anyspot: pervasive document access and sharing€¦ · come a long way toward this ideal, remotely...

© 2007 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or

for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be

obtained from the IEEE.

For more information, please see www.ieee.org/web/publications/rights/index.html.

MOBILE AND UBIQUITOUS SYSTEMS www.computer.org/pervasive

AnySpot: Pervasive Document Access and Sharing

Jonathan Trevor and David M. Hilbert

Vol. 6, No. 3 July–September 2007

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works

may not be reposted without the explicit permission of the copyright holder.

76 PERVASIVEcomputing Published by the IEEE Computer Society ■ 1536-1268/07/$25.00 © 2007 IEEE

In the early 1990s, Mark Weiser envisioneda world in which “each person is continu-ally interacting with hundreds of nearbywirelessly interconnected computers”1 thatultimately “weave themselves into the fab-

ric of everyday life until they are indistinguish-able from it.”2 A key to this vision is pervasiveinformation—being able to use any content orservice on readily accessible devices over net-works that don’t tie us down. Although we’vecome a long way toward this ideal, remotelyaccessing and sharing documents across protectednetworks remains challenging.

The World Wide Web, wireless devices, andwireless networks have in-creased the opportunities forsupporting pervasive documentaccess and sharing. However,today’s solutions remain spottyin their coverage for pervasiveinformation needs. To address

this, we developed AnySpot, a Web-service-basedplatform for seamlessly connecting people to theirpersonal and shared documents wherever they go.Here, we describe AnySpot’s design principles andreport our experience deploying it in a large, multi-national organization.

Pervasive information requirementsTo develop a pervasive document access and

sharing platform that would approach Weiser’svision, we had to address the following pervasiveinformation needs:

• Seamless integration with everyday life. To min-imize impact on users and organizations, wecan’t expect them to adopt new storage prac-tices, such as Web repositories; operating sys-tems, such as distributed file systems; or specialclient technology, such as virtual private network(VPN) client software or thin-client devices.

• Fast personalized access. Mobile users are oftenpressed for time and use portable and embed-ded devices with limited user interfaces (UIs),such as mobile phones and office copiers. Of-fering personalization options can dramaticallyreduce the need for browsing and searchingand thus greatly reduce file access time.3

• Seamless sharing. Document sharing is com-mon, yet sharing files across organizationalboundaries remains much harder than it shouldbe. Users should be able to seamlessly sharefiles and folders, without having to deal withthe problems associated with email attach-ments, shared repositories, or extranets.

• Multiple interfaces. Users seeking pervasiveaccess and sharing won’t always have a laptopor desktop close at hand. Users need variousinterfaces, both portable and embedded, in-cluding mobile phones and office copiers.

• Networked services. It’s one thing to be able toaccess any document on your cell phone, butit’s another to actually do something usefulwith it beyond reading it on a tiny screen. Usersshould be able to easily deliver their documentsto arbitrary services for sharing, emailing, fax-ing, printing, and translating.

AnySpot is a Web-service-based platform that seamlessly connects usersto personal and shared documents wherever they go, meeting several keyrequirements of pervasive information access.

I N F O R M A T I O N A C C E S S

Jonathan Trevor and David M. HilbertFX Palo Alto Laboratory

AnySpot: PervasiveDocument Access and Sharing

The AnySpot platformAs the sidebar “Tools for Mobile

Document Access and Sharing” de-scribes, AnySpot goes beyond currentsystems by adding fast personalized ac-cess, seamless sharing, portable and em-bedded interfaces, and integrated net-worked services—all in a singleplatform. With AnySpot, users can re-motely access and share resourcesstored in any file system, using a varietyof client devices over both wired andwireless networks. Users can thus accessnetworked resources from PCs at homeand in remote organizations, as well asfrom Internet terminals and wireless hotspots in airports, hotel business centers,and print shops. Users can also use mo-bile devices and shared document de-vices—such as multi-function copiers—

to fax, print, and share documents whileaway from the office.

To extend our platform to a wide vari-ety of file sources, clients, and networkedservices, we chose a service-oriented archi-tecture based on Web services. Figure 1shows the AnySpot architecture’s maincomponents. The clients (top left) includeWeb interfaces for general-purpose accessto user files and special-purpose externalapplications that integrate user files intoexisting document devices or applications.Users can also add external services (bot-tom left) to their accounts for documentprocessing, routing, and output. Theaccess point (center) provides the core sys-tem functionality, including user authen-tication, unified access to users’ resources,and a shared file system. Finally, the filesources (right) provide a standard inter-

face for accessing user files, folders, andfile history across multiple file systems.

We designed the access point and filesources so that system administratorscould deploy and manage them indepen-dently. A typical organization might de-ploy one access point behind its firewalland one file source for each Windows orUnix network within its intranet. Alter-natively, an application service provider(ASP) might manage access points for mul-tiple client organizations, and the clientswould need to install and run only the filesources. For home PCs, users can installfile sources that connect to “stub” filesource proxies running on the access pointserver. The proxies then use the incomingconnections established by the file sourcesto dispatch requests to the file sources run-ning behind the users’ home firewalls.

JULY–SEPTEMBER 2007 PERVASIVEcomputing 77

T here are numerous tools for accessing and sharing docu-

ments across network boundaries. However, no solution

fully realizes Mark Weiser’s vision for pervasive information.

• Desktop teleporting solutions, such as VNC1 and GoToMyPC

(www.gotomypc.com), let users interact with their desktops

from other PCs as if they were their own.

• Virtual private network (VPN) technology—including hardware,

software, and Secure Sockets Layer VPNs (see www.juniper.net)—

lets remote users securely interact with their firewall-protected

resources as if they were inside their corporate firewall.

• “Thin client” solutions leverage client PCs that are akin to

“dumb terminals” for securely interacting with a corporate net-

work’s applications and data.

Although these solutions support remote access, users typically

use email, Web repositories, and extranets to share documents

across networks. Email attachments are fine for simple document

dissemination, but sharing large files and file collections is compli-

cated due to mail server attachment restrictions. Also, multiple users

editing emailed files can lead to versioning problems. As a result,

researchers have shown significant interest in using Web repositories

for sharing.

Web repositories—such as BSCW2 and Xerox’s DocuShare—let

users share and coordinate document collections across networks.

Personal online storage solutions, such as Xdrive (www.xdrive.

com), let people access and share their files over the Web. How-

ever, these solutions don’t “weave themselves into the fabric” of

users’ everyday lives: users must copy files from their desktop PCs

and file servers to a centralized repository before they can re-

motely access or share them.

Extranets overcome some of these limitations, but require special

authority, skill, and effort to set up and maintain. Researchers have

also developed other systems to address some of these limitations,

including distributed file systems such as Coda,3 and cell-phone-

based systems for mobile file sharing, such as Satchel4 and Serefe.5

REFERENCES

1. K. Wood et al., “Global Teleporting with Java: Towards Ubiquitous Per-sonal Computing,” Computer, vol. 30, no. 2, 1997, pp. 53–59.

2. R. Bentley et al., “Supporting Collaborative Information Sharing withthe World-Wide Web: The BSCW Shared Workspace System,” Proc. 4thInt’l World-Wide-Web Conf., ACM Press, 1995, pp. 63–74.

3. M. Satyanarayanan, “Scalable, Secure, and Highly Available DistributedFile Access,” Computer, vol. 23, no. 5, 1990, pp. 9–21.

4. M. Lamming et al., “Satchel: Providing Access to Any Document, AnyTime, Anywhere,” ACM Trans. Computer-Human Interaction, vol. 7, no.3, 2000, pp. 322–352.

5. J. Ahn and J.S. Pierce, “Serefe: Serendipitous File Exchange betweenUsers and Devices,” Proc. 7th Int’l Conf. Human-Computer Interactionwith Mobile Devices and Services (Mobile HCI), ACM Press, 2005, pp.39–46.

Tools for Mobile Document Access and Sharing

Realizing the pervasiveinformation vision

AnySpot’s design addresses all of thekey pervasive information requirements.

Seamless integration with everyday life

AnySpot’s file sources support users’existing work practices without requir-ing them to adopt new storage systems,operating systems, or client interfaces.File sources are Web service wrappersfor existing file systems that provide astandard interface for important file ac-cess functions, such as GetFiles andGetHistory. While in the office, usersaccess their files as always. Once theyleave the office, however, file sourcesextend secure access to users’ files andhistory to other devices and networks.We’ve developed file source wrappers forstandalone Windows PCs, entire Win-dows NT Domains, and Linux work-

stations. Developers can also create newfile sources for other file systems anddocument repositories and easily plugthem into the architecture.

To securely access resources whileaway from the office, users must pro-vide their login credentials to the filesource so that it can temporarily loginas users on their desktop computers ornetworks. This means that users mustleave their desktop computers and fileservers running. Each file source vali-dates users’ credentials against an ap-propriate authority. For example, anNT Domain file source will use theActive Directory server on that do-main, whereas a Unix file source willuse the host’s pluggable authenticationmodule service.

Because the access point acts as a hubconnecting remote users with a varietyof registered services—from file sourcesto external faxing and printing ser-

vices—AnySpot provides single sign-oncapability for increased usability.

Fast personalized accessIn our previous work, we observed

that mobile users were often in a hurryto access files and typically wanted to ac-cess the same files that they’d most re-cently accessed in the office.3 We thereforedeveloped a personal-history-based inter-face that presents users’ most recentlyaccessed files first. This dramatically re-duces the need for browsing and search-ing, which is particularly important whenusing limited portable and embeddedinterfaces. Thus, file sources collect users’file histories so the access point can pro-vide a unified personal-history-basedinterface for rapid file access.

Each file source uses different mecha-nisms to gather this information:

• Windows file sources leverage the

78 PERVASIVEcomputing www.computer.org/pervasive


Figure 1. The AnySpot Web-service-based architecture. The clients (top left) include Web interfaces and external applications thatintegrate users’ files into existing document devices or applications. External services (bottom left) process, route, and output documents, while file sources (right) offer a standard interface to files, folders, and file history across multiple file systems.

Access point External applications

Login authorities

File sources

Web interfaces

Print

Fax

Web

Phone

SOAP/XML

Windows

Repositories

Unix

HTTPS

Webservicewrapper

Webservicewrapper

Webserviceswrapper

Firewall

Multifunctiondevice portal

RemoteAuthenticationDial-In User

Service (RADIUS)

LightweightDirectory

Access Protocol

AnySpot

Filesource

AnySpot

Webservices

API

Web-baseddistributedauthoring &versioning

Files

Files

Files

External services

SOAP/XMLHTTPS

Sharedfiles

Electronic whiteboard

SOAP/XML

Windows recent-documents list byautomatically maintaining shortcutsto every file a user has ever accessedon his or her Windows PC.

• Unix file sources can traverse limitedfile-system sets to construct the his-tory, or they might instead find theinformation by parsing application-specific files, such as the graphicaldesktop environment’s recent-files list.

Finally, file sources maintain lists of“spots” for each user, which are likeWeb bookmarks that act as quick entrypoints into commonly accessed folders,such as “My Documents” on Windowssystems.

Seamless sharingThe AnySpot access point maintains

a shared file system that supports twotypes of simple ad hoc sharing:

• Shared proxies. These are shortcuts orsecure links to personal files and fold-ers (resembling Unix’s soft links) thatprovide seamless access to file sourcefiles. When the user modifies a sharedfile using a proxy, the original filechanges, and vice versa.

• Shared copies. These are copies of per-

sonal files or folders that users canshare and modify without affecting theoriginal versions. The access pointremembers where the originals are,which allows synchronization in bothdirections.

Because AnySpot combines featuresof both in-place remote-access solutions(such as Secure Sockets Layer VPNs) andWeb repository solutions, users can ac-cess the original version of a shared filethrough its proxy representation andsynchronize a shared copy and the orig-inal. These are powerful features miss-ing from today’s Web repositories.

AnySpot’s shared file system lets userquickly and easily share with othersbased on their email addresses. AnySpotgenerates and sends special secure URLsthat grant access to shared files. Whennecessary, it also asks recipients to loginor register with the system via an auto-matic email-based address verificationprocess before granting access. The endresult is that users can share entire fold-ers or even disk drives from their localPCs with people outside their networkor organization by sending them a shortemail. Users don’t need to copy or movetheir files anywhere, and, in the case of

shared proxies, all participants can seeany subsequent changes to the file.

Multiple interfacesTo bring pervasive document features

to devices beyond PCs and applicationsbeyond Web browsers, we opted to useWeb services. This choice required us tosupport various authentication mecha-nisms to provide the best user experiencefor various devices and usage scenarios.

Our Web services architecture lets usseparate the system logic from the UI andbuild a variety of interfaces on top of theplatform. These interfaces range from themost general—accessing and using filesfrom a standard Web browser—to Any-SpotPIP, a podium application that letsusers present recently accessed presenta-tions by simply swiping a smart card.

Web browser UI. When users log in toAnySpot’s Web UI, they first see “What’sNew,” a unified personal-history viewof recently accessed and created files (seefigure 2a). Users can thereby quickly ac-cess the documents they need withouthaving to search or browse networks,machines, and folders.

AnySpot’s Web UI is similar to Win-dows Explorer in Windows XP: Double-


Figure 2. AnySpot’s Web UI. (a) The “What’s New” tab lets users access recently edited or created files across multiple file systems.(b) The “Personal Files” tab provides unified access to a user’s files, folders, and disks across machines and networks.

(a) (b)

clicking on folders opens them and dis-plays their contents. Selecting files dis-plays relevant actions or “Tasks”—suchas open, download, edit, email, and fax—that users might perform on the file. Justbelow the task panel is a “Details” panelthat shows a preview of the selected file(when thumbnails are available) alongwith other details, including its name,type, size, modification date, and loca-tion. The lowest panel, “Activity,” showsthe 10 most recent actions—such asemailed, read, faxed, and so on—that theuser has performed on the file or folder.

Across the screen’s top, tabs form amain navigation bar for accessing users’personal and shared files. As figure 2bshows, when the user selects the “Per-sonal Files” tab, AnySpot shows a list ofaccessible folders (or “spots”). Users canconfigure this list; it typically includeslinks to the user’s desktop, documentsdirectory, desktop PC drives, sharedfolders on file servers, and home direc-tories in Unix networks.

Most tasks provide a wizard-style dia-log that leads users through the tasksteps. For example, the email/share task

(see figure 3a) first asks users who theywant to send files to, the message’s sub-ject and text, and how they want totransmit files to the recipients. Users canchoose between attaching a file to themessage or making a shared proxy orcopy available in the shared file system(optionally protected by a password orrequiring the recipient to sign in to iden-tify themselves to the system).

In the “Shared Files” tab, users see alist of files they’ve shared with others orothers have shared with them viaAnySpot. In addition to standard filetasks, users can update security require-ments for accessing shared files, resyn-chronize the shared file to match the orig-inal (when the original changes), andupdate the original to match the sharedfile (when the shared copy changes).Finally, as figure 3b shows, the interfaceprovides an additional panel, “Users,”which shows—at a glance—who can dowhat to each file.

Phone UI. As figure 4 shows, AnySpotalso provides a phone UI that lets mobileusers email, fax, and print files. The UI

provides much of the Web UI’s samefunctionality but is simplified and opti-mized for the phone’s keypad and screen.

In our previous experiences designingmobile UIs,4 we encountered several sit-uations in which typing a username andpassword ranged from inconvenient tonearly impossible. We therefore designedthe access point to provide an alterna-tive authentication method that associ-ates the user’s account with some uniquedevice attribute, such as a cell phone’ssubscriber ID or a smart card’s uniqueID. Users can choose whether each de-vice-based login requires their normalpassword or a simpler PIN.

After logging in, the user can select“My History” to quickly locate recentlyaccessed files or use the “Quick Find”wizard to filter their history based on filetype, name, and other attributes. Select-ing a file provides a thumbnail preview(when available) and makes network-based services for emailing, faxing, andprinting available to users.

AnySpotPIP podium application. TheAnySpotPIP application runs on a shared



Figure 3. Other Web UI features. (a) The “Email/Share” wizard lets users share files and folders with anyone. (b) The “Shared Files”tab lets users access and manage shared files.

(a) (b)

device—like a podium PC or SmartBoard—and lets users swipe a smart cardto instantly open and present their desk-top documents (see figure 5). AnySpot-PIP is a redesign of a previous systemusable only within a Windows Domain.3

Because AnySpotPIP uses AnySpot as itsunderlying file system, we can install itanywhere—in a distributed organiza-tion, for instance—and users can in-stantly present their files wherever theygo. The user’s card encodes the URL forthe user’s AnySpot server, and AnySpot-PIP makes use of AnySpot’s ability tologin users using credentials other thantheir email addresses and passwords.Users simply walk up to the podium,identify themselves using their card, andpress the “Present” button to show theirmost recently edited presentations.

Outlook add-in. Our Outlook add-in letsOutlook users send large attachments andfolders seamlessly via AnySpot withoutleaving the Outlook application. Usersattach files and folders to their email mes-sages by dragging and dropping them onthe message. After the user presses send,the add-in removes attachments from themessage, uploads them to AnySpot (orcreates shared proxies that point to theoriginals), and a very small HTML at-tachment containing the secure URLs issent in their place. Thus, AnySpot userscan use a mail client to share large docu-ments with recipients whose email serverswon’t accept large email attachments.

Networked services forextending device capabilities

A powerful approach to increasing per-vasive document access and sharing ca-pabilities is to harness network-based services to extend a target device’s capa-bilities.4 In AnySpot, we can integrateexternal services into the access point tosupplement the built-in tasks that users


(a) (b)

Figure 4. The phone UI. The UI’s unifiedhistory capabilities let users (a) locate files quickly and (b) do something usefulwith them.

Figure 5. The AnySpotPIP podium application. Users simply identify themselves using asmart card to instantly open and present desktop documents.

can perform on their personal and sharedfiles and folders.

Two examples of external services thatwe’ve integrated include InterFax (www.

interfax.net) and NetPrint (www.printing.ne.jp). InterFax is an online fax service thataccepts a variety of file formats and faxesthem to any fax machine. With this third-party service, users can instantly fax theirfiles, even from their cell phones.

NetPrint is a Fuji Xerox print servicethat lets users upload their files and printthem on Fuji Xerox multifunction devices(MFDs) in thousands of 7-Eleven storesacross Japan. Service users upload a doc-ument to the service’s Web site and receivea unique eight-digit code that they canlater use to print the document on any 7-Eleven MFD. AnySpot considerably en-hances the service’s value by enabling cellphone users to instantly route any of theirdocuments to NetPrint on-demand, let-ting them print any file rather than justthose they’d previously uploaded.

Deployment and user experience

We’ve deployed and used two AnySpotversions (with the Web UI, phone UI, andother interfaces) at our laboratory ofapproximately 25 researchers for nearlytwo years. We first demonstrated the sys-tem’s capabilities at several staff meet-ings, then encouraged our colleagues tosign up and use AnySpot prior to travel-ing. At this time, more than three-quar-ters of our colleagues have accounts.

Over the past year, we asked our col-leagues to send us anecdotes about howthey use AnySpot. Our goal was to learn

which scenarios were most useful to ourusers and how AnySpot fits in with othertechnologies. Our users vary from thetechnically savvy to more casual compu-

ter users. We’ve observed five differentusage patterns with the current system.

Unanticipated data access There are many situations in which

users need personal or corporate infor-mation access while traveling. Typically,users plan ahead, copying the presenta-tions or data onto a laptop or portablestorage device. However, in several cases,users found that their preplanning waseither insufficient or rendered useless byexternal factors beyond their control.The following quote illustrates a com-mon example (and the workaround):

[W]e were giving a presentation anddemo at [a company]. We brought amachine with the presentation on it,but somehow that machine did notwant to connect to the projector.They offered us the use of one oftheir Macs ... After 15 minutes or soof trying all kind of things, [acolleague] suddenly said ‘Let’s tryAnySpot.’ So, we started up abrowser on the MAC, and there theoriginal copy of the file was on mydesktop, which we could easily get.Très cool.

This problem illustrates one of themost frequent uses of AnySpot—to fetchand give a presentation on a foreign ma-chine when the laptop fails. One partic-ularly extreme case occurred when a userwas preparing a conference presentation.Because laptops “never fail,” he wasn’tcarrying the material in any other form(such as a CD-ROM). When the hard

disk crashed the evening before two pre-sentations, he used AnySpot’s Web UI inthe hotel’s Internet room to burn a CD-ROM containing the presentation andseveral videos from his office desktopmachine, which was a continent away.

In another case, users attending ameeting were unexpectedly asked forsupplementary materials that weren’t ontheir laptop, so they simply opened Any-Spot’s Web UI and retrieved the relevantinformation.

Changing work practice: A safety net

Once users became more confident inAnySpot’s capabilities and stability, wenoticed a change in work practice:

Now, when I am on the road, I feelconsiderably more secure aboutmaterials I might not have thoughtto have brought along—I know Ican always go online and retrieveeasily any files I might need.

Another user noted that AnySpothelps him get going quickly:

I was preparing for a trip, but neededto leave work in a hurry…. However,I knew I could use AnySpot at hometo get my files, so I didn’t worryabout it. I got home, got the files, andeverything was copasetic.

AnySpot offers continuous resource ac-cess, without requiring that files be in aspecial location for remote access. It thusreduces the need to plan for contingen-cies when traveling or working offsite.

A secure email alternativeMany people use email as a main

method for distributing documents.However, organizations sometimes placelimits on incoming attachment size (forexample, 2 Mbytes) and are increasinglylimiting the types of attachments they’llaccept (for example, only ZIP or text) toprotect against viruses. Getting files torecipients—even those within your orga-nization but on different networks—



AnySpot offers continuous resource access,

without requiring that files be in a special location

for remote access. It reduces the need to plan for

contingencies when traveling or working offsite.

often requires uploading files to someWeb site and setting up access permis-sions before sending the URL.

Many of our users use AnySpot’semail task to send large presentations ormaterials securely to others both withinand outside our organization.

We have used AnySpot several timesto email really large files of postersfor poster sessions to group memberswho were at conferences.

AnySpot also offers a safe and easyalternative for sharing highly sensitivedocuments with external users. Users inour organization have leveraged this ca-pability for sharing materials with ourpatent attorneys. Users simply select thedocuments or folders and share them inthe shared file system, protecting themby limiting access to the lawyers only, byadding a common prearranged pass-word, or both.

A lightweight complement to IPSec VPN

Our company provides employeeswith either hardware or software Inter-net Protocol security VPN so they canconnect to the intranet from their homePCs or laptops. A few employees in ourorganization have used AnySpot to com-plement our VPN system and to over-come some of its unintended limitations.

I use it to work on articles when I’mat home instead of using VPN andmounting remote drives to work onthe files that are stored on officemachines. I download a copy of thefile to my laptop using AnySpot, andupload it after editing. I can just usemy normal home network instead ofrelying on VPN, which times out orcan also disconnect if my laptopsleeps (while I watch TV).

At home, I use a Mac, and for thelongest time, VPN was broken forMacs, so you couldn’t really get tothe company’s intranet. I startedusing AnySpot to retrieve files frommy office computer to work onthem at home. I believe VPN nowworks again, but I never felt the

need to install it. AnySpot doeseverything I need.

By offering immediate access to re-cently edited or created files, AnySpotcomplements traditional VPN solutions.

Creating small extranetsFor software releases and sharing pic-

tures, users frequently take advantage ofAnySpot’s ability to make entire hierar-chies or even single large files securelyavailable outside the organization with-out having to copy or move files.

Previously, when we wanted to sharesoftware with our parent company, weshipped it via FedEx on CD-ROM orcreated special password-protected areason our external Web site. Each of thesesolutions had drawbacks. FedEx tookmuch longer, while changing our mainWeb site required creating a sub-Web,protecting it appropriately, and thentransferring the correct documents to it.AnySpot eased this process. Users cannow simply create a secure link to afolder on one of our main file servers andprotect it by either using a password orrestricting access to particular emailaddresses. Further, by examining each

file’s activity trail, we know who ac-cessed the software release and when.

Many of our users maintain picturefolders on their PCs. Now, rather thanuploading the folders to a Web site andcreating an index page, they often usedAnySpot to simply email a link to thefolder. Although the end result isn’t asaesthetically pleasing as a customizedWeb page, the Web UI’s thumbnail view

offers a much quicker and easier alter-native for sharing photos (see figure 3b).

Real-world adoption challengesWe encountered several unexpected

issues when trying to deploy AnySpotin our large, multinational parentorganization.

Security concernsSuccessfully deploying AnySpot re-

quires that network administrators letInternet clients connect to an intranetserver using SSL. As a result, they mustconfigure the corporate firewall to allowincoming HTTPS connections. Whileseveral increasingly popular SSL VPNsolutions—from Cisco, Nortel, JuniperNetworks, and others—have this samerequirement, some companies remainreluctant. In fact, some countries havegovernment guidelines advising againstallowing any external traffic to enterinternal networks through firewalls.

One solution is to use a layered net-work approach, in which a reverse proxyscreens all incoming requests. This wasour initial approach. We’ve also devel-oped a reverse tunnel approach, con-necting an internal server to an external

gateway, which then uses the outboundconnection to send inbound requests.This is similar to the GotoMyPC (www.gotomypc.com) and SwanSTOR (www.areabe.com) approaches and requires noincoming firewall openings.

Network administrators were also con-cerned that user accounts might be com-promised, allowing unauthorized accessto protected resources. To address this,


Successfully deploying AnySpot requires

that network administrators let

Internet clients connect to an intranet

server using SSL.

w e

added support for RSA’s two-factorauthentication to prevent replay attacks(through key-logging, for example).

Although current corporate securitypolicies have raised challenges in deploy-ing AnySpot, we believe there’s a trendtoward SSL-based VPN solution adop-tion, and that AnySpot’s many securityfeatures (two-factor authentication, nobuffer overrun possibilities, no uncheckeduser parameter SQL queries, and so on)make it a secure enterprise solution.

Environmental concernsIn some countries, compliance with ISO

14000 environmental management stan-dards is an important goal. To conserveenergy, many companies turn off lights,air conditioning, and workstations whenthey’re not in use, such as at lunchtime andovernight. Unfortunately, our design andusage scenarios implicitly assume thatusers’ desktop PCs and file servers willalways be on. However, we’ve begun ex-ploring alternative models that wouldn’trequire continuous PC availability, suchas an online backup and synchronization-based solution, possibly focused on users’most recently accessed files.

Our experience illustrates atleast two cases in which com-bining features from differentsystem types produces some-

thing more valuable than the individual

systems offer. First, by combining in-placeremote access capabilities with simplesharing features that are typically found inWeb repositories, AnySpot lets users shareresources in-place, with no copying orversioning issues. Second, by connectingour pervasive file-access capabilities witha service in Japan that lets users print pre-uploaded documents, users can print any document, any time, at any MFD-equipped 7-Eleven in that country.

Web services provide a compellingframework for pervasive computing forseveral reasons:

• They let developers combine indepen-dent systems in unanticipated ways.

• The clean separation they enable be-tween logic and interfaces lets de-velopers quickly build novel clients to support portable and embeddedapplications.

• They facilitate easy service connec-tions, which lets devices with limitedcapabilities (like mobile phones) lever-age more powerful networked servicesfor increased capabilities (like faxingand printing).

As more services and devices becomedispersed throughout the environmentand network, Web services will enablemore flexible coupling of functionalityand devices, resulting in more service useand more device capabilities.

REFERENCES1. M. Weiser, “Some Computer Science Issues

in Ubiquitous Computing,” Comm. ACM,vol. 36, no. 7, 1993, pp. 75–84.

2. M. Weiser, “The Computer of the 21st Cen-tury,” Scientific American, vol. 265, no. 3,1991, pp. 66–75.

3. D.M. Hilbert and J. Trevor, “PersonalizingShared Ubiquitous Devices,” Interactions,vol. 11, no. 3, 2004, pp. 34–43.

4. B.N. Schilit et al., “Web Interaction UsingVery Small Internet Devices,” Computer,vol. 35, no. 10, 2002, pp. 37–45.



the AUTHORSJonathan Trevor works in the Advanced Development Division at Yahoo! Inc. Hewas previously a senior research scientist at FX Palo Alto Laboratory, where he con-ducted this work and other work in ubiquitous systems, computer-supported coop-erative work, and Web-based applications. He has a PhD in computer science fromthe University of Lancaster and is a member of the IEEE and the ACM. Contact himat Yahoo! Inc., 701 1st Street, Sunnyvale, CA 94089; [email protected].

David M. Hilbert is a senior research scientist at FX Palo Alto Laboratory. His re-search interests include the design and evaluation of novel interactive, collaborative,and ubiquitous computing applications. He has a PhD in information and computerscience from the University of California, Irvine. He is a member of the IEEE, theACM, and Phi Beta Kappa Society. Contact him at FX Palo Alto Laboratory, 3400Hillview Ave, Bldg. 4, Palo Alto, CA 94304; [email protected].

NEX

T ISS

UE

MOBILE AND UBIQUITOUS SYSTEMS

Securityand PrivacyOctober–December 2007

QUESTIONS?COMMENTS?

IEEE PervasiveComputing wantsto hear from you!

[email protected]

AIL

QUESTIONS?COMMENTS?

IEEE PervasiveComputing wantsto hear from you!