Microsoft's "My Services" Comes At Your Service

On the Windows .NET front, XML-based userauthentication technology, code-named 'HailStorm', topped the list. Inmarch 2001, Microsoft  Corporation announced "a set of newtechnologies"; designed to advance the Microsoft .NET strategy. Thetechnology is a user-centric architecture and set of XML Web services,Microsoft .NET My Services (formerly codenamed "HailStorm").

'It's probably the most important .NETbuilding block service. This is a revolution where the user'screativity and the power of all their devices can be used.'saidMicrosoft Chairman Bill Gates. HailStorm will allow client-sideapplications and Web services to exchange user information much fasterand easier.

What Is .NET My Services?

The .NET My Services platform is a collectionof XML Web services that are invoked over the Internet by means ofindustry-standard protocols that includes SOAP, XML, and UniversalDescription, Discovery, and Integration (UDDI). .NET My Servicesauthenticates users, provides the ability to send alerts, and storespersonal information, including contacts, e-mail, calendar, profile,lists, electronic wallet, physical location, document stores,application settings, favorite Web sites, devices owned, andpreferences for receiving alerts.

.NET My Services takes advantage of theMicrosoft .NET-based technologies and architecture that make itpossible for applications, devices, and services to work together.These services make user consent the basis for who can access userinformation, what they can do with it, and how long they havepermission to do it.

Salient features of .NET MY SERVICES

PRIVACY

Privacy is a key design requirement in the.NET My Services architecture, and the .NET My Services data model isprovided with a specific security and access control model that allowsend users to control how and with whom their personal information isshared. This intelligent and excellent software allows users to:
? Determine who or which services have access rights to their data.
? Share data with any party at will. .NET My Services will employ a strict opt-in platform for user's data.
? Revoke sharing/access privileges at will, providing a unique level of control not commonly available on the Web and sites.
? Arrange for sharing that expires at a given time by system-managed and time-based data access revocation.

In addition to providing the technicalcapabilities, Microsoft will mandate strict data collection and usepractices among .NET My Services licensees to guarantee that user'sprivacy is protected. Specifically, Microsoft intends to bind licenseesto specific terms of use that control what can and cannot be done withuser data originating from a .NET My Services source through acontract. Moreover, Microsoft will electronically and physically securedata managed by .NET My Services to prevent unauthorized access or use.Finally, Microsoft will have no right to mine, target, sell, or publishany .NET My Services user data without explicit user consent.

Open Access

.NET My Services can be accessed from anydevice, service, or application with an Internet connection, theability to authenticate a user, and the ability to send and receiveSOAP messages. Microsoft has already demonstrated .NET My Servicesbeing accessed from Microsoft Windows?, Macintosh, Palm PC, Pocket PC,and a variety of UNIX-based products.

For users, HailStorm will be accessed throughtheir applications, devices and services (also known as "HailStormend-points"). Naturally, the .NET infrastructure provided by VisualStudio.NET, the .NET Framework, and the .NET Enterprise Servers willfully incorporate support for HailStorm to make it as simple aspossible for developers to use HailStorm services in theirapplications.

DISCO:

Microsoft has also defined a discoverymechanism (an XML schema and a search algorithm), called Discovery ofWeb Services (DISCO), that you can use to locate Web services.You useDISCO (short for Discovery) to locate a Web service at developmenttime, then your development tool creates a proxy that allows you to usethe Web service without having to use the discovery mechanism again.The proxy contains a hard-coded URL for the Web service, but you canoverride this location in your client by setting the "Url" property onyour proxy object.

WSDL

The actual descriptions of .NET My Servicesare conveyed through WSDL (Web Service Description Language) documents.These documents convey all of the information a client needs tointeract with the service, including all of the different objects,types, and methods that a particular Web Service exposes. The morestrong the Web Service, the more complex and unwieldy is the WSDLdocument describing the service.

SDP:

The Microsoft SDP provides structure,including the following, for the development or extended 'HailStorm'services: (1) Call for proposals for new 'HailStorm' extended services;(2) Creation of SDP working groups; (3) Definition and testing ofextended 'HailStorm' services; (4) Certification of extended'HailStorm' services; (5) Deployment of new services. The MicrosoftShared Development Process (SDP) provides a mechanism for fast, focusedand profitable collaboration on key technology initiatives betweenMicrosoft and industry partners.

Authentication-Centric

Microsoft .NET Passport is a powerfulauthentication system that lets consumers safely store personalinformation on the Web and control how that information can be used..NET Passport services, including .NET Passport Single Sign In serviceand .NET Passport Express Purchase service that simplify the onlinepurchase process and help Internet-commerce Web sites build strongerrelationships with customers. Kerberos is a proven industry standardsecurity protocol that is used by Microsoft? Windows 2000 and XP foruser authentication. Kerberos is responsible for authenticating clientrequests based on centralized security information and distributing"tickets," which are temporary encryption keys that clients use toaccess specific services.

Independant & decentralized

The HailStorm platform uses an open accessmodel, which means it can be used with any device, application orservices, regardless of any operating system, object model, programminglanguage or network provider. All HailStorm services are XML Web SOAP;no Microsoft runtime or tool is required to call them. Thisdecentralization of the client is designed to allow Hailstormapplications to spread as quickly as possible.

While decentralizing client-code, Microsoft centralizes the three core aspects of the service:
? Identity (using Passport)
? Security (using Kerberos)
? Definitions and Descriptions (using HailStorm's globally standardized schema)

First, you cannot use a non-Passport identitywithin HailStorm, and at least for now, that means that using HailStormrequires a Microsoft-hosted identity.

Sec
ond, developers might not be able to writeHailStorm services or clients without using the Microsoft-extendedversion of Kerberos.

Third, you cannot use a non-Microsoftcopyrighted schema to broker transactions within HailStorm, nor can youalter or build on existing schema without Microsoft's permission.

Simplified Access (Any Time and On Any Device)

User's life is made easier because no longermust a user log on to one service to check e-mail, use anotherapplication to check a work calendar and yet another to check personalcalendar entries, start a browser to check favorite Web sites, enterpasswords, addresses, and other personal information in the fiftydifferent consumer Web sites they visit.

Because of the data-centric nature of XML Webservices, .NET My Services will enable end users to be able to accesstheir key information and receive alerts about important eventsanywhere, on any device, and at any time.

Security:

Authentication of a HailStorm user isprovided via Kerberos, a secure method developed at MIT forauthenticating a request for a service in a computer network. Itcreates potential incompatibilities between clients runningnon-Microsoft versions of Kerberos and servers running Microsoft'sversions. By making the system transparent to developers but not freelyextensible, Microsoft hopes to gain the growth that comes withopenness, while avoiding the erosion of control that also comes withopenness.

Enterprise-Scale Security

Network security enhancements:
? Kerberos Security Protocol
? Efficient authentication to servers.
? Mutual authentication
? Interoperability
? Secure Sockets Layer (SSL) Support for Web Server
? Protected Store
? Smart Card Cryptographic Service Provider (CSP)

.NET My Services Endpoints

Microsoft is actively working to createnumerous third-party endpoints for .NET My Services. This means thatMicrosoft applications, including everything from Microsoft Office tothe Microsoft games, will support .NET My Services. Services includingMSN and Microsoft bCentral? small business portal will be .NET MyServices endpoints, and a variety of devices powered by Microsoftsoftware will be potential .NET My Services endpoints, includingMicrosoft Xbox? video game console, Pocket PC, and Microsoft's smartphone software platform, currently codename "Stinger." A number ofMicrosoft operating systems, including Windows XP and Windows CE, willalso be .NET My Services endpoints themselves.

How .NET My Services Work

Considering the developer's perspective, .NETMy Services is a set of XML Web services, accessed by sending andreceiving SOAP messages sent though the HTTP or DIME protocols, andusing the .NET Passport system for authentication. But how do .NETServices work?

.NET My Services consists of three things:
? Authentication, which will be provided by .NET Passport when .NET My Services goes live
? SOAP, the communication protocol
? XML, following the rules and schemas set out in the XMI Reference, which provides the data formatting and organization
In the end i would say that this "Hailstorm" can really bring a big storm in the world of web services.

<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0" width="468" height="60"><param name="movie" value="/banners/Ad2.swf?clickTAG=http://www.red-gate.com/products/ants_profiler/index.htm?utm_source=chelp%26utm_medium=banner%26utm_content=vsmenu%26utm_campaign=antsprofiler" /><param name="quality" value="high" /> <embed src="http://www.csharphelp.com/banners/Ad2.swf?clickTAG=http://www.red-gate.com/products/ants_profiler/index.htm?utm_source=chelp%26utm_medium=banner%26utm_content=vsmenu%26utm_campaign=antsprofiler" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" width="468" height="60"></embed> </object>