Microsoft has made a number of fairly questionable decisions about Hailstorm that will come back to haunt them:
1) Paid services - Microsoft has never had much success with creating a paid service - MSN limped along for years as a paid service before they ended up placing much of the content outside of the gate, and the number of active paid participants within MSN is still far smaller than the amount that MS claims, since they no doubt use the metric of the free service as their baseline. If I as a user am charged $19.95 a month for the privilege of not having to type information in web forms (something I do primarily to download free software, btw, not to shop) then I'm paying far too much -- especially only if one form in five happens to reside within a Passport boundary. There will be all too few people who do decide its worth their time and money.

2) With Windows, if you wanted to write applications for it, you had no real choice but to write to the Windows APIs; vendors that produced third party products still had to cooperate very closely with Microsoft to stay on top of the latest changes in the OS, or risk having products that would die on the next upgrade. Indeed, one of the ways that Microsoft leveraged it's OS was to keep critical APIs evolving internally until fairly late in the cycle, giving their own developers an automatic window of opportunity of several months to develop into a new niche before a competitor could.

The Internet, on the other hand, has a strong set of standards bodies that do not automatically bow down before Microsoft, and that have been working to keep the critical components of the web as simple as possible. Given that these bodies are made up in great part from Microsoft's competitors, this means that it is unlikely that they will cede the power of API, especially as Microsoft has a reputation for playing poorly in shared API arenas.

3) Hailstorm is partially designed to place Microsoft between the consumers and the banks and credit card services that authorize payment (and consequently perform a certain level of user authorization as well). The last time that that Microsoft tried to do that, with their Microsoft Money fiasco that tried to do an end run around the Banking and Credit industries, the industry as a whole closed ranks and adopted Quicken instead. MS Money is now something of a joke without a punchline. I do not anticipate, in a tightening economy and given that most such institutions now have or are developing their own online services, that things will turn out any differently.

4) The highly centrallized nature of the web services approach makes Hailstorm incredibly susceptible to denial of service attacks. If people cannot purchase something several days running because Microsoft's services are DDOSed then you'll see people (and vendors) leaving the program with all haste. Moreover, all it takes is one disgruntled programmer working for a Hailstorm third party provider to leak any relevant access codes to the web, and the entire system becomes compromised. Given the current formenting animosity within the developer community for Microsoft's less than savory business practices, and such attacks are inevitable.

5) Back in the mid 1990's, when Internet hype was first starting to really move into overdrive, an idea that was in vogue for about six months was the Internet Mall, where several businesses would band together to form a virtual shopping portal. They all failed. They failed because there was a confusion between physical and virtual proximty, they failed because no company wanted to cede too many "trade secrets" to other companies, and they failed because these were closed systems in what was (and hopefully will remain) a fundamentally open one - the non-proprietary world was only a single click away, and that made whatever attempt at cohesiveness irrelevant.

In a lot of respects, Hailstorm is the Internet Mall of the 00's, but it rests on even shakier ground. The first is the question of the copyrightability of schemas, something that has not yet been tested in court. Given recent decisions concerning the principle of patent extensibility (generally favoring derivative works), the ability to enforce such copyrights remains suspect. Hailstorm would also have to attract a large enough number of vendor participants, who would have to essentially give up on their own efforts to create sustainable in-house offerings. Most of these same companies are now in positions where they have invested the significant amount of their IT budget for tech modernization, and will be cool at best to the notion of buying into yet another Microsoft initiative.

6) Finally, Hailstorm is emblamatic of both Microsoft's vision and its myopia. It is an audacious, ambitious project that will, if it works, be a technological marvel. It is also a mediocre solution to something that's very little a problem in most people's lives - bad Internet shopping - compared to the more serious issues of invasion of privacy, an uncertain economic, an increasing sense of frustration with corporate greed, and a waning interest in the use of the Internet across most sectors. Web services have their place (they are in fact ideal for intra-application enterprise development), but their use in consumer to business applications is dubious at best.

-- Kurt Cagle
-- Author, Professional XSL, Wrox
-- (360) 951-6159