Security

Will you get caught in the HailStorm?

Microsoft's HailStorm initiative promises to change how you handle e-commerce. In this week's Landgrave's View, Tim Landgrave looks at how the Passport authentication portion of HailStorm can also synchronize your life.


In previous columns, I’ve discussed Microsoft’s next-generation Web services technology, called .NET. Recently, Microsoft announced the first major Web services platform built on the .NET technology, code named “HailStorm.” HailStorm is Microsoft’s latest “bet the company” strategy that hinges on Microsoft’s ability to convince end users that it’s in their best interests to allow the Redmond giant to manage a set of remote services for them. In this article, we’ll look at the HailStorm strategy and how it may affect businesses like yours.

“It’s a dessert topping…. No, it’s a floor wax.”
If you’re old enough to remember this famous line from a skit performed by the original Saturday Night Live cast, then you should also remember the days of large mainframes “hosting” all of the significant data for big companies’ employees and customers. One of the constant frustrations of this era was the inability to reuse authentication services between multiple, competing systems. The “universal logon” has been evasive since the second computer system went into production. Each system wants its own set of authenticated credentials in order to provide access to its resources. The first of the HailStorm services, authentication, is based on Microsoft’s wildly successful Passport service.

Passport is already one of the most widely visited spots on the Internet, although many users don’t even realize they are using it, since it operates invisibly. After Microsoft acquired and rolled out their free e-mail service, Hotmail, they recognized that they could broaden the authentication service required for e-mail into a service that can be used for authentication by any site that conforms to the authentication standard. Thus, Hotmail became the inbox that was accessible from anywhere on the Web, and Passport became the authentication mechanism that allowed anyone signed in to automatically authenticate on any other site that supported the Passport.

The Passport.com site lists over 100 commercial sites currently using the Passport authentication and Express Purchase (online wallet) technology, not including all of the Microsoft properties (MSN Mobile, MSN Messenger, Microsoft.com, etc.). So what used to be an aggregated set of closed services supporting e-mail only (Hotmail and Passport—a.k.a., the dessert topping) has now morphed into a discrete, interoperable set of open services that can be accessed from any application (HailStorm—a.k.a., the floor wax).

Putting the user back in control
The core concept behind HailStorm is to put the user in control of his or her personal data by using core authentication services to make that information accessible from anywhere—but only if the user chooses to release it.

To understand how the concept works, let’s look at a simple example. Suppose you want to go see the Rolling Stones in concert in New York and you live in Texas. When you go to the online ticket agency to purchase your tickets, you have to enter your payment and address information. After you’ve bought the tickets, you put the concert date on your calendar to block out that time. Next, you‘ll have to visit the airline and hotel sites to purchase your airline tickets and book a hotel room, again providing your address and payment information. And, when your significant other commits you to a birthday party for his or her mom on the same night as the Stones concert (because they didn’t have access to your calendar), you either separate or go through the manual process of canceling all your plans.

Rather than forcing all those different sites to store your personal information, HailStorm starts with the premise that you release the information on demand or give continuous access rights to it. For example, you may want to release payment or address information only at the point of purchase, but you might want your significant other to have access to your calendar continuously.

In the HailStorm world, when you make the ticket, airline, and hotel purchases, you don’t have to enter any additional data on the vendors’ sites. Once you’ve logged into the authentication service, you can simply authorize the service to release the necessary information to the site at purchase time. More importantly, you can authorize the sites to insert information about their services into your calendar. With HailStorm, not only would the date of the concert now be blocked out on your calendar, but your flight schedule and hotel information (including confirmation numbers) would reside within your calendar as well. This way, all of the appropriate information for your road trip would be automatically updated on your preferred calendar and you wouldn’t have to give out any unnecessary personal information. More importantly, you could give read-only or update rights for your calendar to your significant other to avoid those nasty personal scheduling conflicts.

Staying ahead of the Storm
HailStorm represents a radical departure from the current Web-centric method of managing personal data to a user-centric method. But this new model does require businesses to put a significant amount of faith in Microsoft’s ability to manage, control, and protect personal data on behalf of Internet users. And in order for the HailStorm dream to become a reality, businesses will have to ready their Web sites to embrace HailStorm services. Next week, we’ll look at the conditions under which it makes sense for you to consider adopting HailStorm services for use by your business.
Will Microsoft’s HailStorm strategy succeed? How will it affect your business? Let us know your thoughts: Start a discussion below.

Editor's Picks

Free Newsletters, In your Inbox