.NET UPDATE—brought to you by the Windows & .NET Magazine Network
THIS ISSUE SPONSORED BY
FREE Windows Security White Paper from NetIQ!
VeriSign — The Value of Trust
SPONSOR: FREE WINDOWS SECURITY WHITE PAPER FROM NETIQ!
Learn proven strategies to manage group policies in Windows 2000/Active Directory. This free white paper will reveal how to EASILY manage Group Policies so you can unleash its power to eliminate and address security holes as well as automate time-consuming administrative tasks. Get the reporting and documentation you need to feel comfortable with the security of your Windows environment.
June 13, 2002—In this issue:
- .NET Passport Bows Before TrustBridge
2. .NET NEWS AND VIEWS
- Microsoft Counters Sun Liberty Alliance with TrustBridge
3. DOT-TECH PERSPECTIVES
- Blurring the Line Between Local and Internet Applications
- Get Valuable Info for Free with IT Consultant Newsletter
- Win a Free $200 Gift Certificate to RoadWired.Com!
5. HOT RELEASE (ADVERTISEMENT)
- Looking for High Performance J2EE?
- Event Highlight: Microsoft ASP.NET Connections
7. NEW AND IMPROVED
- Run Multiple OSs Simultaneously
8. CONTACT US
- See this section for a list of ways to contact us.
(contributed by Paul Thurrott, news editor, firstname.lastname@example.org)
When Microsoft hatched its .NET strategy a few years back, the company had some interesting if poorly executed ideas for moving its traditional software line into a subscription-based model. First, .NET software was to be based on the notion of Web services, in which the features exposed by OSs and applications aren't necessarily hidden in files on your PC but are instead made available from remote servers, to offer instant updating capabilities and much simpler management. Second, .NET was to be based on a subscription software model, in which users pay a regular (i.e., yearly or monthly) fee for updates that keep their software current, rather than upgrade to full new software versions every 3 to 5 years. Finally, .NET was to require an authentication scheme so that users could access the content they subscribe to securely from any location. After all, what good is Internet-based subscription software if you can only access it from a single PC?
Originally, .NET authentication was to have occurred through .NET Passport servers, which were set up years ago to handle users logging on to MSN Hotmail and other Microsoft Web properties. Passport was first conceived as a single sign-on (SSO) service with Ilium Software eWallet capabilities that, in theory, let users browse on compatible sites and escape the necessity of setting up credit card, address, and shipping information separately on each site. Although Passport had the potential to be a real time-saver, the service never took off, and most people viewed it as an annoying Microsoft requirement.
But Passport's biggest problem came about when Microsoft asked its corporate partners to support .NET My Services (formerly code-named HailStorm), the core set of .NET services that was to have used Microsoft's .NET Passport servers for authentication. Companies such as American Express, which already have strong relationships with their customers, had no interest in trusting Microsoft with their proprietary customer information and refused to endorse .NET My Services. Microsoft then abandoned its original plan and will redesign .NET My Services so that its partner corporations can access the services locally, from their own servers.
The new .NET My Services, whatever form it takes, will still require some form of authentication, although my assumption was that Microsoft would simply provide companies with a way to supply Passport functionality locally, from their own servers. This week, however, Microsoft announced a different strategy. Currently code-named TrustBridge, this new technology will let corporations bridge user authentication to other corporations, essentially creating a trust relationship between them. TrustBridge is the final nail in the coffin of Microsoft's earlier "megaservices" strategy, which relied on centralized .NET Passport servers. Now, Microsoft will return to its roots and simply sell corporations the software they need to set up their own services, and the companies choosing to do so can allow fine-grained information-sharing with external servers as well.
For security, TrustBridge uses the new Web Services Security (WS-Security) technology, an XML Web services specification built on Simple Object Access Protocol (SOAP) and backed by heavyweights such as IBM and VeriSign. Microsoft hasn't yet announced specific plans, but TrustBridge will likely be sold as a standalone server or as part of another server or server product that runs on Windows .NET Server (Win.NET Server).
For corporations that want to make .NET services available, TrustBridge addresses the final complaint the corporations had with Microsoft's original plan by removing the Microsoft "middleman." For users who want to take advantage of .NET services, TrustBridge pushes the .NET future back a bit, but when that future does arrive, probably sometime in 2003, .NET services will be more secure and reliable. Microsoft thinks the wait will be worth it. Frankly, the company might be right: .NET Passport was always the great unknown—or even the outright weak link—in the .NET plan anyway.
SPONSOR: VERISIGN — THE VALUE OF TRUST
FREE E-COMMERCE SECURITY GUIDE.
Is your e-business built on a strong, secure foundation? Find out with VeriSign's FREE White Paper, "Building an E-Commerce Trust Infrastructure." Learn how to authenticate your site to customers, secure your web servers with 128-Bit SSL encryption, and accept secure payments online. Click here:
2. .NET NEWS AND VIEWS
(contributed by Mark Joseph Edwards, email@example.com)
Microsoft announced this week a new technology, TrustBridge, that will let businesses share user-identity information between applications and organizations. Microsoft, IBM, and VeriSign developed the new technology. A Microsoft spokesperson said, "TrustBridge technology will allow different organizations using the Windows operating system to exchange user identities and interoperate in heterogeneous environments using industry-standard XML Web services protocols including Kerberos, WS-Security, and forthcoming protocols in the WS-Security family. Federated identity management makes it easier for businesses to build deeper and more dynamic relationships with customers, partners, and suppliers, and helps mobile employees increase their productivity. WS-Security is a security specification that defines a standard set of Simple Object Access Protocol extensions or message headers for exchanging secure, signed messages in a Web services environment."
3. DOT-TECH PERSPECTIVES
(contributed by Christa Anderson, firstname.lastname@example.org)
Some of you might have read the ASP Review UPDATE newsletter (which ceased publishing in 2001), which discussed a combination of inhouse server-based computing and outsourced application hosting and delivery. If you read that newsletter, then you're familiar with the ways you can deploy a hosted application so that it's managed from a central location but accessible from a client computer. Two of the most popular approaches are running applications from a terminal session hosted by a server using Windows 2000 Server Terminal Services with or without Citrix MetaFrame supplementing it, and hosting applications in a Web browser. Keeping applications on a central server is great for application installation and maintenance, but not so great when the network fails, because without the network the client can't get to the hosting server—and thus to the application. Hosting applications in a Web browser limits you to the controls that the browser supports—which, as you might have seen for yourself, are pretty limited.
What about an option that, to present applications, uses the same UI as the one you'd see if you were running applications locally, and that launches applications from a central server yet caches the application code locally so that applications will still run even if the network's down? The .NET platform was designed to provide such capability. I've alluded to this capability before, but now let's look in more detail about how it actually works.
Three elements are necessary to this functionality. First, on the client is a stub application that is small enough for users to conveniently download from a Web site or to receive through email. Second, and also on the client, is a storage space called an "application download cache." Third, on the server is the code required to run any particular application, and a copy of Microsoft IIS.
The application stub is just smart enough to point to a server. When a user starts up the application stub (which uses the same UI as a "normal" application), the stub requests the loading of classes from assemblies (the executable code that .NET applications use) that do not yet exist on the client, and points to the server hosting those classes. The server downloads this code—which can be pretty small—to the client's application download cache, and the code runs from there.
The upshot here is fourfold. First, getting the stub piece to the client machine is really easy—no complicated installation and configuration is necessary, as it sometimes can be with graphical clients. (Configuring graphical clients is simpler in the Win32 environment than in UNIX, although even the very simple RDP client requires some setup.) Second, when you update the code on the Web server hosting the assemblies, then the client code is also updated as long as the client machine has a network connection to the server. Third, because the application launches from the download cache, the application will run even if the network is down when the client starts the stub, as long as the stub previously downloaded the assemblies. Fourth, because the application runs locally, it isn't impacted by a shortage of network bandwidth and doesn't compete with other applications running on a shared server.
The catch to this functionality, of course, is that you sacrifice interoperability for the advantages of running an application locally. But when you consider that many clients that use any kind of server-based application are running Win32 OSs, you see that as more clients run a .NET-compatible OS, interoperability won't always be necessary. The .NET platform isn't going to instantly replace today's server-based computing any more than PC-based applications replaced the mainframe. If nothing else, using .NET to serve centrally managed applications locally requires both rewriting applications and a compatible client OS. But .NET offers one more mechanism for supporting centrally maintained applications.
(brought to you by Windows & .NET Magazine and its partners)
Sign up today for IT ConsultantWire, a FREE email newsletter from Penton Media. This newsletter is specifically designed for IT consultants, bringing you news, product analysis, project management and business logic trends, industry events, and more. Find out more about this solution-packed resource and sign up for FREE at
Visit the Connected Home Virtual Tour and browse through the latest home entertainment, home networking, and home automation options. Sign up for prize drawings, too, and you might win a free gift certificate to RoadWired.com. Take the tour today!
5. HOT RELEASE
All developers know the importance of high performance when building Web applications. Check out how Oracle's experts optimize J2EE applications using Oracle 9i Application Server and Edge Side Includes (ESI). Click here for your ESI Best Practices guide.
October 27 through 30, 2002
If you want the latest how-to information to help you build faster line-of-business and Web applications that are more reliable and scalable, Microsoft ASP.NET Connections is the conference for you. At Microsoft ASP.NET Connections you'll discover shortcuts, tips, and tricks that you won't find anywhere else. You'll learn how to enhance ASP.NET development with new tools and gain insights from Microsoft product architects as well as from third-party experts who will share their real-world experience. An in-depth menu of sessions makes it easy for you to customize the conference to meet your needs—whether you're at the expert level or learning the basics.
For other upcoming events, check out the Windows & .NET Magazine Event Calendar.
7. NEW AND IMPROVED
(contributed by Carolyn Mader, email@example.com)
VMware announced VMware Workstation 3.1, software that lets you run multiple OSs simultaneously on one PC. The new release includes added support for .NET Server beta 3.0. The electronic version of VMware costs $299, and the boxed version costs $329. Contact VMware at 650-475-5000.
8. CONTACT US
Here's how to reach us with your comments and questions:
- ABOUT THE COMMENTARY — firstname.lastname@example.org
- ABOUT THE NEWSLETTER IN GENERAL — email@example.com
(please mention the newsletter name in the subject line)
- TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
- PRODUCT NEWS — firstname.lastname@example.org
- QUESTIONS ABOUT YOUR .NET UPDATE SUBSCRIPTION?
Customer Support — email@example.com
- WANT TO SPONSOR .NET UPDATE?
This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.