CMSC 691A/491

About This Presentation

Title:

CMSC 691A/491

Description:

Evolving system for publishing and accessing resources and services across ... HTML This surrounds the entire document and lets the browser know what language ... – PowerPoint PPT presentation

Number of Views:56

Avg rating:3.0/5.0

Slides: 57

Provided by: csU59

Learn more at: https://courses.cs.umbc.edu

Category:

Tags: 691a | cmsc

more less

Transcript and Presenter's Notes

Title: CMSC 691A/491

1
CMSC 691A/491

Midterm Review Lecture

2
EC Objectives

Increasing the speed and efficiency of business
transactions and processes and improving customer
relationships and services
Business can implement new sales and marketing
through the use of WWW
The WWW provides electronic means for
organizations to display materials such as
product catalogs, price lists,
Internet security issues are resolved, businesses
are selling more and more product online, direct
to their customers

3
Categories of ECommerce

4
EC Models

E Shop
E Procurement
E Auction
E Mall
3rd Party Market Place
Virtual Communities
Value chain Providers/Integrators
Collaboration Platform
Information Brokers
ASP
Banking/Financial services

5
E-Commerce Infrastructure

Network
Machines
Protocols
Security
Payment

6
E-Commerce Process

Buyers and sellers find each other
Communication (via Networking, the Internet, Core
Java and Web-Based Information Architectures)
Human-Computer Interaction, Multimedia
Intermediaries
Negotiation
Electronic Negotiation, Intelligent agents
Foundations of Electronic Marketplaces

7
E-Commerce Process (contd)

Transaction
Transaction processing, Databases
Electronic Payment Systems,
Computer Security,
E-Commerce Architecture
Order fulfillment
Manufacture (manufacturing systems)
Delivery (tracking systems)
Supply Chain Management

8
Access Security

Access control
authorization / authentication / identity
verification
Authentication
passwords
smart card
biometrics
GPS
Network protection, firewalls, proxy servers
Intrusion detection
Denial of service (DOS) attacks
Viruses, worms

9
Cryptographic Security

Secrecy
information cannot be used if intercepted
Integrity
data cannot be altered
Non-repudiation
sender cannot deny sending
Cryptography
symmetric encryption (DES)
public key cryptosystems (RSA)
digital signatures, digital certificates
public key infrastructure (PKI)

10
World Wide Web

WWW is an application of the Internet.
Evolving system for publishing and accessing
resources and services across the Internet.
Open system can be extended and implemented in
new ways without disturbing its existing
functionality
Moved beyond simple data resources to encompass
services, like electronic purchasing of goods.

11
HTML

HyperText Markup Language.
Used to specify the text and images that make up
the contents of a web page, and to specify how
they are formatted for presentation to the user.
The set of markups (tags) is fixed.

12
Document Structure

Document Structure
ltHTMLgt This surrounds the entire document and
lets the browser know what language is being used
(ltSGMLgt might also be used)
ltHEADgt This surrounds the header portion of the
document. Title is within the head as well.
ltTITLEgt The title of the document as shown in the
title bar of the WWW browser.
ltBODYgt The main body of the document

13
Example

ltHTMLgt
ltHEADgt
ltTITLEgt Title of Page lt/TITLEgt
The Header of the document.
lt/HEADgt
ltBODYgt
The Main body of the document
lt/BODYgt
lt/HTMLgt

14
HTTP

HyperText Transfer Protocol.
Request-reply protocol.
main method of transfer used by Web protocols to
transfer data between a server and client.
understands URLs.
intended for hypertext/hypermedia environments.
Stateless
Cookies later.

15
HTTP Cookies

HTTP designed to be stateless
Web sites want to save client associated session
information
Solution cookies
small amounts of data save by the Web server and
retrieved later from the client system
normally used by CGI and related server-side code.

16
Downloaded code

Web design requires service-related code to run
inside the browser
at the users computer.
Solution Scripting
added to HTML documents
expands static HTML to include client-side
interactivity
inserted into HTML document using script language
tag.

17
Mobile Code

Downloaded code is a subset of mobile code.
Code that can be sent from one computer to
another
e.g., Java applets.
The advantage of running downloaded code is
network delay avoidance during interactions.
Potential security threat to the local resources.

18
Scripting Languages JavaScript

A scripting language developed by Netscape to
enable Web authors to design interactive sites.
Developed independently from Java.
Can interact with HTML source code, enabling Web
authors introduce dynamic content.
It is supported by recent browsers from Netscape
and Microsoft,
Internet Explorer supports only a subset, which
Microsoft calls JScript.

19
Scripting Languages VBScript

Microsoft proprietary scripting language
operations identical to JavaScript/JScript
syntax familiar to Visual Basic users
grew out of Visual Basic.
Visual Basic is component-based
a program is built by placing components onto a
form
then using VB to link them together.

20
The Common Gateway Interface CGI

Static pages
same each time visited unless the file is
modified on the server.
Many WWW sites are dynamic, i.e., the contents
change each time we visit.
Need to search, fill out questionnaires, order
things from catalogs.
Need two pieces
HTML language to create Forms
Common Gateway Interface (CGI) to process the
forms.
CGI is a way to pass information from a WWW
browser to a program for further processing

21
Java applets

Stored on server, downloaded by web client using
HTTP.
Applets need to be embedded in another
application, normally an HTML document and run by
a Java-enabled Web browser.
Applets have a restricted security context,
cannot access the clients system, and can talk
only with the server that hosted it.
http//java.sun.com/sfaq/

22
Java Servlets

An applet that runs on a server
runs within a Web server environment.
analogous to a Java applet that runs within a Web
browser environment.
Java servlets are becoming increasingly popular
as an alternative to CGI programs.

23
Java Servlets vs CGI

A Java applet is persistent
once it is started, it stays in memory and can
fulfill multiple requests.
A CGI program disappears once it has fulfilled a
request.
The persistence of Java applets makes them faster
Dont need to initiate a new process for each
request.

24
Extensible Markup Language (XML)

A means for defining tags to encapsulate
information.
A subset of SGML
Provides syntactic interoperability
Need to know the price look inside the ltpricegt
tag.
Still lacking semantic interoperability
How do I know that you and I mean the same thing
by price?
Semantic Web

25
WAP

Wireless Application Protocol
An open, global specification that empowers
mobile users with wireless devices to easily
access and interact with information and services
instantly. -
WAP Forum
The de facto worldwide standard for providing
Internet communications and advanced telephony
services on digital mobile phones, pagers,
personal digital assistants and other wireless
terminals.
- WAP Forum (www.wapforum.org)

26
Why is WAP needed?

Traditional internet protocols (HTML, HTTP, TCP,
etc.) and their security mechanisms (TLS) are
inefficient over mobile networks.
Handheld devices tend to have less powerful CPUs,
less memory and more restrictions on power
consumption than desktops, so require special
considerations.
Handheld devices tend to use input devices other
than keyboards (e.g. voice, keypad).

27
WML

WAP Mark-up Language
WML is an XML application.
Also uses WMLScript, which is similar to
JavaScript.
Optimized for use with handheld devices.
Minimal use of CPU and memory.

28
Internet and Network Security

Types of Attacks on Internet
Break-ins Unauthorized attempts to gain access
to a secure system
Denial of service A legitimate user is denied
access to a service (e.g. Flooding a WWW server
with requests)
Bombs Large email messages or other large data
intended to overwhelm and possibly weaken a
system.
Eavesdropping - Listening in on an electronic
conversation. Perhaps with intent to gather
information for a future break-in.
Viruses.

29
Firewall

Monitors and controls all the traffic into and
out of an intranet.
Firewall security policy
Service control determine which services are
available for external access and reject all
other requests
Levels of filtering IP, TCP.
Example reject HTTP request unless they are
directed to the official website.
Behavioral control prevent behavior that
infringes organization policies
Levels of filtering IP, TCP, application
Example filtering of spam e-mail.
User control discriminate between users
privileges
Example management of dial-up provided for
off-site users.

30
Filtering levels

IP packet filtering
Decisions made based on the destination and the
source IP addresses, the service type field in
the IP header, port numbers in TCP/UDP headers.
Example prohibition of external access to NFS
servers.
Performed by a process within the operating
system kernel of a router.
TCP Gateway
A TCP Gateway process checks TCP connection
requests and segment transmission for
correctness.
Example Denial-of-service attack prevention.

31
Filtering levels (contd)

Application-level gateway
An application-level gateway process acts as a
proxy for an application process.
Example a Telnet proxy. All telnet requests are
routed through the proxy process for approval.
A firewall is a combination of several processes
working at different protocol levels running on
more than one machine (for fault-tolerance).
Two overall (mutually exclusive) policies
Anything not explicitly denied is allowed.
Anything not explicitly allowed is denied.

32
Virtual Private Networks

Suppose a company wants to connect the intranets
of its 5 offices.
One option is to lease a private line.
Another is to connect through the internet.
But then everything is open.
The solution is to use encryption schemes to
establish secure tunnels through the internet.
Such a set-up is called a virtual private network.

33
Directory and Discovery Services

Directory service A service that stores
collections of bindings between names and
attributes and that looks up entries that match
attribute-based specifications.
Example MS Active Directory Service, UNIX X.500,
etc.
Discovery service a directory service that
registers the services in a spontaneous
networking environment.
Provides an interface for automatically
registering and de-registering services (fax
machines, printers, etc.).
Provides a lookup interface for mobile devices
Example Jini

34
Jini

A system designed for spontaneous networking.
Java-based assumes that JVMs run on all of the
computers, allowing them to communicate through
RMI (remote method invocation, a flavor of
interprocess communication in an object-oriented
environment).
Provides facilities for service discovery,
transactions and shared data spaces called
JavaSpaces.

35
What is a Database

A system that stores data
persistent Exists beyond the immediate use
Centralized storage
Single or multiple users

36
Advantages

Reduces redundancy
Reduces inconsistency
Shared
Data representation standards can be enforced
Enables security restrictions
Integrity maintained
Valid cross references between records
Allows data-independent applications
Applications ignorant of how data is stored

37
Categories of Data Models

High-level or conceptual
entities, attributes, relationships
Representational or implementation or logical
relational, network hierarchical,
object-oriented, object-relational
Physical or low-level
data storage

38
3-schema Architecture

Physical level description of a database
how things are stored on disk
files, record structures,
indices,
data structures for disk blocks,
methodology for dealing with too long records,
etc.
Conceptual level description of a database
The description of application data (its schema)
using one of the traditional data models.

39
3-Schema Architecture (cont'd)

View-level description of a database
What users of a particular application see
their own customized schema, e.g., for payroll,
for the ticket agent, for a simulation program.
Multiple levels
helps with data independence
helps with maintenance.
Many views, single logical and physical schema.
Levels of abstraction give data independence.

40
The Entity-Relational Model

Entity a distinguishable object.
Entity set a set of entities all of the same
type.
Attribute a single property of an entity
simple vs composite
single-valued vs multi-valued
stored vs derived
null values.
Domain set of values permitted for that
attribute.

41
The E-R Model (contd)

Relationship an association between two or more
entities.
Relationship set a set of relationships all of
the same type
There is no correct schema for a batch of data.
Which schema is best depends on the application.
Many basic data modelling choices depend on an
understanding of the application.

42
Data Model

Data model notation for describing data, plus a
set of operations used to manipulate that data.
a set of primitives for defining the structure of
a DB
a set of operations for specifying the retrievals
and updates on a DB
relational, hierarchical, network,
object-oriented.

43
The Relational Model (Codd 1970)

The relational data model is the most important
data model currently existing.
Value-oriented, i.e., allows operations on
relations whose results are relations, thus
enables to combine operations.
As opposed to object-oriented models, in which
Operations cannot be applied to the result of
other operations
The result of an operation may be a new data
type, and operations may not be available for
this type.

44
Domain and Relation

A domain is a set of atomic values.
A relation is a finite subset of the Cartesian
product of a finite list of domains
relation is a set of tuples
order of tuples is irrelevant and
no relation has 2 identical tuples
each tuple value is atomic
no composite attributes
no multi-valued attributes.

45
How a user interacts with a Web Database

In a Web browser, a user submits a request to the
Web server.
The Web server passes it onto the middleware
The middleware writes the request in SQL queries
and sends it to a back-end database.
The data retrieved are handed back to the
middleware
The middleware generates a Web page for the data
The Web server sends the Web page to the browser
The browser displays the Web page in front of the
user

46
Decision support systems for EC

DSS help the knowledge worker (executive,
manager, analyst) make faster and better
decisions
Data Warehousing enables On-line analytical
processing (OLAP)
OLAP is a component of decision support system
Data mining
Extraction of interesting knowledge (rules,
regularities, patterns, constraints) from data
in large databases.
Data mining is a powerful, high-performance data
analysis tool for decision support.

47
Potential Applications of Data Warehousing and
Mining in EC

Analysis of user access patterns and buying
patterns
Customer segmentation and target marketing
Improved Web advertisement
Personalization
Association (link) analysis
Customer classification and prediction
Time-series analysis
Typical event sequence and user behavior pattern
analysis
Transition and trend analysis

48
Multidimensional Data

Sales volume as a function of product, time, and
geography

49
OLAP Servers

Relational OLAP (ROLAP)
Extended relational DBMS that maps operations on
multidimensional data to standard relations
operations
Multidimensional OLAP (MOLAP)
Special purpose server that directly implements
multidimensional data and operations
Hybrid OLAP (HOLAP)
give users/system administrators freedom to
select different partitions.

50
OLAP Operations

roll-up
aggregating on a specific dimension, I.e.,
summarize data
total sales volume last year by product category
by region
drill-down
also called roll down, drill through
inverse of roll-up, go from higher level summary
to lower level summary or detailed data
For a particular product category, find the
detailed sales data for each salesperson by date

51
OLAP Operations (contd)

slicing
projecting data along a subset of dimensions with
an equality selection of other dimensions
Sales of beverages in the West for Jan 98
dicing
similar to slicing except that instead of
equality selection of other dimensions, a range
selection is used
Sales of beverages in the West over the last 6
months
Pivot
reorient cube

52
Working definition of an agent

Agents are active, persistent (software)
components that perceive, reason, act, and
communicate
Huhns and Singh, 1998
An agent is an entity whose state is viewed as
consisting of mental components such as beliefs,
capabilities, choices, and commitments. sic In
this view, therefore, agenthood is in the mind of
the programmer.
Shoham, 1993

53
Agent Program

Inputs observations
Observations states of the agents domain or
environment
Outputs actions
Actions Speak, Search, Move, Bid

( o1, o2, )
( a1, a2, )
Agent
54
Basic Characteristics

Delegation abilities The owner or user of an
agent delegates a task to the agent and the agent
autonomously performs the task on behalf of the
user.
An agent can decompose and/or delegate the task
to other agents
Once the task is complete the agent may need to
report to the user/agent issuing the task.

55
Basic Characteristics (contd)

Agent communication languages and protocols
information exchange with other agents
establishes a need for expressive communication
and negotiation language.
KQML (Knowledge Query and Manipulation Language)
Used to allow information agents to assert
interests in information services, advertise
their own services, and explicitly delegate tasks
and requests for assistance from other agents.
Can be used for developing a variety of
inter-agent communication protocols that enable
information agents to collectively cooperate.

56
Basic Characteristics (contd)

Self-representation abilities the ability to
express business and system aspects of its
functionality, combine them into an application
or implementation.
Self-describing, dynamic reconfigurable agents
Facilitate composition (specification and
implementation) of large-scale (distributed)
applications.

Write a Comment

User Comments (0)