You are on page 1of 32

VOORTGEZETTE OPLEIDING – GAS

DEPARTEMENT WETENSCHAPPEN

Can Open source eXchange My World?

Academiejaar 2005-2006 Verhandeling aangeboden tot het verkrijgen van


de graad van Master in IT:

Roel De Meester

Downloadable versions of this document can be found at http://users.pandora.be/develOOp/thesis/ This


document (except for the logo) is licensed under the Creative Commons Attribution License. This means that
the licensor, Roel De Meester, permits others to copy, distribute, display, and perform the work. In return,
licensees must give the original author credit. For the full license, visit
http://creativecommons.org/licenses/by/1.0/legalcode/ or send a letter to Creative Commons, 559 Nathan
Abbott Way, Stanford, California 94305, USA.
Table of Contents

1.Introduction .....................................................................................................................................................5
2.can open source exchange my [WORLD] .......................................................................................................5
2.1. E-mails ....................................................................................................................................................6
2.1.1.Wikipedia definition .........................................................................................................................6
2.1.2.E-mail information ...........................................................................................................................6
2.1.3.Applications......................................................................................................................................7
2.2. Address books .........................................................................................................................................8
2.2.1.Techweb definition ...........................................................................................................................8
2.2.2.Address book information.................................................................................................................8
2.2.3.Address book file format................................................................................................................11
2.2.4.Applications ...................................................................................................................................12
2.3. Calendar.................................................................................................................................................13
2.3.1.Definition .......................................................................................................................................13
2.3.2.Information .....................................................................................................................................13
2.3.3.File Format .....................................................................................................................................14
2.3.4.Applications ...................................................................................................................................16
2.4. Notes .....................................................................................................................................................17
3.can open source exchange [MY] world .........................................................................................................18
3.1. Securing E-mail ....................................................................................................................................18
3.1.1.SSL .................................................................................................................................................19
3.1.2.Digital Signatures ...........................................................................................................................19
3.1.3.Bundled security .............................................................................................................................19
3.2. Securing synchronization of information .............................................................................................20
4.can open source [EXCHANGE] my world ...................................................................................................20
4.1. E-mail ....................................................................................................................................................20
4.1.1.SMTP (Simple Mail Transfer Protocol) .........................................................................................21
4.1.2.POP (Post Office Protocol) ............................................................................................................21
4.1.3.IMAP ..............................................................................................................................................22
4.2. Calendar ................................................................................................................................................22
4.3. Address book .........................................................................................................................................23
4.3.1.Requirements ..................................................................................................................................23
4.3.2.Microsoft exchange Server ............................................................................................................24
4.3.3.LDAP .............................................................................................................................................24
4.3.4.SyncML ..........................................................................................................................................25
4.3.5.Plaxo.com .......................................................................................................................................25
4.4. Exchange Server Alternatives ...............................................................................................................25
4.4.1.Open source Microsoft Exchange replacements ............................................................................25
4.4.2.From a different angle ....................................................................................................................27
5.5can [OPEN source] exchange my world ......................................................................................................29
5.1. Open source software ............................................................................................................................29
6.CAN open source exchange my world? ........................................................................................................30
6.1. the breakdown........................................................................................................................................31
6.2. (Pessimistic) conclusion .......................................................................................................................32
6.3. (Optimistic) conclusion..........................................................................................................................32
Woord vooraf
Deze verhandeling heeft lang op zich laten wachten. Een samenloop van professionele (bvba opgestart) en
familiale (welkom Joris, Tinne en Wouter) omstandigheden hebben ertoe geleid dat dit werk zich
voornamelijk in mijn hoofd heeft ontwikkeld, en pas op papier heeft kunnen ontstaan door de vrijheid van
mijn partner Christa. Het is omdat zij de zorgende factor verschillende weekends en weken volledig op haar
schouders heeft genomen dat ik er in geslaagd ben om al mijn ideeen neer te schrijven.

Antwerpen, nazomer 2006


1. Introduction
This thorough study has started as a result of my own problems keeping my address book synchronized
between my work PC, 2 home PC's, a PDA and some web mail address lists. While trying to figure out a way
to do this in an automated way I learned a lot on open standards, xml formats, server and web services.

I have split up the work in 4 major parts.

1. What information is commonly relevant to keep synchronized? In other words what makes up the
world of information.

2. How can this be done in a secure way? How can we make sure that any information stays in my
hands.

3. How can (or should) the information be shared or exchanged between applications, which protocols
should be used?

4. Are there already open standards or open sourced applications (client or server) available that can be
used for the synchronization task?

5. Joining these parts together leads to the overall question: “Can open source exchange my world?”

2. can open source exchange my [WORLD]


The optimist proclaims that we live in the best of all possible worlds; and
the pessimist fears this is true.

James Branch Cabell (1879 - 1958), The Silver Stallion, 1926

An important part in the whole synchronization story is defining what “world” of information is relevant to
share between different desktop/web applications.

Nowadays PDAs1 have already clarified what most people see as important information. Most owners of
PDA's use it for it's PIM2 functions, as digital alternative for their filo-fax.

Watching at the personal information items that those PIMs support we already have a good list to start with:

1. E-mails

2. Address books

3. Calendars

1 Personal Digital Assistant: hand held devices that were originally designed as personal organizers
2 Personal Information Manager: Personal Information Management functionality started with the Filofax, with all your personal
data held in paper form in a single package. The personal organizer came along to store the data electronically with the ability
to store the same information on your PC and synchronize the two. The same functionality is now finding its way into mobile
phones, which also have the synchronization capability.
4. Task lists

5. Wish lists

6. Task scheduling (invitations etc)

7. Notices

But since the start of the Internet a lot of other valuable personal information has become available that helps
people to organize their virtual world. (There are even tools being developed to organize that new
information into one single environment. eg. Jetbrains' Omea). Some parts of that newer information :

8. Websites and bookmark lists

9. newsgroups

10.eZines

11.Blogs

12.Instant Messages

13.RSS/Atom Feeds

We need to precise what uniquely defines those different information items, and of what atomic data they are
build up. The definitions of all above terms are already clarified on the largest free encyclopedia on the net:
Wikipedia[wiki]

2.1. E-mails

2.1.1. Wikipedia definition


Electronic mail, abbreviated e-mail or E-mail, is a method of composing, sending, and receiving messages
over electronic communication systems. The term e-mail applies both to the Internet e-mail system based on
the Simple Mail Transfer Protocol (SMTP) and to work group collaboration systems allowing users within
one company or organization to send messages to each other.

2.1.2. E-mail information


There are 3 components to an E-mail message

1. The envelope : is used internally by the Message Transfer Agent (MTA) (eg. Sendmail, Exim, Qmail
and Postfix )

2. The headers : The most interesting part of an E-mail - to systems administrators and engineers
anyway.

• KEY: VALUE pairs that conform to RFC 822.


• Each header transmitted as a single line of text.

• Some are Mandatory: Date From, To, (or BCC).

• Others are optional but widely used: Subject, Cc, Reply-To, Received, Message-Id.

• Any others are ignored by the mail system but all headers are propagated, recognized or not.

• Headers starting with 'X-' are for personal application or institution use.

3. The message body :

• The actual content of the E-mail message.

• MUST be plain text: binary content must be encoded into ASCII text.

• The body is separated from the headers by a single blank line.

• sometimes containing a signature block at the end

2.1.3. Applications

a) Desktop:

Most widely spread in windows world are the outlook series and outlook express mail clients.

Both have been known to handle E-mail in a rather insecure way.

One of Microsoft’s goals is for the E-mail client to be easy to use. However, the embedded automation and
lack of security features compared to competitors have been repeatedly exploited by malicious hackers using
E-mail viruses. These typically take the form of an E-mail attachment which executes on the user’s machine
and replicates itself by mass-mailing the user’s or Exchange server’s address list. Examples of such viruses
are the Melissa and Sobig worms. Other programs have exploited Outlook’s HTML E-mail capabilities to
execute malicious code or confirm that E-mail addresses are valid targets for spam. The notoriety of the
worms and other viruses has gained Outlook a reputation as a highly insecure E-mail platform.

Other alternatives are the (free) eudora. Eudora is a classic, powerful, flexible and efficient E-mail client that
cans spam precisely, too, and shows nary a weakness.

Other well known E-mail clients are Lotus Notes, Mozilla Thunderbird, Mulberry and The Bat!.3

3 For a thorough comparison see :


• http://en.wikipedia.org/wiki/Comparison_of_E-mail_client
• http://www.engin.umich.edu/caen/E-mail/emailchart.html
• http://E-mail.about.com/od/emailclients/
b) Web4:

Web-based E-mail service is a web application that allows the users to access their mailboxes by using any
web browser. One can than read mails that are on the server or write emails. Since the user is working
directly on the server, deleting an E-mail will be irreversible. (desktop clients often leave a copy of the
message on the server when downloading, Deleting an E-mail will only delete the local copy). Since the
introduction of the Gmail webmail [2GB] which discourages deleting emails but rather encourages users to
archive them, a strong battle has started between competitors (hotmail[250MB], yahoo[1GB], aol[2GB]) to
give more storage to their users.

FastMail is a another great free E-mail service. It only gives the user 10MB of storage but comes with IMAP5
access and few ads.

POP6/IMAP access?

• Gmail does not offer IMAP, only POP access it also and provides Mail Forwarding

• Fastmail offers both IMAP and POP access and can be used to other E-mail services through POP

• Yahoo does not offer POP nor IMAP access. It can however download mail from other POP accounts

• AOL uses an proprietary client/server E-mail system. No POP or IMAP support

2.2. Address books

2.2.1. Techweb definition


A database of names and addresses and other personal information that is maintained in a personal
information manager (PIM), contact manager or other application that deals with people's addresses.

2.2.2. Address book information


The software address book are derived from their real alternatives which often live close to the telephone and
keeps contact details (e.g. name, address, telephone number, mobile phone number) in place. The software
version does not has the problem of getting rather chaotic when people start moving around, lose their
mobiles or get married. Each user has different needs, wants to store his data in a different order, and wants
to store different things (not everyone wants to store birthdays or first names). A good address book format
should be able to contain as much contact information as possible.

1. Naming info

4 Only Free webmail services are discussed here.


5 IMAP: (Short for Internet Message Access Protocol) a mail protocol that provides management of received messages on a
remote server. The user can review headers, create or delete folders and messages, and search contents remotely without having
to download the mail. It includes more functions than the similar and popular POP mail protocol.
6 POP : (Short for Post Office Protocol, a protocol used to retrieve e-mail from a mail server. Most e-mail applications
(sometimes called an e-mail client) use the POP protocol, although some can use the newer IMAP (Internet Message Access
Protocol). There are two versions of POP. The first, called POP2, became a standard in the mid-80's and requires SMTP to send
messages. The newer version, POP3, can be used with or without SMTP.
• Title [Dr., Mr., Mrs., ..]

• First, Middle, Last Name

• Suffix [Sr., Jr.]

2. Category [Business, Friends, Family, Client, ..]

3. Fax like numbers [fax, computer name, ip-address, ftp-site; telex]

4. Phone info: zero or more

• Category [Home, Business, Company, Mobile, Assistant, Parents, ...]

5. Country code

6. City code

7. Local number

8. Extension

9. E-mail info: zero or more

• Category [home, work, news, web-mail, ...]

• local-part : before the @ sign, often the username

• domain name : after the @ sign is looked up in DNS7 to deliver the e-mail

10.Physical or postal address8 is best stored as free text but would often contain:

• Category [home, work, parents, ]

• block, street-name, number, apartment, room

• city/code

• country/province/state

11.Job information

7 DNS : Domain Name System is name resolution system that lets computers locate other computers on a Unix network or the
Internet (TCP/IP network) by domain name. This information is stored and replicated in distributed servers. When one of those
DNS servers does not have the requested information, it will ask it's neighbours for that information. This is done recursively
until an answer is found and given back to the requester. At the same time, all contributing servers update their own databases
with the new information. This process uses highly advanced recursive learning mechanisms.
8 Postal conventions vary widely from country to country. Eg. The US term “block” is highly connected to the grid-like city maps
of USA cities and is not usable in most European organically grown (mostly circular) cities. Frank da Cruz has put a lot of
effort in his COMPULSIVE GUIDE TO POSTAL ADDRESSES which contains postal schemes for nearly all countries in the
world.
• Job title

• Company

• Department

• Office

• Profession

• Manager's Name

• Assistant's Name

• Secretary's Name

• Home page

12.Personal information

• Nickname

• Spouse's name

• Birthday

• Anniversary

• Children's names

• Picture

• Gender

• Hobbies

13.Instant messaging

• service type

• username

14.Notes

15.User defined Fields


2.2.3. Address book file format
There is NO uniform format to store address book information. So when switching between address book
software and E-mail software a conversion of the propriety format is needed. But most software is able to
import/export its data to a more open format. Examples of these ‘open’ interchange formats are

"Title","First Name","Middle Name","Last Comma Separated Value (CSV): A file containing


Name","Suffix","Company","Department", ... all contacts in a table like format. The first line
"Dr.","Frits","","De often contains the names of the columns; the
Dokter","",,,"Orthodontist",,,,,,,,"Grote Baan
7",,,"Landen",...
other lines contain one record per line. Column
"","Ken","","Barbie","","Happy land",,,"DollStreet
information is either separated by ‘;’ or ‘,’
14",,,"Zulte 123",,,"USA","",,,,...

BEGIN:VCARD vCard (VCF) : is a digital counterpart of a


VERSION:2.1
business card. It only contains a single contact’s
information. The main advantage of these vCards
FN:Firstname Lastname
is that most E-mail software can automatically
N:Lastname;Firstname
attached the senders’ vCard to emails when
ADR;WORK;PREF;QUOTED-PRINTABLE:;Footown sending. When receiving an E-mail containing a
12345=0AFooland;Bar Street 99
vCard the receiver can automatically add the
LABEL;QUOTED-PRINTABLE;WORK;PREF:Bar Street 99=0AFootown
12345=0AFooland
vCard information into its address book.
TEL;CELL:+358-40-123456
EMAIL;INTERNET:nobody@example.invalid
UID:
END:VCARD

dn: cn=John Doe,dc=example,dc=com LDIF: is a LDAP Interchange Format used to


cn: John Doe
communicate with LDAP (Lightweight Directory
Access Protocol) content. It can contain one or
givenName: John
more entries. Each record is represented by a
sn: Doe
block of ‘name:value’ lines
telephoneNumber: +1 555 6789
telephoneNumber: +1 555 1234
mail: john@example.com
manager: cn=Barbara Doe,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top

There are some web-based converters which can handle propriety formats used in common mail-clients like
Windows Address Book, Outlook, Opera, Pine,…

A famous converter is found at http://www.interguru.com/ .


Another option is to use Dawn (the Address Converter and Manager) which can be downloaded from
http://www.joshie.com/projects/dawn/features.html
2.2.4. Applications
Most mail clients contain a well balanced feature to handle contacts and offer e.g. auto completion when
filling in the senders E-mail address. But there still are some applications that deal solely with contacts.

a) Desktop

For windows user there is the Windows Address Book which handles the contacts of a single identity. The
application does not allow you to open or save address books but operates on a single .wab file. That file is
than used to supply Outlook Express with a list of contacts. WAB does allow to import/export to most
common used applications

It can also be used to search Active Directory but has means to connect to LDAP.

For apple user there is the Address Book application. It has roughly the same functionality as its windows
counter part but the main benefit is that it provides an API to interface with other software. It can be used to
synchronize with a Microsoft Exchange Server or to search through LDAP directories.

For Linux there are also several solutions. Thunderbird (which is a multi-platform software) comes with an
own address book application that has roughly the same capabilities as the WAB, but it can also search LDAP
server info. KDE's address book is the Kontact application. As all KDE components it integrates well with
the other KDE components, in particular KMail. The Ximian Evolution address book is part of the evolution
personal information manager. And has the same functions as MS Outlook for Windows.

b) Web

Most common web based E-mail systems like yahoo, hotmail, fastmail, gmail are able to import/export
contacts and also have a web based administration screen to add/delete/edit and search through contacts. But
there are many web applications which have contact handling as their main focus, but in my opinion those
applications are only useful when they are combined with a synchronization mechanism to keep the address
book on the client PC up-to-date and visa-versa.

Most Exchange Server solutions like Lotus Notes, Microsoft Outlook and Ximian also provide a web based
solution to access the server. In those cases synchronization with server is not an issue since the shared
address information is already online and accessible in the web application. For home users which are mostly
not connected to an exchange server another solution is needed.

Apple users have this solution out of the box if they are willing to pay for the .Mac Synchronization service
at www.mac.com which always keeps the offline information (contacts, bookmarks, …) in sync with the
servers and they provide a web interface to access and alter that information. So although this is not a REAL
exchange solution the result is about the same.

Another solution, with some added value, is www.plaxo.com. It comes with an outlook, apple address book,
and Thunderbird plug-in to keep that information in sync with server. This is very handy but as a heavy user
of this software I have noticed that the system is not yet perfect and sometimes corrupts the contact
information. Especially if an extra PDA is used to synchronize the contacts. This results in duplicated
records, record fields missing etc. But up till now it's a fairly easy way to keep contacts synchronized.
Another benefit of this software is that it keeps the information of any contact that is also a Plaxo user
automatically update-to-date with their latest info, further more they also provide API and widgets for other
3rd party mail providers to sync their address book with Plaxo.

2.3. Calendar

2.3.1. Definition
In the digital world a calendar is able to keep track of events, free and busy time, meetings, to-do’s. These
calendars can be completely private and stored on a desktop machine or a PDA. Calendar information can
also be stored on a server which results in the benefit of ‘sharing’ information to other users. Taking this one
step further would imply that people can subscribe to that calendar so that the (read-only) content can be
viewed within the calendar client application. This is useful for distributing timetables, tour calendars, and
recurring events.

Another way to share calendar info is to send a calendar to another. This can be done using ordinary E-mail
and a special mime content text/calendar, or by using a propriety exchange mechanism like is used in
Outlook and Lotus Notes. In companies that system is heavily relied on to setup and schedule meetings,
checking for free time of colleagues, and can be even used to schedule a meeting room. Most often the E-
mail application is used to share the information but the file format of the attached calendar is not fixed.

In a typical company environment any event or meeting that a user enters in his shared calendar will also be
stored on the server. Once on the server there are two options. Either the calendar info is only used to
calculate free/busy times so that other can easily schedule a meeting with the user, another option is to also
share the content of the meeting. In that case any other authorized user can look into the shared calendar. This
is typically used by secretaries that keep track of the calendar of their boss.

2.3.2. Information
By scheduling an event in any calendar application we can easily derive the needed information in a calendar
item. There are mainly three types of calendar items, which share a lot of fields but are still to be used for
different situations

1. Meeting (requests) with other people within your digital connection. Colleagues, friends, within a
non-profit environment

2. Appointments contains same information as a meeting but does not expect response from invitees

3. Task typical puts less focus on time (except a due date) and often contains a field to define the % of
completion. Some applications allow a task to have sub-tasks.

• Content

• Subject : short descriptive title

• Description: a longer text area containing a meeting agenda, driving directions, …

• Category: can be used to group information in different areas of interest

• Invitees: A list of people that will receive an invitation to this meeting


A mail will be sent to those people and some mail applications are able to add the meeting to
their own calendar and each invitee is able to accept or reject the invitation
• Start time and End time of the event

• Optionally mark an event as a “all day event”

• Reminder : an alert will be given to the user to remind the upcoming event

• A timing can be given

• Type of alerts (beep, OS notification, E-mail, SMS, ..)

• Optionally mark an event as “private” : other people using the same exchange server are
unable to see the details of the event, but during the time of the event the calendar is mark as
‘busy’

• Schedule recurring events. Some events take place every week at the same time, or every year,
or a few days in a row. Instead of copying the same event information to all these other dates
(and having the problem of making a change to all recurring events), it is possible to define an
event as recurring and provide recurring info

• Recurrence pattern : daily/weekly/monthly/yearly

• Range of recurrence :

• No end date

• End after X occurrences

• End at given date

2.3.3. File Format

a) vCalendar

The traditional calendaring and scheduling information found in paper day-planners and calendars have been
captured in a flexible, electronic format in the vCalendar specification. It is suitable as an interchange format
between applications or systems and is defined independent of the particular method used to transport it.

On http://www.imc.org/pdi/pdiproddev.html the specification is outlined and explains the content of either


vTodo and vEvent data-objects; They contain about thirty Properties upon which the most important are :

• Attendee

• Categories and Classification

• Due Date, Start Date, End Date, Date Created and Date completed

• Location

• Description, Summary and Status


i.e. roughly all content information that we need as defined in 2.3.2 are represented in the vCalendar
specification.

b) iCalendar

iCalendar is essentially version 2.0 of vCalendar. It has some features that v1.0 does not support and is
defined in RFC 2245: http://www.ietf.org/rfc/rfc2445.txt the specification of iCal (vCal 2.0) is outlined and

While vCalendar is the older standard, developed by the Internet mail consortium in 1996. iCalendar is a
newer and more robust version of vCalendar, capable of transferring more information, and first was
documented in 1998. It is based on the earlier work of the vCalendar specification. iCalendar is essentially
version 2.0 of vCalendar. The basic difference is the types of data each can transmit. Both handle the
rudiments of time, date, place and attendees, but iCalendar also handles e.g. ‘alarm’ type and ‘Relationship
Component’.

The following example specifies a scheduled meeting that begins at 8:30 AM EST on March 12, 1998 and
ends at 9:30 AM EST on March 12, 1998.

BEGIN:VCALENDAR
BEGIN:VEVENT
UID:guid-1.host1.com
DTSTAMP:19980309T231000Z
DESCRIPTION:Project XYZ Review Meeting
SUMMARY:XYZ Project Review
DTSTART:19980312T133000Z
DTEND:19980312T143000Z
LOCATION:1CP Conference Room 4350
END:VEVENT
END:VCALENDAR

c) Microsoft .Cal

Reverse engineering the the binary file format used by Microsoft Windows Calendar (CALENDAR.EXE)
produced the document at

http://mediasrv.ns.ac.yu/extra/fileformat/windows/cal/calendar.txt

A Calendar binary file contains information about file content, dates, days, and appointments. It is only
supported by some older Ms distributions.

d) hCalendar

While the above specification are used to define how a calendar event should be stored in a file for archiving
or for exchanging, the micro-formats site contain a hCalendar9 format (open standard) for embedding such
calendar events inside XHTML documents. The iCalendar example above will than deliver the following

9 http://microformats.org/wiki/hcalendar
xhtml snippet

<span class="vevent">
<a class="url" href="http://www.web2con.com/">
<span class="summary">Web 2.0 Conference</span>:
<abbr class="dtstart" title="2005-10-05">October 5</abbr>-
<abbr class="dtend" title="2005-10-08">7</abbr>,
at the <span class="location">Argent Hotel, San Francisco, CA</span>
</a>
</span>

which could be displayed as:

Web 2.0 Conference: October 5-7, at the Argent Hotel, San Francisco, CA

The main objective of the hCalendar format is to augment the capabilities of a simple html page to become a
Web2.0 page. This allows the page to not only be readable by humans but also by computer software.

2.3.4. Applications

a) Desktop

For windows OS the most common calendar application is integrated within Ms Outlook. It provides
different views (day/week/month) on the calendar events. When used in combination with an Ms Exchange
Server the software allows checking whether invitees for a meeting have a free slot for a next event by
sharing busy/free times of colleagues.

Another runner-up is the Mozilla Sunbird/Lightning duo. They provide roughly the same functionality but
the Lightning application is integrated in the Thunderbird E-mail client. The main advantage of this duo is
that it is Open Source and it supports the Caldav exchange open standard.

b) Web

There are currently several free web applications for sharing calendar information. Most known are those
from yahoo and hotmail, but they both online keep track of a single user’s calendar, they do not provide
sharing/exchanging of information. The Google calendar does provide a way to share calendar with other
users and even allows promoting a calendar to “public” so that every-one is able to view the calendar
information. It also allows sending invites through Gmail. And as a last positive point, the Google calendar
allows publishing the calendar as an iCal file.

2.4. Notes
An interesting review on Electronic Calendars can be found at
http://aspen.ucs.indiana.edu/project/cctools/Calendars.doc and addresses the following calendar standards

• Calendaring data interchange standard (vCalendar/iCalendar)


• Calendaring interoperability protocol (iTIP/iMIP/iRIP)

• Calendar access protocol (CAP)


3. can open source exchange [MY] world
"Bless us and splash us, my precioussss! I guess it's a choice feat; at least a
tasty morsel it'd make us, gollum!" And when he said gollum he made a
horrible swallowing noise in his throat. That is how he got his name, though
he always called himself 'my precious' ”

The Hobbit, "Riddles in the Dark"

Most information discussed in the previous chapter is typically private information which is not supposed to
be visible to other people. There are of course company wide address books but even them are not supposed
to be visible by other companies and most often not including all personal info like birthdays, private mobile
phone, etc.

The same applies to Calendar entries, task lists and notes. But not so for bookmark lists, Rss feeds, etc.
People don’t seem to mind to share that info with others. Web services like http://del.icio.us/ and
http://share.opml.org/ are there just for that reason.

In any case, we need to make sure that information that is private should not be seen by others. This is where
security and encryption comes in. Since we are mainly interested in exchanging and synchronizing
information we will not discuss the security of data-storage ON the desktop. It is the security of the operating
system and of each particular desktop application that needs to ensure that the data on disc is save. We will
focus on security and authentication when sending information like emails, calendar updates, address book
searches/updates over the Internet.

3.1. Securing E-mail


Default E-mail sending is a secure as sending postcards by snail mail. Why?

The protocol for routing mail around the Internet (SMTP) is typically implemented without any type of
transport encryption. The same counts for standard POP or IMAP protocols that are used to retrieve emails
from server.

This means that anyone listening to these lines can read the emails if they are unencrypted. There are two
options here. Either you make sure that your transport layer become secure which can be done by connecting
to the SMTP and POP/IMAP server using SSL. Or you make sure the message itself is encrypted.

The latter is preferred since SSL only protect data in transit over a network, a mechanism is needed to protect
data in long-term data storage such as disk files on desktop and server machines.

And there is still the issue of authentication. The current situation is that receivers of emails can be identified
(they have to enter user-name and password to retrieve their mail), but the senders are not. Anyone can in fact
send an E-mail and fill in any address on the sender field. A way to authenticate the emails and even put
digital signatures is needed.
3.1.1. SSL
SSL(Secure Sockets Layer) ensures that all data that travels the line from the sender or receiver to the SMTP
or POP/IMAP server is encrypted. Any-one eavesdropping this line will only see encrypted data.

SSL10 consists of 2 sub-protocols, one for setting up a connection and one for transmitting data over the
connection. The protocol act as a new layer between the network transport layer (e.g. TCP/IP) and the
application layer (HTTP), which in that case is called HTTPS and is often used in secure web applications
like web mail clients and web based banking. But in fact any application can use the secure layer so SMTP
and IMAP can also float on it.

3.1.2. Digital Signatures


There are three common reasons for applying a digital signature to communications:

1. Authentication: The receiver will be confident that the message was indeed send by the person
claiming to be the sender.

2. Integrity: Both the sender and the receiver can be confident that the content of the message has not
been altered

3. Non-repudiation: the sender cannot claim that the message was send by someone else.

It is most common to use a private key to sign the message. Signing in this case means: calculating the hash
of the message and using the private key to encrypt that hash, that encrypted hash is attached to the message.
[Note that the message itself is not encrypted in this process].

The receiver on the other hand uses the public key of the sender to decrypt the hash and compares it to the
self calculated hash.

In practice it is not needed to sign each message send during a communication. In fact only the final decision
should be signed. E.g. during negotiations with a future employer, all communication should be encrypted
(but not necessarily signed), only when the employee decides to sign a contract he should digitally sign that
message.

3.1.3. Bundled security


When all of the pieces of the security puzzle are available one can build a security solution that ensures
privacy, authentication, digital signing, encryption and compression. The first pretty good solution came from
Phil Zimmerman in the form of PGP11 (Pretty Good Privacy). It was an open source solution implemented on
all major OS-platforms and Cryptographer Bruce Schneier characterized an early version as being "the
closest you're likely to get to military-grade encryption" (Applied Cryptography, 2nd ed., p587).

Because of political issues (US considered the open sourcing of PGP software as military export) and patent
problems. Both symmetric RSA algorithm and the asymmetric IDEA algorithm had been patented and had to
be replaced by unpatented algorithms.

10 http://en.wikipedia.org/wiki/Transport_Layer_Security and A. Tanenbaum in (Computer netwerken, 4th ed., p822).


11 Pretty_Good_Privacy
A successor for the PGP program is the S/MIME12 standard which provides the following cryptographic
security services for electronic messaging applications:

• authentication,

• message integrity

• non-repudiation of origin (using digital signatures)

• privacy and data security (using encryption).

It is currently build into the majority of E-mail clients and can only be used after installing a key/certificate
from a free or paying Certificate Authority like www.certipost.be

3.2. Securing synchronization of information


The needs to have a secure synchronization of personal information are a lot less than when sending emails.
We need

1. Integrity of the information. We need to be sure if data that the requested changes (update/delete/add)
is correctly applied on the receiver side. This can easily be done by calculating a check-sum and
adding that to the message. The receiver can than verify that the request has not been altered

2. Privacy of the information. We suppose that the storage of the information is secured either by
making sure that accessing the information is only feasible by the authorized user or by encrypting all
information with a key that is only know by the user. The only weak link is than the communication
channel. We have explained above that by using the SSL on top of the transport layer any application
(web services, remote procedure calls, http requests) can benefit from this secure channel. It can also
be used to tunnel an entire network stack to create a VPN. In that case all communication becomes
encrypted.

4. can open source [EXCHANGE] my world


Discussion is an exchange of knowledge; argument an exchange of
ignorance.

Robert Quillen (1887 - 1948)

4.1. E-mail
E-mail originated in the mid 60’s as a way to communicate between users of the same Time-sharing system
(TSS). Users left files in a common folder “To tom” containing a message. In the late 60’s most TSS had an
internal mail system and linking them was the one of the first applications of ARPANET. After some

12 MIME (Multipurpose Internet Mail Extensions)


iterations a protocol for sending mail came to life in the beginning of the 70’s. Also the ‘@’-sign to separate
username from computer system was ‘invented’ at that time. This led to the SMTP protocol as we know it
nowadays for delivering mail from a sender to the receiver’s Mail server. The receiver itself has to “pick up”
his mail from that mail server. This can be done in several ways.

• He logs into his mail server to open his mailbox and read his mails directly at the server. Typical
through a telnet session and using old mail software like pine, elm or mutt.

• He uses a web mail application which retrieves the E-mail from the server and displays it as a html.

• He uses a mail client on his desktop PC which retrieves the E-mail using either POP or IMAP

We have already addressed (2.1.2) the format of emails as they float over the Internet and even discussed a
more secure format (3.1) which is an extension to the original MIME format.

4.1.1. SMTP (Simple Mail Transfer Protocol)


It is a text based protocol which first defines the list of recipients followed by the message in plain text. The
protocol is used to deliver mail from the sender’s desktop to the mail transfer service of the ISP, but is also
used to send the mail to other MTA’s until it finally is delivered in the mailbox of the receivers ISP.

There are typically three steps to deliver a mail from a sender’s desktop to a receiver’s mail server.

1. The client application looks at the domain name in the E-mail address to find a server that accepts the
message

2. That server request the DNS of the receivers domain for the MX record in its table, which response by
giving the name of any mail server that accepts messages for the receivers’ domain.

3. The senders’ server delivers the message using SMTP to the receivers’ mail server

SMTP is not used to deliver the mail to the desktop of the receiver. The receiver itself must initiate the pick
up process.

4.1.2. POP (Post Office Protocol)


While the SMTP protocol is used to ‘push’ e-mail from sender to receivers’ mail server. POP is used to ‘pull’
e-mail from the mail server to the receivers’ desktop mail client. POP3 is the version that is currently
implemented by desktop mail client applications, and has been designed for dial-up connections that are not
always online. It is used to connect to the mail server, download all or selected messages to the desktop, and
typically go back offline. The messages that are successfully downloaded to desktop are by default removed
from the server. This has an advantage because the receiver can now read the message without going online.
But as a result when he switches to another desktop machine he will no longer be able to read the
downloaded message. As a result most clients now support the leave message on server option which will not
delete the message after successful download. This puts some extra burden on the client because it now needs
to keep track which messages have already been downloaded and which haven’t. To be able to do that POP3
supports UIDL (Unique IDentification Listing) command which attaches a unique number to each message.

4.1.3. IMAP
IMAP (Internet Message Access Protocol) is gradually replacing POP as the main protocol used by E-mail
clients in communicating with E-mail servers. Using IMAP an E-mail client program can not only retrieve E-
mail but can also manipulate message stored on the server, without having to actually retrieve the messages.
So messages can be deleted, have their status changed, multiple mail boxes can be managed, etc. All this is
off course only possible with an always online connection. But it can also be used to download messages
offline so it can also be used by dial-up connections.

A very interesting feature of IMAP is the Push e-mail. When both the server and the client support the idle
command, a message that reaches the server is immediately ‘pushed’ to any connected clients. The client no
longer has to poll the server every few minutes to check if new mail has arrived. It has the same effect as e.g.
BlackBerry telephones which immediately retrieve new mail when it reaches the Blackberry server. This
push technology is mainly interesting for Phone devices which have rather low bandwidths and are using
costly GPRS/UMTS connection to stay online. A “good” mobile E-mail client will generate a "poll" event
(leave IDLE - re-enter IDLE), that can be as little as 20 characters each way.
2(up-down) x 20(character) x 24(2 times an hour for 12 hours) x 30 = 28.8k a month which is not that much
traffic in order to keep an IMAP continuously alive for receiving push e-mails within seconds after arrival on
the server.

4.2. Calendar
When using Ms Exchange server, calendaring and scheduling within the company is relatively easy in
combination with Ms Outlook as client application. The main problem is that a closed protocol is used to
transmit calendaring information from client to server machines.

There are several open standards regarding the exchange of calendaring information.

The oldest standard is rfc2445 (iCalendar). But this standard only defines the format in which calendar
information should be transmitted. It does not state what protocol should be used to query a server for
calendar information.

Webdav

The simplest implementation of calendar sharing is based on Webdav which is an extension to the http
protocol allowing users to collaboratively edit and manage files on remote web servers. In this case the files
would be iCalendar files stored on a Webdav supporting server. When the address of this calendar file is
shared to other people they can subscribe to this calendar and view the events in their own client application.
When the maintainer of the calendar makes changes, the client application will then publish a new version of
the .ical file to the Webdav server and thus pushing the change to any other listeners. Several client
applications (Apple's iCal, Mozilla Sunbird, …) support this type of calendar sharing.

Caldav

Another rather new protocol for sharing calendar is CalDav, it is based on the way that Webdav was used by
some client applications for sharing calendars, but where the Webdav way of working was based on simply
storing iCal files on on a ‘network drive’, It takes over some already existing advantages of WebDAV for
Calendar Access13 like

• Using existing HTTP URLs for Calendar objects. No new format is needed

13See http://greenbytes.de/tech/webdav/draft-dusseault-caldav-01.html#advantages for more info on these advantages


• Webdav provides info as XML which makes it easy to use in web-application and web-services

• Support locking of objects [events,todo,..]

• Authorization of users can be supported through Webdav ACL14

• Security can be provided through SASL15 and TLS16

• Some work has been to have Webdav support offline functionality and synchronization on reconnect.
Caldav could benefit from this work

• …

The required calendaring features that are still missing in Webdav should be provided by the calDav
extension of webdav

• Fan-out: This allows clients to perform simple operations (send a single schedule request to the
server) and have the server perform complex and possibly time consuming processing

• Recurrence: Should be provided by a single object containing recurrence info, all the instances of a
re-currency will than become a VIEW/REPORT of the recurrence data. Changing the title in the
single object would affect all instances.

• Notifications: HTTP has no way to interact with client, so some mechanism e.g XMPP17 or SIP18 is
needed to provide 2-way communication

4.3. Address book

4.3.1. Requirements
Before going into the detail of “exchanging” address books, let’s first rumble down over the requirements for
such a service from the perspective of an end-user.

• the service should be accessible from different client applications

• the service should preferable be accessible through a web application

• it should be possible to access the service from multiple clients at the same time

• e.g a pc at home and a pc at work still online

14Access Control Protocol


15Simple authentication and Security Layer
16Transport Layer Security
17Extensible Messaging and Presence Protocol
18Session Initiation Protocol
• e.g. an address-book application and an E-mail application accessing the service at the same
time from the same pc

• changes made in one client should ripple through to all other attached clients

• this synchronization can become very hard in some situation, eg. A user having a pc at home
and work, a mobile phone and online address book service19

• preferable make use of open standards

4.3.2. Microsoft exchange Server


Although Microsoft exchange Server supports the concept of having a company-wide public address book,
which can be searched through by any outlook client, it is not open standard, not free, and difficult to install
for most of the computer users.

4.3.3. LDAP
Another option could be to install a personal LDAP server and use it to share address books.20 We will go into
the details of a LDAP server later on, but we can already reveal that setting up a LDAP server is not an easy
task and requires good knowledge about Active Directories. LDAP is not limited to contact information, or
even information about people. LDAP is used to look up encryption certificates, pointers to printers and other
services on a network, and provide "single sign-on" where one password for a user is shared between many
services. LDAP is appropriate for any kind of directory-like information, where fast look-ups and less-
frequent updates are the norm.

Because LDAP can be used for a lot more than keeping track of contact information it is like using a Royce
Rolls only to go to the market. You are allowed to do it, but it has so much more to offer.

LDAP (Lightweight Directory Access Protocol) is a protocol running over TCP/IP to query a LDAP server.

• The LDAP server (aka. Directory server) are databases heavily optimized for read performance.

• LDAP directory servers store their data hierarchically in a tree of entries

• An entry consists of a set of attributes

• An attribute has a name and one or more values

• An example of such an entry represented in LDIF format has already been provided in section
2.2.3, as an example of an address book file format.

4.3.4. SyncML
A third option is using some synchronization mechanism like SyncML to synchronize address books in
several client applications or devices.

19 Read more about these difficulties on a blog titled : the-holy-grail-of-synchronization


20 See http://www.sudleyplace.com/LDAP/ and http://kb.mozillazine.org/Sharing_address_books#LDAP
SyncML is an open standard used to synchronize contact and calendar information between some handheld
device (mobile phone, pda , …) and a computer (personal, or network-based service).

The protocol is especially aimed at mobile phones, but can in fact also be used to synchronize contact and
calendar information from eg. outlook with a SyncML server. There are some open source server solutions
that adhere to this synchronization standard like open-xchange and funambol but more on those in the next
chapter

4.3.5. Plaxo.com
A last option is to use the Plaxo.com web service which synchronizes several mail clients (outlook,
Thunderbird, mac address book) with the online address book. It even provides API calls to integrate it into
another web application. But sadly it does not support any open standard to search through the contact
information

4.4. Exchange Server Alternatives


In the above section separate way of sharing/synchronization Personal Information have been provided, each
of the provided solutions tries to solve a different task of the complete exchange mechanism.

To ease maintenance it would be extremely helpful if there was a single solution that would solve all these
problems at once. Again preferable we are looking at open source solutions supporting as many open
standards as possible. In this section a few groupware solution are listed that solve the exchange problem in a
non-standard way. Most of the provided solution are free and support a lot of open standard
(mapi,ldap,syncml, ldap,…) but most often the company maintaining the open source projects charge for
connector with eg. outlook

4.4.1. Open source Microsoft Exchange replacements

a) www.open-xchange.com

Open-Xchange is the star of the new generation of messaging and collaboration servers, and a sterling
example of the power of free and open source development methodologies. It is based on the usual best-of-
breed FOSS suspects: Postfix, OpenLDAP, Apache, Cyrus IMAP, Tomcat, and PostgreSQL, as well as
various other bits and pieces. 21

Individually, these are all first-class applications. Knit them together, add nice graphical administration and
user interfaces, and presto! Instant superpower messaging suite.

Of course, it isn't quite that easy, and much credit goes to the developers. Open-Xchange Server 5, the latest
release, packs in many improvements and boasts a comprehensive feature set:

• E-mail and Webmail

• Calendaring, both individual and group

• Meeting coordination

21 According to http://www.serverwatch.com/sreviews/article.php/3603776
• Contact management, both shared and group

• Document sharing

• Cross-platform domain controller

• Project management capabilities

• Searchable knowledge base

• Shared "Pin Board"

• Personalizable to-do lists

• PDA synchronization

• Forums

The main benefits of the commercial version over the open source are

• support

• easy installation

• connectors for outlook, syncML devices

b) other alternatives

There are a lot of other linux alternatives that have roughly the same feature set as Open-Exchange and often
include a lot of similar libraries. All of them are to be installed/maintained by experienced system
administrators.

We will not go into details but here's a list of some of these solutions in alphabetical order

• www.egroupware.org

• www.exchange4linux.org

• www.opengroupware.org

• www.scalix.com/products/opensource.html

4.4.2. From a different angle


The above solutions all try to mimic the Ms Exchange Server and do their best to provide connectors so that
end users using Ms Outlook do not notice the difference
a) www.kolab.org

The special Idea behind Kolab is the usage of IMAP as an underlying protocol not only for E-mail, but for
contact- and calendar entries, too. An entry is simply saved in a special IMAP-folder using XML and the
IMAP-server takes care of the storage. The configuration and maintenance of Kolab is entirely controlled by
the extensive use of LDAP.22

The architecture of kolab is based on open standards. Chapter 2 of their lengthy architecture draft23 discusses
the protocols and file formats used

The protocols were selected with the following criteria in mind:

• proper standardization e.g. by the Internet Engineering Task Force (IETF, http://www.ietf.org)
• open standard in the sense that a Free Software implementation is available
• existing Free Software implementations must scale very well

This leads to the following protocols used in the project:

LDAP, FTP, SSL, SMTP, IMAP, POP3, HTTP, HotSync

And the following file formats:

MIME E-mail, iCalendar and vCard, Kolab-XML an open storage format

Any standard client can connect to the various services a Kolab Server provides, e.g. E-mail (SMTP, POP3,
IMAP), iCalendar services (E-mail), Address-book/Management (LDAP) or Freebusy lists (HTTP).

For an integrated groupware experience, more is needed. Clients must understand the Kolab2 storage format
and have necessary features, like setting access controls dealing with iCalendar emails and freebusy lists.
Any non-web client must also offer offline support and should do electronic signatures. Following clients are
currently known

• KDE client (Kontact) free - GPL


• Ms Outlook, Trolltec connector - proprietary, with 30 day evaluation
• Horde webmail
• Thunderbird plugin: Sync kolab

b) www.funambol.com

Formerly known as the Sync4j project, Funambol is an open source mobile application server that provides
push E-mail, address book and calendar (PIM) data synchronization, application provisioning, and device
management for wireless devices and PCs, leveraging standard protocols. For users, this means BlackBerry-
like capabilities on commodity handsets.24

Funambol is mainly targeted to mobile clients and uses synchronization through syncMl as the heart of all

22 http://en.wikipedia.org/wiki/Kolab
23 The architecture draft can be found in the pdf document : http://www.kolab.org/doc/concept-draft-cvs20060921.pdf
24 http://en.wikipedia.org/wiki/Funambol
operations.

c) www.scheduleworld.org

Another project using syncML as core exchange mechanism is www.scheduleworld.org. It is service enabling
its users to schedule events, and keep track of contacts.

To contact the server a user has several options. There is a web-interface25 (which can even be synchronized
with Google calendar), a java client using webstart26, a J2ME client for cell phones27 and there is
Interoperability with standard clients like Outlook, Thunderbird, Sunbird and recently syncEvolution and
Blackberry support has been added.

Although the software still has active development on freshmeat and seems to support a lot of open
standards, the project is maintained only by a single developer and is not open source (but a trial version can
be obtained).

d) http://osafoundation.org/

OSAF is a non-profit organization developing next-generation inter-personal information management


software. Their current projects include a desktop PIM application code-named "Chandler", a server code-
named "Cosmo" and a web calendar code-named “Scooby”. The project is still under heavy development and
seeks to become a complete all-in-one package providing small businesses and universities and interesting
platform for collaborative working.

There is an active development in this project and the foundation recently (September ’06) welcomed two
new members to their team.

Another reason for monitoring the progress of this project is that the board of directors28 includes some very
well known technological people from Mozilla Foundation, Lotus Development, Electronic Frontier
Foundation, and University of Berkeley.

5. 5can [OPEN source] exchange my world


The trouble with having an open mind, of course, is that people will insist
on coming along and trying to put things in it.

Terry Pratchett

25 http://www.ScheduleWorld.com/tg/
26 http://www.ScheduleWorld.com/sw/ScheduleWorld.jnlp
27 http://www.scheduleworld.com/j2me.html
28 See bottom of http://osafoundation.org/people.htm
Why Open?

The basic point is to understand the difference between open source (which allows you to change code or
content) and open standards (which enable components to work together because the specifications are
known).

In the course of this paper it comes down to checking if

• Client applications (E-mail, browser, synchronization software) are Open Source

• Application protocols (smtp, pop, imap, ical, rpc) are Open Standard

• File formats (mime, ical, mbox) are Open Standard

• Algorithms (encryption, handshaking) are Open Standard and it’s implementations Open Source

5.1. Open source software


There are currently 2 different definitions that cover the meaning of 'Open Source'

a) Open source definition by OSI:

Open source doesn't just mean access to the source code. The distribution terms of open-source software
must comply with the 10 criteria defined by the Open Source Initiative.

The most important requirements are

• Free Redistribution : The license shall not require a royalty or other fee for sale.
• Source Code available : The program must include source code, and must allow distribution in source
code as well as compiled form.
• Derived Work must be allowed to be created and distributed under the same terms as the license of the
original software.

b) Free Software definition by GNU:

According to GNU ("GNU's Not UNIX”) the free software definition shows clearly what must be true about
a particular software program for it to be considered free software.

Free software is a matter of liberty, not price. To understand the concept, you should think of free as in free
speech, not as in free beer.

Free software is a matter of the users' freedom to run, copy, distribute, study, change and improve the
software. More precisely, it refers to four kinds of freedom, for the users of the software:

• The freedom to run the program, for any purpose (freedom 0).
• The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the
source code is a precondition for this.
• The freedom to redistribute copies so you can help your neighbour (freedom 2).
• The freedom to improve the program, and release your improvements to the public, so that the whole
community benefits (freedom 3). Access to the source code is a precondition for this.

c) Licences

Open source software is distributed under a license, just like regular proprietary software is. An open source
license is a license with a difference: instead of keeping or expanding the software developer's rights, it gives
them away. There is no single open source license; to date, more than 30 exist. The OSI web site lists and
links to all the OSI-certified open source licenses. But all those licences can be grouped into 4 main classes

• strong copyleft licenses (example Gnu Public Licence )


• weak copyleft licenses (example Mozilla Public Licence )
• no copyleft licenses (example BSD)
• other open source licenses

An article on ONLAMP explains these differences very well but to summarize we could state that strong
copyleft forces you to give up private ownership on modifications made to the source code, while no copyleft
leaves you free to distribute your changes.
These licensing issues are becoming more and more important. In the Java world many companies are using
Open Source Libraries (e.g apache-commons, hibernate, berkeleydb,..) in their final product, and it is very
important for them to check in advance how these libraries can be used. The matter has become that complex
that deciding to pick an Open Source Product in the project should not be left to a single developer. There are
technical attorneys which can help manager in finding their way in the legal labyrinth.29

6. CAN open source exchange my world?


In the previous chapters we covered different parts of a general problem: Is it possible to use only software
(both client and server), released with an open source license and based only on open standards, to exchange
information between different people, and have that information available from different location (web,
client, pda).
Much to my regret i think i must conclude that the full-blown solution ( a simple to install exchange server
solution based only on open standards and which can be synchronized with different clients/devices) is
currently not yet available.
There are some solution (see chapter 4) which come close but none is capable to give a solution for all
requirements.
Let's break this down to the smaller pieces.

6.1. the breakdown

a) E-mail

E-mail is a very important part of information. We have see that the IMAP standard provides a very good
solution which is easy to install and there are even free/paying services available. Combined with recent
development around the IMAP IDLE command which even allows to provide a push E-mail service which is
interesting for mobile devices that are always online.

29 groklaw , slashdot , news.com , linuxjournal


b) Contacts

Contacts management is also considered as a base necessity for many users. In a company environment it
could be possible to setup an LDAP-server. There are a few Open Source implementations but it appears that
setting up a LDAP server is not an easy task. More experienced administors are needed, and it is typically not
worth the effort for single end-users. To my knowledge there aren't any ISP that provide this service for free
or as a paying service.
Although there are open standards (vCard, iCard,LDIF) to exchange contact information not much work is
done to design a working server which is capable of doing the simple CRUD-operations
(CreateReadUpdateDelete) on contacts. Recently the syncML standard is being implemented using WebDav
standards, this seems like a good direction but this synchronization technology is not yet mature.

c) Calendar & Tasks

Calendar and Tasks management is yet another story. Unless that one chooses for a full blown exchange
server which gives support for shared calendars; setting busy times, and use E-mail as a way to subscribe to
events and invite other people. It does not seem to work outside the exchange network. The 'protocol' used in
the emails is not proven to work when sending mails to people in another (exchange) network. The syncML
standard is used here also to provide the same functionality over HTTP and by using webdav as a means of
storing event-items. But again we must conclude that the technology is rather young and not wide spread.
There are some internet services allowing people to maintain a web-based calendar/tasklist, and there are
even plugins (plaxo.com) allowing to synchronize that information with other clients/devices, but again, ..
these services do not rely on any open standards

d) Bookmarks

Bookmarks and RSS-feeds: There is NO standard yet to be able to store,query or exchange this type of
information. There are some well-known Internet Services (Google reader/delicious/..) which allow to
maintain this information in a single location on a server. And there are even plug-ins (Google synchronize,
sitebar client) that allow to 'synchronize' that information with client browsers, but alas, .. again these
services are not build on some open standard. Just because there aren't any standards in this field.

6.2. (Pessimistic) conclusion


Although there is again some momentum in the technological world in order to provide a solution to our
problem. We must conclude that the All-In-One solution does not yet exist. Either because there are no
decent open source implementations of the existing exchange standards, or worse, there aren't any standards
yet to solve some parts of the exchange problem. Several years will pass (if it will happen at all) before a
grant unified solution will emerge.
6.3. (Optimistic) conclusion
It is not all gray and rainy in exchange land. Due to the rise of several Web2.0 services the exchange problem
has gained some interests from big companies like Plaxo, Yahoo, Google who all try to solve some part of
this big puzzle. If a solution will come, it will definitely come from that direction, and hopefully result in an
exchange standards that are open for anyone. Let it be even through web services, or another high level
RemoteProcedureCalling mechanism, as long as the API for these services are open to anyone (and not
licensed or owned by a single company), the future is still bright.