Building User-Centric Experiences - 18 Feb 2002

Over the past 25 years, information technology has provided incredible value for users and businesses. Even so, there is room for significant improvement. Individual applications and devices are narrowly focused and ignore the rest of our world. People today are forced to adapt to their technology, when the technology should be adapting to them. People are frustrated and confused. Sometimes it seems that every program, every Web site, every device has its own set of rules. For instance, entering a friend's new telephone number into your PC requires a particular sequence of keystrokes and mouse clicks. But to enter that same information into your Palm Pilot, Pocket PC, or cellular phone, you have to learn a completely different interface?right down to relearning how to draw the letters of the alphabet. People are not in control of the technology that surrounds them. We have important data and personal information scattered in hundreds of places across the technology landscape?locked away in applications, product registration databases, cookies, and Web site user tracking databases. Having a friend's telephone number programmed into your cellular phone doesn't make the number available to your PC-based e-mail application?those two technologies are unable talk to each other. If you move across the country, you have to enter your new address into every Web site that needs it?and if you forget to change your information with your travel agent or shipping company, the once-convenient Internet quickly becomes a headache. Each Web site is an isolated island of data that continually reinforces the fact that you don't control your personal information. You can't easily update your own data, nor do you control what happens to the data you provide?and in many cases, you can't even see it once you've given it away. The isolation of each application, Web site, or service also makes it nearly impossible for technologies to work together. Imagine booking a ticket on an online travel reservation system, and wanting that itinerary automatically added to your calendar. Unfortunately, that site and that application can't talk to each other?and even if they did, neither would have any way of knowing that they were communicating about the same person. Because we are forced to adapt to technology instead of technology adapting to us, applications, Web sites, and devices are limited in what they can do for us. This not only hinders the adoption of new hardware and software technologies, it also limits the development of empowering, productive, and exciting real-world products and services. What Is .NET My Services? As part of the Microsoft .NET initiative, Microsoft is introducing a user-centric architecture and set of XML Web services, Microsoft .NET My Services (formerly codenamed "HailStorm"). .NET My Services will make it easier to integrate the silos of information that exist today. .NET My Services is oriented around people, instead of around a specific device, application, service, or network. It puts users in control of their own data and information, protecting personal information and providing a new level of ease of use and personalization. .NET My Services takes advantage of the Microsoft .NET?based technologies and architecture that make it possible for applications, devices, and services to work together. These services make user consent the basis for who can access user information, what they can do with it, and how long they have permission. Based on the Microsoft .NET Passport user-authentication system, .NET My Services permits applications and services to cooperate for the user's benefit, as well as allowing users, groups, and organizations to share and collaborate. For instance, with .NET My Services, booking a flight using an online travel reservation service becomes much simpler because with the user's consent, the travel service automatically access the user's preferences and payment. If you're traveling on business and your company has travel policies you need to adhere to, your individual affiliation with your company's .NET My Services group identity will make it possible for the travel service to automatically show you only the choices that meet both your preferences and your company's requirements. Once you've chosen your flight, the travel service can use .NET My Services, with your explicit permission, to figure out which calendaring service you use and automatically schedule the itinerary onto your calendar, automatically updating that itinerary and notifying you if your flight will be late. And through .NET My Services, you can share that live flight itinerary with whomever you're going to visit so that they will also know when and where to expect you. The information in your Microsoft .NET Calendar can then be accessed through your PC, someone else's PC, a smart phone, a PDA, or any other smart connected device. .NET My Services Puts You in Control .NET My Services makes the technology in your life work together on your behalf and under your control. Compare that with today's situation, in which you have to adapt to your technology and act as the human bridge between the different devices, applications, and Web sites in your life. With .NET My Services you will no longer have to manually copy common information from one service to another. You will no longer have to worry about how (or whether) you can update your address in all of the places you've entered it. .NET My Services also turns the industry debate over online privacy on its head. Instead of debating how much organizations can get away with with respect to an individual's information, .NET My Services starts with the assumption that the user controls all personal information and gets to decide with whom to share any of it and under what terms. By putting people in control of their own data, .NET My Services relies on an affirmative consent model as the way applications, services, and devices interact with users. The user owns the data. Any access to that data, any changes to that data, and any use of that data requires the explicit consent of the user. That consent has limited scope (what data can be accessed?) and limited lifetime (when does the permission expire?). .NET My Services uses legal and technical mechanisms to prohibit any unauthorized use of the user's data, and that limitation on use will extend beyond the specific transaction in which the data was obtained. This emphasis on user control stands in stark contrast to the current paradigm, where applications and companies own whatever data they can extract from you, with essentially no limitations on what they can do with that data, and no way that you as a user can regain control of it. .NET My Services is the user-centric architecture and set of services that delivers personally relevant information through the Internet to a user, to software running on the user's behalf, or to devices working for the user. .NET My Services is accessed through SOAP and Extensible Markup Language (XML), which are open access technologies (they can be called from any network-connected device that supports SOAP, regardless of operating system or service provider). SOAP and XML are the open Internet standards Microsoft has helped champion throughout the first phase of the Microsoft .NET rollout. .NET My Services is the next logical step. Microsoft began by encouraging the general standards and introducing the first Web services tools and infrastructure, now it's leading the way to the first set of compelling Web services. Services .NET My Services is a set of services that helps manage and protect your information and interactions across all the applications, devices, and services. The .NET My Services Architecture For users, .NET My Services will be accessed through their applications, devices, and services (also known as ".NET My Services endpoints"). A .NET My Services?enabled device or application will, with your consent, connect to the appropriate services automatically. Because the myriad of applications and devices in your life will be connected to a common set of information that you control, you'll be able to securely share information between those different technologies, as well as with other people and services. Developers will build applications and services that take advantage of .NET My Services to provide you with the best possible experience. The .NET My Services platform uses an open access model, which means it can be used with any device, application, or services, regardless of the underlying platform, operating system, object model, programming language, or network provider. All services in .NET My Services are XML Web services, which are based on the open industry standards of XML and SOAP; no Microsoft runtime or tool is required to call them. Naturally, the Microsoft .NET infrastructure provided by Microsoft Visual Studio .NET, the Microsoft .NET Framework, and the Microsoft .NET Enterprise Servers will fully incorporate support for .NET My Services to make it as simple as possible for developers to use .NET My Services in their applications. From a technical perspective, .NET My Services is based on .NET Passport as the basic user credential. The .NET My Services architecture defines identity, security, and data models that are common to all services and ensure consistency of development and operation. .NET My Services is a highly distributed system and can help orchestrate a wide variety of applications, devices, and services. The core services of .NET My Services use this architecture to manage such basic elements of a user's digital experience as a calendar, location, and profile information. Any solution using .NET My Services can take advantage of these elements, saving the user from having to re-enter and redundantly store this information, and saving every developer from having to create a unique system for these basic capabilities. .NET My Services is expressed and accessed as a set of industry standard XML Web services. .NET My Services?enabled solutions interact with specific .NET My Services facilities via XML message interfaces (XMIs), which are simply a set of XML SOAP messages. The initial set of .NET My Services will include: .NET Profile. Name, nickname, special dates, picture, address. .NET Contacts. Electronic relationships/address book. .NET Locations. Electronic and geographical location and rendezvous. .NET Alerts. Alert subscription, management, and routing. .NET Presence. Online, offline, busy, free, which device(s) to send alerts to. .NET Inbox. Inbox items like e-mail and voice mail, including existing mail systems. .NET Calendar. Time and task management. .NET Documents. Raw document storage. .NET ApplicationSettings. Application settings. .NET FavoriteWebSites. Favorite URLs and other Web identifiers. .NET Wallet. Receipts, payment instruments, coupons, and other transaction records. .NET Devices. Device settings, capabilities. .NET services. Services provided for an identity. .NET Lists. General purpose lists. .NET Categories. A way to group lists. The .NET My Services architecture is designed for consistency across services and seamless extensibility. It provides common identity, messaging, naming, navigation, security, role mapping, data modeling, metering, and error handling across all services. .NET My Services looks and feels like a dynamic, partitioned, schematized XML store. It is accessed by means of XML message interfaces (XMIs), where service interfaces are exposed as standard SOAP messages, arguments and return values are XML, and all services support HTTP Post as message transfer protocol. The integral security model in .NET My Services is based on Kerberos-based authentication. The user controls which entities can access their data, and for what purpose. Users can revoke access to data. Users can use a service or agent to manage data access on their behalf, and these services are simple enough to actually be usable. Reliability will be critical to the success of .NET My Services, and good operations are a core competency required to ensure that reliability. Microsoft has a lot of experience, both good and bad, operating some of the largest sites on the Internet, including MSN Hotmail Web-based e-mail service, MSN,, and .NET Passport, all of which number among the 10 largest Web sites in the world. Microsoft is also making significant operational investments to provide the level of service and reliability that will be required for .NET My Services. These investments include such things as physically redundant data centers and common best practices across services. Additionally, the .NET My Services architecture is being designed for operational excellence from the outset including a highly distributed model. The .NET My Services Business The dot-com meltdown provides stark evidence that the Internet business model needs a reboot. Giving away services for free and making it up on volume just isn't a sustainable method for running a business. Microsoft .NET will make it possible to create businesses that use the explosion in computing power and network connectivity to provide real value?value that people are willing to pay for. Microsoft will operate .NET My Services as a business. .NET My Services will have real operational costs, and rather than risk compromising the user-centric model by having someone such as advertisers pay for these services, the people receiving the value?the end users?will be the primary source of revenue to Microsoft. .NET My Services will help move the Internet to end-user subscriptions, where users pay for value received. Microsoft will also derive some revenue from developers to help cover the costs of the services and products they need. These charges will be minimized to encourage the broadest possible range of developers to build for .NET My Services, but the usual costs for tools and support, as well as some minimal costs for access to a live test environment, will apply. Service operators will also have a certificate-based license relationship with Microsoft that allows them to use .NET My Services, which makes it possible to ensure that no service using .NET My Services abuses the resources involved, affecting other users of the services. That certificate will make it possible to filter abusers out of the system. Obtaining a certificate and the ongoing right to use .NET My Services will have a cost associated with it. Higher levels of support, service level agreement and significant system use may result in additional charges, as well. We expect, however, that these costs will be significantly less than those of independently operating similar services. Specific pricing for users, developers, and service operators will be announced in future. The Developer Opportunity Much of the point of building a platform is providing the opportunity for other companies to build value and create business models on that platform. Microsoft .NET, of which .NET My Services is a part, is designed to provide those significant industry opportunities. There will be two broad opportunities for the development community to build businesses that take advantage of .NET My Services: They can create applications, devices, or services that use .NET My Services. They can expose their own .NET My Services?compatible services. By taking advantage of Microsoft's significant investment in .NET My Services, developers will be able to create user-centric solutions while focusing on their core value proposition instead of the plumbing. In order to notify you of the availability of a part which had been on backorder, for example, a company would need to worry only about creating the SOAP and XML necessary to talk to your Microsoft .NET Alerts service, which has a standard interface to SOAP and XML regardless of what application you're using on the front end. They don't have to worry about building a system to authenticate you, track user presence, or route notifications, nor about building the application that receives these messages, nor about figuring out how to consolidate for you the other information you want in your unified environment (such as urgent e-mail or instant messages). Instead, they can focus on delivering the services they want to provide?which is faster, less expensive, and far easier for them to maintain later. By using .NET My Services, the company in this example can reach more people (since no custom application installation is required to use their services, users will already have the software they need). Because their solution is integrated with other connected services, it can be more valuable than it would be by itself?without requiring them to do any work to make those value-adding connections happen. Urgent messages won't have to wait until the next time you're using some custom application; they can instead be sent to you as alerts whenever you're using any .NET My Services?connected device. Bringing together those services into a single solution is far more valuable to a user than half a dozen independent solutions could ever be. Finally, using .NET My Services will make it possible for some application developers to reach a far broader audience than they otherwise could. Initiating a session in a collaborative application will not require that both you and your collaborator currently have that application open, only that you're both currently using a .NET My Services?connected smart device. For the application developer, that means their users can now touch orders of magnitude more people, which helps to build momentum for their offerings. Tenets of the .NET My Services World User in Control .NET My Services is predicated on giving users control over their environment and their personal information, which is a new approach to online privacy. Like all other Microsoft services, the .NET My Services privacy model is in compliance with existing privacy legislation and will follow the Code of Fair Information Practices that forms the basis of many consumer privacy programs, including those of the Online Privacy Alliance, TRUSTe, and BBBOnLine. .NET My Services is designed to allow companies to easily deliver offerings that will collaborate and work on behalf of the user to deliver compelling, consistent, and personalized services. One of the major underlying design philosophies of .NET My Services is that the user is in control of their own data. Privacy and security are fundamental design points in the .NET My Services architecture. The .NET My Services model is built upon fair information practices, including: Notice. Consumer notice of how information will be used. Choice. Regarding collection and distribution of personal information. Access. To all information held about you. Security. The peace of mind to know that protections are built in so that no one else can access your information without your consent. Privacy is a key design requirement in the .NET My Services architecture, and the .NET My Services data model is overlaid with a specific security and access control model that allows end users to control how and with whom their personal information is shared. This intelligent software allows users to: Determine who or which services have access rights to their data. Share data at will with any party. .NET My Services will employ a strict opt-in platform for user's data. Revoke sharing/access privileges at will, providing a unique level of control not commonly available on the Web. Arrange for sharing that expires at a given time: system-managed, time-based data access revocation. In addition to providing the technical capabilities, Microsoft will mandate strict data collection and use practices among .NET My Services licensees to ensure that user privacy is protected. Specifically, Microsoft intends to contractually bind licensees to specific terms of use that control what can and cannot be done with user data originating from a .NET My Services source. Furthermore, Microsoft will electronically and physically secure data managed by .NET My Services to prevent unauthorized access or use. Finally, Microsoft will not mine, target, sell, or publish any .NET My Services user data without explicit user consent. Every interaction with a user's data will always be an affirmative consent opt-in model?personal information can be released only with the explicit authorization of the owner of the data. To avoid conflict of interest or perceived conflict of interest around user privacy and ownership of data, there will be no advertising in .NET My Services. Microsoft has been a champion of Internet privacy standards and privacy organizations for many years. More recently, Microsoft became a member of BBBOnline's Board of Directors and is on the board of TRUSTe. Microsoft helped spearhead the global Online Privacy Alliance, a coalition of more than 80 global corporations and organizations working to promote consumer privacy online. Microsoft continues to work closely with government and consumer privacy groups worldwide. Open Access .NET My Services can be accessed from any device, service, or application with an Internet connection, the ability to authenticate a user, and the ability to send and receive SOAP messages. All interactions are text-based SOAP messages, regardless of underlying platform, operating system, object model, programming language, application, or online service. .NET My Services is accessible from both clients and servers, and no Microsoft runtime is required on either the client or the server. Microsoft has already demonstrated .NET My Services being accessed from Microsoft Windows, Macintosh, Palm PC, Pocket PC, and a variety of UNIX-based products. Open Process Extensibility The initial release of .NET My Services provides a basic set of possible services users and developers might need. Beyond that, new services (for example, .NET Photos or .NET Portfolio) and extensions will be defined via the Microsoft Open Process with developer community involvement. There will be a single schema for each area to avoid conflicts that are detrimental to users (like having both .NET TV and .NET FavoriteTVShows) and to ensure a consistent architectural approach around attributes like security model and data manipulation. Microsoft's involvement in .NET My Services extensions will be based on our expertise in a given area. Road Map .NET My Services The initial set of .NET My Services is scheduled to be available in a broad developer beta in late 2001, with full release in 2002. Additional namespaces and services will come online as they are completed via the Microsoft Open Process. .NET My Services is designed so that additional services and extensions can come online in an incremental fashion once the core infrastructure is in place. Endpoints Microsoft is actively working to help the industry create numerous third-party endpoints for .NET My Services with broad range of evangelism and support programs. Microsoft will be working to ensure that any Microsoft experience a user would like to use will act as a good .NET My Services endpoint. This means that Microsoft applications, including everything from Microsoft Office to the Microsoft games, will support .NET My Services. Services including MSN and Microsoft bCentral? small business portal will be .NET My Services endpoints, and a variety of devices powered by Microsoft software will be potential .NET My Services endpoints, including Microsoft Xbox? video game console, Pocket PC, and Microsoft's smart phone software platform, currently codename "Stinger." A number of Microsoft operating systems, including Windows XP and Windows CE, will also be .NET My Services endpoints themselves, as well as enabling developers to easily create .NET My Services?enabled applications on those platforms. Windows XP will integrate the Windows authentication system with the .NET Passport authentication system, so a user can log on to Windows XP a single time and also be logged on to .NET Passport and therefore be able to receive .NET My Services without an additional logon process. The release will also incorporate support for programmatic notifications, which means users of the .NET Alerts service can easily opt to have their alerts delivered to their Windows XP?powered PC.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.