IM Interoperability Hits Entanglements

Business and security issues remain after AOL, Lotus test SIMPLE protocol.

While momentum is building for a standardized protocol for instant messaging, interoperability among IM applications continues to be vexed by unresolved business and security issues.

As recently as December, an IETF (Internet Engineering Task Force)-sponsored protocol that would be a key to interoperability was criticized for being insecure by IM software vendors AOL Time Warner Inc. and IBMs Lotus Software.

Although spokespersons from both companies said they were pleased with the results of a server-to-server compatibility test of Lotus Sametime and AOLs AIM, AOL spokeswoman Kathy McKernan conceded there were "business issues" and "security issues" that still need to be addressed.

But despite having identified these issues, AOL, of Vienna, Va., and Lotus, of Cambridge, Mass., have not scheduled any further testing.

The Lotus-AOL test used a variation of SIP (Simple Implementation Protocol) known as SIMPLE (SIP for Instant Messaging and Presence Leveraging Extensions). It is one of three protocols being considered by the IETF as its Instant Messaging and Presence Protocol, or IMPP.

SIMPLE is considered the front-runner over Presence and Instant Messaging Protocol and the Application Exchange protocol because AOL and Microsoft Corp., two of the biggest players in the IM space, already have SIP infrastructure in place for other products. But that doesnt guarantee the protocols success.

"SIMPLE has a number of problems," said Derek Atkins, president of IHTFP Consulting, in Somerville, Mass., and co-chair of the IETFs IMPP Working Group. "It doesnt deal with group messaging at all; its strictly one-to-one. It has a lot of problems with the firewall. But it does seem to be the major contender."

Atkins said interoperable IM will require universal security among the different IM clients. But the different players dont want to use someone elses technology.

"Its the not-invented-here problem," Atkins said. "We didnt do it; we dont want to use somebody elses technology. The issue is really more a political one than a technical one."

Security is an issue as well for institutions such as the U.S. Army, which uses Bantu Inc.s Bantu IM and Presence Platform. IM has proved popular among soldiers stationed overseas who use it to communicate with their loved ones back home, most of whom are using consumer IM clients such as AOLs AIM, Microsofts MSN Messenger and Yahoo Inc.s Messenger, according to Col. Robert Coxe, chief technology officer for the Army at the Pentagon, in Arlington, Va.

Coxe said the Army has decided to live with the security hole created in the interest of preserving troops morale. "It would be really nice if you could give 128-bit [Secure Sockets Layer] encryption to every IM client out there," Coxe said. "Bantus done that; its similar to what Lotus has done [with Sametime]. But with MSN and these others, its like the Wild, Wild West. Maybe it doesnt matter to teen-agers, but from the business perspective, its an issue."

The IMUnified industry group—comprising MSN, Yahoo, AT&T WorldNet, Odigo Inc. and Openwave Systems Inc.—last year created a protocol for client-to-server IM interoperability that would allow IM clients to interoperate, provided the user had accounts with both clients.

The standard was never adopted because of business and legal issues such as IP rights and service-level agreements, said Alexander Diamandis, vice president of marketing at Odigo, in New York.

While vendors and technologists dream of a world where IM is every bit as ubiquitous as e-mail today, many users dont rank interoperability among IM clients at the top of their priority lists.

It was third on Ross McKenzies list when he was selecting IM software for Johns Hopkins Universitys Bloomberg School of Public Health, in Baltimore, where hes director of IS. More important was integrating the IM client with other applications.

McKenzie selected Bantus IM platform, which can exchange messages with major consumer IM clients but has to drop its security guard to communicate with them.

McKenzie said this poses little concern to him at Johns Hopkins, although he would have more concerns if he was at a corporation with trade secrets to protect.

"Id love to see universal security standards," said McKenzie. "Heck, Id love to see any standards."