InformationWeek

January 3, 2000

Millennium Ramblings
By Jason Levitt

'm hoping that IT departments everywhere are as well-equipped for Y2K as the folks who regularly post to the misc.rural newsgroup. There's no better defense I can think of than to safely ensconce your mainframes and workstations in a backyard bunker or wilderness cabin stocked with plenty of bottled water and ammo.

But if you're reading this column, then the predicted Y2K apocalypse didn't bring your connection down. In fact, things are probably pretty stable on the Internet if you've managed to access our Web site. Electrical power is working. All of the routers and switches necessary to guide TCP/IP traffic to your site are working. Your local telephone company is probably up as well.

This doesn't mean that system crackers aren't busily chipping away at Internet infrastructure. A quick peek at the rogue "blips" posted on the SANS Y2K site (http://www.sans.org/y2k.htm) shows that there's plenty of action. Sophisticated hackers are still using group attacks from multiple global locations, making detection difficult.

The Changing Face Of Web Sites
Web-site accessibility is a fact of life, and security awareness requires constant attention by IT staff. Meanwhile, the face of Web sites, though glitzier than three years ago, hasn't really changed that much. There is Macromedia Flash, which can really make browsers come alive, and there is decent streaming audio and video support, style sheets, and more powerful JavaScript. All of these technologies have enriched the Web browser's experience, but just how significant are the changes? Is the impact lasting? Will Web sites be using these technologies two years from now? If not, what technologies will be widely deployed? Allow me to ramble...

An Application Protocol
As of Dec. 10, Microsoft completed version one of its specification for an Extensible Markup Language-based remote procedure call mechanism that uses HTTP as the base transport. Microsoft named it Simple Object Access Protocol (http://msdn.microsoft.com/xml/general/soapspec-v1.asp). The ramifications of this standard, called Soap, aren't being fully appreciated--yet.

Just as your Web browser can download pages with various types of data, such as stock quotes, Soap can do the same for your business applications, letting your spreadsheet program attach, over the Internet, to a data feed. Outsourcing of some types of software services and infrastructure would be much simpler. Imagine a network file system to which any desktop could attach or a personal information manager daemon that your applications could connect to from anywhere on the Internet.

If you remember the years on the Internet before the Web, it took HTTP and HTML, two transport and display-independent standards, to make sharing information simple possible between servers and humans. Similarly, Soap is a transport-independent standard for peer-to-peer communication between applications. HTML is fine for creating Web pages for humans to look at, but Soap is designed to make communication between applications just as easy and high-level. The closest technology in widespread use right now is Corba and Microsoft's Distributed Component Object Model, neither of which is very portable, simple to program, or easy to deploy. Soap could easily revolutionize the sharing of data between applications, especially over the Internet.

HTML Or XML?
It's a hybrid world on the Internet. Many sites offer more than one version of their content, depending on the abilities of the browser they detect. Other sites are satisfied with a least-common-denominator approach, including the requisite warning messages in case your browser can't handle Secure Sockets Layer connections, certificates, or other browser esoterica. Within two years, more sites will be dynamically generated, on the fly, with application servers that are able to provide content for many types of clients, even bandwidth and display-challenged clients such as cell phones. It's tough to design content that can display on both cell phones and conventional PC displays. Application server and Web-development environments are going to have to get much smarter to make the Web designer's job more straightforward.

XML will drive the dynamic generation of Web pages for multiple client architectures. In two years, most major active sites on the Internet will have rewritten their HTML code to conform to the XHTML specification (http://www.w3.org/TR/xhtml1) or will be in the process of making the transformation. Even for the many sites that do little but display graphics and text, it will be worth rewriting in XHTML since development tools will be easier to use and more error-free when used on XHTML's well-formed code. Legacy HTML won't completely disappear, though. It's too entrenched and, despite its inflexibility, it still gets the job done.

Pictures
The Unisys patent on the LZW compression scheme used in the GIF file format is dangerous, or so says the League for Programming Freedom and some other groups (http://www.burnallgifs.org). The danger isn't in the status quo, it's in Unisys' ability to change its mind at any time and pursue licensing fees from any users or developers (including Web sites) that deal with GIFs. With many software products that contain code to manipulate GIFs, this could turn out to be a substantial headache for many businesses.

Fortunately, there is a good replacement format for GIF. The Portable Network Graphics format has no potential licensing issues (http://www.w3.org/TR/WD-png-960221.html). Unfortunately, it is not completely supported by Netscape browsers and isn't supported at all by earlier Microsoft and Netscape browsers. Still, a move away from GIFs is a good thing, and I suspect that within two years (especially after Netscape releases Gecko) more sites will leave the GIF fold as better browser support comes along.

Wallets, Passwords, And Certificates
I've got more user names and passwords than ever. And they're worth less all the time because so many of them are very specific. I have one user name and password that does nothing but give me access to a technical support Web site for one software product that I occasionally use. I'm not even sure why I need a user name and password for that site, but it's there.

The user name and password explosion isn't going to go away within the next two years. It won't even be under control within the next two years, though it's likely that there will eventually be some good services, such as online vaults and "wallets" that let you store and automatically retrieve them when you encounter a log-in dialog on the Internet.

Digital certificates are not a complete answer to this problem. In fact, they are likely to add to the confusion since their deployment is looking more and more like it will be as anonymous certificates, meaning certificates that only identify users to a specific business or service. "Think Sam's Club, not driver's license," one marketing guy for a security company quipped to me.

Smart cards, where part of the security infrastructure is embedded on a device the size of a credit card, are gaining in popularity, and they do solve part of the storage-management problem of where to put the sensitive access information for users. But they're also expensive compared to a software-only solution.

Certificates will gain ground in some business areas, such as the government and financial sectors, but I'm doubtful that within two years we will see widespread public issuance of certificates.

Broadband And Out
I need to say something about broadband services here since they ultimately will provide a better user experience at Internet sites. Broadband usage has been increasing, especially in the business world where it competes favorably with T1 and older technologies. But it will be interesting to see if widespread use of broadband services in the consumer sector happens within two years. By widespread use, I mean that the majority of America Online users are using it, not just small-office, home-office users and households with a gross annual income of $80,000 or more. If it does, then we should see a dramatic shift in the quality of services offered on the Internet.

AuthorITies Archive
Send Us Your Feedback
Top of the Page


Karyl Scott: Enterprise View Karyl will explore the business and technology issues surrounding enterprise systems.	Stuart J. Johnston: Redmond Watch As our eyes and ears in Redmond, Stuart gives his perspective on the latest events at Microsoft.	Charles Pelton: Eye On IT Charles explores IT management issues and strategies that business and technology managers must face.	Sean Gallagher: The Bleeding Edge From his vantage point of managing editor of InformationWeeek Labs, Sean will explore the impact of new technologies on the evolving world of electronic business.