Electronic Commerce

Lecture 8

ee-Consumers

Inte

rnet

TC

P/I

P

Needs

currencies smartcard

WebServer

HT

TP

For

m

Inp

ut

(CG

I)

Server-SideServer-SideProgrammingProgramming•SSISSI•ASP/JSPASP/JSP•CFMLCFML•ServletsServlets•……

Client-SideClient-SideProgrammingProgramming•JavaScriptJavaScript•VBScriptVBScript•AppletsApplets•……

Clients Servers

Server-SideServer-SideProgrammingProgramming•SSISSI•ASP/JSPASP/JSP•CFMLCFML•ServletsServlets

Client-SideClient-SideProgrammingProgramming•JavaScriptJavaScript•VBScriptVBScript•AppletsApplets

Servers

• Server-side programs

• Written in Java

• http://java.sun.com/products/servlet/

Web Server

JVMCGI Program

CGI Program

SSInclude Servlets (SSIS)

<servlet name=SERVLET_NAME

code=SERVLET.CLASS codebase=PATH_TO_YOUR_SERVLET_CLASS INIT_PARAM1=VALUE1 INIT_PARAM2=VALUE2 INIT_PARAM3=VALUE3…

> <param name=PARAM1 value=PARAM_VALUE1 param name=PARAM2 value=PARAM_VALUE2… >

</servlet>

SSI with Servlets

• Include embedding of Servlets in HTML documents

• Named Servlets will be invoked in the Server side (if they are not loaded)

• Servlets process the SSInclude requests and format necessary information to send along the HTML at the point of invocation.

A Sample Servlet

import java.io.*;import java.sql.*;import javax.servlet.*;import javax.servlet.http.*;

public class DBPhoneLookup extends HttpServlet {

public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {

Connection con = null; Statement stmt = null; ResultSet rs = null; res.setContentType("text/html");

PrintWriter out = res.getWriter();

try { // Load (and therefore register) the

Oracle Driver

Class.forName("oracle.jdbc.driver.OracleDriver");

// Get a Connection to the database con = DriverManager.getConnection( "jdbc:oracle:thin:dbhost:1528:ORCL",

"user", "passwd"); // Create a Statement object stmt = con.createStatement(); // Execute an SQL query, get a ResultSet rs = stmt.executeQuery("SELECT

NAME, PHONE FROM EMPLOYEES");

// Display the result set as a list out.println("<HTML><HEAD><TITLE>Phonebook</TITLE></HEAD>"); out.println("<BODY>"); out.println("<UL>"); while(rs.next()) { out.println("<LI>" + rs.getString("name") + " " + rs.getString("phone")); } out.println("</UL>"); out.println("</BODY></HTML>"); } catch(ClassNotFoundException e) { out.println("Couldn't load database driver: " + e.getMessage()); } catch(SQLException e) { out.println("SQLException caught: " + e.getMessage()); } finally { // Always close the database connection. try { if (con != null) con.close(); } catch (SQLException ignored) { } } }}

Why Use servlets Over CGI

• Replacement of CGI

• Servlets are written in Java – platform independent (write once run

everywhere)– Hardware independent (WinNT to Unix) without

compiling or changing anything.

• Less resources intensive: CGI takes more memory and time

Servlets over CGI• Persistent: They are loaded once, multiple

threads of the same servlet will handle multiple client requests.

• Fast: Servlets run must faster than CGI scripts written in interpreted languages(Perl).

• More powerful database connectivity: JDBC to connect to different Databases.

• Extensible: since written in Java, brings all benefits of Java (robust, Object Oriented…)

Server-SideServer-SideProgrammingProgramming•SSI/PHP3SSI/PHP3•ASP/JSPASP/JSP•CFMLCFML•ServletsServlets

Client-SideClient-SideProgrammingProgramming•JavaScriptJavaScript•VBScriptVBScript•AppletsApplets

Servers

<html>

<body>

…

<%

On Error Resume Next

rs.MoveFirst

do while Not rs.eof

%>

………...

<%

rs.MoveNext

loop%>

………...

</body>

</html>

Active Server Page

Web Server

Web Browser

Request example3.asp

Establish a Connection with Database

DatabaseSend SQL Statement to database

Retrieve Data from Database by using RecordSets

Open RecordSet & Display Data in HTML Format

Extract Client’s Input(CGI)

Server-Side Program

1. Connect/Open

2. Extract/Update by SQL

3. Format

Inte

rnet

TC

P/I

P

Needs

e-consumers

VBPerlJava

ASPOr

CFML

WebServer

WebData

ProductInformation

Web Technology

WebServer

WebClient Internet

HttpHttp: HHyper TText TTransport PProtocol

Requests

Responses

Maintain State

• Hidden Fields in Forms• SessionID in URL• CookiesExamples:http://lw4fd.law4.hotmail.msn.com/cgi-bin/getmsg?disk=216.33.148.69_d514&login=sungchichu&f=33792&curmbox=ACTIVE&_lang=&msg=MSG949462271.14&start=422884&len=19988https://ww3.janus.com/cgi-bin/gx.cgi/

AppLogic+HomeStaticA?GXHC_gx_session_id_VJ_WEB=70f2fa69ad7e9e69

Web-based Enterprise Computing

• Client-server computing

• ODBC- & JDBC- compliant

• DBMS

• Static vs Dynamic HTML pages

• Java

• COM

• CORBA

• Drumbeat 2000

• X/Open

• Informix, Sybase, Oracle

• CGI programs (Unix shell scripts, C and/or Perl programs)

• HTTP• Applets vs Servlets• API• ASP vs JSP• Lotus Domino, Netscape

Enterprise, IIS, …• SQL• ColdFusion/CFML• XML

Inte

rnet

TC

P/I

P

Needs

e-consumers

WebServer

WebData

ProductInformation

NewProducts

CRM

Customer Relationship Management

• Augment quality of products• Maintain customer intimacy• Move from ‘cold’ order taking & bye to

partnership throughout the whole buying experience for the customer (deliver, product information, billing, installation, repair/return, renewal)

• Competitive advantage and the key core business process

Inte

rnet

TC

P/I

P

Needs

e-consumers

WebServer

WebData

ProductInformation Product Development

(R&D)

Suppliers

Manufacturing Plants

NewProduct

EDI

Data Mining

Chrysler(Source: MIS Quarterly, June 1995)

• Established electronic communication with a few suppliers in 1969– Not adequate– Suppliers did not have current information about

Chrysler’s requirements– Assembly plants did not know exactly the shipment

content– Keep large safety buffers– Costly emergency deliveries when shortage occurred

• 1990: EDI– Over 100$ saved per vehicle– Annual savings amounted to over $220 millions

EDI

• EDI uses syntax that is commonly known between the two communicating parties (compressed, predefined, sequenced)

• No one existing Internet-based tool could interpret all EDI transmissions

• Record keeping includes specific software to be kept along with it

• New users of EDI could not expect immediate deployment without specialized software

Channel &Customers

FrontOffice

BackOffice

Suppliers

e-Commerceee-Businessee-Business

The Extended Enterprise

ee-StoreERPERP CRMCRMSCMSCM CRMCRM

Issues

• How to encode information such that all parties involved will be able to use it?

• How to establish communication between disparate systems over the Internet (instead of private networks)?

• How could the company be reorganized to accept this reverse value chain?

Java & CORBA

• Java“Write Once, Run Any” language since its

announcement April 1995; a short 4 years and its technology is still in development

• CORBAObject-based broker to tie together disparity

information systesms; circa 1989;

CORBA

• Common Object Request Broker Adapter• Object Management Group (OMG), 1989• CORBA 1.1 in 1991, CORBA 3 in 1999• “…allows a distributed,

heterogeneous collection of objects to interoperate.”

• ORB, IDL, & IIOP (Internet Inter-ORB Protocol)

ORB ORB

IIOP IIOP

Client

Server

IDL

IDLServer

IDL

Internet

XML

• Extensible ML – again a descendant of SGML or a subset of

• Work on draft proposal begins July 1996 by the SGML (Standard General Markup Language) ERB (Editorial Review Board)

• XML specification 1.0 in February 1998 (by W3C)

• Participation by Microsoft and Netscape to support the new standard began the ascent to popular acceptance

Two Classes of XML Documents

• Well-formed: conform to XML standard; there exists a structure of its content

• Valid: conform, and adhere to DTD

• Validating vs Non-Validating XML processors/parsers

Creating XML Documents

• Start- and end-tags

• Attribute assignments

• Entity references

• Comments

• Processing instructions

• CDATA sections

• Document type declarations

Start- and End-Tags

• Naming conventions quite like variables in programming language, start with a letter, no spaces, …

• Nesting is allowed<district>

<building>McDonald’s

</building></district>

• Start- and End-Tags are required.– <foo>…</foo>– <foo/> for empty content within a tag

So?

• Standardize information storage in vertical markets

• Tools can be developed easily

• <address> means?

• Good for textual data – human-readable form; not good for floating point numbers (12,304,000.93 or 12 5/16)

XML/EDI

..only an estimated 125,000 organizations worldwide have an EDI system. Furthermore, there are only 80,000 EDI enabled businesses in the US. That works out to less than 2% of the 6.2 million businesses registered in the United States.

http://www.geocities.com/WallStreet/Floor/5815/executive.htm (15-12-99 13:00)

XML/EDI

• New users would adopt XML for interchange of data over the Internet, especially, e-merchants

• Tools are readily available to encode the data and interpret the data in XML format

• XML-encoded data could be either filtered to store in company specific formats and/or for viewing using common Internet-based tools (soon to be available; even in an email)

Other Standards

• http://www.onestandard.com : ??

• http://visualgenomics.com : Bioinformatic Sequence Markup Language (BSML)

• http://www.fpml.com : Financial products Markup Language

Data Mining

• “Knowledge Discovery in databases”• Find patterns (visiting periods), outliners• Analysis market basket (find i-itemset)

– What 2 items appear frequently in a transaction– What sequence of items that were ordered over

time– What items were ordered frequently during a

time period

Data Mining

• Cross Industry Standard Process for Data Mining (CRISP-DM)

http://www.ncr.dk/CRISP/• Consortium of European companies (NCR,

Integrated Systems Limited (ISL), Daimler Benz [now DaimlerChrysler?], OHRA Verzekering en Bankk Groep, B.V.) in July 1997

• First model Jan 1999

CRISP-DM

• Business Understanding– What does the business need and why do we

need the knowledge? Like requirement specification

• Data Understanding– Data collection, quality and quantity

• Data Preparation– Characteristics of datasets and filtering of data

CRISP-DM

• Modeling– Select the modeling technique; neural networks

• Evaluation– Outcome versus objectives

• Deployment– Accept, implement and fit to other business

processes

WAP Forumwww.wapforum.org

• Wireless Application Protocol

T-Business E-Business

e-consumers

Physical Network

HandheldWirelessDevice

Air Space

m-econsumers

Wireless World

• limited memory• restricted CPU• simple interface• low bandwidth• low battery life• high latency• unpredictable availability• unstable transmission• different standards (GSM)

Pre-Wintel World

• limited memory (640KB)• restricted CPU (8088)• simple interface (DOS)• low bandwidth (none)• low battery life (laptop?)• high latency (unbearable)• unpredictable availability• unstable transmission• different standards

WAP Forum

• Founded in June 1997 by Ericsson, Motorola, Nokia and Phone.com

• Now has over 100 members (mid-1999)

• Wireless subscribers reach 1 billion by 2004

• Protocol specification brings together existing Web technology in the wireless telecommunication domain

WAP Forum

• Accelerate needed infrastructure, network equipment, applications, and contents

• Device Independent

• Ease of use & pricing structure

• WML, WMLScript, WTA (Wireless Telephony Applications), microbrowser, WTLS (WirelessTransport Layer Security)

WAP Programming Model

Source: www.wapforum.org

WAP Protocol Stack

Source: www.wapforum.org

Mobile Computing

• Connected wherever you go

• Same environment wherever you are

• Same person whatever you use (smart card)

• Know wherever you are (location-aware systems)

• Any suggestions??

Web Security(based on article by Rubin & Geer, Jr., 9/1999 IEEE Computer)

• Web server configuration (Apache)– Misconfigure– Configuration files in server root directory

• Access to document tree

• Username/Password information

• Permissions

– Web Server should be run as a genuine user (as ‘www’), but not as nobody.

TCP Layers

Application

Transporthost-to-host

NetworkAccess

Physical

Internet

Application

Presentation

Session

Transport

Data Link

Physical

Network

HTTP

• Not a protocol for transferring hypertext

• But a protocol for transmitting information for making hypertext jumps easy

• A stateless protocol

• Transaction oriented : TCP connection is established for each transaction and terminated at the end of the transaction

HTTP Key Terms

• Cache : stores cacheable responses to reduce same future references

• Proxy : an intermediary program that acts on behalf of other clients

• Tunnel : an intermediary program that acts as a blind relay between two connections

• Connection : A transport layer virtual circuit between two programs