Hailstorm: Open Web Services Controlled by Microsoft05/30/2001
So many ideas and so many technologies are swirling around P2P -- decentralization, distributed computing, web services, JXTA, UDDI, SOAP -- that it's getting hard to tell whether something is or isn't P2P, and it's unclear that there is much point in trying to do so just for the sake of a label.
What there is some point in doing is evaluating new technologies to see how they fit in or depart from the traditional client-server model of computing, especially as exemplified in recent years by the browser-and-web-server model. In this category, Microsoft's Hailstorm is an audacious, if presently ill-defined, entrant. Rather than subject Hailstorm to some sort of P2P litmus test, it is more illuminating to examine where it embraces the centralization of the client-server model and where it departs by decentralizing functions to devices at the network's edge.
The design and implementation of HailStorm is still in flux, but the tension that exists within HailStorm between centralization and decentralization is already quite vivid.
HailStorm, which launched in March with a public announcement and a white paper, is Microsoft's bid to put some meat on the bones of its .NET initiative. It is a set of Web services whose data is contained in a set of XML documents, and which is accessed from the various clients (or "HailStorm endpoints") via SOAP (Simple Object Access Protocol.) These services are organized around user identity, and will include standard functions such as myAddress (electronic and geographic address for an identity); myProfile, (name, nickname, special dates, picture); myCalendar, myWallet; and so on.
HailStorm can best be thought of as an attempt to re-visit the original MS-DOS strategy: Microsoft writes and owns the basic framework, and third-party developers write applications to run on top of that framework.
Three critical things differentiate the networked version of this strategy, as exemplified by HailStorm, from the earlier MS-DOS strategy:
- First, the Internet has gone mainstream. This means that Microsoft can exploit both looser and tighter coupling within HailStorm -- looser in that applications can have different parts existing on different clients and servers anywhere in the world; tighter because all software can phone home to Microsoft to authenticate users and transactions in real time.
- Second, Microsoft has come to the conclusion that its monopoly on PC operating systems is not going to be quickly transferable to other kinds of devices (such as PDAs and servers); for the next few years at least, any truly ubiquitous software will have to run on non-MS devices. This conclusion is reflected in HailStorm's embrace of SOAP and XML, allowing HailStorm to be accessed from any minimally connected device.
- Third, the world has shifted from "software as product" to "software as service," where software can be accessed remotely and paid for in per-use or per-time-period licenses. HailStorm asks both developers and users to pay for access to HailStorm, though the nature and size of these fees are far from worked out.
For more on Hailstorm and .NET, check out O'Reilly Network's new .NET Devcenter.
The key to shifting from a machine-centric application model to a distributed computing model is to shift the central unit away from the computer and towards the user. In a machine-centric system, the software license was the core attribute -- a software license meant a certain piece of software could be legally run on a certain machine. Without such a license, that software could not be installed or run, or could only be installed and run illegally.
In a distributed model, it is the user and not the hardware that needs to be validated, so user authentication becomes the core attribute -- not "Is this software licensed to run on this machine?" but "Is this software licensed to run for this user?" To accomplish this requires a system that first validates users, and then maintains a list of attributes in order to determine what they are and are not allowed to do within the system.
HailStorm is thus authentication-centric, and is organized around Passport. HailStorm is designed to create a common set of services which can be accessed globally by authenticated users, and to this end it provides common definitions for:
- Definitions and Descriptions
or as Microsoft puts it:
From a technical perspective, HailStorm is based on Microsoft Passport as the basic user credential. The HailStorm architecture defines identity, security, and data models that are common to all HailStorm services and ensure consistency of development and operation.
The decentralized portion of HailStorm is a remarkable departure for Microsoft: they have made accessing HailStorm services on non-Microsoft clients a core part of the proposition. As the white paper puts it:
The HailStorm platform uses an open access model, which means it can be used with any device, application or services, regardless of the underlying platform, operating system, object model, programming language or network provider. All HailStorm services are XML Web SOAP; no Microsoft runtime or tool is required to call them.
To underscore the point at the press conference, they demonstrated HailStorm services running on a Palm, a Macintosh, and a Linux box.
|Clay Shirky will speak in several sessions at the O'Reilly P2P and Web Services Conference, Nov. 5-8 in Washington, DC. David Chappell will speak on "Understanding Hailstorm", as well.|
While Microsoft stresses the wide support for HailStorm clients, the relationship of HailStorm to the Web's servers is less clear. In the presentation, they suggested that servers running non-Microsoft operating systems like Linux or Solaris can nevertheless "participate" in HailStorm, though they didn't spell out how that participation would be defined.
This decentralization of the client is designed to allow Hailstorm applications to spread as quickly as possible. Despite their monopoly in desktop operating systems, Microsoft does not have a majority market share for any of the universe of non-PC devices -- PDAs, set-tops, pagers, game consoles, cell phones. This is not to say that they don't have some notable successes -- NT has over a third of the server market, the iPaq running the PocketPC operating system is becoming increasingly popular, and the XBox has captured the interest of the gaming community. Nevertheless, hardware upgrade cycles are long, so there is no way Microsoft can achieve market dominance in these categories as quickly.
Also in Clay Shirky -- Decoding P2P:
Enter HailStorm. HailStorm offers a way for Microsoft to sell software and services on devices that aren't using Microsoft operating systems. This is a big change -- Microsoft typically links its software and operating systems (SQLServer won't run outside an MS environment; Office is only ported to the Mac). By tying HailStorm to SOAP and XML rather than specific client environments, Microsoft says it is giving up its ability to control (or even predict) what software, running on which kinds of devices, will be accessing HailStorm services.
The embrace of SOAP is particularly significant, as it seems to put HailStorm out of reach of many of its other business battles -- vs. Java, vs. Linux, vs. PalmOS, and so on -- because, according to Microsoft, any device using SOAP will be able to participate in HailStorm without prejudice -- "no Microsoft runtime or tool" will be required, though the full effect of this client-insensitivity will be determined by how much Microsoft alters Kerberos or SOAP in ways that limit or prevent other companies from writing HailStorm-compliant applications.
HailStorm is Microsoft's most serious attempt to date to move from competing on unit sales to selling software as a service, and the announced intention to allow any sort of client to access HailStorm represents a remarkable decentralization for Microsoft.
It is not, however, a total decentralization by any means. In decentralizing their control over the client, Microsoft seeks to gain control over a much larger set of functions, for a much larger group of devices, than they have now. The functions that HailStorm centralizes are in many ways more significant than the functions it decentralizes.