Microsoft's big idea: Why .NET matters

Microsoft has staked its future on an all-encompassing vision of integrated web services. But, Joey Gardiner asks, what are these services and to what extent will users trust the internet and software giant with their data?

For many, the single most defining feature of Microsoft's .NET policy is confusion.

As the fog of marketing speak finally starts to lift, what starts to emerge is a landscape composed of web services, where intelligent applications join the dots between distinct websites and different functions.

And - funnily enough, as it turns out - it's a landscape Sun is trying to describe as well, along with HP, IBM and the open source community.

This, the industry says with one voice, is a GOOD THING. As such, it is guaranteed to get both column inches from journalists (QED), and millions of dollars in R&D and marketing spend.

But do end users think web services are what they want? If they are, are businesses and consumers willing to accept the profound implications on digital privacy and security?

Let's step back and define exactly what the rather amorphous "web services" moniker means.

The idea is that by using a group of standard technologies - with XML and SOAP at the core (two things everyone seems to agree on) - different websites will link services.

For consumers, this means a holiday booked on ebookers, for example, will automatically update a personal calendar and even email conflicts with arranged meetings.

For business users the benefits could be extraordinary. B2B applications such as supply chain management could be written giving all the functionality and automation of ERP packages, but without tying a user to a single large system or software vendor.

The theory is that standards will enable the purchase of chunks of functionality from whoever can provide it, with different software interacting seamlessly.

That's the idea, anyway.

Tim O'Reilly, founder and CEO of O'Reilly Books, and longstanding open source guru, likes the idea. "Web services will really change the way applications are perceived, and will end up being as fundamental a shift as the GUI," he said.

However, he admits take up will be slow initially, based around small open source applications written by enthusiasts.

Business users' views aren't quite in line with this right now. Tim Beadle, chairman and CIO of marketing consultancy the Opus Group, said: "Web services are in no way core to our business, or anyone's business at the moment, and won't be for quite some time."

However, both O'Reilly and Beadle are equally distrustful of Microsoft's .NET initiative.

O'Reilly, despite admiring what he calls "Microsoft's cleverest piece of thinking ever" characterises it as a "battle between control and openness".

Beadle particularly resents Microsoft's view of how web services will be created. He added: "Is there a need for a set of standards governing ways we transfer and describe information of all types across the internet? Of course. What we don't need is one company trying to push you into a system that locks you into their technology wall-to-wall - absolutely not, not ever."

Naturally Microsoft says this is unfair. ".NET is just Microsoft's platform for XML web services. As such the technology both in terms of delivery or consumption is agnostic. All the different vendors will be able to integrate with it," argues Richard Hamblen, Microsoft's .NET developer marketing manager.

There's some truth in this. Too often the view on web services and what benefits they can bring is clouded by knee-jerk anti-Microsoft sentiment. Consensus doesn't flow easily here.

Dave Mason, manager of the desktop group at Linux distributor Red Hat, said: "The web services vision does have a great future, but the way Microsoft is presenting it is hard to give it blanket support."

He added: "It's like Microsoft have had these great ideas, but just aren't taking them where they should obviously lead. They're still trying to keep points of it proprietary."

Of most concern is the plan to have customer details stored by Microsoft on its servers and verified on its Passport authentication engine (currently used to run Hotmail, among other things), making Microsoft the single enabler of any transaction.

Microsoft has recently watered down these proposals, making it clear it does not expect every .NET service to rely on Passport as they will integrate with existing authentication engines.

There is no doubt, however, it has also realised the value of holding personal details - anything from names to credit card numbers. It plans to look after this information, centralised on servers in Redmond, and keep it secure. It stresses it won't use personal details stored on Passport for commercial gain.

But despite reassurances, many are unhappy. Most say this situation just won't be safe.

Ian Brown, a researcher at UCL and a member of privacy group Privacy International, said: "This model makes it much easier for hackers to get their hands on your information. It will act as a honeypot to all sorts of organisations - from governments and courts, to hackers trying to get credit cards."

Microsoft says its software is secure. Not so, says Gartner Group VP Bill Malik, who has looked at the Passport technology.

He said: "It looks like Microsoft wants it to become a sort of default level authentication for internet access. Quite frankly we don't think they're up to it. I don't think many clients will use Passport for high-value transactions, or for high volumes of transactions."

He feels the problem is bad enough to be heading Microsoft toward significant legal trouble if its security fails to live up to the billing.

Other visions of web services see customer data distributed across the web, either kept by the specific firms running web services or by end users on smartcards or PC hard drives.

Whichever architecture wins, the issue of authentication and control of data will be the thorniest to come out of the web services arena. And the winner of the argument will most likely also be the laughing all the way to the bank.

Users are ambivalent at best toward web services - it's even less clear if they will be willing to pay a lot of money for them.

There is a real danger that Microsoft's desire to use the new technology to get its hands on lots of sensitive - and potentially lucrative - customer data kills its scheme at birth.

While people are ready for a more intelligent web, they may not be keen to sign away sensitive data to uncle Bill for the privilege.

In the next part of Joey Gardiner's web services series he will be looking at the alternatives to Microsoft's .NET architecture.