendar services provided today by Microsoft, AOL, Netscape, and others. These existing services are all designed to be accessed directly by people through browsers. The .NET My Services offerings, by contrast, are exposed programmatically they're Web services. Rather than being accessed through a browser, each of these services is meant to be accessed by client software making SOAP calls.

Most services provide access to XML-defined data through SOAP

Reflecting the heterogeneity of the Internet, Microsoft's goal is that .NET My Services will be usable from all kinds of systems. This includes Windows, of course, and so the .NET Framework will provide good support for building applications that access .NET My Services. Target clients also include Macintosh desktops, Linux machines, PDAs running Windows CE or PalmOS, mobile phones, and any other intelligent device. Because .NET My Services is accessed using the industry-standard SOAP and Kerberos protocols, this is at least theoretically possible, and Microsoft has demonstrated access to .NET My Services from diverse clients. Also, Microsoft has indicated that it plans to submit to standards bodies the extensions it makes to SOAP and Kerberos for .NET My Services. Given the challenges that exist in Web services interoperability, however, the goal of universal access to .NET My Services is not simple to accomplish. Yet with the increasing popularity of small devices, a majority of which don't run Windows, it's easy to see why Microsoft wishes to make .NET My Services broadly accessible.

.NET My Services is potentially accessible from all kinds of clients

Figure 8-1 illustrates how .NET My Services can be accessed. As the figure shows, both clients and servers can use the services. In fact, if a user contacts .NET My Services from any of her client devices, the same instance of each service will be accessed. Whether a user accesses her .NET Inbox from her PDA, from her desktop computer, or from her mobile phone, for example, she will be recognized as the same user and have access to the same information. No matter what client her access comes from, she is always authenticated using Passport.

Figure 8-1. Both clients and servers can access .NET My Services across the Internet.
graphics/08fig01.gif

Each user has her own logical instance of what .NET My Services provides

Applying .NET My Services

An application developer can use .NET My Services in a variety of ways. Here are a few possibilities.

Applications can exploit .NET My Services in many different ways

  • An application running on a client machine might allow a user to access directly the information .NET My Services maintains. For example, software running on a PDA might use the .NET Inbox service to allow a user to check his e-mail and then access .NET Contacts and .NET Calendar to synchronize information between his devices. Other examples include a user allowing her co-workers access to files stored in .NET Documents, thus providing shared access to these documents from any Internet-connected device or from an application that merges .NET Calendar information from multiple sources or multiple users into a single view, allowing better coordination of diverse schedules.

  • An application running on a Web site and accessed via a browser might access .NET My Services information to learn about its user (with that user's permission, of course). For example, the application could first use .NET My Services's Passport service to authenticate the user. Once this was done, it could access the user's .NET Wallet service to acquire payment information and then use his .NET Calendar service to determine when to schedule delivery.

  • An application could use .NET My Services to arrange other types of communication. For instance, a videoconferencing application might use services such as .NET Contacts, .NET Presence, and .NET Devices to arrange the videoconference and then use any appropriate protocol and data format for the conference itself.

  • An application could expose one or more Web services, relying on .NET My Services to provide various foundation services. For example, a ticket booking application might expose a Web service that allows a user to book seats for a concert and then have notifications sent to a friend inviting him to attend. The application could use .NET My Services's Passport service for authentication, the .NET Alerts service to send asynchronous events, such as the invitation, and other services as needed.

Although it's early days for .NET My Services, a number of prototype applications have been demonstrated. The Internet auction site eBay, for example, has demonstrated using Passport to authenticate to its service and then using .NET Alerts to inform a bidder when a higher bid has been received for an item of interest. American Express has shown a service that uses alerts to provide immediate information to the customer about potentially fraudulent use of his card, while the United States Postal Service has described an application that can examine a user's calendar through the .NET Calendar service and then determine when that user will be home to accept delivery of a package. The online travel agency Expedia has demonstrated a prototype that sends alerts to your wireless PDA, desktop computer, or mobile phone informing you that your outbound flight has been delayed.

Several organizations have shown prototype applications

Applications are everything. For this technology to succeed, software developers must believe in .NET My Services and provide useful applications. Microsoft itself will surely provide some look for options to use .NET My Services in a future release of Office, for instance but as with any other application platform, one vendor isn't sufficient. Success requires a critical mass of applications. It's too soon to know how many developers .NET My Services will attract, but as just described, a number of organizations have shown early interest in exploiting this new technology.

.NET My Services must attract applications to succeed

Assuring Privacy

Relying on Microsoft to store personal information such as our calendar, our contacts list, and our credit card number immediately raises questions about the privacy of that information. Who owns it? Who can access it? Who can change it? Unless .NET My Services users feel comfortable with the answers to these questions, they won't use applications built on this technology.

Data privacy is a key issue for .NET My Services

According to Microsoft, the answer to all of these questions is very simple: All of a user's data is owned by that user, and nothing can be done to this data except with the user's permission. Microsoft promises not to access, modify, sell, or use any of the data it stores in any other way without the user's explicit permission. (An exception to this rule is that to conform to legal requirements, information subpoenaed by authorized law enforcement agencies must be surrendered.) Furthermore, a user must always explicitly grant access to data for a particular application; that is, an opt-in model is always used. And any granted access can later be revoked by the user; it need not be permanent.

Access to data is controlled by the user who owns that data

.NET My Services as an Application Platform

Think about what it means to be a platform for applications. Most fundamentally, a platform must provide the services that developers need to support useful software. For example, every application platform must provide basic hardware services such as processing power, memory, and disk storage. A platform must also provide software services, including authentication, a way to store and retrieve files, and other services.

These services may be provided by a single machine. In this case, a developer relies on the operating system to authenticate users by making them prove their identity when they log in, to provide a file system, and to supply other services. With the advent of distributed computing, the notion of an application platform expanded to include a group of machines on a local area network. The basic services provided by the platform remain the same, but various machines in the network now provide those services. In a Windows 2000 domain, for example, authentication is provided by a machine acting as a domain controller, while file storage is provided by a machine acting as a file server. Both are available to any application running on any machine in the domain, and so both are part of the application platform.

The Internet is the next step in the evolution of application platforms. Many applications have been built on the Internet today, yet most of them treat the client as a relatively dumb device capable only of interacting with the user through a browser. Rather than functioning as a true application platform, the Internet today provides little more than support for remote terminals. To make this global network into an effective platform for applications, a set of core services must be made available to Internet-based applications. There could be a common way to authenticate Internet users, for example, just as there is today on a single machine or in a distributed environment such as a Windows 2000 domain. There could also be a common way to store information, allowing users to access it from anywhere in the network. Services like these, provided to any user on any device connected anywhere in the world, would transform the Internet from an environment supporting just dumb browsers into a global platform for applications.

.NET My Services provides these services. Just as application developers have exploited operating systems and distributed environments to build powerful applications, .NET My Services potentially allows them to create a new kind of application that exploits the Internet as a platform. For the most part, Microsoft doesn't position .NET My Services this way, choosing instead to focus on its data storage aspects. Yet .NET My Services surely can be thought of as a wholly new kind of application platform. The Internet has changed so much, why not expect it to change what we think of as an application platform?

The key point here is that users, not application developers, will decide whether the advantages an application provides are worth the potential exposure of their personal information. For .NET My Services to succeed, software developers must create useful applications that solve real problems for their users. As always, the benefits must outweigh the costs.

For .NET My Services to succeed, its benefits must outweigh the privacy risks

The .NET My Services Business Model: Software as a Service

New technologies often beget new business models. The original Internet business model advertising-supported free services didn't work for most sites. The bursting of the dot-com bubble made clear that a different, more sustainable approach was required. And given that .NET My Services is accessed via Web services rather than browsers, advertising isn't an especially attractive option anyway.

How Can We Trust Microsoft with Our Personal Data?

Microsoft solemnly promises to keep all of the data we store in .NET My Services completely private. But why should we trust Microsoft to keep this promise? The temptation to make large sums of money from the data it holds might prove irresistible, since, if .NET My Services succeeds, it will hold a great deal of valuable information. Trusting Microsoft or any private organization to maintain the privacy of our personal information requires a leap of faith.

Yet if Microsoft breaks its promise, every .NET My Services customer will stop using the service, and .NET My Services will fail. In fact, business customers are likely to force Microsoft to sign contracts guaranteeing the privacy of their data, so selling this information would also expose Microsoft to large financial liabilities. Following through on its privacy promise is Microsoft's only chance to make .NET My Services succeed as a business. In a very real way, it's in Microsoft's interest to keep its word. If the company changes its mind or if the people at Microsoft promoting .NET My Services have lied to us, .NET My Services will replace Microsoft Bob as the company's most visible failure.

Even if Microsoft keeps its promise, however, there's another concern: What about the other organizations that we let access our data? If I grant access to my .NET Profile information to, say, an application running on some company's Web site, how can I be sure that company won't use my data in some way I don't approve of? It might sell my address or send me unwanted e-mail solicitations or barrage me with telemarketing calls at dinnertime. Although Microsoft has talked about requiring applications using .NET My Services to conform to some sort of privacy regulations, this will be challenging to enforce. More likely, it will be up to users to decide whether they trust an organization with the information they're allowing it to access.

Ultimately, it's customers who will decide. If they believe that the benefits of .NET My Services based applications outweigh whatever loss to privacy those benefits bring with them, then .NET My Services will succeed. If they don't, .NET My Services will end up as just another evolutionary dead end in the technology ecosystem.

Microsoft announced the preliminary business model for .NET My Services in late 2001. Under this plan, applications using .NET My Services would pay an annual fee ranging from just over a thousand dollars to a negotiated (and presumably higher) amount for very heavy users of the service. Most organizations that field .NET My Services applications should expect to pay not much more than $10,000 a year for use of those services, according to Microsoft.

Organizations that build applications on .NET My Services will be charged an annual fee

The primary revenue source is intended to be end users, however, not organizations that deploy .NET My Services applications. Microsoft says that some services, such as Passport, will remain free, while others will likely have subscription fees. These subscriptions may be options available with other products, such as Microsoft Office, or they may be standalone services. Third-party developers who build applications using .NET My Services are free to charge their customers any way they like, including selling subscriptions and access-based pricing. In any case, the goal is to rely primarily on users, not on application developers, to pay for the cost of running the services and to provide the profits that Microsoft hopes to derive from them.

End users will provide most of the revenue Microsoft derives from .NET My Services

Microsoft has also stated that it will allow other organizations to host installations of .NET My Services, perhaps using Microsoft's software to do it. A third party such as a large Internet service provider might run its own installation of Passport, for instance, or its own .NET Documents service. All of these can be federated into a single unified system, allowing customers to choose the organization they'd like to work with. While this kind of federation may or may not be available in the first .NET My Services release, it appears to be a goal that Microsoft is committed to reaching.

.NET My Services will eventually allow federation with other services

< BACK  NEXT >


Understanding. NET. A Tutorial and Analysis
Understanding .NET: A Tutorial and Analysis (Independent Technology Guides)
ISBN: 0201741628
EAN: 2147483647
Year: 2002
Pages: 60

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net