PowerTalk Arrives

[Next week Apple will reportedly release PowerTalk, the AOCE client software, although the server software, the PowerShare Collaboration Server, won't ship until early next year. PowerTalk will appear along with System 7 Pro, which also includes AppleScript, QuickTime, and some small enhancements, possibly along with version 7.1.1 of the System. Like System 7.1, Apple will sell System 7 Pro via retail channels and may bundle it with certain Macs. To introduce PowerTalk, Wolfgang Naegeli prepared this report after Mactivity '93, the networking show held early this summer. -Adam]

Mactivity '93 was kicked off by Gursharan Sidhu (the "father" of the AppleTalk protocol and now the Technical Director of Collaborative Systems Development) with a presentation and live demonstration of PowerTalk. Sidhu demonstrated PowerTalk on a PowerBook running the Golden Master Beta of PowerTalk. In what was clearly not a rigged demo, everything worked robustly and smoothly. Andy Lauta, Senior Product Manager, gave an in-depth presentation of PowerTalk in a later session.

PowerTalk differs from workgroup computing solutions such as Lotus Notes or Windows for Workgroups in that it focuses on the individual user rather than the group. Apple research found that large numbers of users are part of more than one work group, and that the one-solution-fits-all approach of the competition has many problems in such situations. PowerTalk hides the complexity of various individual technologies, presenting the user with a standard interface to all of them. It is not simply an add-on application, like many other groupware products; when installed, PowerTalk becomes an integral part of the operating system.

Design Goals -- PowerTalk's design goals were to effectively address four challenges important in collaborative computing:

  1. Separation - Not all workgroups are located in one place. Increasingly, teams spread over more than a single building, city, or country. Team members may travel or work at home. PowerTalk integrates mobile computing effectively with stationary computing using AFP (AppleTalk Filing Protocol) for file sharing, Apple events for IAC (Inter-Application Communication), CTB (Communication Toolbox) to access remote systems, and various directory services.

  2. Simultaneity - Not all workgroup members are reachable at the same time. PowerTalk's advanced store-and-forward architecture facilitates work flows among team members on different schedules and in different time zones. This architecture uses AppleMail, fax, voicemail, and other email and messaging services.

  3. Trust - Sidhu contends that present systems tell the user, "I am God, give me your password!" PowerTalk implements standard mechanisms to ensure message authenticity, privacy, and approval for access to services. The user can insist: "Prove to me that you are God." Technologies used include authentication, encryption, digital signatures, and electronic directories (catalogs).

  4. Comprehension - It is not enough to display information as common data formats, such as the traditional ASCII text. The system needs to be knowledgeable about the various components of typical information streams and about the relationships among them. Technologies used are standard message formats and translators.

In addition to the system software extensions for the client computer, which require about 1 MB of RAM, plus some 100K for additional Service Access Modules (SAMs), Apple will sell At Your Service (AYS) server software that runs on any 68020 Mac or better with at least System 7.0. AYS includes mail, catalog, and time services. Apple will ship SAMs that support direct AppleTalk connections, dial-up connections, and the AYS store & forward mechanism. [I believe the AYS server is what Apple now calls the PowerShare Collaboration Server. -Adam]

Catalogs -- PowerTalk enriches the Macintosh desktop with three new icons, one of which is the Catalog Browser. Catalogs are implemented in an open object database architecture and contain free-form "Info Cards." Third parties can create their own object catalog templates. The templates included by Apple are user-customizable. Virtually everything can be aliased and dragged and dropped. A "business card" template allows users to easily maintain a host of address and other personal contact information. For example, a person's new email address can be added to an existing business card in the user's personal catalog by simply dragging it from an address list found in a public catalog on a server and dropping it on the business card. The Catalog Browser supports multi-language sorting.

The AYS Catalog Server is open ended and content-neutral. Its information is easily distributed and replicated across multiple servers. Catalog services can be extended by installing extra Catalog Managers. Apple will probably support AppleTalk, SMTP (Simple Mail Transfer Protocol), Unix White Pages, and X.500 (X/OPEN directory services).

Catalogs are hierarchically structured and scalable. Folders can be distributed and replicated for fault tolerance or backup purposes throughout a network but will appear as a single catalog on the desktop. After a communications or network failure, catalogs automatically update. I asked how conflicts would be resolved if the same entry in two (or more) replicated versions of a catalog had changed in different ways during a network outage, but I did not receive a clear answer. Possibly the most recent version of the record will prevail.

The Catalogs feature also offers an alternative - and eventually a replacement - for the networking uses of the Chooser. One of the icons in the Catalogs window is an AppleShare icon. When opened, other icons become visible for each AppleTalk zone. Inside those are icons for the servers in each zone. These icons may be aliased by dragging them to other locations in the catalog structure for quicker access to frequently used servers and other entities.

Mail -- The second PowerTalk desktop icon is the Mail icon. Mail provides a universal in box. It receives mail from any and all email services via SAMs [generally provided by third parties -Adam] that automatically convert file formats. Other SAMs list incoming faxes and voicemail. Networked users can send files to each other's computers by dropping icons on the entries in a Catalog listing. If the recipient's machine is not turned on, the file will remain on the server until it can be forwarded.

Apple provides good sorting and filtering capabilities for the universal in box, but the real idea is that third-parties will develop intelligent agents that can preprocess and display the contents according to personal needs and desires. For example, an agent may assign priority and project tags based on the contents of the messages or might recognize a request for a reprint and automatically forward it appropriately.

The AppleTalk-based PowerTalk Mail Server is designed for high performance, and can handle 8,000 messages per hour. It includes options for message encryption and authentication, and accommodates server-based gateways. A visitor's mailbox feature allows installation of multiple mailboxes on a desktop.

AppleMail is a bare-bones program, and users will be able to directly send mail from every PowerTalk savvy application via Apple's application integration mailer, but again, Apple expects third parties to provide alternative mailers. CE Software, for example, has promised to ship a PowerTalk version of QuickMail within 60 days after Apple ships PowerTalk. CE also is working on QuickMailBar, an API developers can use to incorporate QuickMail addressing and action buttons into any document. The PowerTalk version of QuickMail will be able to use the AOCE mail transport but probably will also come with a SAM for the native QuickMail transport. CE Software recently spent 15 programmer-years rewriting its transport and making it "rock solid" for QuickMail 2.6 and future versions, according to Ned Horvath, Director of CE's Network Products Team. Contrary to Sidhu's optimism, CE expects some customer sites to take several years to switch to AOCE, and plans to provide continued support for several mail transports.

Key Chain -- The Key Chain is the third new Desktop icon and perhaps the most important PowerTalk feature. It provides quick, transparent access to any number of password-protected servers or services through a single system-wide logon password. All applications and services are integrated with a single security model. For every service, the user creates a key. Each key has account information, communications settings (such as. modem settings, addresses, and system identifiers), and an encrypted password. After this one-time setup, the user attaches the key to the Key Chain and can forget the password. From now on, the system will automatically and transparently connect to the protected service when needed.

Apple feels that this mechanism is especially secure since a user will find it easier to remember a single, frequently-used password and will be less likely to write down a list of passwords. At any time, you can lock the Key Chain by issuing a command or through an inactivity time-out. When the Key Chain locks, all windows containing information from protected services are hidden.

Apple claims that PowerTalk is more secure than most other off-the-shelf software solutions since those use less secure algorithms to avoid export restrictions. Apple is the first company to receive an export license for a DES-based product.

A new "I am at..." menu item (e.g. Home, Office, Car, Hotel) lets the system know which services are accessible and automatically resets communications settings for Ethernet, modem connection, packet radio, etc. so the system can continue to transparently establish connections over available media.

A PowerTalk server can act as a trusted party in establishing authenticated communications across the net. Network traffic is encrypted with the RC4 algorithm of RSA and delivered via ASDSP (Apple Secure Datastream Protocol). ASDSP adds only about ten percent to the communication overhead. At least in the initial release, peer-to-peer traffic cannot be encrypted. [Sorry for all the acronyms! RSA is a company. -Tonya]

Digital signatures, based on RSA Public Key Encryption, provide a secure way of ensuring data has not been altered and was signed by a particular person. The mechanism is similar to Kerberos [a security system developed at MIT -Adam], which was not mature enough at the critical point in PowerTalk development. Apple anticipates supporting Kerberos in a future PowerTalk release.

To sign a document, simply drops it on a Signer icon. A prompt for the personal signer code then appears on the screen. If the content of the signed document later changes in any way, the signature becomes invalid. While being signed, a file automatically is locked to avoid inadvertent invalidation. The Get Info window of a signed file is used to uncheck the file lock, and it contains a Verify button with which the recipient can assert the integrity of the file and authenticity of its signature.

Large companies can become trusted signature issuing agents for their employees by obtaining a titanium blackbox with key interlocks from RSA. The box contains a certain number of key combinations and can be connected to a Macintosh which runs an RSA-signed signature issuing application. Individuals can acquire a personal signature code through a notary. RSA always is at the root of the issuing process and signatures expire after two years. The issuing cost of a digital signature runs about $25.

One limitation of the signature mechanism, at least in the initial implementation, is that only one signature can be attached to a document. This may be worked around by designing forms such that each signatory vouches for the authenticity of the previous sender's signature.

Other Technologies -- PowerTalk complements AppleScript and AppleSearch to form a powerful information processing environment. Non-programmers can create highly sophisticated workflow applications in a fraction of the time previously required.

PowerTalk works synergistically with the voice recognition, speech synthesis, and video-conferencing capabilities in the new AV Macs. Once the new printing architecture in QuickDraw GX becomes available and third parties rewrite Chooser devices for the PowerTalk Catalog, many common operations will not only be more consistent, intuitive, and easier to learn, but also will give the user more control over the end product.


