Comp2513 E-Commerce Infrastructure 2 Daniel L. Silver, Ph.D.
2001Daniel L. Silver2 Objectives To complete an overview of the major architectural components of the Internet that form the infrastructure for E-Commerce To complete an overview of the major architectural components of the Internet that form the infrastructure for E-Commerce References: portions of Sharma Ch.1 and 2, and DDEA Ch.7 References: portions of Sharma Ch.1 and 2, and DDEA Ch.7
2001Daniel L. Silver3 Outline Review of Architectural Map Review of Architectural Map Dynamic Interactive Webpages Dynamic Interactive Webpages –Forms and CGI –Java and Applets, JavaScript –Cookies Servlets and Application Servers Servlets and Application Servers Database and Database Servers Database and Database Servers Beyond HTML: XML Beyond HTML: XML Security and Authentication Security and Authentication Electronic Payment Electronic Payment
2001Daniel L. Silver4 Major Architectural Components of the Web Internet Browser Database Server Client 1 Server A Server B Bank Server URL HTTP TCP/IP Browser Client 2 HTTP Server App. Server index.html Bank Server Dedicated prog.cgi
2001Daniel L. Silver5 Dynamic Internet Pages! HTTP allows client to request a webpage (URL) and server to respond HTTP allows client to request a webpage (URL) and server to respond HTML and browser allows display of data sent from server HTML and browser allows display of data sent from server How do we move data to the server? How do we move data to the server? How do we provide program logic at the client? How do we provide program logic at the client? –e.g. Check the postal code: B0P 1XO
2001Daniel L. Silver6 Forms and CGI The HTML tag specifies that: The HTML tag specifies that: –Input data will be received from the keyboard –Data should be processed by a server application if SUBMIT button is pressed CGI – Common Gateway Interface CGI – Common Gateway Interface –Standard for HTTP client-server application communications. It defines how: –A client can request to run an application on a server and use specified input data –A server application can pass the response back to the client –It is NOT a programming language
2001Daniel L. Silver7 Forms and CGI An Example: greeting.html An Example: greeting.htmlgreeting.html
2001Daniel L. Silver8 Java and Applets Java is an OOP language developed by Sun Microsystems Java is an OOP language developed by Sun Microsystems Platform independent – code is interpreted by a Java Virtual Machine (JVM) Platform independent – code is interpreted by a Java Virtual Machine (JVM) A Java applet is a Java program that is launched by a browser: A Java applet is a Java program that is launched by a browser: –HTML page contains reference to an applet –Applet is downloaded from server –Java is executed by JVM assoc. with browser
2001Daniel L. Silver9 Java Applet Advantages: Advantages: –Client side logic for dynamic content and format of pages –Client side logic for complex algorithms and local data manipulation An Example: HelloApplet.html An Example: HelloApplet.htmlHelloApplet.html
2001Daniel L. Silver10 Javascript Introduced by NetScape Introduced by NetScape A client-side language A client-side language Provides program logic embedded in HTML for generation of dynamic webpages and minor computation Provides program logic embedded in HTML for generation of dynamic webpages and minor computation Manipulation of objects in HTML page including the creation and movement of browser windows Manipulation of objects in HTML page including the creation and movement of browser windowsmovement of browser windowsmovement of browser windows Most importantly allows validation of entered FORM data Most importantly allows validation of entered FORM datavalidation of entered FORM datavalidation of entered FORM data
2001Daniel L. Silver11 Web Sessions? Recall the problem of web sessions being connectionless Recall the problem of web sessions being connectionless TCP/IP is connection oriented but each HTTP request/response uses one such connection and then terminates TCP/IP is connection oriented but each HTTP request/response uses one such connection and then terminates State is not maintained from page to page State is not maintained from page to page Each item you order is a separate request Each item you order is a separate request So how does a E-Comm site know how to accumulate orders for you? So how does a E-Comm site know how to accumulate orders for you?
2001Daniel L. Silver12 Cookies A Cookie is a small piece of data placed on a client system that is used by the server to identify the client A Cookie is a small piece of data placed on a client system that is used by the server to identify the client –Client, about to make a request to a server, checks to see if it has an associated cookie »If cookie, then send it with the request –Server checks for cookie in request »If cookie, then pass it to any applications called –Server may create a new cookie and return it with the response to the client –Client receives response and checks for new cookie »If cookie, then it saves it for this server URL
2001Daniel L. Silver13 Servlets and Application Servers Java Applets have three major drawbacks: Java Applets have three major drawbacks: –Take time to load unto client –May not work as planned (depends on JVM) –Potential security risk for client Server-side code is preferred for business logic Server-side code is preferred for business logic CGI allows an application to run on server but creates server performance problems: CGI allows an application to run on server but creates server performance problems: –Each time a separate process must be spawned
2001Daniel L. Silver14 Servlets and Application Servers Servlets overcome this problem Servlets overcome this problem Servlets rely on a Servlet Engine (Application Server) to manage multiple requests for the same application Servlets rely on a Servlet Engine (Application Server) to manage multiple requests for the same application Tomcat is one of the most common Servlet Engines Tomcat is one of the most common Servlet Engines
2001Daniel L. Silver15 JSPs – Java Server Pages A relatively new Java programming model from SUN that follows IBM’s older net.data and MS’s Active Server Pages A relatively new Java programming model from SUN that follows IBM’s older net.data and MS’s Active Server Pages Objective is to separate the application processing code from the HTML presentation code Objective is to separate the application processing code from the HTML presentation code Easier to build dynamic E-commerce applications without loss of servlet power Easier to build dynamic E-commerce applications without loss of servlet power
2001Daniel L. Silver16 Skeleton of a JSP <HTML><HEAD> HelloJSP1 HelloJSP1 </HEAD><BODY> Hello JSP - Example 1 Hello JSP - Example 1 <BEAN name="textProvider" name="textProvider" type="example.Bean.HelloJSP1" type="example.Bean.HelloJSP1" scope="request"> scope="request"></BEAN> </BODY></HTML> Basic Html Code Java Object Created as a Java Bean Calling a method of the Java Object
2001Daniel L. Silver17 Major Architectural Components of the Web Internet Browser Database Server Client 1 Server A Server B Bank Server URL HTTP TCP/IP Browser Client 2 HTTP Server App. Server index.html page.jsp Bank Server Dedicated prog.class
2001Daniel L. Silver18 Database and Database Servers Database - A collection of data, structured in a well defined format, accessed by multiple applications using standard commands, ensures integrity of access Database - A collection of data, structured in a well defined format, accessed by multiple applications using standard commands, ensures integrity of access DBMS – Database Management System – facilitates and optimizes database I/O DBMS – Database Management System – facilitates and optimizes database I/O Database Server – A server that runs a DBMS and can field requests for data I/O Database Server – A server that runs a DBMS and can field requests for data I/O
2001Daniel L. Silver19 Database and Database Servers raven.acadiau.ca will be our database server raven.acadiau.ca will be our database server Our DBMS will be PostgreSQL (Postgres) Our DBMS will be PostgreSQL (Postgres) Postgres is a relational database – like a set of spreadsheet tables Postgres is a relational database – like a set of spreadsheet tables Used to store all data for products, categories and stores Used to store all data for products, categories and stores ODBC – Open Database Connectivity ODBC – Open Database Connectivity JDBC – Java Database Connectivity JDBC – Java Database Connectivity
2001Daniel L. Silver20 XML eXtensible Markup Language eXtensible Markup Language HTML tags such as Silver tell how to display the word “Silver” (syntax) HTML tags such as Silver tell how to display the word “Silver” (syntax) But its does not define what it means But its does not define what it means XML defines meaning (semantics): Silver XML defines meaning (semantics): Silver And to create structure … And to create structure … Homer Simpson 1234 Hickup Lane
2001Daniel L. Silver21 Security and Authentication HTTP connections can be “sniffed” for their data – just plain ASCII text HTTP connections can be “sniffed” for their data – just plain ASCII text Encryption methods encode text to make it unreadable Encryption methods encode text to make it unreadable Public and private keys are used for coding and decoding encrypted messages Public and private keys are used for coding and decoding encrypted messages Authentication concerns ensuring that a sender is who she says she is Authentication concerns ensuring that a sender is who she says she is
2001Daniel L. Silver22 Security and Authentication Certificate is an entity’s public key plus other identification (name., location) Certificate is an entity’s public key plus other identification (name., location) SSL – Secure Socket Layer SSL – Secure Socket Layer –Lies between TCP/IP and HTTP and performs encryption HTTPS is the HTTP protocol that employs SSL – it will use a separate server port (default = 443) HTTPS is the HTTP protocol that employs SSL – it will use a separate server port (default = 443)
2001Daniel L. Silver23 Security through HTTPS Browser Database Server Client 1 Server A URL HTTP TCP/IP HTTP Server App. Server index.html Bank Server Dedicated prog.cgi HTTPS port = 80 port = 443
2001Daniel L. Silver24 E-Payment Credit card Credit card Debit card Debit card Micro-payments Micro-payments Smart card Smart card
2001Daniel L. Silver25 Major Architectural Components of the Web Internet Browser Database Server Client 1 Server A Server B Bank Server URL HTTP TCP/IP Browser Client 2 HTTP Server App. Server index.html Bank Server Dedicated prog.cgi
2001Daniel L. Silver26 Successful E-Commerce Applications Flexible – ever changing products, technology, business process Flexible – ever changing products, technology, business process Multi-channel interfaces - diversity of user and external application access Multi-channel interfaces - diversity of user and external application access Security – a primary concern Security – a primary concern Integration – no application is an Island Integration – no application is an Island
2001Daniel L. Silver27 Summary of Technical Requirements for E-Comm. Dynamic, personalized web user interfaces Dynamic, personalized web user interfaces Multi-channel user interface support Multi-channel user interface support Adheres to standard application interfaces Adheres to standard application interfaces Distributed programming/acrhitectural model Distributed programming/acrhitectural model Deployment on distributed components Deployment on distributed components Distributed transaction support Distributed transaction support Asynchronous message communications Asynchronous message communications Strong security Strong security
THE END