O'Reilly Network    
 Published on O'Reilly Network (http://www.oreillynet.com/)
 See this if you're having trouble printing code examples

Brewing a HailStorm

by Rael Dornfest


Can the Samba Story be Retold? -- As we look at the emergence of .NET, are there lessons to learn from the past? Samba, the open source alternative to Windows NT systems dominating file and print servers on corporate LANs, may be one of those lessons worth examining.

Microsoft's announcement of its HailStorm Web services infrastructure on Monday brought about a flurry of reports, opinions, concerns, praise, and initial impressions flowing in from all fronts. "The HailStorm announcement is a shocker, no matter how much MS had prepped us for it ... I think that's all the take-away one can get from the posts on the mail lists, the articles and editorials in various pubs," said Dave Winer of Userland. (For an aggregated view of the day's events, be sure to visit Monday's edition of Dave's ScriptingNews Weblog.)

So what is this HailStorm?

From the user's perspective, HailStorm is Microsoft's new architecture for building user-centric web services, gathering all of your information around you, the user. Rather than attempting to juggle all of the disparate bits of information you've provided various web sites, Microsoft's central Passport service integrates these information silos, locks them up, and hands you the key. It's up to you, the user, to decide what information you share with whom, specify what they're allowed to do with it, and so on. All of this is independent of device, network, and platform; whether you're out and about with your palmtop, on a plane with your laptop, in your cubicle at work, or couch-surfing with WebTV, your data's right there with you in a format befitting the venue.

For developers, HailStorm promises to be an open web services architecture based upon the de facto standard dynamic duo of XML and SOAP. Perl programmers should be able to talk to HailStorm using SOAP::Lite. Creating HailStorm-based services for the Gnome desktop should be a snap with Ximian's SOUP (a play on SOAP) support. And since HailStorm is a component of Microsoft's .NET initiative, Visual Studio.NET fans can drag-and-drop services into their applications.

Reading through Microsoft's HailStorm press release, white paper, and announcement, a few themes jump out at me, inviting a response. The majority of the commentary over the past few days has focused on either the user or developer's perspective; I'll attempt to tackle and balance both. Please bear in mind that this isn't meant to be an in-depth or broad-scoped analysis, but an initial gander with more to come.


"Currently, users have a variety of different applications, devices, services they use daily but those technologies don't work seamlessly with one another, and they require users to adapt to each technology rather than having the technology adapt to them or work together on the user's behalf."

The decentralization meme, beyond the obvious independence from centralized servers and services, has also allowed a certain freedom to rise above the capabilities of the desktop/palmtop operating system. My Windows 98 laptop doesn't innately allow me the functionality to chat with my coworkers, search for extraterrestrial life, or share MP3s with my friends, but it also doesn't forbid me to do so. For the end-user, however, the experience is rather staccato, with the taskbar or system tray brimming with application icons and a different application for each task.

HailStorm offers to provide the glue between the loosely coupled services currently provided by disparate efforts in the peer-to-peer and web services spaces. This means potentially seamless integration between my distributed file-sharing and word processor applications a la Office.

But will this glue be too binding, stifling the creative applications arising from the decentralization meme? By better integrating loosely coupled services with Windows, will Microsoft also be limiting (softly, at least) my view of alternatives to their My* line? Will future versions of Microsoft client software provide easy and obvious access to a menu of services or a prix fixe dinner with an obfuscated a la carte option upon request?

For developers, HailStorm promises two things: framework and users.

On the framework front, Microsoft proposes a clean, open avenue via XML and SOAP for interaction between services, devices, platforms, and languages. If you can make a SOAP call, you're in like Flint. Passport is the central key to all of this, which is both good and terrible for developers. On the one hand, it takes care of user authentication and access control for the users' data. On the other, developers are reliant on this centralized service; obvious issues are security, reliability, and the need to buy into Microsoft being at the very core of your service (and livelihood).

And, of course, developers and service providers are promised users -- gobs of them, 160 million, in fact. "It begins with Passport and it begins with creating a very large base of users that are already provisioned with HailStorm services," said Bill Gates at the HailStorm announcement.


"With HailStorm, users will have even greater and more specific control over what people, businesses and technologies have access to their personal information."

I trust my bank an awful lot with my money. Amazon.com knows at least a subset of what I like to read. Birkenstock knows my shoe size. Southwest Airlines knows when I'll next be in the Bay Area. And never the twain shall meet. Not only do I see the value in keeping this information compartmentalized, I see the dangers in the confluence of disparate bits of personal data. I currently control much of my data through personal access control lists; to hand that functionality over to one company is a leap of faith I'm not ready to take. As for trusting Microsoft with it, well, it would only be half-joking to say that the opposite of "trust" is "antitrust."

Not to say, mind you, that Microsoft's goal isn't admirable. End-users are indeed boggled by the plethora of usernames, passwords, hints, and client-restrictions they're forced to juggle as they meander the Internet. Translating this into real-space, the Internet does feel at times like a vast neighborhood of speakeasies. If Microsoft can enable the end-user to purchase a quart of milk, rent a video, and drop in on a friend without having to flash their passport (pun intended) at every step, they'll indeed see some uptake.

Will the end-user go for it? Probably. The trepidation surrounding online credit-card transactions has all but disappeared, and this comfort has been extended to making other personal information available online; I'm amazed at the lack of hesitation to provide (often optional) information to sign up for a newsletter or to download a bit of software. How many people don't think twice about keeping unencrypted for-your-eyes-only information (personal finances, company memos, family schedule) on their laptops just because Windows prompts you for a (ludicrously useless) username and password when starting up?

Microsoft wlll need to assure the presence of a rather big lock on one of the doors in the chain; a series of seven passwords all set to "abcd" or "Fido" provide only a false sense of security -- worse than no security at all. Even Windows 2000, while not allowing a simple ESC to skip the login, may be set to presume a particular user and bypass login altogether.

Developers considering placing HailStorm at the core of their efforts are, too, asked to take a massive leap of faith. Rely upon Microsoft's robustness to keep your service alive. Trust Passport's ability to protect your customers' data. Believe that Microsoft will maintain a level playing field, not "featuring" their own My* services above yours. And all this incredible responsibility comes without more than the slightest smidge of control. Those who have already bought into the Microsoft developer space may (hopefully) find that transition a smooth one. Those outside the veil will find the offerings tempting, but I predict major trepidation.


"And rather than risk compromising the user-centric model by having advertisers pay for them, the people receiving the value -- end users -- will be the primary source of revenue. HailStorm will help move the Internet to end-user subscriptions, in which users pay for value received."

Microsoft is clearly aiming (pun intended) at a loosely coupled web service-based AOL, providing the attractive integration of experience without that gated community feel. Don't like the default e-mail client? Prefer English English in your dictionary and spell-checker? Contact manager not have a space for birthday? HailStorm promises to let you have your cake and eat it too, switching between client applications -- even platforms -- without so much as a thought about loss of integration.

With the current climate of uncertainty surrounding the Web's advertising-based revenue model, and AOL's subscription-based service going stronger than ever, Microsoft's end-user revenue model is well conceived. They're sure to bring in some of the users who just haven't gone for the more limited AOL offerings yet are much in need of the seamless integration of Microsoft's Office products. And that integration will prove, I believe, to be something people are prepared to pay for.

Should programming to the HailStorm/.NET platform indeed remove much of the barrier to entry, the concept-development-deployment-payment chain should be short enough to attract many a developer. HailStorm promises delivery of authenticated, paying users to my door, affording me the time to build the interesting bits.


"The HailStorm platform uses an open access model -- which means it can be used with any device, service or application with an Internet connection, regardless of the underlying platform, operating system, object model, programming language or network provider (i.e., Windows, Macintosh, UNIX, Palm OS, Windows CE, etc). All HailStorm services are XML Web services, which are based on open industry standards; no Microsoft runtime or tool will be required to use them."

The simple act of opening (and documenting) an API, making a service available for usage in ways not intended by its creator, leads to some wonderful, surprising, and rather useful recombinations. Microsoft is proposing an entire strategy based upon the open standards of XML and SOAP. Assuming they do remain open, from end-point to end-point, the possibilities are indeed astounding. This, in concert with their .NET strategy of empowering the developer to write applications in their language(s) of choice, will definitely have some sleeves being rolled up.

That last bit, "no Microsoft runtime or tool will be required to use them," particularly caught my eye. At first I was both shocked and thrilled. Yet I couldn't help wondering if there was something there between the words that I was missing; the word "use" was most thought-provoking. By "use" do they mean full functionality, or will there be a Win32-only extension creep? Can I really provide a HailStorm service from my FreeBSD box? Can I actually talk to the Passport server from the comfort of my Python runtime?

What, then does this openness mean to the end-user? Is my data really mine? If so, can I withdraw it all at any time and close my Passport account? How real is all this access control stuff? I've seen some ACLs in my time, and they're usually not particularly pretty or transparent. I'm fascinated by the possibility of an intuitive way of doling out (minimal) information to services and assistants acting on my behalf.

On its head

Microsoft is attempting to find a grand unifying framework for Web services, data, and software. If they manage to pull this off, Hailstorm is bound to have a major effect on users, developers, and Microsoft itself. Bob Muglia, Microsoft's VP of .NET Services, said, "Hailstorm turns the industry debate over online privacy on its head." In fact, HailStorm does much more: It turns some of what we think and feel about Microsoft on its head.

Rael Dornfest is Founder and CEO of Portland, Oregon-based Values of n. Rael leads the Values of n charge with passion, unearthly creativity, and a repertoire of puns and jokes — some of which are actually good. Prior to founding Values of n, he was O'Reilly's Chief Technical Officer, program chair for the O'Reilly Emerging Technology Conference (which he continues to chair), series editor of the bestselling Hacks book series, and instigator of O'Reilly's Rough Cuts early access program. He built Meerkat, the first web-based feed aggregator, was champion and co-author of the RSS 1.0 specification, and has written and contributed to six O'Reilly books. Rael's programmatic pride and joy is the nimble, open source blogging application Blosxom, the principles of which you'll find in the Values of n philosophy and embodied in Stikkit: Little yellow notes that think.

Return to the O'Reilly Network.

Copyright © 2009 O'Reilly Media, Inc.