Many proposed user scenarios focus on supplying information that's already available. For example, you don't need a PDA to find out about flight delays; the airport freely distributes this information over monitors. So how does an airport make money by installing wireless transponders to offer this information as a service to its customers?

Some suggest that advertising will support the wireless infrastructure. In a mall scenario, where ads can reach customers as they walk in and when they're already pre-disposed to buy, that may be true.

However, the real value of a wireless network comes from simple yet advanced services. If you've ever been through the Dallas airport with a 40-minute layover, you know what kind of running is required to catch that connecting flight. You also know what kind of food (can it be called food?) is waiting for you. Imagine being able to determine which fast-food restaurant you'll have to run past on the way to your connection, placing and paying for your order as you step off your plane, and then grabbing the food ready-to-go on your way by, without waiting in line. This is no longer a matter of rehashing information in a different format. This is a service that has "need this" value.

For all this to materialize, however, service discovery is necessary. If a PDA won't work in every airport or an airport won't support every PDA, the model won't be able to support itself. Service discovery enables devices that have never interacted before to automatically and quickly establish a relationship of exchangeable services.

Instead of using bandwidth to simply push a name in the consumer's face (and annoying the consumer), supplying information becomes the first step to actually generating a sale. ATMs, possibly the best candidate for information kiosks next to PDAs, could serve as a local source of information, supplying not just the name of a Chinese restaurant, but a Chinese restaurant within walking distance. Robert Pascoe, president of the Salutation Consortium, calls this geographic computing or "information I need when it's at the top of my head." The idea is that information is pre-filtered based on one's location, and therefore, interest.

The scope of a LAN becomes fluid, and service discovery is the means by which devices join the LAN on a temporary basis.

Pascoe sees the concept of geographic computing moving into even the vending-machine market. "I'm not sure it's so far away," he says. Today many vending machines have a network connection for remote monitoring and (soon) to allow the use of credit cards. Once you've got the pipe in place, you can pump information through it. Add a wireless interface and you've just potentially connected every portable device that comes along. "The key is that the wireless network is really just an extension of existing databases," Pascoe says. "The data is already there. The question is how you get it out to the end user."

With so many different standards competing for the same market space, there are bound to be interoperability problems. The point of seamless wireless connectivity, however, is the ability to bring a device into a network and not have to worry about issues such as platform, OS, or whether your UPnP device can access Jini or UPnP services.

Bluetooth is the strongest contender to provide the backbone for personal area networking, which will constitute the "last foot" connection for handheld, portable, and peripheral devices. Service discovery is built directly into the Bluetooth specification. However, if Bluetooth already has its own service-discovery mechanism, the question becomes, how will Bluetooth interact with Jini, UPnP, and Salutation?

Each of these three standards has recognized the importance of working with Bluetooth, and all the relevant groups are developing bridges to the protocol. Within the Bluetooth service-discovery protocol (SDP) itself lies a mechanism to discover higher-layer discovery protocols. At the level of SDP discovery, two devices may notice that they both support a higher-layer discovery protocol. The Bluetooth SDP then establishes a link to use that protocol and steps aside.

Sun originally envisioned Jini as a truly universal technology that would enable devices of all kinds to become useful members of a network. Jini would facilitate everything from factory floors to home-appliance networks that control the coffee pot and dim the lights.

However, Jini runs on Java. A device capable of using Jini therefore requires a JVM (Java virtual machine)—software that allows it to run Java applications. Moreover, it also requires a TCP/IP connection. Together, these requisites add up to the need for more than 1 Mbyte of memory and a lot of processing power.

Now, Sun has finally pulled its head out of the sand and acknowledged that appliances like light bulbs and hotel door locks don't require full Java capabilities. Moreover, even reasonably powerful devices like PDAs and cell phones lack the needed resources. So Jini now offers three modes of connectivity: native mode, device architecture, and surrogate architecture.

Native mode refers to a full Jini-enabled client. The device architecture allows devices that are severely resource-limited, such as light bulbs, to act through a proxy, as well as use a proprietary protocol to communicate with the proxy.

The surrogate architecture, still being defined, will probably best serve the wireless market. The surrogate sits between the client and a full Jini-device. The problem with proxies in the device architecture is that they have to know all and see all in order to bridge between the two devices. Surrogates address this by letting the proxy participate on a sliding scale. The client still has to be able to at least identify itself and send a proxy device that can act on its behalf, but the surrogate can accommodate the client by taking over some of the processing load. The client can still have its own communications protocol, but after empowering the surrogate host to execute on its behalf, other devices on the network can interact with the client without realizing they are actually interacting with a surrogate.

One of the driving forces behind the surrogate architecture is the need to enable non-Jini devices to interact with the Jini architecture. "Having a VM on every device is a bit expensive," says Mark Hodapp, Jini Technology Engineering Manager at Sun. "We'll be able to expand out the network with surrogates. They make the architecture that much more flexible." Additionally, supporting surrogates "acknowledges the great variety of devices out there."

Sun plans to release Jini 1.1 soon. The enhancements focus on making software services—such as banking services—easier to implement. Part of the challenge presented by software services—for any service-discovery scheme—is that there may be a multitude of software services, many of which are not in use at the same time. For example, a function that processes billing transactions for mobile printing services doesn't need to be running all day long, although it does need to be a registered service so it can be called at the end of day to generate a report.

The server housing these software functions has to be able to share and scale resources among the various functions. However, registered services have to occasionally check in to say "I'm still here, is there anything you want me to do?" and renew leases on memory and processor resources.

With many idle services, a network could be drowned in constant lease renewals for services that aren't currently doing anything. Version 1.1 will alleviate this problem by allowing services to register with a Lease Renewal Service that will manage this task. The service itself can stay "quiet", thus preserving resources, until its services are required again.

Security is a key issue, especially if financial or personal information is going to be exchanged. For the most part, security is not part of a service-discovery scheme; it is assumed that the platform, particular wireless interface, and application in use will protect data as appropriate.

In one respect, security seems to be contrary to service discovery. After all, the idea is for devices to find each other so they can interact. As a consequence, service discovery schemes tend to be fairly open and loose with ID information. Thus, passwords will probably protect against unauthorized utilization but not against discovery.

This openness, however, leads to an "ID problem" that can potentially compromise encryption keys as well as user privacy. In the Bluetooth world, for example, any device can ask a Bluetooth device for its ID. This is known as a purely passive transaction. The ID is only used to establish the initial connection between two devices, after which the two devices will communicate (or not) however they want. However, this function can also be misused to follow users around by tracking their ID number. Thus, a user's privacy can be violated by being able to determine where a user is. The ID can also be used to track transactions and build up a list of encrypted messages that can then be used together to break a key.

Note that this is not purely a Bluetooth problem but one that any wireless device that carries a unique address faces, including mobile phones and wireless LAN cards. Bluetooth has a means for overcoming the problem through the Generic Access Profile, which defines both discoverable and non-discoverable modes for devices. The Bluetooth SIG (special interest group) recommends that all devices be shipped preset to non-discoverable mode. Their expectation is that most personal devices will remain in non-discoverable mode and that public devices will remain in discoverable mode. However, one repercussion of this recommendation is that now a user must initiate a connection with the network, rather than have it happen automatically as the person walks into the network's sphere.

Security is also in jeopardy with the addition of proxy services. Proxies are, in essence, authorized spoofing of devices that for some reason cannot connect directly to the network. However, once you introduce the concept of proxy, you introduce the additional difficulties of managing, authorizing, and authenticating them. Jini has begun to address the issue in JSR 76 (Java specification request) for defining an API for remote authorization and authentication.

Once such abilities are built into the JVM, security can be supported on a per-object basis, allowing devices to move objects through the network on their behalf. According to Mark Hodapp, Jini Technology Engineering Manager at Sun, however, "We're not 100 percent clear of how we're going to do this." Options include supporting these features in the lookup services or by having a separate security service devices could use. In a public network, however, there's still the question of who is authorized to do what and how you determine that. Currently, security is left up to the individual devices.