Passport to Our Mobile Future?
By Bryan Morgan, Tue Aug 21 00:00:00 GMT 2001

Combining Microsoft's .NET initiative with Passport, SOAP, C#, XML and Hailstorm gives a glimpse of their mobile vision.

If you work in the IT field and have been hiding under a rock for the past few months, there's still a chance you might not have heard mention of Microsoft's Passport service.

The chances are probably much better that you've heard of Passport but are still uncertain as to what the big deal is. This is understandable given the current whirlwind of acronyms coming out of Redmond such as .NET, C#, SOAP, and Hailstorm.

What do they all mean and, more importantly, what do they have to do with our mobile future? In a word: everything.

Perhaps the most under-reported aspect of .NET is the fact that Microsoft has the mobile computing environment squarely in its sites, with Passport leading the first frontal assault. Before discussing the mobile ramifications, let's take a step back and examine the .NET architecture and, specifically, the services announced to-date.

The .NET platform

Microsoft .NET (pronounced dot-net) can be described as a server-centric computing platform based on XML, SOAP, and Microsoft's Common Language Runtime (CLR) with the CLR comprising the core of the architecture.

The CLR is a language-independent runtime that allows object-oriented languages to make use of objects and libraries written in a wide variety of languages. For instance, a Visual Basic function could create and use an object written in the C++ programming language, assuming both were written using .NET-compliant tools (such as Microsoft's new Visual Studio.NET product).

If you're familiar with Microsoft development technologies, think of the CLR as an eventual replacement for COM and MTS. If you're not familiar, don't get too hung up on these details. Microsoft's new C# (pronounced C-Sharp - think "music") programming language takes full advantage of the .NET runtime environment and is considered by most to be Microsoft's attempt to gain the advantages of the Java programming language without...well...using Java.

This lack of support for the now-ubiquitous Java programming language is disturbing to many as it was a decision clearly made without the end customer or developer in mind.

SOAP and Web Services

In the past, distributed computing technologies such as Microsoft's DCOM and the Object Management Group's CORBA relied on proprietary remote procedure call (RPC) mechanisms for exchanging data and functionality between servers. The complexity of both technologies was such that it is still very hard to integrate both technologies.

XML-RPC and the Simple Object Access Protocol (SOAP) eliminate the proprietary aspects of distributed computing by formalizing how messages and data can be passed between servers using XML.

Following up on an edict from on high within Microsoft to make use of XML throughout all product lines, SOAP was co-opted to form the RPC mechanism for .NET Web Services.

According to Microsoft, a Web Service is defined as: "A Web Service is a unit of application logic providing data and services to other applications. Applications access Web Services via ubiquitous Web protocols and data formats such as HTTP, XML, and SOAP, with no need to worry about how each Web Service is implemented. Web Services...are a cornerstone of the Microsoft .NET programming model."

Web Services can be thought of as Version 3.0 of the Web (following upon static information retrieval as Version 1.0 and CGI/dynamic information retrieval as Version 2.0) and Microsoft is not alone in offering up a capable solution. Industry giants such as Oracle, IBM, and Hewlett-Packard are all offering competing web service infrastructure products, some of which are also based on SOAP as a data transport mechanism.

Passport and Hailstorm

Passport is Microsoft's first "building block" Web service. It's essentially a user authentication system that can be used a single point of reference for your personal online information.

An e-commerce site that makes use of Passport for its authentication mechanism would allow you to login using your Passport User ID (bringing a sort of single sign-on access to the Web). Once you have been authenticated, there would be no need for you to enter your credit card number, mailing address, or other personal information, which provides for a more seamless online shopping experience.

While there are clearly great uses for this service, privacy advocates are extremely worried about one company - a software company, at that - maintaining such control over consumers' private information.

While Microsoft has vowed not to release any of consumer information, what Passport does allow them to do is become a leading aggregator of buying trends and marketing information. (If this isn't in the plan, why not allow all information to reside on the client computer, instead of on the server side?)

If you're at all nervous about the above, you could be surprised to learn that you may already have a Passport account set up! Don't believe me? Do you have a login at any of the Microsoft online services such as Hotmail, Investor, or MSN? If so, you already have a Passport account set up for you, visit and login to verify.

Once logged in, choose to edit your Member Services Profile and you'll be offered the opportunity to create a "Passport Wallet". Once done, you're now ready to use Passport to purchase items at other Passport-enabled sites (which include heavyweight companies such as Starbucks, Office Depot, Radio Shack, Victoria's Secret, and Hilton).

Hailstorm is the codename for the technology that allows participating sites to interact with Passport and other Web services. It defines a number of SOAP messages (including myAddress, myProfile, myWallet, and myDevices) that allow personal profile information to be retrieved from Passport.

The first company to publicly sign up for Hailstorm was eBay, which gives some visibility into the size of the market Microsoft is targeting. Given the current state of the Internet (online revenues controlled by a handful of companies), signing up the Top 10 e-commerce sites could quickly produce another vertical Microsoft monopoly.

The mobile angle

I've introduced .NET, SOAP, and Passport and now you might be wondering how this applies to the mobile/wireless world. Consider for a moment the issues that are widely viewed as holding mobile commerce back.

Commonly cited problems include concerns about security, excessive data entry, and lack of standards. Imagine then, that your mobile phone or PDA includes Hailstorm-compatible software that allows you to purchase an item at the click of a button. With a technology such as this one, credit cards could quickly become displaced by Passport-equipped mobile devices, allowing it to become the, dare I say it, killer app for mobile commerce.

Microsoft has defined a class of devices (named .NET Smart Devices) that are being targeted to provide these services to mobile users.

While we've all seen the projects that, for instance, allow Coca-Cola to be purchased from a vending machine via a SMS message, what Passport/Hailstorm brings to the table is volume and gravity. This architecture can bring millions of users to e-/m-commerce storefronts while allowing these same storefronts to market a trusted security "brand" to consumers.

Under this model, Microsoft could end up acting as a very large payment-processing clearinghouse, extracting a small fee on each transaction.

Are there alternatives?

Microsoft is clearly targeting online commerce transactions as a large business opportunity and, through the infrastructure I've described, one can see how they are positioned to impose a small tax on a large percentage of online purchases. This clearly could result in a major revenue stream so the proper question to ask may very well be: "Where's the competition?" It's quite common in our industry to fault Microsoft for focusing in on, and subsequently dominating, target markets but in this case there does not seem to be a comparable solution to what is clearly a very large business opportunity.

While Microsoft may be the largest company in the software industry, until now they have by no means dominated the Internet. While news of AOL's Magic Carpet "identity service" has begun to filter out, where are the Suns/Oracles/IBMs on this matter? The open source community has launched the Mono project with a goal of producing a free software version of the .NET platform but I believe it may be missing the point, at least somewhat.

The value behind .NET isn't the actual technology; in fact, the whole point of SOAP is to allow applications on disparate servers to interact in a programming-language and operating system agnostic manner.

The actual economic value, long-term, will lie in the combination of millions of registered users who are comfortable with building block services (such as Passport) and the very large businesses (eBay, American Express, Office Depot, etc.) that interoperate with .NET services for customer, billing, shipping, and even supply-chain information.

In fact, it's possible that Mono applications could end up becoming Passport clients! From the Mono FAQ: "Will the System.Web.Security.PassportIdentity class, mean that my software will depend on Passport? No. That just means that applications might use that API to contact a Passport site." This, among other reasons, may be why Microsoft has publicly supported this project...proving that not all open source projects are "cancers" and "un-American" (apparently only those that fail to generate revenues for Microsoft).

Whatever the end result, it is clear that all platforms, including pagers, WAP/SMS devices, PDAs, and PCs, will be viewed as potential .NET devices by Microsoft. It is also clear that for electronic/mobile commerce to scale to a level of near ubiquity across all purchases, some form of standardized payment/personal profile system will be necessary.

Now is the time for potential competitors to stop the grousing and Microsoft-bashing and begin to offer better alternatives to a market that clearly demands a solution.

Bryan Morgan was the founder of (The Wireless Developer Network) and is currently an independent writer and software developer. He is a columnist for Wireless Internet magazine and is also a regular contributor to and