Microsoft’s first for-fee Web service, MapPoint .NET, is now online. Targeted at developers rather than end users, the MapPoint .NET service lets developers "location-enable" Web and client applications—generate maps and provide directions, for example—without having to purchase an expensive Geographic Information System (GIS) and maintain databases of cartographic and demographic data. MapPoint .NET demonstrates Microsoft’s commitment to Web services and illustrates one way that the Web service model can provide functionality heretofore infeasible for many types of applications. However, MapPoint .NET also illustrates the provisioning, billing, and security issues that must be addressed before commercial Web services can reach their full potential.

A Mapping Service for Developers

MapPoint .NET offers developers a better way to incorporate mapping services (such as map rendering and route-finding) into their applications than do either Microsoft's MapPoint 2002 desktop mapping application or existing mapping Web sites.

The MapPoint 2002 desktop application is targeted at Office users who occasionally need an easy way to locate addresses and visualize mapped data, such as highlighting sales territories or plotting revenue per territory. (See "MapPoint 2002 More Customizable" on page 13 of the July 2001 Update.) As a platform for third-party development, however, it has some limitations. First, it is a desktop application and requires installing nearly 900MB of cartographic and demographic data on each computer, even though some of this data is outdated before it is even installed.

Furthermore, even though the US$249 price of MapPoint 2002 is much lower than nearly all other GIS products, the price and its client-based architecture make it uneconomical to integrate it into other applications.

Web sites such as MapQuest or Yahoo, in contrast, can produce maps for users for free, but they offer no programmatic interfaces to developers and thus cannot easily be integrated into other applications.

As a Web service, MapPoint .NET avoids these problems. Any application that can use the Simple Object Access Protocol (SOAP) to call Web services can retrieve up-to-the-minute geographical data, and developers can programmatically call any of three basic sets of MapPoint .NET functions:

Find service. The find service returns corresponding addresses, places, latitude and longitude coordinates, and points of interest (POIs) when given one of these values as an input.

Render service. The render service renders GIF-based maps of routes and found locations, places POI "pushpins," sets the map size and map view, selects and gets location information about points on a map, pans and zooms a rendered map, and creates "clickable" maps.

Route service. The route service generates routes, driving directions, and calculated route representations; sets road and route preferences; and generates map views of segments and directions.

Microsoft hosts MapPoint .NET at an MSN data center and is able to continuously update it with constantly changing information, such as the traffic level, construction zone, and road closure data used by the route service. (At this time, MapPoint .NET contains North American and European data only.) Customers can also upload data to the service, such as addresses to be "geocoded" (i.e., determining the geographic location from a physical address) and their own POIs. This data is kept private and is only accessible by the MapPoint .NET account holder.

Although offered as a commercial service for the first time, MapPoint .NET is actually version 2.0 of a Web service that has served high-volume Microsoft Web properties such as MSN, CarPoint, and Home Advisor for nearly a year.

Target Audience and Pricing

Microsoft is targeting MapPoint .NET at two classes of customers:

ISPs, ASPs, and dot-coms. Just as Microsoft properties have used MapPoint .NET to integrate mapping and location search capabilities into their core services, other commercial Web sites can cost-effectively location-enable their services using MapPoint .NET.

ISVs and corporate developers. MapPoint .NET allows ISVs and corporate developers to location-enable nearly any Web or client application that involves address data. For example, a Customer Relations Management (CRM) application could use MapPoint .NET to display a map of the physical locations of a selected set of customers.

To use MapPoint .NET, customers must sign a contract with Microsoft, selecting from one of two pricing models:

Transaction-based. For public Web applications, MapPoint .NET is available on a transaction basis, with each request-response to the service considered a transaction. Blocks of transactions start at US$15,000 for 2 million transactions (equivalent to three-fourths of a cent per transaction) and go up to US$50,000 for 7.5 million transactions (two-thirds of a cent per transaction).

User-based. Under this model, which is mostly applicable to corporate use, each organization must pay a US$15,000 "platform access fee" plus a license fee for each user who accesses the application calling MapPoint .NET. At press time Microsoft had not yet finalized the per-user license fee.

In return, Microsoft agrees to a service-level agreement (SLA) committing it to provide MapPoint .NET services at 99.9% availability with sub-second map rendering, and to provide other services such as monitoring, support, and reporting. Should the performance or availability fall below these levels, Microsoft credits transaction-based customers five times their normal transaction rate for the duration of the affected period.

Microsoft has no user-based customers yet and has not announced how the penalty will work under that fee model.

A Model for Other Web Service Offerings?

MapPoint .NET is a good example of the kind of service that is suited to the Web service model. Web services are an ideal way to access application functions that are impossible or not cost-effective to host in-house because they involve large amounts of transactional or rapidly changing data that must be offered to many customers to be worthwhile. Other examples of potentially viable Web services include reservations systems, syndicated news feeds, tax calculators, and credit or funds verification services.

However, MapPoint .NET also illustrates areas in which Microsoft has not quite achieved its vision for commercial Web services:

No end user provisioning. As noted earlier, in this version there is no way for individual end users of an application to obtain automatically provisioned MapPoint .NET accounts and pay for them on a per-transaction or subscription basis. If not addressed, this could prevent Microsoft from using the MapPoint .NET services in a planned future version of its MapPoint 2002 product that can refresh its data directly from MapPoint .NET. Microsoft has not announced how it will charge users for it, but it will clearly require some method of authenticating and authorizing users who license the future MapPoint desktop product.

Limited rating and billing services. Today, customers are billed for all MapPoint .NET services using either the simple transaction-based or user-based fee models mentioned earlier. There are currently no options for different types of functions or types of data charged at different rates, or to discriminate between peak and off-peak times. However, Microsoft claims that this capability is already built and will be available in a future MapPoint .NET offering.

Today, Microsoft’s billing arrangements are directly with the organization hosting the application—any application provider that uses MapPoint .NET on the transactional model must use its own billing system to charge back its own customers for MapPoint .NET transactions (or must recover the costs in some other way, such as advertising).

Limited security. Access to MapPoint .NET is granted based on Hypertext Transfer Protocol (HTTP) "digest" authentication, an Internet Engineering Task Force and World Wide Web Consortium standard authentication scheme that uses passwords. Although digest authentication is moderately secure in that it does not convey passwords "in the clear" over the Internet, it is not as secure as Kerberos authentication (used in network log-ons) or even Microsoft's Internet-based authentication system, Passport. Although MapPoint .NET does not encrypt normal traffic with Secure Sockets Layer (SSL) or Internet Protocol Security (IPSec), it maintains a different site for storing customers’ address and POI data and it protects it from unauthorized access and eavesdropping using the more secure Kerberos authentication and SSL encryption.

Once Passport evolves to support organizational credentials, Microsoft intends to use it for authenticating MapPoint .NET customers.

For more information on MapPoint .NET, see msdn.microsoft.com/library/default.asp?url=/nhp/Default.asp?contentid=28001402 and www.microsoft.com/mappoint/net.