Ecom Notes

2010
eCommerceNotes
[101]
PartOneofTwo
VidyalankarInstituteofTechnology
ShrenikKenia
V.I.T.
11/1/2010
Page0
Contents
IntroductiontoCommerce..................................................................................................................................2
Basictechnologiesofecommerce....................................................................................................................10
AdvancetechnologiesofEcommerce..............................................................................................................61
InternetPaymentSystems...............................................................................................................................105
ECommerceStrategies...................................................................................................................................128
Page1
IntroductiontoCommerce
Commerce is a basic economic activity involving trading or the buying and selling of goods. For example, a
customer enters a bookshop, examines the books, selects a book, and pays for it. To fulfill the customer
requirement, the bookshop needs to carry out other commercial transactions and business functions such as
managingthesupplychain,providinglogisticsupport,handlingpayments,etc.Asweentertheelectronicage,an
obvious question is whether these commercial transactions and business functions can be carried out
electronically.Ingeneral,thismeansthatnopaperworkisinvolved,norisanyphysicalcontactnecessary.Thisis
oftenreferredtoaselectroniccommerce(ecommerce).Theearliestexampleofecommerceiselectronicfunds
transfer. This allows financial institutions to transfer funds between one another in a secure and efficient
manner. Later, electronic data interchange (EDI) was introduced to facilitate interbusiness transactions.
However,earlyEDIsystemsweretypicallyoperatedoverspecialnetworksthatwerecomplextosetupandcostly
toadminister.Forthesereasons,EDIhasnotbeenaswidelydeployedasexpected.Withtheadventofinternet
technologiesandadvancedcryptographictechniques,itisnowfeasibletoimplementecommerceoverapublic
networktheInternet.ThedevelopmentoftheWorldWideWeb(www)greatlyacceleratesthedevelopmentof
ecommerceandexpandsitsscopetocoverdifferenttypesofapplications.
ElectronicCommercevs.PhysicalCommerce
Ecommerce is about the sale and purchase of goods or services by electronic means, particularly over
theinternet.Inapureecommercesystem,transactionstakeplaceviaelectronicmeans.Inthiscase,you
willaccessacyberbookstoreanddownloadadigitalbookfromaservercomputer.
In a physical or traditional commerce system, transactions take place via contact between humans
usually in a physical outlet such as a store. For example, if you want to buy a book, you will go to a
physicalbookstoreandbuythephysicalbookfromasalesman.
Thesetwocasesrepresenttheextremes:thetraditionalcommercesystemononesideandthepuree
commercesystemonthe other. There aremanyvariantsandin many cases,ecommerce andphysical
commercecancomplementeachother.Forexample,aphysicalbookisorderedbyelectronicmeansand
itissenttoyouviaphysicalmeans.
Ecommerceismoresuitableforstandardgoods,lowvaluegoods,digitalgoods,andsimpleservices(i.e.
intangible goods), whereas traditional commerce is more suitable for nonstandard goods, perishable
goods,expensivegoods,andextremelylowvaluegoods.
Complex products such as cars and nonstandard services are better served by integrating ecommerce
andphysicalcommerce.
Ecommercehasaverywidescopeandcanbefurtherdividedintodifferentcategories.Themostpopular
typeis,ofcourse,InternetCommerce.Itrefersto businesstransactionsovertheinternetand,inmost
Page2
cases, the transactions are carried out over a web system, so we may call it Webbased Electronic
Business.
Anotherbroadcategorizationofecommerceistoseparateitintobusinessfocusedorcustomerfocused
ecommerce.Inrecentyears,anothertermcalledebusinesshasemerged.Ingeneral,ebusinesshasa
wider perspective than ecommerce. It involves using information technologies in all aspects of the
business.Hence,ecommercecanbeviewedasasubsetofebusiness.
TheDigitalPhenomenon
VariousstatisticsandforecastshaveallindicatedthatecommercehasanextremelypromisingfutureHowever,
recentforecastshaveallsuggestedthatthismaybetooconservative.
There must be some drivers behind ecommerce. As ecommerce is about going DIGITAL, we call this the
DIGITAL phenomenon. Here we attempt to examine the possible drivers behind ecommerce (or the DIGITAL
phenomenon)bythefollowingDIGITALacronym.Letusexplainthekeywordsgiveninthefigureinmoredetail
inthefollowingtable.Whileeachofthetopicsinthistablecanbeexploredingreaterdepth,theyareintroduced
heretogiveoneafeelingforthedriversbehindecommerce.
Page3
LookingateCommercefromdifferentperspectives
Ecommerce is changing our economy and affecting all aspects of business. Today, no company can afford to
ignoreecommerce.Ecommercehasbecomepartofcorebusinessfunctionsjustlikeaccounting,marketing,etc.
In recent years, many models, frameworks, and thoughts towards building a comprehensive picture of e
commerce are evolving. In this section, we go through some of them in order to look at ecommerce from
differentperspectives.
A threelayer model is commonly used to describe ecommerce such as the one proposed by Zwass.
Zwasss model consists of an infrastructure layer, aservices layer, and a products/structures layer. The
threelayerscanbefurtherdividedintosevenfunctionallayersforcarryingoutdifferentfunctions.The
majorfunctionsaretoprovidethe:
technicalinfrastructure(e.g.theInternetandwww)
securemessagingservices(e.g.EDI)
supportingservices(e.g.electronicpayment)
commercialproducts,services,andsystems(e.g.eretailing)
Page4
electronicmarketplace(e.g.onlineauctions)
GreensteinandFeinmandiscussesanotherthreelayermodelconsistingoftheexistingmarketspace,the
threepillarsofecommerce(electronicinformation,electronicrelationships,andelectronictransactions),
andtheopenmarketprocesses.
KalakotaandRobinsonviewecommercefromawiderperspective,usingthetermebusiness.Itisabout
integratingthefrontendandbackendapplicationswiththebusinessprocess.Withtheaimofmaximizing
customer value, it involves redefining the business model in conjunction with various information
technologies.Eightbusinessrulesareproposedforachievingthisgoal.
SchneiderandPerryviewecommerceasaneffectivemeanstoimproveavaluechain,whichisusedto
linkvariousfunctionalactivities(i.e.production,marketing,finance,etc.)ofacompany.Thisvaluechain
conceptcanalsobeextendedtolinkdifferentcompaniestoformanindustryvaluechain.
In general, ecommerce helps to facilitate information flow across the value chains and to reduce the
associatedtransactioncosts.
It is also of interest to look at ecommerce from the point of view of relationship. At its root, every
business needs to maintain three types of relationship: the relationship with its customer, the
relationship with its business partners (e.g. suppliers), and the relationship with its employees. E
commerceprovidesaneffectivetoolforbuilding,managing,andenhancingtheserelationships.
In the context of ecommerce, the first type of relationship is not just selling through the web but
managing customer relationships in general. Special electronic customer relationship management
softwareisavailableforthispurpose.
The second type of relationship is about procurement and supply chain management by electronic
means.VirtualPrivateNetworksandXMLarethemainfacilitatorsintheseareas.
Whilethefirsttwotypesofrelationshipareexternal,thelastoneisinternal.Itinvolvesbuildingan
effective Intranet for integrating different information systems and sharing information through
whichcommunicationandproductivitycanbeenhanced.
Differenttypesofecommerce
ThematrixinFigure1.4(later)showsthedifferenttypesofecommercefromtheperspectiveofthebuyerand
seller relationship. This is often used to categorize ecommerce applications. According to this relationship, e
commerceapplicationscanbedividedintothefollowingfour:
a) BusinesstoConsumer (B2C): In this case, the seller is a business organization whereas the buyer is a
consumer. This emulates the situation of physical retailing and so it is commonly called electronic
retailing.Typically,electronicstoresaresetupontheinternettosellgoodstotheconsumers.
For e.g. In our VBS, eBooks are listed under different sections for ease of searching. This resembles
organizing books in different bookshelves in a physical bookstore. Furthermore, a search facility is
availableforsearchingbooksaccordingtouserinput.
b) BusinesstoBusiness(B2B):Inthiscase,boththebuyerandthesellerarebusinessorganizations.There
are three types of systems, namely, buyeroriented system, selleroriented system, and virtual
marketplace. In many situations, it is related to supply chain management. For example, the Virtual
Bookstore(VBS)needstoorderbooksfromvariouspublishers.Theorderingprocesscanbeaccomplished
byusingelectronicdatainterchange.
For e.g. General Electrics Trading Process Network (TPN) (www.tpn.geis.com) is an internetbased
trading network for buyers and sellers to carry out B2B ecommerce on the Internet. Unlike B2C e
commerce, it is buyerdriven rather than sellerdriven. That means, a buyer submits a request to the
systemandthenrespectivesellersrespondtotherequest.
Page5
c) ConsumertoConsumer (C2C): This refers to situations where both the seller and the buyer are
consumers.Withtheadventofecommerce,onlineauctionsprovideaneffectivemeansforsupporting
C2Cecommerce.
For e.g. eBay (www.eBay.com) provides the worlds largest online trading service by means of online
auctions. Basically, a user places an item on the eBay Web site for bidding. Other interested members
then bid for it before the deadline. Where the English auction system is used, the highest bid wins. By
meansofonlineauctions,theyparticipateinthebuyingandsellingofawide rangeofitems,including
books,stamps,coins,music,etc.Inadditiontoauctions,eBaycreatesavirtualcommunityforitsusersto
talkattheeBayLiveChat(achatroom)andtocommunicatewithotherusersviathebulletinboards.
d) ConsumertoBusiness (C2B): This is a new form of commerce in which a consumer specifies the
requirements to a business, which provides a product that meets these requirements. These
requirementscouldbeassimpleasanacceptableprice,orcouldinvolveconsiderablecustomizationof
an existing standard product, or creation of a new product. An example of this in the traditional
commerce setting is a made to measure tailor. The key distinction is related to who is driving the
specificationoftheproductbeingpurchased.UnlikeB2C,thereisastrongelementofcustomization.
For e.g. Priceline (www.priceline.com) introduces a novel ecommerce application called the demand
collectionsystem.Itallowsconsumerstonamethepriceandhenceitis consumer drivennotseller
driven.Supposeyouwanttobuyanairticket.YoucanprovidePricelinewithyourtravelrequirements
(e.g.howmanyticketsyouwanttobuy,departurereturndate,departure/arrivalcity,etc.),thedesirable
price, and your credit card number. Then Priceline will try to find an airline that can meet your
requirements.Afterfindingamatch,Pricelinewillbuytheticket(s)foryouwithyourcreditcard.Asyou
can name the price, the deal is final (i.e. no alteration is allowed). Besides airtickets, Priceline also
handlesthepurchaseofmanyotherproducts/servicessuchascars,hotelrooms,longdistancecallsand
evenmortgage.
Someecommercescenarios
Retailing
Inthemainformoftraditionalretailing,whenwewanttobuysomething,weneedtovisitphysicalshops.Very
often,wemaynotbeabletobuythebestproductinthemarketbecausewecanvisitonlyafewshopsnearour
homeorouroffice.Thisistosomesmallextentmodifiedinotherformsoftraditionalretailingsuchasmailorder
orphonepurchasing.Withecommerce,shoppingcanbedoneatanytimebyusingourfingertip.Furthermore,
thegeographicalbarrierbecomesablur.Ashoplocatedinanothercountryandashopnexttoyourhomeisboth
oneclickaway.Byusingsearchengines,wecanquicklyselectandcomparedifferentbrandsofproductsaround
the world. For some products such as software and music, we can even download the goods instantly. In the
future,wemayevensendoutintelligentsoftwareprogramscalledmobileagentstoshoparoundtheinternet
forus.
Page6
Servicing
Theclassifiedadvertisementhasalwaysbeenthemostpopularchannelforsellinguseditems(e.g.usedcar).If
youhaveeversoldsecondhanditemsthroughclassifiedadvertisements,youmayhaveexperiencedthefollowing
headache.Tensorevenhundredsofinterestedbuyerscontactyoubytelephone.Asyoucancommunicatewith
themonlyoneatatime,itisdifficultforyoutonegotiatethebestprice.Evenafteralltheitemshavebeensold,
youmaystillreceivecallsfrompotentialbuyers.Withecommerce,amoreeffectivechannelisemerging:theon
lineauctionforfacilitatingthiskindofC2Ccommercetransaction.Bymeansofanonlineauction,notonlycan
thesellerreachalargenumberofpotentialbuyers,buthecanalsofindthebestpriceinthemarket.
Publishing
Thetraditionalpublishingindustryisbasedonamassproductionmodel.Thus,thereareonlyafewnewspapers
availableandtheformat,layout,andnewsselectionofthesearedonebytheeditorialstaff.Thedegreeofdetail
and slant on a particular news item is also fixed by the reporter or editorial staff. This is necessary for a mass
productionnewspaper.Byandlarge,theonlychoicethereaderhasistoselectaparticularnewspaper.Oncethat
isdonehehastoputupwiththeeditoriallayoutandreporterschoices,eventhoughthesemightnotcoincide
withhisowninterests.Ecommercemakespersonalizationpossibleatverylittleextracost.Letusimaginethat
wehaveawebbasednewspapersystemavailable.Eachreadercanspecifyhis/herfavoritenewspapertemplate.
Information can then be filled into the personalized template accordingly from the databases. With
personalization,electronicnewspaperswillbepublishedaccordingtocustomerspreferences(e.g.someonemay
wanttoseetheheadlinenewsonthefirstpage,whileothersmayprefertoseethesportsnewsorentertainment
newsonthefirstpage).Obviously,thisdoesnotmakeeconomicalsenseinthetraditionalnewspaperbusiness.
However,intheelectronicnewspaperscenario,theextracostofprintingapersonalizednewspaperisverysmall.
Supplychainmanagement
In its most common forms, traditional supply chain management is supply driven. In other words, goods are
pushedthroughthesupplychain.Onedisadvantageofthismodelisthatdistributorsmaykeepanunnecessary
inventory. In order to overcome this, many manufacturers have introduced JustinTime (JIT) supply systems.
Thesesystemshavesomeelementofpullintheminthesensethatthemanufacturersestimatesofhisneedsfor
suppliesinashorttimehorizonareusedtodeterminepurchasesfromsuppliers,andsuppliersmustmeetthese
orderswithinaspecifiedtimeframe.Evenherethemanufacturercouldeasilyseeabuildupoftheinventoryof
hismanufacturedproducts.WhatisnecessaryfromthemanufacturerspointofviewisnotsimplyJITsupplybut
alsoJITproduction.Moreover,theremaybealotofpaperbasedinformationinvolved.Withecommerce,this
wholeprocessbecomesdemanddrivenascontrolledbytheendconsumer.Thatmeans,goodsarenowpulled
down the chain by the customers. Thus, supply chain management becomes more demand chain
management.ThismakesJITproductionmanagementandmasscustomizationpossible.
Changesbroughtbyecommerce
No doubt, ecommerce is changing our daily lives. These changes occur along four different directions as
illustratedbytheaforementionedscenarios.
Inthefirstscenario,ecommerceprovidesanalternativesolution.Evenifwedonothavecybershops,
wecanstillmakethepurchasefromphysicalshops.Thatmeanscybershopsarealternativestophysical
shops. While cybershopping can be more convenient, some people may still want to shop at physical
storesbecauseofthephysicalshoppingexperience.
Inthesecondscenario,ecommerceprovidesabettersolution.Forinstance,thebenefitsbroughtbyon
line auctions cannot be realized by the traditional classified advertisement and the online auction is
thereforeabetterwaytosolvethesameproblem.
In the third scenario, ecommerce is bringing in a new form of an alreadyexisting service. In the
traditional newspaper business, obviously it is not cost effective to print a different newspaper for
Page7
everyone, so mass production is inevitable. However, with ecommerce, mass customization becomes
possibleatalmostnoextracost.
Thefinalscenarioillustratesthatecommerceischangingourbusinesslogicfromasupplydrivenmodel
toademanddrivenmodel.
AnextendedsummaryofthekeychangesbroughtaboutbyecommerceasshowninTable1.2inChan.
Advantagesofecommerce
Ecommerceisbringingaboutadvantagestobothconsumersandbusiness.
I.
II.
Forconsumers:
Itisofinteresttostudytheadvantagesintermsofthebuyingprocess,namelysearch,evaluate,
andexecute.
Withecommerce,consumerscansearchtheglobalmarketanytimeandanywhere.
Byusingsearchenginesorsearchagents,consumerscaneasilycompareproductsintheglobal
market.Thisallowsconsumerstoevaluatethebestpossibleproductefficiently.
Withcertaindigitalgoodssuchassoftware,consumerscanexecutetheorderconvenientlyand
receivethegoodsinstantly.
Forbusinessorganizations:
Theprimeobjectiveistomanagethisfundamentalformula.
Profit=RevenueCost
Ecommerce is attractive because it can be used to raise profit by increasing revenue while
decreasingcost.
Withecommerce,a company canincreaserevenueby exploringnewopportunitiesandexpanding
intotheglobalmarket.
Infact,alocalshopandaforeignshoparebothoneclickawayinthecyberspace.Inotherwords,
thegeographicallimitationistotallygoneandinternationalcompaniescannowcompetewithlocal
companiesmoreeasily.
Intermsofcostreduction,ecommercecanreducemanpowerandoperatingexpenses.
Theuseofelectronicdocumentsnotonlyspeedsupprocessingtime,butalsogreatlyfacilitatesdata
updating(e.g.forupdatinganinventory).
Consequently,businessorganizationscanmakeuseofecommercetoenhanceproductivity.
Mythsaboutecommercedevelopment&implementation
While many companies realize the importance of ecommerce to their future growth, the true meaning of e
commerce may sometimes be overlooked. Here are three common myths about the development of an e
commercesystem.
Myth1:Ecommerceisaboutdevelopingwebpages
Ecommerceisactuallyaboutbuildinganintegratedsystemnotdevelopingwebpages.Veryoften,thewebpages
arejustthetipoftheicebergintermsofcostandfunctions.Theinvisiblepartsorthebackendsystemsarethe
realheartofthesystem.Theyareoftenmanytimesmoreexpensivethanthewebpages.Inmanyecommerce
projectsthemostdifficulttaskisnothowtobuildanattractivewebpage,buthowtointegrateexistingandnew
systemstogetherinacosteffectivemanner.
Myth2:Thesuccessfulimplementationofanecommercesystemreliesonwebprogrammers
While web programmers play an important role in the implementation of an ecommerce system, everyone in
thecompanyshouldparticipatebecauseecommerceinvolvestheintegrationofhardware,software,aswellas
peopleware and business process. The following examples illustrate how different parties should typically
participateinanecommerceproject.
Page8
Senior management should take the lead to define the strategic vision of an ecommerce project.
Withouttopmanagementsupportandaclearstrategicdirection,anecommerceprojectisunlikelytobe
successful.
Procurementdepartmentshouldusenewprocurementchannelssuchasvirtualmarketplacetosavecost
andtoimproveefficiency.
Productiondepartmentshouldredefinetheexistingproductionprocesstosupportabuyerdrivensupply
chain.Inparticular,itshouldtakeintoaccounttheneedforcustomizationandJITproduction.
Marketing department should make use of new marketing channels and techniques such as banner
exchanges,affiliationprogram,personalizationsoftware,anddataminingformoreeffectivepromotion
purposes.Anotherimportantopportunityisthatthemarketingprocesscannowbelinkeddirectlytothe
orderingprocess.
Finance/accountingdepartmentshouldinvestigatenewalternativesforfundingecommerceprojects.It
shouldalsoparticipateinbuildingasecureelectronicpaymentsystemtocomplementtheconventional
paymentmethods.
Personneldepartmentshoulddesignmoreeffectiveformsofcompensationschemessuchasoptionsand
to provide uptodate training to the employees. This is an extremely important issue because of the
worldwide shortage of people with technical expertise in specifying, architecting, designing, and
implementingecommercesystems.
Customer support department should make use of electronic customer relationship management
softwaretoprovidebettercustomersupport.
Myth3:Ecommerceprojectisabouttranslatingthetraditionalbusinessmodelintoanelectronic
businessmodel
The above statement often oversimplifies the whole picture. To implement ecommerce effectively, many
businessorganizationsneedtoreengineerthemselves.Thismayinvolveadoptingadifferentbusinessstrategy.
Forexample,withecommerce,amanufacturermaysellgoodsdirectlytoconsumers.However,thismaycreate
conflicts with existing retailers. This example illustrates that ecommerce may introduce new opportunities as
wellasnewthreats.Anotherreallifeexampleisegghead.com,whichmoveditssoftwareretailoutletcompletely
to the internet in 1997. In general, an existing business can implement ecommerce using four different
strategies:
Separateimplementbysettingupaseparatecompany
Overlayimplementbyaddinganewdepartmentbranchtotheexistingcompany
Integrateimplementbycombiningthetraditionalbusinessandnewbusiness
Replaceimplementbyreplacingthetraditionalbusinesswiththenewbusiness
Thefirsttwoapproachesarelessriskyandsotheyarelikelytobeusedbymostcompanies.Thethirdapproach
requires more work in general and the last approach, which has been adopted by egghead.com, is the most
aggressive.
It is worth mentioning that many successful ecommerce applications go through the following development
process:
1. Tradition:Studyhowthetraditionalmodelfunctions(e.g.,customersvisitaphysicalbookstore,choose
somebooksfromthebookshelves,andpayforthematthecashcounter).
2. Translation: Translate the traditional model into the ecommerce model (e.g., customers visit the VBS,
choosesomebooksbybrowsingthroughthewebpages,andpayforthematthecheckoutpage).
3. Transformation:Transformtoanewandperhapsanevenmoreeffectivemodel(e.g.,inthecaseofthe
VBS,variousnewfunctionsthatarenotavailableinthetraditionalmodelcanbeincorporated,suchas
searchengine,shoppingcart,promotionthroughdatamining,etc.).
Page9
Basictechnologiesofecommerce
Anoverviewoftheinternet
Basicnetworkarchitecture
TheinternetisacollectionofnetworksasshowninFigurebelow.
The networks are connected together by trafficforwarding devices called routers. You can access the
internetthroughanInternetServiceProvider(ISP).
In principle, the internet is similar to the postal network. From the network point of view, it is
connectionless. In other words, unlike the telephone network, you do not need to establish a physical
networkconnectionwiththereceiverbeforetransmittinginformationovertheinternet.
Informationiscarriedbypacketsintheinternet.Apacketlookslikeanelectronicparcel.Theroutersin
the internet forward each packet based on the address specified on the packet. In general, only best
effort service is provided. That means that the network itself does not provide a guaranteed service
packetsmightbeduplicated,lost,ordelayedforalongtime.
Layeredmodel
The internet is based on a layered model called Transmission Control Protocol /Internet Protocol
(TCP/IP).
By means of layering, the complex process of transferring packets from one computer to another
computeracrosstheinternetcanbebrokenintosmalltasks.
Thisgreatlyfacilitatesthedesignofvariousprotocolsfortheinternet.Layeringalsocreatesmodularity
betweenthedifferentlayers,withclearlydefinedfunctionsbetweenlayers.Thisallowsforindependence
inimplementingeachlayer.
AsshowninFigurebelow,theinternetmodelhasfourlayers:link,network,transport,andapplication.
Thelinklayerisforprovidingaccesstotheinternet;thenetworklayerisforforwardingpacketsacross
the internet; the transport layer is forproviding endtoend data transport service; and the application
layerisforprovidingaspecificapplication.
Page10
Startingfromtheapplicationlayer,eachlayeraddstherequiredheader(andtrailerifany)andpassesthe
packettothelowerlyinglayer.Inotherwords,eachlayerisservedbythelowerlyinglayer.Packetsare
forwardedfromtheoriginatinghostthroughtherouterstothedestinedhostasshowninFigure2.4.
Linklayer
The main function of the link layer is to provide access to the network. It addresses the physical
characteristicsandmediumaccesscontrol.
Forhomeusers,themostcommonwaytoaccesstheinternetisbyusingdialupmodems.Withmodems,
digital data can be turned into analogue signals suitable for transmission over the public switched
telephonenetwork.Currently,themaximumdataratethatcanbesupportedbyadialupmodemis56
Kbps.
Inoffices,themostcommonwaytoaccesstheinternetisthroughlocalareanetworks(LANs).
EthernetisthemostpopularLANprotocolanditisgovernedbyamediumaccesscontrolprotocolcalled
Carrier Sense Multiple Access with Collision Detection (CSMA/CD). The main challenge of a LAN is to
enablecomputerstoshareacommonchannelefficiently.WithCSMA/CD,acomputercantransmitdata
atanytimeifitdetectsthatthechannelisfree.
Page11
ThereisalsoaGigabitEthernetstandardavailablerunningat1Gbps.
Besidesusingdialupmodems,ahomeusercanalsoaccesstheinternetbyusingtheIntegratedServices
Digital Network (ISDN) Basic Rate Interface (BRI). It provides two barrier (B) channels of 64 Kbps for
transmittingvoiceanddatatrafficandadata(D)channelof16Kbpsfortransmittingcontrolandsignal
information.Hence,themaximumaccessrateis128Kbps.
In recent years, both the cable TV companies and the telephone companies also provide highspeed
internetaccessservicesbyusingtwodifferenttechnologies.
Byusingcablemodems,homeuserscanaccesstheinternetviathecableTVnetworksatamuchfaster
ratethanthatprovidedbydialupmodems.
Theoretically,themaximumdataratecanbeashighas30Mbps;butpractically,onlyabout1.5Mbpscan
be achieved (because of various technical limitations). Telephone companies can also make use of the
existing telephone network to provide a highspeed internet access service by using the Asymmetric
DigitalSubscriberLine(ADSL)technology.
Thedataratefromthenetworktotheusersisbetween1.5and9Mbps,dependingonthedistance.
The data rate from the users to the network is much lower at about 16640 Kbps. Hence, this access
methodiscalledAsymmetric.Thisisparticularlyusefulforthewebscenariosincetheclienttoserver
communicationnormallyrequireslessbandwidththantheservertoclientcommunication.(Thisscenario
ischanging.)
For example, a client may just generate a simple request for getting a large image from the server.
Besidesaccessingtheinternetthroughawiredlink,wecanalsoaccessthenetworkthroughawireless
link. One possibility is through wireless local area networks such as IEEE802.11, which uses a medium
accessprotocolcalledCarrierSenseMultipleAccesswithCollisionAvoidance.
OtherwirelessaccessmethodsincludeCellularDigitalPacketDataandCodeDivisionMultipleAccess.
Networklayer
Themainpurposeofthenetworklayeristoforwardpacketstotheirdestinations.Inprinciple,thisissimilarto
forwarding a letter through the postal network. Basically, the network layer needs to address two main
questions:
Whatisthedestination?
Howshouldthepacketsbeforwarded?
Intechnicalterms,thefirstquestionisaboutaddressing,andthesecondquestionisaboutrouting.Thenetwork
layerhandlesthesetwoimportantissues.
Page12
IPaddress
Justlikealetter,eachIPpackethasanaddresscalledtheIPaddress.Currently,themostwidelyusedIPisIPv4.
InIPv4,eachIPaddresshas32bits.Foreaseofreading,eachIPaddressisexpressedinthedotdecimalformat,
e.g.128.0.0.1.Insteadofthebinarywhichwouldread10000000.00000000.00000000.00000001,eachIPaddress
hastwoparts:thenetworknumberandthehostnumber.
Within the same network, all hosts have the same network number. Routers forward packets based on the
networknumberratherthanthehostnumbersothattheyonlyneedtoknowallthenetworknumbersbutnotall
the host numbers within their areas. There are five classes of IP addresses, namely classes A to E, to cater for
differentrequirementsasshowninTable2.2.LetusfurtherconsidertheIPaddress128.0.0.1.
Inbinarynotation,itis10000000.00000000.00000000.00000001.ThisisaclassBaddressasitstartswith10.
ForaclassBaddress,thefirst16bitsrepresentthenetworknumberandhencethenetworknumberis128.0.0.0.
The possible host numbers are from 128.0.0.1 to128.0.255.254. Note that 128.0.255.255 is not a valid host
numberbecauseitisthebroadcastaddressofthenetwork128.0.0.0.Thisaddressingschemeisinefficientifa
networkdoesnothaveasufficientnumberofhoststocovertheavailableaddressspacesinceonlyafewofthe
availableaddressesareutilized.InRFC950*,astandardmethodcalledsubnettingisrecommendedtodividea
ClassA,B,orCnetworkintosubnetworkssothattheaddressspacecanbeutilizedmoreefficiently.
Inthiscase,partofthehostnumberbecomesthesubnetnumberasspecifiedbyasubnetmask,whichisusedto
indicatethenetworkportionoftheIPaddress.Forexample,asubnetmask255.255.255.0(i.e.,11111111.111
11111.11111111.OOOOOOOOinbinaryform)meansthatthefirst8+8+8=24bitsrepresentthenetwork
part.
Withsubnetting,thestandardnetworkprefixtogetherwiththesubnetnumberidentifiestheeffectivenetwork
number. Let us look at an example. Assume that the VBS is given a network number 128.0.0.0 (i.e. a class B
network).Thismeansthatwecanonlyhavehostsrangingfrom128.0.0.1to128.0.255.254forthisnetwork.Note
that128.0.0.0and128.0.255.255arenotvalidhostIPaddressesbecausetheyrepresentthenetworkitselfand
thebroadcastaddressforthenetwork,respectively.
If we apply sub netting by using a subnet mask of 255.255.255.0, the first 8 + 8 + 8 = 24 bits represent the
networkpartnow.Thatmeans,theoriginalnetworknumber128.0.0.0cannowbedividedintosmallernetworks
(orsubnets),i.e.,128.0.0.0,128.0.1.0,128.0.2.0,...,128.0.255.0.Foreachsubnet,therecanbe254hosts(28
Page13
2).Forexample,forthesubnet128.0.255.0,thepossiblehostnumbersarefrom128.0.255.1to128.0.255.254.
Note again that 128.0.255.0 and 128.0.255.255 represent the network itself and the broadcast address for the
network,respectively.
Routing
Toforwardpacketsacrosstheinternet,eachroutermaintainsaroutingtable.Ingeneral,eachroutingtabletells
therouterwhereareceivedpacketshouldbeforwarded.
A simple example is shown in Figure 2.5. In this example, there are three networks: 192.0.1.0, 192.0.2.0, and
192.0.3.0connectedbyroutersR1,R2,andR3.TheroutingtableatRIshowsthattoforwardapacketdestined
for192.0.1.0,thepacketshouldbeforwardedtoR2,thenexthoprouter.Ifapacketisdestinedfor192.0.2.0,it
shouldbeforwardedtoR3.Theroutingtablesareupdateddynamicallybasedonthetrafficsituationsbyusinga
particularroutingprotocol.Thishelpsensurethatpacketsareforwardedthroughlinkswithlesstraffic.
The example in Figure 2.5 shows the basic operation of an intradomain routing protocol. In this case, all the
networksareinthesameautonomoussystem.Thismeansthateachroutercontainstheroutinginformationto
reach other networks in the same autonomous system. There are two types of intradomain routing protocols
basedontwodifferentprinciples.
The first one is called the distance vector routing protocol such as the Routing Information Protocol (RIP). In
general,eachrouterforwardsitsroutingtabletotheadjacentrouterssoastocontinuouslyupdatetherouting
table in each router. For the distance vector routing protocol, there is more routing information exchange but
lessprocessingattherouterstocreateandupdatetheroutingtables.Thesecondtypeofintradomainrouting
protocoliscalledthelinkstateroutingprotocol.
Inthiscase,eachrouterbroadcastsitslinkstates(e.g.trafficloading)tootherroutersintheautonomoussystem.
Havingfoundthelinkstatesofallrouters,eachroutercanbuildapictureofthenetworkanduseittoconstruct
the routing table. Compared with distance vector routing protocols , less routing information is exchanged but
moreprocessingisrequiredtocreateandupdatetheroutingtableineachrouter.
Quite clearly, it is not practical to employ an intradomain routing protocol in a global system because this
requires each router to know all the networks in the world. In reality, the internet is divided into many
autonomoussystems.Withinanautonomoussystem,eachroutersroutingtablecontainsroutinginformationfor
allnetworkswithinthesameautonomoussystem.Forforwardingpacketsacrossdifferentautonomoussystems,
the interdomain routing protocol is used. A popular interdomain routing protocol is the Border Gateway
Protocol(BGP).
Page14
Transportlayer
Asmentionedearlier,IPprovidesonlybesteffortservice.Thatmeansthatpacketsmaynotbedelivered
totheirdestinationsinareliablefashion.
To resolve this issue, we need a transport layer on top of the IP layer to provide endtoend transport
servicebetweenthesendingandreceivingcomputers.
There are two transport protocols for the Internet, namely the User Datagram Protocol (UDP) and
TransmissionControlProtocol(TCP).
UDP is connectionless whose main function is to multiplex data through ports. As a computer may
executeseveralapplicationsatthesametime,portsareusedtoidentifyaparticularapplication.Inother
words,theactualconnectionbetweentwocomputersisidentifiedbythesourceIPaddress,sourceport
number,destinationIPaddressanddestinationportnumber.
Transmission control protocol (TCP) is a connectionoriented protocol for providing a reliable data
transportservicebetweentwohostsovertheinternet.TocreateaTCPconnection(seeFigure2.6),the
sending and receiving computer each set up a socket that is represented by its IP address and a port
number.
ATCPconnectionissetupbetweentwosocketsthroughathreewayhandshakingprocess.Basically,the
sender initiates the connection; the receiver acknowledges the connection request; and finally, the
sender acknowledges the receivers acknowledgment. Having established the connection, the sending
TCP process divides the application data into segments and sends them via IP to the receiving TCP
process.
TCP is bytebased such that each data byte is identified by a sequence number. Each segment has a
sequencenumberindicatingthefirstdatabytebeingtransmitted.Basedonthesequencenumber,the
receiving TCPprocesscanrearrangemisorderedsegments,sendacknowledgmentstothesendingTCP
process,andperformflowcontrol.
Ingeneral,whenareceiving;TCPprocessreceivesasegment,itwillreturnanacknowledgmenttothe
sendingTCPprocess.IfthesendingTCPprocessdoesnotreceivetheacknowledgmentforatransmitted
segmentafteracertainperiodoftimecalledthetimeoutperiod,thesegmentwillberetransmitted.
To prevent the sender from overloading the receiver, the sending TCP process uses a sliding window
mechanism to limit the number of bytes that can be sent to the receiver. The sliding window size is
controlledbythereceiver'sacknowledgment.
Applicationlayer
Makinguseoftheunderlyinglayers,theapplicationlayerisforprovidingaparticularapplication.
Thereareavarietyofapplicationlayerprotocols.Theseprotocolplaysanimportantroleinwebbasede
commercesystems.
HTTPandotherapplicationprotocolsrelyonDNS.
Page15
Forexample,wewouldliketocalltheVBSserversomethinglikevvww.vbs.comratherthananumberlike
128.123.123.123. In the previous example, m.vbs.com is referred to as the domain name. Since the
networkcanonlyunderstandanIPaddress,weneedamechanismtotranslateahostnameordomain
nametothecorrespondingIPaddress.
DNSisusedtodothistranslation.Besidesprovidingahierarchicalnamingsystemforidentifyingdomain
names, DNS includes a distributed database system for storing domain names, and a mechanism for
searchingthecorrespondingIPaddressofadomainname.
Figure2.7showsapartialdomainnamingscheme,whichisorganizedinatreestructure.Anameisassignedto
eachnodeofthetree.Exceptfortheroot,eachnodeisconnectedtoaparentnodeinanupwarddirection.
AtthefirstleveloftheDNShierarchy,themajornodesare
comcompany
edueducation
govgovernment
milUSmilitary
netnetworkproviders
orgorganizationssuchasIEEE
Furthermore,wealsohavethecountrynodesatthefirstlevel,suchas
hkHongKong
ukUnitedKingdom
Eachdomainnameconsistsofasequenceoftermsdividedbyperiods.Thefirstoftheseistheleafnodeandthe
subsequentonesarethesuccessiveparentnodesuptilltheroot.Therearethreenodes:m,vbs,andcom.www
istheleafnode,vbsistheparentnodeofwww,andcomistheparentnodeofvbs.
Generallyspeaking,thisishowtheDNSdeterminestheIPaddressofadomainname.Intheinternet,thereare
many DNS servers, which are responsible for handling queries on finding the corresponding IP address for a
domainname.Distributeddatabasesaremaintainedforthispurpose.Whenanapplicationwantstodetermine
theIPaddressofadomainname,aprogramknownastheResolverisinvoked.TheResolverthenmakesaquery
totheassociatedDNSserver.
Nextgenerationinternet
The current IP is called IPv4 (i.e. version 4). A new version of IP called IPv6 has been developed for the next
generationinternet.Ithasthefollowingmainfeatures:
Use of 128bit addresses: IPv4 employs a 32bit address, which is not sufficient to cope with the rapid
growth of the internet. To enlarge the address space, IPv6 uses a 128bit address, which can support
significantmorehosts.
Page16
Support for multicast: The first generation internet supports only a unicast service. That means, if a
packetistobesenttomultipledestinations,multiplepacketsaretransmitted.Thisisobviouslyawasteof
networkresources.Incontrast,inamulticastroutingprotocol,asinglepacketistransmittedtargetedto
multipledestinations.Currently,multicastroutingprotocolsarebeingdevelopedforsupportingmulticast
servicesontheinternet.
Supportformultimediaapplication(dataflow):IPv6providesbettersupportformultimediaapplication.
In the new IP packet header, there is a flow label field for establishing data flows in the network.
Furthermore, a resource reservation protocol (RSVP) has been developed to reserve resources in the
networkinordertoprovideguaranteedserviceforrealtimemultimediatraffic.
Better security: IPv4 does not address security. To address this important issue, an IP Security (IPSec)
protocolhasbeendevelopedforIPv6.ThisprotocolcanalsobeusedforIPv4.Thisprotocolcanbeused
tosetupvirtualprivatenetworksovertheinternet,thusallowingbusinesspartnerstocommunicatewith
eachothersecurelyovertheinternetasiftheywereconnectedoveraprivatenetwork.
Websystemarchitecture
Thegeneralarchitectureofawebbasedecommercesystemconsistsofthefollowingcomponents:
Webbrowser:Itistheclientinterface.Essentially,itisusedfordisplayinginformationtotheuseraswell
ascollectingusersinputtothesystem.Servingastheclient,thewebbrowseralsointeractswiththeweb
serverusingtheHTTP.
Webserver:Itisoneofthemaincomponentsoftheservicesystem.Itinteractswiththewebclientas
wellasthebackendsystem.
Application server: It is the other main component of the service system and it hosts the ecommerce
applicationsoftware.
Backend system: It supports the service system for fulfilling the users request. In Internet: It is the
communicationplatformforthewebserverandthewebclientmanycases,itisadatabasemanagement
systemtoexchangeinformationwitheachother.
As the web client and the web server are not connected directly, we need a protocol for them to talk or
communicatewitheachotherovertheinternet.ThisprotocoliscalledtheHypertextTransferProtocol(HTTP).
Uniformresourcelocator
To identify web pages, an addressing scheme is needed. Basically, a Web page is given an address called a
UniformResourceLocator(URL).Attheapplicationlevel,thisURLprovidestheuniqueaddressforawebpage,
whichcanbetreatedasaninternetresource.ThegeneralformatforaURLisasfollows:
protocol://domainname:port/directory/resource
Herearesomeexamples:
http:hypertexttransferprotocol
https:securehypertexttransferprotocol
ftp:filetransferprotocol
telnet:telnetprotocolforaccessingaremotehost
The domainname, port, directory and resource specify the domain name of the destined computer, the port
numberoftheconnection,thecorrespondingdirectoryoftheresourceandtherequestedresource,respectively.
Page17
For example, the URL of the welcome page (main.htm1) of our VBS may be written as http:
//www.vbs.com/welcome/main.html. In this example, the protocol is http, the domainname is www.vbs.com,
thedirectoryiswelcome(i.e.,thefilemain.htm1isstoredunderthedirectorycalledwelcome).Notethatinthis
example,theportisomittedbecausethedefaultportfortheprotocolisused;thatis,formallytheURLshouldbe
specifiedashttp://www.vbs.com:80/welcome/main.htmlwhere80specifiestheportforHTTPasexplainedlater.
In some protocols (e.g. TELNET) where the user name and password are required, the URL can be specified as
follows:
protocol://username:password@domain_name:port/directory/resource
Whereusernameandpasswordspecifytheusernameandpassword,respectively.
Hypertexttransferprotocol(HTTP)
HTTP is a simple application protocol working under a clientserver computing environment. Basically, a client
issues a request to a server and then the server returns the response. The request is specified in text (ASCII)
format,whereastheresponseisspecifiedinMultipurposeInternetMailExtensions(MIME)format,whichdefines
different types of content types such as text, image, and audio. The common content types for a server's
responseare:
text/htmltextfileinhtmlformat
image/JPEGimagefileinJPEGformat
image/GIFimagefileinGIFformat
JPEG and GIF are different encoding techniques that compress an image for transmitting and storing so as to
reducethenumberofbytes(size)forrepresentingtheimage.
WewillfirsthavealookatHTTP1.0andsubsequentlywewillstudyHTTP1.1.
As discussed in the previous section, the basic operation of HTTP is as follows. The web client (e.g. your web
browserorevena"robot"program)makesaTCPconnectiontoawebserveratport80.Subsequently,anHTTP
requestconsistingofthespecificrequest,requiredheadersandadditionaldataisforwardedtothewebserver.
After processing the request, the web server returns an HTTP response consisting of the status, additional
headers,andtherequestedresourcesuchasawebpage.
HTTPrequest
Thegeneralformatoftheclientrequestisasfollows:
RequestmethodResourceaddressHTTP/Version_number
Generalheader(s)
Requestheader(s)
Entityheader(s)
Blankline
Entity(Additionaldata)
Page18

As described in the table above Requestmethod specifies the request method used. Resource_address is
essentiallytheURLthatspecifiesthelocationoftherequestedresourceinthewebserver.HTTP/Version_number
tells the web server what HTTP protocol the web client is using. There are three types of headers for passing
additional information to the web server, namely, Generalheader, Requestheader, and Entityheader. They are
describedinthetablesbelow.Finally,thewebclientcanpostadditionaldatatotheserveraftertheBLANKLINE.
ThisisusedinconjunctionwiththePOSTrequestmethod.
GET/vbs.htmlHTTP/1.0
Accept:image/gif,image/jpeg,*/*
This request message means that the client wants to get a document called vbs.htm1 from the server. The
documentislocatedattherootdirectoryoftheserver.Version1.0oftheHTTPisused.Theclientcanacceptany
contenttypeasindicatedby*/*butfortheimagecontent,GIFispreferredtoJPEG.Notethatnoadditional
datacanbeenclosedintheHTTPrequest.
Page19

HTTPresponse
Havingprocessedthewebclientsrequest,thewebserverreturnsaresponsetotheclient.Thegeneralformatof
theresponseisasfollows.
HTTP/VersionnumberstatuscodeResultmessage(Statusline)
Generalheader(s)
Responseheader(s)
Entityheader(s)
Blankline
Entitybody(e.g.,webpage)
Page20

Again,theHTTP/VersionnumberindicatestheversionofHTTPthattheserverisusing.TheStatusrodeindicates
the result of the request. The common status codes are given in Table above. The headers Generalheader(s),
Responseheader(s), and Entityheader(s) are used to pass additional information to the web client. General
headerandEntityheaderhavebeendescribedinpriortables.
Cookies
HTTP is a stateless protocol. That means, the web server will not keep users state or users information. For
example, when a web server receives an HTTP request, it does not know whether this request comes from a
previous client or a new client. In other words, there is no way to tell whether or not the current request is
related to a previous request. In many ecommerce applications, knowing the users state is an important
requirement.
Forexample,inashoppingcartapplication,theserverneedstoknowthecontentoftheusersshoppingcartin
ordertodisplaythe itemstotheuser correctly.To addressthisimportantissue,Netscapeproposeda method
calledcookiesforawebservertosavestatedataatthewebclient.Amaximumof20cookiesareallowedat
eachdomainandeachcookieislimitedto4Kbtopreventoverloadingthememoryoftheclientscomputer.
IfawebserverwantsawebclienttosavecookieitwillsendtheSetCookieheaderintheHTTPresponse.The
SetCookieheaderisoftheform:
Set-Cookie: Name=Value
WhereNameandValuearethenameandvalueofthecookie,respectively.Wheneverrequired,theclientwill
includethecookieintheHTTPrequestheaderusingthefollowingformat:
Cookie:Name=Value
Page21
This allows the users information to be passed to the server. Let us look at how cookies can be used to
implementasimpleshoppingcartforourVBS.Supposethattherearealreadytwoitemsintheshoppingcart.
The first item (Item1) has a product code of 11111 and the second item (Item2) has a product code of 22222.
When the client sends a HTTP request to put another item (say an item with product code 33333) into the
shoppingcart,theservercansetacookiebyincludingthefollowingcookieheader:
SetCookie:Item3=33333
Itmeansthatthethirditemhasaproductcodeof33333.InthenextHTTPrequest,theuserneedstosendtothe
serverthefollowingcookieheaders:
Cookie:Item1=11111
Cookie:Item2=22222
Cookie:Item3=33333
By reading the cookies, the server knows the content of the shopping cart so that it can be displayed in the
returnedwebpageaccordingly.
BesidestheSetCookieheader,thefollowingareextrainformationthatcanbeprovidedforthecookie(s).They
canbeaddedontheSetCookieheaderasshowninthelaterexample.
Commentprovidesinformationonthecookie(e.g.itsuse)
Domainspecifiesinwhichdomainthecookieiseffective
Expiresspecifieswhenthecookiewillexpire
Maxagespecifiesthecookieslifetimeinseconds
PathspecifiestheURLstowhichthewebclientshouldreturnthecookie(s)
Securespecifiesthatthecookieisreturnedonlyiftheconnectionissecure
Here is a simple example based on VBS. Suppose that the VBS web server wants to create a cookie called
Credit=111inordertoremembertheuserscredit.TheSetCookieheaderis:
SetCookie:Credit=111;secure;expires=Thursday,
07Dec20001O:OO:OOGMT;domain=.vbs.com;path=/
ItmeansthatthecookieCredit=111willbereturnedonlytoaSSLenabledserver.Theexpirydateofthecookieis
07Dec2000,10:00:00GMT.Thecookieiseffectiveunderthedomainnamevbs.com.Notethatpath=/means
thatthecookieappliestoanydirectoryundertherootdirectoryoftheserver.
HTTP/1.1
InHTTP/1.1,manyenhancementsareincludedtoimprovetheperformanceofHTTP,toenhanceitsfunctionality,
andtoeliminatethelimitationsofHTTP1.0.Generallyspeaking,HTTP1.1worksinasimilarmannertoHTTP/1.0
except that many additional headers are added so HTTP1.1 is upwardly compatible with HTTP1.0. Some of the
majorenhancementsaresummarizedasfollowsaccordingto:
Persistent connections and pipelining: In HTTP1.0, a connection is released after a request is served.
Obviouslythisisinefficientbecauseawebclientmaywanttoretrieveotherwebpagesfromthesame
webserver.InHTTP/1.1,aconnectioniskeptopensuchthatthewebclientcansendmultiplerequests
over the same connection. For example, after accessing the home page of the VBS, the customer may
want to read the company information by getting the corresponding web page from the web server.
Instead of opening a new connection for this request, it can be sent along the same connection.
Furthermore, a web client can send the next request without waiting for the response to the previous
request.Inotherwords,HTTP/1.1allowspipeliningofrequestsandresponses.Ifawebclientwantsto
Page22
close a connection, it can specify a close option in the Connection request header, i.e., Connection:
close.
EfficientuseofIPaddresses:CurrentlymanysmallorganizationsuseawebhostingservicefromISPs.For
example,wemayputtheVBSinanISPswebserversuchthatwedonotneedtosetupandlookaftera
web server ourselves. In HTTP/1.1, a Host header must be included in the HTTP request message to
specify the host name in the web server. This enables different organizations to share the same IP
addressofthewebserverthusallowingtheefficientuseofIPaddresses.
Rangerequest:HTTP/1.1allowsawebclienttoretrievepartofthefilebyusingtheRangeheader.For
example,iftheconnectionisbrokenwhilethewebclientisreceivingalargefile,itcanrequesttheweb
servertosendthefilefromthebreakpoint.Furthermore,therangerequestfunctionisusefulwhenthe
webclientwantsonlyaportionofalargefile.
Cache control: The purpose of caching is to shorten the retrieval time of web pages. It is done by
maintainingacachecopyofthepreviousresponsesinthewebbrowserortheproxyserversothatfuture
requestscanbeservedbythecachecopiesratherthanbytheoriginalservers.HTTP/1.0onlysupports
basiccachecontrol.Forexample,byusingtheExpiresheader,theoriginalservercantelltheproxyserver
whenacachecopyshouldberemoved.
Supportforproxyauthentication:HTTP/1.1providestheProxyAuthenticationandProxyAuthorization
headers for enabling proxy authentication. In principle, they work in a similar manner to the WWW
AuthenticationandAuthorizationheadersinHTTP/1.1,respectively.However,theProxyAuthentication
andProxyAuthorizationheadersareusedonahopbyhopbasis.
Better support for data compression: HTTP/1.1 provides better support for data compression. In
particular,awebclientcanspecifytheencodingmethodsuchasthecompressionscheme(s)thatis/are
supportedandpreferredbyusingtheAcceptEncodingheader.
Better support for language(s): In HTTP/1.1, a web client can specify the language(s) that is/are
acceptableandpreferred.
Support for content integrity: In HTTP/1.1, content integrity can be supported by the ContentMDS
header.
Additionalrequestmethods:FouradditionalrequestmethodsareaddedasdescribedinTable2.10.
However,theyarelesscommonlyusedthantheGET,POST,andHEADrequestmethods.
Page23
ClientSideProgramming
Thewebbrowserdownloadstherequiredinformationandprovidesthebasicdisplayontheclientsite.Todothis,
itdownloadswebpagesincludingHypertextMarkupLanguage(HTML)codesandotherwebpageelements(e.g.
JavaApplets)fromtherespectiveserver(s).Forexample,acustomermayaccesstheURLoftheVBSthroughhis
webbrowser.Afterreceivingtherequest,thewebserverofourVBSwillreturnthewebpagetothecustomer.
ThewebpagecontainsinformationontheVBSaswellasotherformsofinputelements.Essentially,itprovides
theuserinterface.Hence,weneedtocreatethewebsitesothatwhenthebrowseraccessesit,therequireduser
interfacecanbedisplayedtotheclient.
Thisprocessofsettingupthewebpagesorprogramsatthewebsitesforclientstoseetherequireddisplayis
referredtointhisbookasclientsideprogramming.Ingeneral,thisisdifferentfromsettinguptheuserinterface
inconventionalclientserverarchitecture.Inthatcase,theuserinterfaceprogrammingcodeactuallyresidesat
theclientside(i.e.,itisnotdownloadedanddisplayedwithinabrowser).
This is the reason that clientside programming in ecommerce is sometimes referred to as web Programming.
This is a very important distinction in clientside programming, as carried out in ecommerce systems. Besides
staticwebpages,onecouldalsocreateinteractiveordynamicwebpagesbydownloadingprogramcodeswritten
inanappropriatelanguagesuchasJavaScriptorJava.
In addition, multimedia elements such as image, video, animation, and sound could be included on the web
pages. In terms of ecommerce applications, clientside programming is mainly used for processing a sale
transaction, providing information on your business, and updating information in the backend system (e.g. a
database). This involves disseminating information or carrying out interactions with the server side over the
internet.
Importantfactorsinclientsideorwebprogramming
Tocarryoutclientsideprogramminginecommerceapplications,thereareseveraldifferentways,whichinclude
usingHTML,JavaScript,JavaApplets,andActiveXcontrols.Furthermore,onecouldalsouseplugins,whichare
applications ofdifferentsortsthatare embedded inawebpage forperformingspecialfunctions (e.g. showing
animations).
Whiletherearemanyclientsideprogrammingtechniquesavailable,HTMLandJavaScriptarecurrentlythemost
commonlyusedprogrammingtechniquesforbuildingtheuserinterfaceattheclientside.Averyimportantfactor
in client side programming for ecommerce applications is downloading time. This is the time required to
downloadawebpageanditsassociatedelementsfromtheserversidetotheclientsideovertheinternet.
Thisdependsonmanyfactors,includingthequalityofthenetworkandthetypeofconnectiontothenetwork.
ForB2Capplications,manyclientsarelikelytoaccesstheinternetusingdialupmodems,workingat56.6Kbpsor
below.InB2Bapplications,mostoftheclientscouldaccesstheinternetthroughEthernetconnectionsorleased
lineswithamuchhigherdatarate.Ingeneral,thedownloadingtimeshouldbekeptwithin15s,otherwiseitmay
becomeunacceptablefromtheclientspointofview.
Thislimitsorgreatlyinfluencesthechoiceofwebprogrammingtechniques.Generallyspeaking,thedownloading
timeforJavaAppletsis muchhigher thanthatofHTMLorJavaScript.For thisreason,whileearlyecommerce
applications may have sometimes utilized Java Applets, they are now only very sparingly utilized, if at all, to
addressspecialrequirements.Infact,JavaScript canperformmanyinteractionsatthe clientsidealready.Data
validationisanotherimportantfactortobeconsideredwhendevelopingauserinterface.Itcaninvolveseveral
aspectsandincludes
1. typechecking(e.g.,integer)
Page24
2. rangechecking(e.g.,betweentwonumbers,say1and122)
3. sequencechecking(e.g.,onecannotinitiateaneventinthepastretrospectively)
4. businessrequirementschecking
Generally speaking, points 13 can be validated at the client side by embedding programming code such as
JavaScriptwithintheHTMLdocument.Forpoint4,itisoftenperformedattheserversidebecauseitfrequently
requiresadditionalinformationfromthebackendsystem(e.g.database).
Itisimportanttonotethatinanecommercesystem,aclientislikelytobeataphysicallydifferentlocationfrom
the ecommerce application servers and hence technical support. In fact, he could be on the other side of the
world.Thus,theusabilityofaclientinterfacehastobekeptataveryhighstandard.
Theusabilityofacomputersoftwareismeasuredbyhoweasilyandhoweffectivelyitcanbeusedbyaspecific
set of users, given particular kinds of support, to carry out a defined set of tasks, in a defined set of
environmentshavingidentifiedfactorsbasedondifferentempiricalstudies.Astudyoftheliteratureindicates
that thefollowinglistoffactorswouldgiveacomprehensive coverageofthenotionofusability. Thesefactors
include
1.
2.
3.
4.
5.
6.
systemfeedback
consistency
errorprevention
performance/efficiency
userlike/dislike
errorrecovery
Systemfeedback:Thepurposeofsystemfeedbackistoinformtheuserswhatisgoingoninthesystematany
time. A welldesigned system should always provide users with appropriate feedback, including immediate
system feedback, acknowledgements, followups, and indications that an action request has been carried out.
Systemfeedbackischaracterizedbyseveralaspectsinparticulartoaddressthefollowingissues:
Wheredoestheerroroccur(i.e.errorlocalization)?
Ifanactionisnotallowed,doesthesystemgivethereason?
Doesthesystemgivepromptsonhowtoproceed?
Doesthesystemletoneknowwhereoneis?
Doesthesystemexplainwhyanactioncannotbeperformed?
Doesthesystemacknowledgethatanactionrequestedhasbeencarriedout?
Inadequatesystemfeedbackhasseveralcomponentsandtheseinclude:
numberoftimesdialogue/feedbackismissing
numberoftimesdialogue/feedbackisunnecessary
numberoftimessystemfeedbackconfusestheuser
numberofmessagesthatareirrelevant
numberofactionstakenwhichleadtorepeatedfeedbackmessage
numberoftimestheusermakesthewrongchoiceofactionduetoimpropersystemfeedback
Consistency: The interface should be consistent in terms of the look, feel, and behavior throughout the
applicationandwithotherapplicationsinthesame domain. Mostguidelinesseektofulfill thisimportantgoal.
Thisconsistencyshouldbemaintainedacrossavarietyofissuessuchasmessagedisplaymethods,coloruse,key
definition,dataentrymethods,etc.
Page25
If the user interface is consistent, it reduces the amount of uncertainty that the user faces when using the
interface. It is also likely to reduce the number of erroneous interpretations or actions that the user makes.
Consistency of the interface has a number of components and these include consistency with respect to the
following:
1.
2.
3.
4.
5.
6.
7.
8.
Messagedisplaymethods(prompts,warnings,helps)
Coloruse(entryform,menuandsubmenu,foreground/background)
Keysdefinition
Dataentrymethod
Menu,dialogue,andwindowdisplaymethods
Menuhierarchythatisconsistentwiththerealworld
Terminologyusedisthesameasinreallifeinthatdomain
MenuoptionshavetobeconsistentwithMenuTitle.
The issue of consistency with other applications in the same domain is very important for ecommerce
applications, particularly B2C applications as the user is unlikely to remember what different things meant
betweenonevisitandanother.
Error prevention: Error prevention is an important goal of the design of the client user interface. If the user
interfacespecificallyhelpstheusertoavoidmakingerrors,itincreaseshisefficiency.Itwillalsoreducethelevel
offrustrationtheuserislikelytoexperiencewiththeuserinterfaceandthereforebringaboutgreateracceptance
oftheuserinterfacebytheuser.Thereareseveralaspectsthatneedtobetakenintoaccountinerrorprevention
andtheseinclude
numberoferrorsencounteredduringtask
numberofwrongkeystrokes/presscausingerrormessages
numberoftimesthesamekeyispressedwithoutthedesiredresponse
numberofextrakeypressesthatareunnecessary
numberoftimesthesameerrorencountered
numberofstepsmissingcomparedwithrealworldexecution
Performance/Efficiency: Performance or efficiency is a quality of the user interface that determines how
effectivelyorefficientlytheusercancompletehistasks.
Performanceandefficiencyhaveanumberofcomponentsandtheseareasfollows:
1.
2.
3.
4.
numberofgoals/tasksnotachieved
timetakenfortaskcompletion
unproductiveperiod
percentageoftasksnotcompleted
Like/dislike: Unlike the aforementioned factors, which characterize the manner in which the user interface
facilitates user effectiveness or efficiency, the like/dislike factor measures user preference. This essentially
indicatesthelevelofsatisfactionthattheuserfeelswiththesystemandtheuserinterface.
Error recovery: Error recovery is that quality of the system of the user interface which allows the user to exit
from a situation that the user did not intend to be in. Users frequently choose the wrong option or enter the
wrongdataandtheyarelikelytofindthemselvesinanerrorstatefromwhichtheyneedtorecover.Themanner
inwhichthesystemfacilitatesthisrecoveryfromerrorcouldreducethetimetheuserspendsrecoveringfrom
thiserrorstate.Recoveryfromerrorconsistsofanumberofcomponentsandtheseinclude:
Page26
numberoftimestheuserhastoredothetask
numberoftimestheuserdidnotcontinue
numberofactionstakenthatdonotsolvetheproblem
numberofminutes(hours)spentononeerrorrecovery
percentageofalltimespentonerrorrecovery
numberoftimestheuserhastorerobot/startagain
Inadditiontothesefactors,onealsoneedstoaddthefollowingfourinthecaseofclientsideprogrammingon
theinternet,namely
browsercompatibility
attractiveness
suitablenavigationalstructure
asitesearchengine
Page27
OverviewofHTML
HTMListhe commonly usedmarkuplanguageforwebpublishing,andJavaScriptisoften usedtoenhancethe
functionality ofHTML.HTMLisamarkuplanguage fortellingaWebbrowserhowtoformatanddisplayaWeb
page.ItcanbeviewedasasubsetoftheStandardGeneralizedMarkupLanguage(SGML),whichisfordefining
generaldocumentformat.Predefinedtagsareemployedtodescribetheformatofadocument.Forexample,by
puttingthewordItalicsinsidethe<I></I>tagpair(i.e.,<I>Italics</I>),thewordItalicswillbedisplayedby
theWebbrowserinItalicsform.Mosttagshaveastarttagandanendtag(alsocalledcontainertags)andthe
contentisembeddedbetweenthetwotags.Sometagsarestandaloneonlywithoutanycontent.Anexampleis
the <HR> tag, which adds a horizontal rule. For most tags, one can also specify its attributes so as to define
additionalpropertiesaboutthetag.Forexample,onecanchangethefontfacebyapplyingtheFACEattributeof
the<FONT>tagasshownbelow:
<FONTFACE=Arial>thefontfaceisArial.</FONT>
BasicstructureofanHTMLdocument
Basically,thestructureofanHTMLdocumentisdefinedasfollows:
The <!DOCTYPE> tag specifies the version of the HTML document and other related information. <HTML> and
</HTML> tags define the start and the end of an HTML document, respectively. Within the <HTML> tag pair,
therearetwomainsectionsnamelytheHEADsectionasincludedinsidethe<HEAD></HEAD>tagpairandthe
BODYsectionasincludedinsidethe<BODY></BODY>tagpair.TheHEADsectionprovidesinformation(e.g.the
document title) for the web browser to process the document but the information is not displayed. The web
browseronlydisplaystheinformationwithinthe<BODY></BODY>tagpair,InanHTMLdocument,userscanalso
insert comments inside the comment tag pair: <! and >. The comments are not displayed by the web
browser.Intheaboveexample,commentsareusedtotellyouwhatshouldbeputinsidetherespectivetags.The
commonattributesofthe<BODY>tagaregivenasfollows:
In conventionalHTML, colors are represented by a hexadecimal code. For example, black and white colors are
representedbythecodes#OOOOOO"and#FFFFFF,respectively.
Page28
Basictextformatting
Letusfirstlookatasimpleexamplethatshowsmostofthebasicformattingfeatures.Thecorrespondingweb
page is shown
below:
Heading
The heading tags <HI> and <H2> are used to create a first and second level heading, respectively. Altogether
there are six levels of headings: <H1>,<H2>,. .. ,<H6>. The ALIGN attribute specifies the alignment method.
Possible options are LEFT, CENTER, and RIGHT. For instance, in the earlier example, the first level heading is
alignedtothecenterwhereasthesecondlevelheadingisalignedtotheleftbecausenoattributeisspecified,so
thedefaultalignmentmethodisused.
Page29
Paragraph
Youcandefinethestartandtheendofaparagraphbyusingthe<P>and</P>tags,respectively.Similartothe
headingtag,theALIGNattributecanbeusedtospecifythealignmentmethod.
Font
As shown in the example, the <FONT> tag is used to define the font properties. Its common attributes are as
follows:
Otherspecialtagsforformattingtext
Wecanalsosetthetextinitalicsbyusingeitherthe<EM>or<I>tag.Forunderliningthetext,the<U>tagcanbe
used.The<STRONG>tagcanbeused todisplaythetextusingboldface.Alternatively,the<B>tagcanbeused
for the same purpose. The <SUB> and <SUP> tags are for displaying text as subscript and superscript,
respectively.Tocreateblinkingtext,wecanputthetextbetweenthe<BLINK>and</BLINK>tags.
3.5.5Horizontalrule
Toinsertahorizontalrule,the<HR>tagisused.Itscommonattributesareasfollows:
Notethatthewidthofahorizontalrulecanbesetintermsofpixelsorapercentageofthewebpagewidth.
Lists
Toformattextusingalistforeaseofreading,theCOL>or<UL>tagcanbeused.COL>and<UL>areforcreating
anorderedlistandunorderedlist,respectively.Aftercreatingthelisttag,thelistitemsarespecifiedbythe<LI>
tag.
TheTYPEattributeofthe<OL>tagspecifiesthenumberingstyleofthelist.Theavailableonesare:
TYPE=1Arabicnumeralsstartingfrom1
TYPE=aalphabeticalorderstartingfroma(i.e.smalllettersareused)
TYPE=AalphabeticalorderstartingfromA(i.e.capitallettersareused)
TYPE=ilowercaseRomannumeralsstartingfromi
TYPE=IuppercaseRomannumeralsstartingfromI
Page30
Tospecifythestartingvalueoftheorderedlist,wecanusetheSTARTattributeoftheCOL>tag.Forexample,<OL
TYPE=1START=6>meansthatthefirstitemoftheliststartsat6.Forthe<UL>tag,theTYPEattributespecifies
thebulletshape.Theavailableonesare:
TYPE=CIRCLEthebullettypeisacircle
TYPE=DISCthebullettypeisadisc
TYPE=SQUAREthebullettypeisasquare
The <LI> tag has the same attributes as the corresponding <OL> or <UL> tag. Therefore, we can override the
originalattributebyapplying thenewattributein therespective<LI>tag.Furthermore, forthe <LI>tagofthe
orderedlist,wecanassignanewvaluewiththeVALUEattribute.Forexample,<LITYPE=1VALUE=11>specifies
thattherespectiveitemisassignedasthe11thitemirrespectiveofthepreviousorder
Links
Links(orhyperlinks)arethemostpowerfulfeatureofanHTMLdocument.Theyareusedtolinkwebpages.For
exampleourVBSwebpagecanbelinkedtoapublisher'swebpage.Thetwowebpagescanbesituatedintwo
different web servers that may be distant from each other. The computer screen is twodimensional but the
internetspaceisinfinitebecausethehyperlinksgiveHTMLfilesaninfinitedepth.Thefollowinggivesanoverview
ofhyperlinks.Linksaredefinedbytheanchortagpair:<A>and</A>.Forexample,abasichyperlinklookslikethe
following:
<AHREF=http://www.interwebs/art.html>Art.</A>
In this example, the word "Art is underlined and colored. When it is clicked, the browser links to the URL
http://www.interwebs/art/home.htmlasspecifiedbytheHREFattribute.RecallthatintheURL,"http"standsfor
the hypertext transfer protocol, "www.interwebs.com " is the server name, "art is the directory, and, "home
.html"istheHTMLfile.Wecanalsosetupanemaillinkwiththe<A>tag.Itiswidelysupportedbymostbrowsers
suchasNetscapeandInternetExplorer.
Images
The<IMG>tagisusedforincludingimagesinawebpage.Itscommonattributesareasfollows:
HereisanexampleofinsertingtheimageofaVBSLogo(VBS.gif):
<IMGSRC=VBS.gif'HEIGHT=100WIDTH="100"ALIGN="LEFT"BORDER="1"ALT="VBS">
Itmeansthattheheightandwidthoftheimageisof100pixelseach,thealignmentistotheleft,andtheborder
widthis1pixel.Whentheimageisnotavailable(e.g.,whenthebrowserisgettingtheimage),thetext"VBSis
Page31
displayed. One can also create an image link by embedding the <IMG> tag inside the <A>< /A> tag pair. For
example,forcreatinganimagelinkusingtheVBSlogo,onecanwriteitas
<AHREF="main.html"><IMGSRC=''VBS.gif''></A>
Tables
Tablesaretypicallyusedtoorganizeinformationinastructuralmannerforeaseofreading.Inaddition,theyare
commonlyusedforfacilitatingthelayoutofwebpagecomponents.Forinstance,wecanformatawebpageina
twocolumnformatusingaborderlesstableandthenplacethenavigationbuttonsandthecontentintotheleft
andrightcolumn,respectively.Note,however,thatunlikeusingframes,thenavigationbuttonsandthecontent
arecontainedinthesamewebpage.Basically,atableiscreatedbyusingthefollowingtags:
The <TABLE></TABLE> tag pair specifies the beginning and the end of a table, respectively. The <TR></TR> tag
pairdefinesatablerowandthe<TD></TD>tagpairdefinesadatacell.Therefore,thistablehastwocolumns
andtworowsbecausetherearetwo<TR></TR>tagpairsandeachrowcontainstwodatacells.Inthefirstrow,
the <TH></TH> tag pair specifies the heading cell. The common attributes of the <TABLE> tag are given as
follows.Theyareusedforformattingatable:
Aftersettingupthebasicstructureofatable,the<TR>,<TH>,and<TD>tagsareusedtoconstructtherows,the
headingcells,andthedatacells,respectively.
If we specify an attribute for the <TR> tag, it will be applied to all the data cells of that row. For changing the
attribute of a data cell or a heading cell, we can override the original attribute with a new attribute in the
respective<TH>or<TD>tag.
Page32
If we do notspecify any attribute, the web browser will use the default attributes. The common attributes for
thesetagsaregivenasfollows.
Frames
Very often, a company wants to display multiple Web pages on a browser. In HTML, frames are available for
satisfyingthisrequirement.Forexample,acompanymaysetupaLEFTframeandaRIGHTframefordisplaying
thenavigationbuttonsandthecontent,respectively.Thenavigationbuttonsandthecontentcanbewrittenin
twodifferentHTMLfiles.Tosetupframes,weneedtousethe<FRAMESET>tagtodefinetheframeformatand
thenusethe<FRAME>tagtodefinetheframecontent.Thecommonattributesofthe<FRAMESET>tagare:
Wherec x andr x andarethesizesofthexthcolumnandrow,respectively.Theunitsareexpressedintermsofa

percentageofthedocumentwidthorpixels.Furthermore,wecanuse*totellthebrowserhowtoallocatethe
availablespace.Letuslookatafewexamples.<FRAMESETCOLS=*,*>canbeusedtosetuptwocolumnframes
(leftandright)withequalwidth.Ifweuse3*insteadof*fortherightframe(i.e.,<FRAMESETCOLS="*,3*>),
this will set the right frame three times the size of the left frame. What does <FRAMESET ROWS=20%,*, 3*
mean?
It means that there are three row frames. Starting from the top of the browser, the first frame is 20% of the
browserwindowinheight.Forthelasttwoframes,thethirdoneisthreetimesthesizeofthesecondone.After
defining the frame layout using the <FRAMESET> tag, we need to specify the frame content by using the
<FRAME>tag.Thecommonattributesofthe<FRAME>tagareasfollows:
Page33
Againletuslookatsomeexamples.Ifwewanttospecifythreecolumnframes(called,say,LEFT,MIDDLE,and
RIGHT)
of
equal
width,
the
corresponding
HTML
code
is
as
follows:
WhereSRCspecifiestheinitialHTMLfilefortheframe.Manycompaniesliketodividetheirwebpagesintothree
frames:abannerframe,fordisplayingthecompanybanner;anindexframe,forshowingthenavigationbuttons;
andacontentframe,forpresentingthecontent.Thiscanbedoneusingnestedframesasfollows:
Whenahyperlinkisclicked,theTARGETattributeofthe<A>tagdeterminesinwhichframethecorresponding
HTMLpageisopened.Forexample,supposethattherearetwoframes,namely,
Page34
Forms
Formsaregenerallyusedtoobtaindatafromtheclientforsubmissiontotheserver.Typically,aprograminthe
server is invoked to process the data, possibly with the assistance of the backend system. The result (in most
cases,anHTMLfile)willthenbepassedtothewebclientbyusingtheHTTP.Ingeneral,anHTMLformhasthe
followingformat:
<FORMACTION=ProgramURLMETHOD=GETorPOST>
<!Putforminputelementshere>
</FORM>
TheACTIONattributeprovidestheURLoftheprogramforprocessingtheformdata,andtheMETHODattribute
specifiesthemethodforpassingdatatotheserver(i.e.,byusingGETorPOST).RecallthatifGETisused,datais
attachedtothedestinedURLusingaquerystring.IfPOSTisused,datawillbeembeddedinsidetheHTTPrequest
message.Betweenthe<FORM>and</FORM>tags,differentforminputelementscanbeincluded.Mostofthem
aredefinedbythe<INPUT>tag.Thecommonattributesofthe<INPUT>tagareasfollows:
HTMLFormsTheInputElement
Themostimportantformelementistheinputelement.Theinputelementisusedtoselectuserinformation.An
inputelementcanvaryinmanyways,dependingonthetypeattribute.Aninputelementcanbeoftypetextfield,
checkbox,password,radiobutton,submitbutton,andmore.
Themostusedinputtypesaredescribedbelow.
TextFields
<inputtype="text"/>definesaonelineinputfieldthatausercanentertextinto:
<form>
Firstname:<inputtype="text"name="firstname"/><br/>
Lastname:<inputtype="text"name="lastname"/>
</form>
Note:Theformitselfisnotvisible.Alsonotethatthedefaultwidthofatextfieldis20characters.
PasswordField
<inputtype="password"/>definesapasswordfield:
<form>
Password:<inputtype="password"name="pwd"/>
</form>
Note:Thecharactersinapasswordfieldaremasked(shownasasterisksorcircles).
RadioButtons
<inputtype="radio"/>definesaradiobutton.RadiobuttonsletauserselectONLYONEofalimitednumberof
choices:
<form>
<inputtype="radio"name="sex"value="male"/>Male<br/>
<inputtype="radio"name="sex"value="female"/>Female
Page35
</form>
Checkboxes
<inputtype="checkbox"/>definesacheckbox.CheckboxesletauserselectONEorMOREoptionsofalimited
numberofchoices.
<form>
<inputtype="checkbox"name="vehicle"value="Bike"/>Ihaveabike<br/>
<inputtype="checkbox"name="vehicle"value="Car"/>Ihaveacar
</form>
SubmitButton
<inputtype="submit"/>definesasubmitbutton.
Asubmitbuttonisusedtosendformdatatoaserver.Thedataissenttothepagespecifiedintheform'saction
attribute.Thefiledefinedintheactionattributeusuallydoessomethingwiththereceivedinput:
<formname="input"action="html_form_action.asp"method="get">
Username:<inputtype="text"name="user"/>
<inputtype="submit"value="Submit"/>
</form>
File
<inputtype="file"/>isusedforfileuploads.
Example
<inputtype="file"/>
Hidden
<inputtype="hidden"/>definesahiddenfield.Ahiddenfieldisnotvisiblefortheuser.Hiddenfieldsoftenstore
adefaultvalue,orhavetheirvaluechangedbyaJavaScript.
Example
<inputtype="hidden"name="country"value="Norway"/>
Image
<inputtype="image"/>definesanimageasasubmitbutton.
Thesrcandaltattributearerequiredwith<inputtype="image">.
Example
<inputtype="image"src="submit.gif"alt="Submit"/>
TextArea(CommentBox)
Textarea is not defined by the <INPUT> tag but by the <TEXTAREA> tag. It is typically used for collecting
customer'scomments.TheROWSandCOLSattributesspecifythenumberofrowsandcolumnsforthetextarea,
respectively.Forexample,thefollowingTEXTAREAhassixrowsandtencolumns
<textareaNAME=InputNameROWS=6COLS=10></textarea>
CascadingStyleSheets
Ingeneral,awebpagehasthreemaincomponents,namelypresentationstructure(referredtoasstructurefor
simplicity),styleandcontent.IntheearlyHTMLversions,thestructureandstyleareintegrated.Letuslookat
thefollowingexample:
Page36
<PALIGN=CENTER>Thisisaparagraph</P>
Inthisexample,thestructureisdefinedbythe<P>tag(itdefinesthatthisisaparagraph),thestyleisgivenby
theattributeinsidethe<P>tagandthecontentisthesentence"Thisisaparagraph.InHTML4.0,Cascading
StyleSheet(CSS)isavailabletoseparatethestylefromthestructure.Hence,itenableswebdesignerstocontrol
thestyleofawebpageinamoreflexiblemanner.Forexample,byusingCSS,asinglestylesheetcanbeapplied
to different web pages that require the same style (i.e., to fulfil1 the consistency requirement as discussed
earlier).TherearethreetypesofCSS,namely
externalstylesheets
embeddedstylesheets
inlinestylesheets
ExternalStyleSheets
Forexternalstylesheets,thestyledefinitionsarestoredinaseparatefilewithafileextensionof.css.Using
externalstylesheets,ourVBScanmaintainaconsistentstylebyapplyingthesamestylesheettoalltheHTML
files.TocreateanexternalstylesheetforanHTMLfile,therearetwobasicsteps:
Step1:Createthefollowing<LINK>tagintheHEADsectionoftheHTMLfile:
<LINKREL="stylesheet"HREF="external_stylesheet.css'>
whereRELspecifiesthatastylesheetistobeusedandHREFspecifiestheURLoftheexternalstylesheet.
Step2:Createtheexternalstylesheetandsaveitasthespecifiedfile.
Letuscreateanexternalstylesheetcalled"style.cssasfollows:
BODY{fontcolor:blue;fontfamily:TimesNewRoman;
fontsize:20pt}
A:link{color:red}
H1{fontweight:bolder}
H2{fontweight:bold}
Inthisexample,theexternalstylesheetspecifiesthefontcoloroftheBODYsectiontobe"blue",thedefaultfont
tobe"TimesNewRomanandthedefaultfontsizetobe20pt.Forthereferencelinks,thedefaultcoloris"red".
The fontweight of the first and second level headings is set to be bolder and bold, respectively. Besides the
backgroundcolor,fontstyle,andfontproperties,awebdesignercanalsoapplythefollowingstylepropertiesto
awebpage:
Pagelayoutpropertiesonthepagemargin:
marginx
where"xistheattributeincludingleft,right,top,orbottom.
Otherbackgroundproperties:
Backgroundx
where"x"istheattributeincludingcolororimage.
Fontproperties:
fontx
where"x"istheattributeincludingstyle,family,size,orweight.
Borderproperties:
borderx
Page37
whereX"istheattributeincludingstyle,width,orcolor.
Embeddedstylesheets
Insteadofusinganexternalstylesheet,wecanalsoembedthestyledefinitionsinsidetheHEADsectionofthe
HTMLfile.Thisiscalledembeddedstylesheets.Inthiscase,thestyledefinitionsareputbetweenthe<STYLE>
and</STYLE>tagswithintheHEADsectionoftheHTMLfileasshownbelow:
<HEAD>
<STYLETYPE=text/css">
<I
Putthestyledefinitionshere
>
</STYLE>
</HEAD>
TheTYPEattributespecifiesthecontent(MIME)typeofthestyle.Inmostcases,itis"text/css.11Asyoucan
see,allthestyledefinitionsareembeddedwithinthecommenttags<and>.Thisallowsbrowsersthatcannot
support CSS to ignore the style definitions by processing them as comments. The previous style sheet can be
embeddedwithintheHEADsectionasfollowstocreatethesamestyle.
Ingeneral,ifwewanttocreateasetofwebpageswiththesamestyle,theexternalstylesheetshouldbeused.
Ontheotherhand,ifwewanttodesignawebpagewithauniquestyle,theembeddedstylesheetprovidesa
bettersolution.
lnlinestyle
Insomesituations,wemaywanttoapplyastyleruletopartofawebpage(e.g.,aparagraph).Inthiscase,the
inlinestylecanbeused.Supposewewanttosetthestyleofaheading,thiscanbedonebythe<STYLE>attribute
asfollows:
Bydoingso,thecontentbetweenthe<HI>and</HI>tagsisreformattedusingthestyleruleasdefinedbythe
STYLEattribute.ApartfromusingtheSTYLEattribute,userscanalsocreatethesameeffectbyusingtheCLASS
attribute.Thiscanbeusedinanexternalstylesheetaswellasinanembeddedstylesheet.ByusingtheCLASS
attribute,thedefinedstylerulecanbereusedelsewhereinawebpage.Itisbesttoexplainwithanexample.In
thisexample,ausercanspecifytwodifferentstylesforthe<HI>tagusingembeddedstylesheetasshownbelow:
Page38

The first one and the second one give the default style and the style for the first level heading requiring italic
display,respectively.Ifwewanttodisplayafirstlevelheadinginitalic,theCLASSattributecanbespecifiedas
follows:
TheSTYLEandCLASSattributesworkfinefortextwithincontainertags(i.e.,thosewithopenandclosetags).For
noncontainertags,wecanusethe<DIV></DIV>tagpairtoapplythestyleasfollows:
Inthefirstcase,ausercanspecifytherequiredinlinestyleforthetextbetweenthe<DIV>and</DIV>tags.Inthe
secondcase, thestyleasdefinedbythe"NameOfClass"willbeapplied tothecontentbetweenthe<DIV>and
</DIV>tags.Alternatively,wecanusethe<SPAN></SPAN>tagpairforthesamepurpose.
JavaScript
WhatisJavaScript?
JavaScriptisascriptinglanguageproposedbyNetscapetoenhancethefunctionsofHTML(e.g.formvalidation).
Itisoftencalledanobjectoriented(00)scriptinglanguagewithsyntaxlookinglikeJava.Inparticular,itcanbe
usedtomakeawebpagemoreinteractiveanddynamic.
It is supported by most commonly used browsers including Microsoft's Internet Explorer and Netscape's
Navigator.Unliketheserversideprograms,aJavaScriptcodeisincludedinanHTMLdocumentandexecutedon
theclientside.
BasicstructureofJavaScript
AJavaScriptcodeisembeddedbetweenthe<SCRIPT>and</SCRIPT>tagsasfollows:
Page39
In the example, the LANGUAGE attribute specifies that JavaScript is used. Other scripting languages such as
VBScriptcanalsobeused.TheJavaScriptcodeisputbetweenthecommenttagpair,i.e.,<!and//>sothat
ifthebrowserdoesnotsupportJavaScript,thecodewilljustbeprocessedasacommentratherthananerror.For
complexJavaScriptcodes,theycanbestoredinaseparatefilewithafileextensionof.js.
Inthiscase,theJavaScriptcode(s)canbelinkedtotheHTMLfilebyusingtheSRCattributeofthe<SCRIPT>tag
asfollows:
whereJavaScriptURLspecifiestheURLoftheJavaScriptcode.
AsimpleJavaScriptexample
InJavaScript,therearethreemainobjects,document,form,andlocation,asdescribedbrieflyhere:
Documentobjectforprovidinginformationonthedocument,suchaspagecharacteristics,links,etc.
Formobjectforprovidinginformationontheform(s)usedinthecurrentwebpage,suchasinformation
onaparticularformelement.
Locationobjectforprovidinglocationrelatedinformationforthecurrentwebpage,suchasURL,host
name,directorypath,etc.
Inmanycases,aJavaScriptcodeisinvokedwhenacertaineventoccurs(e.g.,whenaformissubmittedorthe
mouseisclicked).JavaScriptprovidesanumberof"eventhandlers"forhandlingthisrequirement.Somecommon
eventhandlersareasfollows:
onClickindicatesthatthemouseisclicked
onMouseOverindicatesthatthemouseismovedoveraspecificelement
onSubmitindicatesthattheformissubmitted
onKeyPressindicatesthatakeyispressed
Let us first look at a simple JavaScript example for displaying a welcome message, the URL of the current web
page,andthecurrentdate.TheJavaScriptcodeisasshownbelow:
Page40
Inthisexample,the"write"methodofthe"document"objectisusedtowritetheHTMLfileusingthestandard
HTML tags. By using the tostring ( ) method of the "location object, the current URL can be displayed.
Furthermore,wecanprintoutthecurrenttimebyusingthebuiltinDate()methodorfunction.
FormvalidationusingJavaScript
AnimportantapplicationofJavaScriptisforformvalidation.Inthissection,wepresentasimpleformvalidation
example.Supposethataformiscreatedasfollows:
Asyoucansee,thisformisusedtocollectthename,registrationstatus,dateofbirth,andemailaddressofa
customer. To validate the input data, we need to check that the "Name" field is not empty, one of the radio
buttonsisselected,the"email"fieldcontainsthecharacter@"andthe"Date"fieldcontainsavaliddate.These
arethecommonlyusedformvalidationprocedures.ThecorrespondingJavaScriptcodeisshowninFigure3.7.Let
usexplainthekeypointsasfollows.
Page41
Theformisvalidatedbyafunctioncalled"validation"andtheinputargumentiscalled"qform."Thevalueofthe
"Name" field is identified by "qform.name.value. Hence, if it is empty, an alert message will be displayed by
usingthealertfunction.NotethatthealertfunctionisprovidedbyJavaScriptandtheinputargumentisthealert
message. qform.register[i] .status" (i=0, 1) can be used to determine whether the (i+1)th radio button is
checked. If it is not checked, the status will be false. By checking the status of the radio buttons, we can
determinewhetherthecustomerhasbeenregistered.Ifnot,analertmessagewillbedisplayedaccordingly.To
check whether a valid date is entered for the "Date of birth" field, we can combine the field elements (i.e.,
qform.year,qform.month,andqform.day)intoadatevariableusingtheDate()methodasfollows:
vardatefield=newDate(qform.year.value,qform.month.value,qform.day.value);
Thenwecancheckwhetherthe"datefield"isvalidornotusingthe"isNaN()methodasfollows:
Page42
If it is invalid, the results will be "NaN. In this case, an alert message will be displayed accordingly. To check
whetherthe"emailfieldcontainsthecharacter@,wecanusetheindexofmethodasfollows:
qform.email.value.indexof("@)==1
Ifthisstatementistrue,itmeansthattheemailfielddoesnotcontainthecharacter@,sothecorresponding
alertmessageshouldbedisplayed.Inthe<FORM>tag,weneedtoactivatethevalidationfunctionasfollows:
<FORMACTION=/servlet/vbs/processform"METHOD="POST"onSubmit="returnvalidation(this)">
Itmeansthatwhentheformissubmitted(asdetectedbytheonSubmiteventhandler),the"validationfunction
istriggeredtovalidatetheform.Notethatthe"this"parameterreferstothecurrentformobject.Ifthevalidation
result is false" (i.e., the validation fails), the submission will not be proceeded, otherwise the form will be
submitted to the server for processing by the program "vbs.processform stored under the "servlet directory.
TheaboveisasimplebutacommonlyusedexampletoshowhowJavaScriptcanbeusedforformvalidation.
Page43
ServerSideProgramming
Now, we explored how to build the web system using various clientside programming and web publishing
techniques.
However, in ecommerce applications, clientserver programming is of the utmost importance. The facilities
providedrangefromsimpleelectronicformsubmissionsystemstomoresophisticatedshoppingcartsystemsin
aninteractivecyberstore.
Whendesigningserversideapplications,weneedtoconsidermanydifferentfactorssuchasefficiency,security,
costeffectiveness,andcompatibility.TraditionalCommonGatewayInterface(CGI)programmingtechniquesmay
becomedeficientundertheseconsiderations.
TheThreeTierModel
Earlier,weintroducedthe(threetiermodelforbuildingecommerceapplications.Asanintroductiontoserver
side programming, let us revisit the threetier model before discussing various serverside programming
techniques.
Toachievethepurposesofmodulardesignandplatformindependence,webbasedecommerceapplicationsare
usuallydevelopedbasedonthethreetiermodelasshowninfigurebelow.
Bymeansofthethreetiermodel,wecanseparatethebusinesslogicofthewebapplicationsfromthefrontend
(i.e..webclient)andthebackend(i.e.databasesystems).
Thisgivesusamoreflexibleandscaleablesystem.
Insummary,thethreetiermodelhasthefollowingcomponents:
1. ThefirsttierWebclient:
The first tier provides a webbased Graphical User Interface (GUI) displayed through a web
browser in the client computer. Implementation of the web client in the web application is
usuallyreferredtoasWebpublishingandClientsideprogramming.
2. ThesecondtierServersideapplication(SSA):
The second tier consists of serverside applications that run on a web server or a dedicated
applicationserver.Ingeneral,theseapplicationsimplementthebusinesslogicofthewebsystem.
Here,wewillgiveanoverviewofthefollowingserversideprogrammingtechniques:
CommonGatewayInterface(CGI)
ActiveServerPage(ASP)
JavaServlets
Wewillalsocomparetheiradvantagesandshortcomings.
Page44

3. The third tier Database management systems (DBMS): The third tier provides data storageretrieval
services for the second tier so that dynamic web pages can be created. Depending on the system
requirements,thethirdtiermayconsistofonedatabaseoragroupofdatabases(i.e.databasecluster).
TobridgethesecondtierserversideapplicationsandthebackendDBMS,therearenumerousways
toprovidethedatabaseconnectivity.ApopularmethodisbymeansofJDBCsuchasaJDBCODBC(Java
Database ConnectivityOpen Database Connectivity) bridge. Alternatively, other techniques such as
Proprietary Network Protocol drivers and Native API drivers can also be used. To facilitate
communicationwithadatabase,theStructuralQueryLanguage(SQL)isoftenused.
Ingeneral,thethreetiermodelhasthefollowingadvantagesoverthetraditionalsingletierortwotiermodel,
especiallyforwebapplications:
Its modular design or layered architecture facilitates the change or replacement accessed from almost
anywhere.
Usingbrowsersasthewebclientsallowsdifferentapplicationstosharethesamelookandfeel.
As web browsers can be found in almost all computers, web applications can be of one tier without
affectingtheothertiers.
Anotherimportantrequirementinecommerceapplicationsisstatetracking,orsessiontracking.AsHTTPisa
statelessprotocol(i.e.,itdoesnotkeeptrackoftheusersstate),sessiontrackingandmanagementtechniques
arerequiredforsupportingmanyecommerceapplicationfunctionissuchasuserloginandshoppingcarts.
Page45
CommonGatewayInterface(CGI)
CGIFundamentals
Earlywebpageswerestatic.Inotherwords,aclientcouldrequestonlyastaticHTMLdocumentfromtheweb
serverasshowninFigure4.2.Later,CGIprogrammingtechniqueswereintroducedtoeliminatethisconstraint.
CGIprogrammingallowsawebclienttopassdatatoaserversideapplicationsothatadynamicwebpagecanbe
returnedtotheclientaccordingtotheinputdata.
Figureaboveexplainstheretrievalofastaticwebpage.Whenthewebbrowserreceivesaclientrequest,itgoes
to the designated URL on a specific web server to retrieve the required static HTML document. Note that the
contentisindependentoftherequest,inthesensethateveryonewhomakesarequestofthatparticularURL
getsthesamedocument.
Ifwearetoallowinteractivitybetweenthewebclientandthewebserver,oneneedsaserversideprogramming
techniquetogeneratedynamicwebpages.Suchinteractivityisofparticularimportanceinecommercesystems
forpurposessuchasordersubmissionordatainput.CGIprogrammingprovidedoneofthefirsttechniquesthat
were utilized for this interactivity (Figure below). In a typical CGIbased web application, to provide this
interactivity, a client invokes a CGI script to perform a specific action on the server side. For example, a "visit
counter11canbeincludedfordisplayingthenumberofvisitstoaparticularwebpage,whichcanbedonewith
thefollowingimagetag:
This causes the web browser to start a CGI script on the server side on encountering the <IMG> tag. This CGI
scriptupdatesthecountervalueandreturnsthecurrentcountervaluetotheclientintheformofaGIFimage.
Another common approach to invoke a CGI program is by using an HTML form. We can invoke a serverside
programbyusingtheACTIONattributeinanHTMLform.Topassdatafromthewebclienttothewebserverfor
Page46
data processing using HTML forms, one can include the CGI program called order.pl in the <FORM> tag as
follows:
NotethattheACTIONattributespecifiestheserversideapplicationorscripttobeinvoked.Inthiscase,itisaPerl
script called "order .pl!* stored under the "cgibin" directory of the web server. The METHOD attribute of the
<FORM> tag (i.e. POST) tells the browser how to send the information to the server. In this case, the data is
embedded in the HTTP request message. If one uses the METHOD attribute GET instead, the data will be
appendedtotheendoftheURL.
CGILanguages
CGI languages can be interpreted scripted languages (e.g., Perl, Apple Script, Unix Shell Scripting, and TCL) or
compiledlanguages(e.g.,C,C++,andVisualBasic).Perl(PracticalExtractionandReportLanguage)hasevolvedto
becomeawebprogramminglanguageandisone ofthemost widelyused CGIinterpretedscriptinglanguages.
Runningascriptrequiresaninterpretertointerpretthescriptbeforeperformingtherequiredtasks.Thismakes
for slow execution. However, scripts are easier to learn. Compiled languages produce a compact binary
executable code from the source CGI code, and execution of this binary executable code leads to faster
execution.
Page47
ActiveServerPages(ASP)
To develop interactive web applications, Microsoft introduced a serverside programming tool called Active
ServerPage(ASP),ASPisa"scripting"techniquethatrunsonwebserversratherthanwebclients.Thiscontrasts
withVBScriptandJavaScript,whichrunonwebclients.ItbasicallygeneratesdynamicHTMLdocumentsforthe
webclient.ExecutionoftheASPcodebytheserverreturnsthecorrespondingHTMLdocumenttotheclient.
TheserversidecodewritteninASPcanbeembeddedintheHTMLdocument,whichallowsonetoinsertitinto
webpageseventhoughitisexecutedontheserver.AsASPisaMicrosoftproduct,itcaneasilybeintegratedwith
otherMicrosoftwebdevelopmenttoolsandActiveXcontrols.Figurebelowshowstheschematicdiagramofthe
ASPmodel.However,ASPhastwodisadvantages.Firstly,itisnotaformalprogramminglanguage,sodebugging
canbemoredifficult.
Secondly, it is not objectoriented. In the next section, we will introduce an effective serverside programming
techniquecalledJavaServlet.AsitisanobjectorientedprogrammingtechniquebasedonJava,ithasanumber
ofadvantagesovertheotherserversideprogrammingtechniques.
Page48
OverviewOfJavaServlet
Java was originally introduced by Sun Microsystems Inc. with the aim of enhancing interactivity in the web,
particularly on the client side. To accomplish this, Sun developed a small clientside application called Applet
(Appmeansapplicationsandletmeanssmall).Althoughappletscanenhanceclientsideinteractivity,thisis
doneattheexpenseoflongdownloadingtime;hence,theyarenotattractiveformostecommerceapplications.
Furthermore, in many ecommerce applications, a clients request is often required to be processed in
conjunctionwiththebackenddatabases.Forexample,acustomermaywanttolookupaparticularproductfrom
the backend database. Obviously, it is not effective to download the whole database to the client side for
processing.Hence,thereisastrongneedforserversideJavatocaterfortheserequirements.
Aservletisasmallpieceofserversideapplication,whichcanbeviewedastheserversideanalogofanapplet.In
atypicalservletapplication,aservletenabledwebserverreceivesanHTTPrequestfromtheclient (seeFigure
above).Itthenforwardstherequesttotheservletengineforperformingthenecessaryoperationsasspecifiedby
theprogram.Finally,itreturnsaresponse(e.g.HTMLdocument)totheclientviathewebserver.
LetuslookatasimplebookorderingsystemforourVBSbasedonJavaServlet.Theservletisinvokedbyusingan
HTMLform.Themainstepsaredescribedasfollows:
1. Usinghisbrowser,thecustomeraccessesourVBSwebserverthroughHTTP.
2. Thebookorderingformisforwardedtothecustomersbrowser.
3. Thecustomerfillsinthebookorderingform(electronically)andsendstheformtotheserverbypressing
theSubmitbutton.
4. ThisHTTPrequestisforwardedtotheservletenginebytheVBSwebserver.
5. The servlet processes the request by performing the necessary operations, e.g. updating the order
transactiondatabaseandinvokingthepaymentgatewayfortheinternetpayment,etc.
6. Afterprocessing,thecorrespondingresponseisreturnedtotheclientviathewebserver.
Compared to other serverside programming techniques, particularly traditional CGI programming, Java Servlet
hasthefollowingadvantages:
As it is a formal programming language, debugging is easier. Furthermore, its objectoriented features

cangreatlyfacilitateprogramdesign.
Eachservletcanhandlemultiplerequests.Inotherwords,onceaservletisinvoked,itwillremaininthe
systemandcanbeusedbydifferentrequestsrequiringthesameservlet.
Traditional CGI programming techniques such as Perl are usually platformdependent. Java Servlets, on
theotherhand,arebasedonthephilosophywrittenonce,runeverywhere.
Page49
AspartoftheJavafamily,servletscanusetheJavasecurityAPIsifnecessaryandcanbeeasilyintegrated
withotherJavabasedprogrammingtechniquessuchasCORRA,RMI,JDBC,andJCA(JavaCryptography
Architecture)tobuildacomprehensiveecommercesystem.
However, compared with other serverside scripting techniques such as Perl and ASP, the writing of servlets
generallyrequiresmoreprogrammingeffort,andhence,longerdevelopmenttime.
JavaServletArchitecture
AservletisaserversideJavaprogramrunninginsideaJavaVirtualMachine(JVM).Throughtheservletengine,it
caninteractwiththeserverandalsotheHTTP.LikeotherCGIapplications,aservletisinvokedbyaclientfrom
the client browser (e.g. via an HTML form). It may also be invoked by other servlets or Java programs. As
mentioned earlier, unlike traditional CGI applications, which need to set up multiple processes for handling
multiplerequests,aservletcanhandlemultiplerequestsunderdifferentthreads.Therefore,servletsprovidea
solutionthatismorescaleable.Furthermore,servletscaninteractcloselywiththeservertodothingsthatmay
beperformedeasilywiththetraditionalCGIprogrammingtechniques.
Torunservlets,therearebasicallytwoalternatives.Thefirstoneistouseaservletsenabledwebserver,i.e.,a
webserverthatcansupporttheservletAPIsdirectly.Thesecondsolutionistouseapluginservletengineina
nonservletenabledwebserver.
OverviewOfTheServletApi
Thelifecycleofaservletlookslikethis.Uponreceivingarequesttoinvokeaservlet,theserverwillcreatethe
servlet,calltheinit()method,andthentheservice(methodoftheservlet.Theinit()methodisforperforming
initializationactions.Ifaservlethasbeeninvokedbefore,itcanbereused.Inthiscase,theservice()methodwill
becalleddirectlyforprocessingtherequest.Finally,ifaservletistoberemoved,thedestroy()methodiscalled
beforeremovingit.TherearetwomainpackagesintheServletAPI,namelyjavax.servletandjavax.servlet.http.
Page50
The javax.servlet and javax.servlet.http packages include two main classes, namely GenericServlet and
HttpServlet,wherebythelatterisextendedfromtheformer.Eachservletrequestisprocessedbytheservice()
method first and so you must implement this method if you extend the GenericServlet class.
GenericServlet.service()isanabstractmethodasdefinedbelow:
publicabstractvoidservice(Serv1etRequestreq,ServletResponseres)throwsServletException,IOException;
Asshownhere,therearetwoobjectparameters,namelyServletRequestandServletResponse.Theformerobject
isrelatedtotherequesttotheservletprogram(e.g.,itcontainstheclientsinformation).Ontheotherhand,the
ServletResponseobjectisusedtohandletheresponsereturnedtotheclientviatheserver.ForHTTPservlets,the
service (method passes the requests to the corresponding doREQ() method where REQ is the HTTP request
command.Inparticular,thedoGet()anddoPost()methodsareinvokedbytheHTTPGETandPOSTcommands,
respectively. For HTTP servlets, it is preferable to override the doREQ ( ) methods rather than the service ( )
method.ThisallowsactionstobetakenbasedonthetypeofHTTPrequestreceived.
BesidesthedoGet(anddoPost()methods,avarietyofmethodscorrespondingtodifferentHTTPcommandsare
available as shown in Table 4.3. Essentially, these methods allow a servlet to perform actions according to the
typeofHTTPrequestreceived.ThemostcommonlyusedmethodsaredoGet(),doPost(),anddoHead().
Note:Seetable4.4inChanforcommonlyusedHTTPServletMethods.
Page51
The javax. servlet and javax. servlet . http packages include two main classes, namely GenericServlet and
HttpServlet,wherebythelatterisextendedfromtheformer.Eachservletrequestisprocessedbytheservice()
method first and so you must implement this method if you extend the GenericServlet class. GenericServlet .
service()isanabstractmethodasdefinedbelow:
publicabstractvoidservice(Serv1etRequestreq,ServletResponseres)throwsServletException,IOException;
Asshownhere,therearetwoobjectparameters,namelyServletRequestandServletResponse.Theformerobject
isrelatedtotherequesttotheservletprogram(e.g.,itcontainstheclientsinformation).Ontheotherhand,the
ServletResponseobjectisusedtohandletheresponsereturnedtotheclientviatheserver.
ForHTTPservlets,theservice(methodpassestherequeststothecorrespondingdoREQ0methodwhereREQis
theHTTPrequestcommand.Inparticular,thedoGet()anddoPost()methodsareinvokedbytheHTTPGETand
POSTcommands,respectively.
For HTTP servlets, it is preferable to override the doREQ ( ) methods rather than the service ( ) method. This
allowsactionstobetakenbasedonthetypeofHTTPrequestreceived.
BesidesthedoGet(anddoPost()methods,avarietyofmethodscorrespondingtodifferentHTTPcommandsare
available as shown in Table 4.3. Essentially, these methods allow a servlet to perform actions according to the
typeofHTTPrequestreceived.ThemostcommonlyusedmethodsaredoGet(
DatabaseConnectivity
Inmostebusinesssolutions,connectivitytothebackenddatabaseenginesbecomesanecessaryandimportant
requirement.Asmostofthesedatabasesarerelational,theStructuredQueryLanguage(SQL)playsanimportant
roleinwebbaseddatabaseinteractionsintheseecommerceapplications.
Alltypesofecommerceapplications,rangingfromB2CapplicationssuchaseshoppingtoB2Bapplicationssuch
asvirtualmarketplace,requireonetoconnecttoandaccessinformationfromthebackenddatabasesystem.For
instance,inaneshoppingscenariosuchaspurchasingbooksinourVBS,wemayneedtoaccessthebackend
databasesystemsinnumerouscases,whichinclude:
searchingforbooksaccordingtocertaincriteriasuchasthenameoftheauthor,publisher,booktitle,etc.
obtainingthepurchasehistoryofagivencustomeroveraprespecifiedperiod.
updatingandcheckingthebookinventoryanddeliveryinformationdatabasewhenanorderisreceived.
updatingofthesalestransactiondatabaseandtheaccountsreceivable(A/R)databaseduringinvoicing
andpayments.
AnApplicationProgramInterface(API)isausefulpieceofmiddleware,whichprovidesaninterfacethatallows
one to access the necessary functionality for that application. Java provides an API, the JDBC (Java Database
Connectivity),toallowonetodevelopwebapplicationsthatcanaccessandupdatebackenddatabasesystems.
These allow one to integrate servletbased programming techniques described earlier, with the backend
databasesystems.AnimportantfeatureofJDBCisthattheAPIisdatabaseindependent.
Thus,aJDBCenabledwebapplicationcanbeusedwithadifferentdatabasesystemwithouttheneedtomodify
theprogramstatementsandSQLcommands,andonlytheJDBCdriverneedstobereplaced.
Page52
WhatisJDBC?
JDBC(JavaDatabaseConnectivity)isanAPIspecificationthatprovidesasetofinterfacesandclassestoperform
databaserelated operations developed by JavaSoft. The JDBC specification can be obtained from JavaSoft at
http://java.sun.com/products/jdbc/index.html. Java Programs, Java Servlets, and Java Beans applications can,
through integration with JDBC, execute SQL statements to access, display, and modify the backend database
systems;thatis,theprimarypurposeofJDBCistoprovideconnectivitywithadatabaseinalayeredfashion.
ProvidedadatabaseisJDBCenabled(i.e.,ithasJDBCdriversprovided),replacementofonedatabasebyanother
doesnotrequirereprogrammingoftheapplication.Thus,JDBCallowsonetodevelopportabledatabaserelated
applications.Thisisusefulifthedevelopmentofaprototypeisfrequentlycarriedoutononeplatformandthen
migratedtoanotherplatformonacorporateserver.
LayeredinfrastructureofJDBC
TounderstandthemannerinwhichJDBCbasedprogramsinteractwithadatabasesystem,letustakealookat
the schematic diagram of the JDBC infrastructure as shown in Figure below. This reveals the layered approach
usedintheJDBCinfrastructure.
At the highest layer, Java applications access and execute SQL statements via the JDBC APIs, in the java. sql
package.Thejava.sq1packagecontainsonlyinterfacestotheactualSQLlevelimplementationssuppliedbythird
partydatabasevendorsanddoesnotprovidetheactualimplementations.
TheapplicationaccessesthedatabasesystemviatheJDBCDriverManager,whichisthenextlowerlayer.This
provides a connection to the specific JDBC drivers for the particular database system that implements the
java.sq1.Driverinterface.NotethattheJDBCAPIspecificationsetsouttherequirementsforthedrivers.Mostof
thepopularRDBMSsystems,suchasOracle,Sybase,andInformix,provideaJDBCdriver,whichcomeswiththe
databaseengine,orisanintegratedpartoftheirapplicationservers.
TheJDBCDrivers
Generally,onecandistinguishbetweenfourdifferenttypesofJDBCdrivers,andtheyare:
Type 1: JDBC-ODBC bridge

Type 2: Native API partly technology enabled driver
Type 3: Pure Java driver for database middleware
Type 4: Direct to database pure Java driver
TheJDBCODBCbridgeprovidesconnectivitybetweentheJDBCAPIandtheMicrosoftsODBCdrivers.Thisallows
onetoaccessODBCenableddatabasessuchasMSAccessandMSSQLserver.
It is included with the Java Development Kit. The JDBCODBC bridge has the following advantages, namely, it
providessimple,lowcostconnectivityparticularlyforsystemsthatprovideanODBCdriverbutnotaJDBCone.
Ontheotherhand,theapproachdependsonthereliabilityandperformanceoftheODBCdriverandinherits
some of the problems of the existing ODBC drivers, namely limited and unstable concurrent access
functionality.
Page53

Generally speaking, it is more useful for prototyping than building fullblown industrial strength applications.
Type 2 JDBC driver integrates a thin layer of Java code with the proprietary native codes (mainly C, C++, or
assemblycode)providedbythedatabasemanufacturers.ThistypeofdriverisfasterthantheJDBCODBCbridge.
However,itstillsuffersfromtheshortcomingsinheritedfromthenativecode.
Thus,defectsinthedrivernativecodecreateariskofcrashingthewholesystem.UnliketheType2JDBCdrivers
whichmakeuseofnativecodefordriverprogramming,theType3JDBCdriversuse100%Javacodefordatabase
connectionusingamiddlewaretechnologyapproach.
Thesefrequentlyuseproprietynetworkprotocolsspecifiedbythedriverdeveloper.TheType4JDBCdriversare
alsowrittenin100%pureJavacode.Usingtheirnativeprotocols,Type4JDBCdriverscommunicatedirectlywith
thedatabase.
This is unlike Type 3 JDBC drivers which are integrated with the Java middleware. Among the four types of
drivers,Type4JDBCdriversusuallyprovidethebestperformance,sincenomiddlewareisinvolved.However,due
totheproprietynatureofType4JDBCdrivers,theymaynotprovideaportablesolution(i.e.,whenthedatabase
ischanged,anewdrivermaybeneeded).
JDBCAPI
Basically,therearefourfundamentalclassesintheJDBCAPI,namely:
1.
2.
3.
4.
java.sql.DriverManager
java.sql.Connection
java.sql.Statement
java.sql.Resultset
Thefirsttwoclasses,java.sql.DriverManagerandjava.sql.Connection,aremainlyforloadingthedatabasedriver
andmakingthedatabaseconnection.Theclassjava.sql.Statementisforcreatingastatementforprocessingthe
databasequery,andtheclassjava.sql.Resultsetisforstoringthequeryresults.
Page54
Makinguseoftheseclasses,theJDBCoperationisalmostthesamewhetherweuseastandaloneJavaprogram,
anappletinabrowser,oraservletonaserver.TodemonstratetheJDBCoperation,wewillcreateasimplebook
searchengineforourVBS.InSection5.4,firstofall,wewillpresentasimplebookqueryexampletodemonstrate
the integration of servlet and JDBC using the JDBGODBC bridge and Microsoft Access. In most ecommerce
systems,searchresultsarepresentedinmultiplepages.
Page55
SessionTracking
Maintaininguserstate(commonlyreferredtoassessiontracking)isoneofthefundamentalrequirementsine
commerceapplications.Forexample,inB2Cecommercesystemssuchasavirtualshoppingmall,oneneedsto
keeptrackoftheusersshoppingcart.InB2Becommercesystems,itisimportanttohandleandmaintainlogin
transactions.
Issuesinvolvedinimplementingtheshoppingcartobjectintheinternetenvironment
Technicallyspeaking,itisnotdifficulttobuildashoppingcartobject.Themainproblemishowtomanageitina
webbased ecommerce system because the HTTP is stateless. Generally speaking, there are two issues to be
resolved.Thefirstoneishowtoassignandmapashoppingcarttoauser.NotethatinmostB2Cecommerce
systems,auserdoesnotneedtologintothesystembeforeshopping.Thesecondissueishowtokeeptrackof
theshoppingcartanditscontents.ThismeansthatbyusingonlythestatelessHTTP,awebserverdoesnotknow
whetherthecurrentrequestisfromapreviousclientorfromanewclient.Duringaneshoppingsituation,we
mayaccesstheVBS,getashoppingcart,andthenbrowseanotherwebsiteforawhilebeforereturningtothe
VBSagain.Thechallengeishowtogetbackthepreviousshoppingcart,inordertocontinueshoppinginstead
ofrestartingfromthebeginning.Thesolutionissessiontracking.
TraditionalSessionTrackingTechniques
To support session tracking for webbased applications, a number of techniques have been developed. The
followingarethemostcommonones:
Hiddenformfield
URLrewriting
HTTPuserauthentication
Cookies
HiddenFormField
As part of the HTML standard, Hidden Form Field (HFF) provides a simple solution to session tracking. In the
AdvancedBookSearchEngineexample,thewholeworkflowisasfollows:
First,theuserbrowsestheAdvancedBookSearchwebpage,whichprovidesanHTMLformfortheuser
tofillinthesearchcriteriaforthebookrequired,suchasbookname,publishername,ISBNnumber,year
ofpublication,etc.
Aftersubmittingtheform totheVBSwebserver,thecorrespondingservlet programSearchEngineis
launched.
IntheVBSwebserver,theservletengineprocessestherequest,parsesthesearchcriterion,andexecutes
theSQLstatement.
Oncethesearchresultisobtained,theprogramformatstheinformationusingHTMLandreturnsittothe
userbrowserfordisplay.
Ifthesearchresultconsistsofmultiplepages,somepagepointersarepresentedtoguidetheusertothe
desiredpage.
The program uses HFF to return the search criteria together with the previous ISBN of the book being
displayed.Hence,thebookscanbedisplayedaccordingly.
In fact, this already demonstrates a simple session. Let us study how HFF can be used to implement a simple
shoppingcart.ThegeneralformatofHFFisasfollows:
Page56

To implement a shopping cart using HFF we can define a hidden field element called username in an HTML
form.Thiscanbeusedtokeeptrackoftheusersessionandhencetheshoppingcart.
ForExample:ReferChan
URLRewriting
RecallthataURLconsistsofthefollowingcomponents:
thedomainname(e.g.www.vit.edu.in)
theURI(e.g./Servlet/welcome/hello),whichspecifiesthedirectoryandthefile(anHTMLdocumentora
program)
Thebasicconceptof"URLrewriting"istomodify,andmorepreciselyrewritetheURLtoaspecificURLforeach
user.Inotherwords,eachuserisgivenaspecificURLfor"talking"tothewebserver.Intermsofimplementation,
thefollowingaretwocommonlyusedmethodstoidentifyasession:
1. ToaddanextradirectorytotheoriginalURL
2. ToaddadditionalparametersattheendoftheURL
Usingthefirstmethod,auserwithsessionnumber007willaccesstheURLas:
http://www.comp.polyu.edu.hk/Servlet/welcome/OO7/hello
In other words, each user is assigned a different directory so that the web server can identify the client
accordingly.Alternatively,usingthesecondmethod,theuserstateisappendedtotheURLasfollows:
http://www.comp.polyu.edu.hk/Servlet/welcome/hello?session_no=007
Inthiscase,theprogramknowsthattherequestisfromthesessionnumber007.
HTTPUserAuthentication
This method supports session tracking by means of the HTTP authentication scheme. Therefore, it can also be
usedtocontroluseraccess.Authenticationisdonebyaskingtheusertoprovidehisusernameandpassword.Let
uslookatthefollowingexampletoseehowitcanbeimplemented.ThewebserverisconfiguredtousetheHTTP
authenticationscheme.'Whenauseraccessesthewebserverforthefirsttime,heneedstofillintheusername
and password for authentication. The information is then passed to the web server for authentication.
Subsequently, the web server can retrieve the user information (and hence the session information) from the
HTTP headers. For example, with the servlet API, the username can be obtained from the "getRemoteUser ( )
methodasfollows:
Stringusername=req.getRemoteUser();
Oncethewebserveridentifiestheuser,appropriateactionscanbetakenforthatuser.
Cookies
Insummary,cookiesare"small"piecesofinformationstoredintheclientbrowser.Forinstance,inaneshopping
scenario,onecanusecookiesforsessiontrackingasfollows:
Page57
WhenauseraccessesaB2Cwebsiteforthefirsttime,thewebserverasksfortheuserinformation(e.g.
username).Thenthewebservercanasktheclientbrowsertostoreacookiebyincludingthiscookiein
theHTTPresponseheader.Forexample,
SetCookie:Username=neehar
ThecookiewithUsername=neeharisthenstoredintheclientbrowserforlateruse.
Eachtimetheuserreturnstothewebsite,theclientbrowserwillsendthiscookieintheHTTPrequest
message.Hence,thecookiecanbeusedforsessiontrackingpurposes.
Comparisonoftheabovesessiontrackingmethods
Ingeneral,thecookiesandHFFtechniquesaremorecommonlyusedinpractice.Thisisbecausetheyaresimple
toimplement,canbesupportedbymostofthebrowsers,andcanprovideanonymoussessiontracking(i.e.,does
not require users preregistration). However, each cookie can store only a limited amount of information, and
there are security concerns in using cookies because it involves saving something on the client side. In fact, a
browsermaybedisabledtoacceptcookies.FortheHFFtechnique,itsimplementationcanbequiteclumsyifwe
wanttokeeptrackofalotofinformation.Furthermore,itcanbeusedonlyfordynamicwebpages,otherwise
theHFFscannotbegeneratedcontinuouslythroughoutthewholesession.Infact,mostpeoplethinkthattobuild
aflexiblesystem,thesessiontrackingmechanismshouldbeseparatedfromthecontentcreation.Obviously,this
isnotthecaseforHFFs.WhileURLrewritingisalsoeasytoimplement,theAddinganExtraPathmethodmay
not work well for complex applications and the Adding an Extra Parameter method can be used only with
hyperlinksbutnotwithformposting.AsHTMLformsarecommonlyused,itsapplicabilityisquitelimited.The
Userauthenticationmethodismoresuitableforanintranetenvironmentbecauseitdependsonpreregistration.
FormanyB2Cecommercesystems,itisdifficulttoimplementthismethod.Furthermore,thistechniquecannot
supportmultiplesessionsatawebsite.
TheServletSessionTrackingAPI
JavaServletAPIprovidesasetofclasses,namelytheSessionTrackingAPI,forsessionmanagementpurposes.The
advantagesofusingthisAPIareasfollows:
Itcanbeusedinanyservletprogramwithlittleadditionalprogrammingeffort.
ItcanbeusedinconjunctionwithotherJavacomponentssuchasCORBA,RMI,etc.
It can be easily integrated with the Java Security API and Java Cryptography API to develop secure
servlets.
Ingeneral,theServletSessionTrackingAPIsupportsthefollowingsessiontrackingfunctions:
settingupofasessionobject
managementofdifferentsessions
handlingthelifecycleofasessionobject
Infact,onceasessionisestablished,itsmanagementishandledautomaticallybytheservletengine.
HowtheservletsessiontrackingAPIworks
TheSessionTrackingAPIforHTTDiscalledjavax.Servlet.http.HttpSession,*whichincludesclassesandmethods
tomanagesessionsunderthewebenvironment.Imaginethattheservletenginewithinthewebservercontainsa
filing cabinet with each drawer containing the session object(s) for each session connecting to the web server.
Themainfunctionofthesedrawersisforeachclienttostorethesessionobject(s),Forinstance,supposethata
servletprogramisusedtoimplementaneshoppingmallapplication.Everytimeaclientsendsarequesttothe
server,ashoppingcartobjectisgeneratedwithauniquesessionidentity(ID).Iftheclientputsanitemintothe
shoppingcart,thestatusoftheshoppingcartobjectwillbeupdatedinthecorrespondingdrawerwithinthe
Page58
servletengine.Iftheuserleavestheshoppingmallforawhileandthenreturnslater,theservletprogramcan
retrieve the session object (e.g. a shopping cart) for that user based on the session ID. This allows the user to
continueshoppingwiththepreviousshoppingcart.TopassthesessionIDbetweentheserverandtheclient,the
cookiemethodisusuallyused.Note,however,thatthecookieisusedtopassthesessionIDonly.Alternatively,
theURLrewritingmethodcanbeused.
Aschematicdiagramoftheservletsessiontrackingmechanismisshownbelow:
Inthediagram,thereisashoppingcartobject(cart)forbothclientsAandB.Wewilllaterdiscussabouthowto
implementthisobject.Essentially,thisobjectisaJavaclass.TheCartobjectisidentifiedbythenamecart.By
usingthesessionID,whichispassedbetweentheserverandtheclientbymeansofcookies,thecorresponding
shopping cart for a client can be identified. As shown later, we can implement many useful methods for this
shoppingcartobject.
Somecommonmethodsforservletsessiontracking
Themostimportantmethodforservletsessiontrackingisgetsession()withthefollowingformat:
HttpSession.getSession(Booleannew);
ItspurposeistoprovidethecurrentsessionobjectfortheclientbasedonthegivensessionID.Iftheclientisa
newvisitor,anewsessionwillbecreatedifparameternewistrue.AlthoughSessionTrackingAPIusescookies
to keep track of the sessions, its operation is transparent to the user because session management is done
automatically.
Besidesthegetsessionmethod,othercommonlyusedmethodsinthesessiontrackingAPIinclude:
getId()
getvalue(Stringname)
getValuesNames()
putValue(Stringname,Objectvalue)
Page59
removevalue(Stringname)
invalidate()
Asmentioned,eachsessionisassignedanID.ThecorrespondingIDforasessioncanbeobtainedbythegetId()
methodgetsthevalueofthecorrespondingsessionobject.AsshowninFigure6.13,eachsessionobjecthasa
nameandavalue.Theputvalue()methodisusedtoupdatethevalueofasessionobjectorputanewsession
object into the servlet engine. The getValueNames() method is for retrieving the names of all the session
objectsofthecurrentsession.Toremoveasessionobject,theremovevalue()methodcanbeused.Finally,a
sessioncanbeclosedbyusingtheinvalidate()method.
ForExample:SeeChan
Page60
AdvancetechnologiesofEcommerce
We discussed about the underlying technologies for building a webbased ecommerce system. Currently, a
numberofadvancedtechnologiesarealsoemergingtocomplementtheexistingtechnologiesinprovidingmore
sophisticatedecommerceservices.Currentecommercesystemsarebasedonclientserverarchitecture.While
thisarchitectureissimpletouse,itmaynotbeeffectiveincertainsituations.Mobileagentsaremobilesoftware
programsthatcanmoveacrosstheinternetforperformingspecifictasksautonomously.
Due to their flexibility and mobile function, they can complement the existing clientserverbased system to
providemoreadvancedecommerceservices(e.g.productsearching).Currently,mostecommerceapplications
canbeaccessedonlyviaafixedterminal.ItisexpectedthatthecurrentWEB(WebbasedElectronic Business)
willevolvetobecomethe MEB* (MobileElectronicBusiness)(i.e.,byturningtheWupsidedowntobecomethe
M).
At the moment, the enabling technology for realizing the MEB is the Wireless Application Protocol (WAP). It
allowsuserstoaccessinternetservicesingeneral,andmobilecommerceservicesinparticular,throughportable
terminals.Inthecurrentecommercesystem,nearlyallwebpagesarecreatedusingHTML.Amoregeneraland
powerful markup language called extensible Markup Language (XML) has been developed in recent years. In
general,HTMLusestagsforformattingdata(i.e.,ittellsthewebbrowserhowthedatashouldbeformattedor
displayed).
Incontrast,XMLallowsuserstodefinedifferenttagsinordertoconveythemeaningofthedata.Hence,XMLhas
significant advantages over HTML, in particular to facilitate B2B transactions such as to support internetbased
EDI. Earlier, we mentioned that one of the key driving forces of ecommerce is the Information Age. In the
digital economy, information is a valuable asset. To explore the full potential of ecommerce, data mining
techniquescanbeusedtoturndataintoinformationandinformationintoknowledge.
MobileAgents
The current ecommerce system is primarily based on a client and server architecture. Basically, commercial
transactionsarehandledbymanyrequestresponseinteractionsovertheinternet.Astheinternetisabesteffort
network,sometimesausermayexperiencealongwaitingtime.
For some applications such as comparing product prices in the market, the mobile agent approach provides a
bettersolution.Thisinvolvessendingamobilesoftwareprogramcalledamobileagenttoaremotesystem.
Theagentcantheninteractwithotheragentsontheremotesystem.Thisreleasestheresourcesoftheoriginal
system for doing other tasks. The results of the interactions are finally returned to the user. Let us use the
followingexampletoillustratethebenefitsofmobileagents.
Supposeyouwanttobuyabook.Inordertosearchforthesellerwhocanofferyouthebestprice,youneedto
visit a number of bookstores and compare the prices yourself. By using a mobileagentbased system, you can
delegatetheworktooneormoremobileagent(s).
In summary, the mobileagentbased system can reduce unnecessary network traffic, provide better reliability,
supportmoreadvancedservices,andutilizetheresourcesmoreeffectively.Searchprocessisparticularlycritical
foranelectronicbroker,wheretheserversidewillbereceivingmanyrequestsperminute,eachofwhichwould
requireasearchofseveralsites.
Byusingamobileagentforeachrequest,thebrokercancontinuetouseitsresourcestoserviceotherrequests.A
mobileagentcanalsointeractwithothermobileagentsontheinternetbeforereturningtotheoriginatinghost.
Page61
Inaddition,itcancomplementtheexistingclientserverbasedsystem.Currently,therearesomemobileagent
basedecommercesystemsbeingdevelopedsuchas:
Tubicun- AnelectronicmarketplaceforairticketsandpackagetoursusingAglets.
Nomad- AnelectronicauctionsystemusingConcordia.
Magnet- AnetworkedelectronictradingsystemusingAglets.
Overviewofmobileagents
Agents are commonly defined as software programs that can help users to perform tasks autonomously. In
particular,theyareusefulforhandlingroutinetasks,searchingforinformation,andfacilitatingdecisionmaking.
Mobileagentsareagentsthatcanmoveacrossdifferentsystemstoperformspecifictasks.Duetotheirmobile
function, it is expected that mobile agents will play an increasingly important role in the future ecommerce
system. In particular, they can be used to complement existing clientserver based ecommerce systems. To
implementmobileagents,anumberofdevelopmentkitsarecurrentlyavailableasdescribedbelow.Allofthem
arebasedonJava.
IBMs Aglet (http://www.trl.ibm.co.jp/aglets): Aglet is created from the words Agent

andApplet.ItcanbeviewedasamobileApplet.ItsdevelopmenttoolAgletSoftwareDevelopmentKit
(ASDK)providestheenvironmentforcreatingAglets.
Objectspaces
Voyager
(http:l/www.objectspace.com/voyager/whitepaper/
VoyagerTechOverview.pdf): It makes use of Java Remote Method Invocation (RMI) and Java
ObjectRequestBrokerfordevelopingmobileagentstosupportdistributedcomputing.
GeneralMagicsOdyssey:
(http:l/www.genmagic.com/technologyodyssey.html): This is another mobile agent
developmenttoolbasedonJavaRMI.
MitsubishisConcordia(MobileAgentConf-for-web.htm):Itiscomponentbasedandmakesuse
ofJavaRMIforbuildingvariousdistributedapplications.
Currently, IBMs Aglet is widely used for developing mobileagentbased ecommerce applications because it is
lightweight and simple to use. In this chapter, we will use Aglet as an example to explain how a mobile agent
basicallyworks.Conceptually,othermobileagentbasedsystemsworkinasimilarmanner.Asmentionedearlier,
Aglet canbeviewedasamobileapplet.IntheASDK,therearethreemainJavainterfaceclasses,namelyAglet,
AgletProxy, and AgletContext. The Aglet classisfordevelopingAgletsandcontrollingtheiractivitiesby
meansofaneventdrivenmodelasexplainedlater.Forsecurityreasons,otherobjectscaninteractwithanAglet
onlyviaitsproxy.TheAgletProxy interfaceisavailableforthispurpose.TheAgletContext interfaceprovides
the required operational platform for Aglets. Furthermore, the ASDK includes an Aglet server called Tahiti for
system management. This server provides a graphical user interface for monitoring the activities of the Aglets.
AgletsaretransferredbymeansofaprotocolcalledtheAgentTransferProtocol(ATP).Somepeopleliketocallit
ATTPbecauseitlookslikeHTTP.
TypicallifecycleofanAglet
ThetypicallifecycleofanAgletisdescribedasfollows.Firstofall,theAgletiscreated.Thenitistransferredtoa
remotehostacrossthenetwork.Afterperformingtherequiredtasks,itwillbereturnedtotheoriginatinghostto
present the results. For some applications, the Aglet may visit other hosts before returning to the originating
host. Furthermore, the Aglet may be deactivated for a while and then reactivated. Finally, the Aglet will be
disposedoftoreleasethesystemresources.LetusexplainthislifecycleinthecontextoftheASDKbasedonthe
workofLangeandOshima.
Page62
Creationandcloning
AnAgletcanbecreatedbyusingthegetAgletContext
GetAgletContext
( ). CreateAglet
( ). CreateAglet
methodasfollows:
(codebaseURL, agletcode, object);
The first argument specifies the code base URL or where to find the required class file(s). We can use the
getCodeBase methodtogetthecurrentcodebase.Alternatively,itcanbedefinedbysettingupaURLobjectas
follows
URL codebaseURL = new URL (http://www.vbs.com/aglets);
Inthiscase,thecodebaseisattheagletsdirectoryofthewebserverwww.vbs.com.Thesecondargument
specifies the name of the Aglet class file, and the third. After creating an Aglet, we can also make an identical
copybyusingtheclonemethod.
Eventdrivenmodel
Basically,theactivitiesofAgletsareeventdriven.Thatmeansthatwhenacertaineventoccursasdetectedby
somelisteners,thespecificactionsforthateventwillbeexecuted. Inparticular,the MobilityListener is
frequently used because it is for monitoring mobility events, so we discuss it in more detail. Other listeners
followasimilarapproach.The MobilityListener consistsofthreemainmethods: omrrival ( ): Itisinvoked
when the Aglet arrives at a Tahiti server. onDispatching ( ): It is invoked when the Aglet is dispatching.
onReverting ( ): ItisinvokedwhentheAgletisreverting.
Here is an example showing the syntax for monitoring the mobility events of an Aglet. By including these
statements, the system will print out the messages "Dispatching" and "Arrival" when the Aglet is being
dispatchedtoaserverandwhenitarrivesataserver,respectively.
public void oncreation (Object args) {
addMobilityListener (new MobilityAdapter( ) [
public void onArriva1 (MobilityEvent evt) [
System. out .println ( "Arrived" ) :
}
public void onDispatching(Mobi1ityEvent evt) {
System.out .println ("Dispatching" ) ;
}});
}
Dispatch
To dispatch an Aglet to a remote host, the dispatch method is used. For example, the following command
dispatchesanAglettotheremotehostmagics.vbs.combyusingtheATP.
dispatch(new URL("atp://magics.vbs.com") )
Disposal
Finally,whenanAglethascompleteditstasks,itshouldbedisposedtoreleasethesystemresources.Thisisdone
bycallingthedispose method,i.e.dispose().
WAP
Fuelled by the explosive growth of cellular phones and the growing demand for mobile internet services (e.g.
online information retrieval), there is a compelling need for accessing the internet through mobile devices,
particularlycellularphones.Asmentionedearlier,itisexpectedthatthecurrentWEBwillevolvetobecomeMEB.
Currently,thekeyenablingtechnologyforMEBistheWirelessApplicationProtocol(WAP).
Page63
Asthecurrentwebtechnologiesareprimarilydesignedfordesktopcomputersworkingunderawirednetwork
environment,theycannotbeapplieddirectlytomobiledevicessuchascellularphonesandpalmcomputers.In
fact, these devices are relatively less powerful in terms of CPU speed, screen size, memory, input device
capability,andbatterylife.
Moreover,thereareotheroperationalconstraintsinwirelessnetworkssuchaslimitedbandwidthandunstable
operatingconditions.Hence,newsolutionsarerequiredforprovidinginternetaccesstothesedevices[Unwired
Planet, 1999; Mann, 20001. Mid 1997 marked a major milestone of WAP when Ericsson, Motorola, and Nokia
foundtheWAPForumwithUnwiredPlanet.
Withtheaimofdevelopingstandardsforprovidinginternetaccesstohandheldmobiledevices,themaingoalsof
theWAP[WirelessApplicationProtocol]are:
toprovideinternetbasedservicestowirelessphonesandotherwirelessterminals.
toprovideaglobalwirelessprotocolspecificationfordevelopingwirelessapplications.
toprovideaframeworkforcreatingcontentsandapplicationsthatcanbeapplied.
Inordertoaccomplishthesegoals,theWAPForumhasdevelopedtheWAPspecificationformobiledevices.At
thetimeofwriting,thelatestversionoftheWAPspecificationis1.2.Itislargelybasedontheexistinginternet
technologiessuchasHTTP,HTML,andJavaScript.AnoverviewoftheWAPspecificationsisasfollows.
In terms of programming, the WAP model is largely based on the existing web programming techniques, to
facilitate integration with the existing web system. To format data on the user interface effectively, a simple
markup language called Wireless Markup Language (WML) is developed based on XML. To enhance the
functionalityofWML(e.g.,forgeneratingadynamicpage),ascriptinglanguagecalledWMLScriptisdeveloped.In
principle,itprovidesfunctionssimilartothoseofJavaScript.Finally,amicrobrowserspecificationisprovidedto
supportWMLandVVMLScript,andaWirelessTelephonyApplications(WTA)frameworkisdefinedforintegrating
themicrobrowserandtelephonefunctions.todifferentwirelessnetworks.
WAPModel
To enableaWAPdevicetotalktoawebserver,amiddlemancalledtheWAPgatewayisneeded.Technically,
itfunctionsasaproxyserversituatedbetweentheuseragentandthewebserver.Figurebelowillustratesthe
basicWAPmodelfororderingbooksfromourVBSviaaWAPdevice(e.g.WAPenabledmobilephone).
AsshownintheFigure,auserplacesanordertotheVBSthroughaWAPdevice(e.g.WAPphone).OntheWAP
device, the order information is entered. Upon submitting the order request, the WAP phone will convert the
userrequestintoaGETrequeststatement(similartotheHTTPrequest)asfollows:
GET www.vbs.com/servlet/bookorder HTTP/1.1
wherebookorderistheservletprogrambeingtriggeredforbookordering.Beforesendingtherequestmessage
totheWAPgateway,themessageisconvertedintoacompactbinaryformatsothatthedatasizecanbereduced
fortransmissionoverthebandwidthlimitedwirelesslink.Uponreceivingtherequest,theWAPgatewayconverts
thebinarymessagebackintothetextbasedformat.
Page64

Therequestmessageisthenforwardedtothewebserver(inthiscasetheVBSwebserver).Oncethewebserver
receivestherequest,itwillprocessit(inourcase,aservletprogrambookorderwillbe invoked),updatethe
backenddatabase(ifnecessary),andreturntheresponseaccordingly.
Uponreceivingtheresponsefromthewebserver(typicallyaWMLdocument),theWAPgatewayconvertsitinto
the compact binary format and forwards it to the WAP device over the wireless link. Finally, the WAP device
convertsthebinarymessagetothetextformatanddisplaysthecontentaccordingly.
WAPArchitecture
Having given an overview of the WAP model, let us examine the WAP architecture. Basically, it consists of six
layersasshowninFigureBelow.
ApplicationlayerWirelessApplicationEnvironment(WAE)
TheWAEprovidesanenvironmentfordeveloperstocreateinteroperableWAPapplications.Generallyspeaking,
itprovidesthefollowingdevelopmentcomponents:
WML, WMLScript, and WTA as explained earlier. In addition, special components such as images, calendar
information,etc.arealsoprovidedforfacilitatingthedevelopmentwork.
Sessionlayer- WirelessSessionProtocol(WSP)
Page65
It provides a connectionoriented session service and a connectionless session service to the WAE. The former
andthelatteroperateovertheWirelessTransactionProtocol (WTP)andtheWirelessDatagramProtocol(WDP),
respectively,whicharedescribedasfollows.
Transactionlayer- WirelessTransactionProtocol(WTP)
Itisalightweighttransactionprotocolmainlyforsupportingreliableonewayrequestmessagesandreliabletwo
wayrequestresponsemessages.
Securitylayer- WirelessTransportLayerSecurity(WTLS)
Based on the Transport Layer Security standard, the WTLS is a security protocol for addressing the security
requirements(confidentiality,integrity,andauthentication).Inprinciple,itfunctionsliketheSSLprotocol.
Transportlayer- WirelessDatagramProtocol(WDP)
It enables the upper layers to operate over different bearer services [e.g. GSM (Global System for Mobile
Communication), CDMA (Code Division Multiple Access), and CDPD (Cellular Digital Packet Data)] in a uniform
manner.
BenefitsofWAPtoecommerce
TheWAPtechnologyprovidesaneffectivesolutionforaccessingWEBintheshorttermandrealizingMEBinthe
long term. Through the use of WAP devices, such as WAP phones, people can keep in touch with the internet
world anywhere and at any time. It is expected that this will lead to the development of many innovative e
commerceservices.
XML
Inthissection,weexamineanotheroftheextendedtopics,namelyXML (ortheextensibleMarkupLanguage).
Both XML and HTML, are derivatives of SGML, another more general markup language. Work on XML started
initiallyin1996,andby1998XML1.0achievedthestatusofaworldwideweb(W3C)recommendationanddrafts
forXlink(XMLLinkingLanguage)andXpointer(XMLPointerLanguage)wereproposed.
Firstly,wecompareHTMLandXML.ThenwebrieflylookatthesyntaxofXMLdocuments,followedbydisplay
methods,programminginterfaces,andcategoriesofapplicationsofXML,andlastlyitsarchitecture.
<?XMLversion="1.0"?>
<!DOCTYPEVBSSYSTEM"book.dtd">
<book>
<title>XMLforbeginners</title>
<author>ElizabethChang</author>
<abstract>ThisisanintroductorybookonXML,forusebypeople
<subject><keyword="internetprogramming">
whohavenopreviousacquaintancewithit</abstract>
<keyword="internetdatabase">
<keyword="messaging">
</subject>
<price>25USDollars</price,
<availability>2days</availability>
</book>
Figure9.5
XMLV/SHTML
At the outset it is useful to compare XML and HTML in order to understand their different strengths. A brief
summaryofthedifferencesisgiveninTable9.1.AcarefulexaminationofthepointsraisedinTable9.1should
makeonerealizethatXMLisnotintendedtosimplybeamorepowerfulreplacementforHTML.Thisisbecause
Page66
HTMIL'sprimarypurposeistospecifythedisplayofdatawhileXML'sprimarypurposeistodescribethelogical
structureofdata.
Page67
XML
The full syntax of XML is described in several voluminous standards. Here, we will only briefly review a simple
XMLdocumenttogetasenseofwhatXMLdocumentslooklike.ConsidertheexampleofasimpleXMLdocument
giveninFigure9.5,whichdescribesabookintheVBS.
ThefirstlinegivestheXMLDeclarationandisalwaysincludedasitdefinestheversionofXMLthatthedocument
conformsto.ThesecondlineindicatestheDocumentTypeDefinition(DTD)thedocumentconformstoandalso
thefileinwhichtheDTDdefinitioncanbefound,e.g."book.dtd."Acopyofthecontentsofthisfileisshownin
Figure9.6.
TheDTDdescribesthestructure,syntax,andvocabularyofXMLdocumentsthatconformtoit.NotethatthisDTD
suffices or all authored book elements in the VBS. Each document has a root element. In this document, the
rootelementis<book>.Theremaininglinesdefinethechildelementsoftherootbook(title,author,abstract,
subject,price,availability).Thelastlinedefinestheendoftherootelement</book>.Herearesomenotesonthe
XMLdocuments:
<?XMLversion"1.0">
<!Elementbook(title,author,abstract,subject,price,
availability)>
<!title(#PCDATA)>
<!author(#PCDATA)=
<!abstract(#PCDATA)>
<!ATTLZSTsubjectIDCDATA#Required>
<!price<#PCDATA)>
<!availability<#PCDATA)>
Figure9.6 Filebook.dtdcontainingDTD
Elementsbeginwitha<starttag>andendwithan<endtags,andthedataisplacedbetweenthem.Forexample,
<title>XMLforbeginners</title>
Anelementwithattributesdoesnotneedanendtag,butcouldbeoftheform
<elementnameattributename=a>.
Thetagnamesarecasesensitive.
Thetagsmustbeproperlynested.
XMLelementnamesstartwithaletterorunderscoreandtherestofthenamecancontainletters,digits,
dots,underscores,orhyphens,butnospacesareallowed.
Elementscanhavesubelements,butthesemustbeproperlynested.
Attributesconsistofanameandavalueseparatedby=andthevalueiswithinquotationmarks.There
canbemorethanoneattributeinanelement.
Forexample,
<keyword=internetprogramming>
Onecanalsoaddcomments,whichareenclosedwithincommenttags
<!comments>
An XML document is said to be Well Formed if it meets the wellformed constraints specified in the XML 1.0
Recommendation,someofwhicharementionedinthepreviouslist(i.e.,startswithXMLDeclaration,musthave
arootelement,eachelementhasanendtagorautotagtag,andelementsmustbeproperlynested).
Page68
AnXMLdocumentisValidifitmeetsthevalidityconstraints(VCs)specifiedintheXML1.0Recommendation.This
document mustincludea<!DOCTYPE>definition (2ndlineoftheexampleXMLdocument),whichspecifiesthe
DTDagainstwhichthedocumentcanbevalidated(i.e.,avaliddocumentmustconformtotheDTD).
WenotethattheXMLdocumentascreatedheredoesnotdothefollowing:
1. Formattingandstylingfordisplaythisisdoneusingstylesheets,whichare
2. TransformationofinformationthiscanbedoneusingXSLT.
3. ProcessingofXMLdocumentsthiscanbedoneusingAPIs,suchasDOM,SAX,andEventHandlerin
conjunctionwithlanguagessuchasJAVA,C++,Perl,etc.
4. LinkingthiscanbeachievedusingXlinkandXpointer.
ThemainroleoftheXMLdocumentistologicallystructureinformationwithindocuments.
DisplayingXMLdocuments Stylesheets
AsXMLdocumentsdonotpresentanyinformationrelatedtoformattingandstylingfordisplayofinformationto
humans,stylesheetsareprovidedfordoingthis.Amongthedifferentapproachestostyling,onecoulduse:
1. ExtensibleStyleLanguage(XSL)
2. DocumentStyleandSemanticsLanguage(DSSSL)
3. CascadingStyleSheets(CSS),bothLevel1andLevel2
CSS were originally designed for displaying HTML; however, XML browsers can also use this. These were
discussedindetailearlier,andhencewedonotdiscussthemfurtherhere.WeshouldnotethatcurrentlyCSSis
morewidelysupported,butthismaychangeinfuture.
WewillnowconcentrateourdiscussiononXSL.UnlikeCSS,whichutilizestheformattingandstyleinstructionsto
directlydisplaytheXMLdocument,XSLnormallyfirsttransformstheXML documentinto asuitableformatfor
display,suchasHTMLorRTF(RichTextFormat).
ItthensendsthistoanXSLprocessor(suchasabrowserorapplication),whichthengeneratestherequiredHTML
outputorRTFoutput.Thus,theXSLstylesheethastwoparts:(1)transformingand(2)formattingandstyling.
AnexampleofanXSLstylesheetfordisplayingbooktitlesandtheirpricesisshowninFigure9.7.
ProcessingXMLdocumentsandprogramminginterfaces
In order to process an XML document, it may be necessary to access its internal structure. Three widely used
applicationprograminterfaces(APIs)havebeendefinedforthispurpose,namely:
1. DocumentObjectModel(DOM)
2. SimpleAPIforXML(SAX)
3. ElementHandler
<?XMLversion="1.0"?>
<XSLStyleSheetxmins:xsl=http://www.w3.org/TR/WDxsl>
<XSLtemplatematch="/">
<XSLapplytemplates/>
</XSL:templates
<XSL:templatematch="bookpricelist">
<html>
<head>
<title>Pricelistforbooks</title>
</head>
Page69
</html>
</XSL:template>
<XSLtemplatematch="book">
<fontface="TimesNewRoman",size=52
<P>
<em>booktitle:</em>
<XSL:valueofselect="title"/>
</P>
<P>
<em>price:</em>
<XSL:valueofselect="price"/>
</P>
</font>
</XSL:template>
</XSL:StyleSheet>
Figure9.7ExampleofanXSLstylesheet
We will briefly discuss the first two and include some of the features of the third. DOM was released by W3C
recommendationinlate1998.TheDOMessentiallystoresthestructureoftheXMLdocumentasatreestructure
whosenodescanbeElements,Attributes,Data,Documentfragments,etc.Thus,theDOMtreecorrespondingto
theexampleXMLdocumentofFigure9.5isshowninFigure9.8.DOMhasanumberofinterfaces,whichcanbe
interpreted as classes. These classes can be implemented in Java. Amongst these classes are Node, Document,
Element,Attribute,Processinginstruction,CDATASection,Documentfragment,Entity,etc.
WhenusingtheDOMAPI,essentiallyonefirstparsestheXMLdocumenttodevelopaninmemoryDOMtreeand
thenaccessestheinternalstructureofthedocumentusingtheDOMtree.Incontrast,SAXprovidesserialaccess
toanXMLdocumentbyscanningthedocumentandgeneratingevents.
Theseeventscanbeusedbyapplicationstoobtaintherequiredelementsorattributes.Theapplicationsutilise
eventhandlers,whichareessentiallycallbackfunctions.Thesemustberegisteredwithparserobjects.Whenthe
XMLprocessorencountersastartelementtag,itcallstheeventhandler.
The third API Element Handler utilises both event handlers that are notified when a particular element is
encountered,muchlikeSAX,andalsoaDOMtree.
ApplicationsofXML
ItisanticipatedthatXMLwillprovideabasisforavarietyofapplicationsthatwould
bebuiltontopofXML,andtheseincludethefollowing:
Page70
ChannelDefinitionFormat(CDF)
Databaseapplications
Documentmarkup(withHTML)
MathematicalMarkupLanguage(MATHML)
Messagingbetweendifferentbusinessplatforms
Metacontentdefinition
PlatformforInternetContextSelection(PICS)
PlatformforPrivacyReferencesSyntaxSpecification(P3P)
ResourceDescriptionFramework(RDF)
ScaleableVectorGraphics(SVG)
SynchronizedMultimediaIntegrationLanguage(SMIL)
Ofthese,messagingisbyfarthemostimportantfromanecommercepointofview.
ToconductB2Becommerceeffectively,itisessentialthatthecomputingplatformsandsystemsinonebusiness
beabletoexchangeinformationelectronicallywithanothers(seeFigure9.9).
Previously, this used to be achieved using traditional EDI. This has a number of disadvantages including cost,
limitedpresenceofthetechnologyonlywithsomelargeorganizations,etc.ThisiswhereXMLcomesin,provided
that
1. ThetwocorporationsthatwishtouseXMLfordatainterchangeutilizethesame
2. IftheyusedifferentDTDs,onecanuseLMXtechnology.
However, using the same DTD is much more preferable, and it requires standardization work on XML. Some
corporations such as ARIBA have already produced a version of XML suitable for ecommerce, e.g. cXML.
However, if several corporations do this independently, we are likely to see a plethora of DTDs for the area
leadingtoanElectronicTowerofBabelsituation.
Recognition of this has led to standardization efforts proceeding to a definition of ebXML. This leads to the
followinglayeredstructureforebXML(seeFigure9.10).
XMLdocumentsarewrittenaccordingtoanindustryspecificstandardizedscheme.
Page71
Architecture
XMLemploysalayeredarchitectureconsistingofthefollowing:
Layers1and3havebeendiscussedinprevioussections,soherewebrieflydescribethesupportinglayer,whichis
illustratedinFigure9.11.
Note that most of the items in Figure 9.11 have been discussed in previous sections. We wilf briefly consider
threeitemshere,namelyHyperlinks,Schemas,andNamespaces.
Earlier, we described the use of DTDs to specify the structure, vocabulary, and set of rules for defining legal
elements,whichtheXMLdocumentshavetosatisfyinordertobevalid.
ThisfacilitatesthesharingofXMLdocumentsthatconformtothesameDTDeveniftheyhavebeenproducedby
differentpeopleondifferentsystems.
However,DTDshaveanumberofdisadvantagesincludingthefactthatDTDsthemselvesarenotwrittenusing
XMLsyntax;theatomicdatatypes(WCDATA)areonlystrings.
Inordertoovercomesomeofthesedisadvantages,thenotionofanXMLSchemaLanguagehasbeendeveloped.
This uses XML syntax to describe the structure of and relationships for XML documents use of all the same
techniquesasfortheXMLdocumentsforthisXMLschema.
TheXMLSchemaLanguageallowsdatatypesaswellasuserdefineddatatypes.
One can think of these XML schemas as essentially describing constraints on Well Formed XML documents. In
futurethiscouldtakeovertheroleofDTDs.TheRDFisadatamodelforassociativemetadata.Ittellsusabout
resourcesthatcanbeaccessedbytheUniversalResourceIdentifier(URI).
Page72
It forms the underlying basis for defining platforms, taxonomies, site maps, etc. (see Figure above). To
understand the notion of namespaces, we note that XML allows one to specify ones own tags, but these tags
couldhavedifferentsemanticsindifferentapplications.Considerthetagname.
Thiscouldbeusedtospecifyaproductnameinoneecommerceapplicationandacustomernameinanother.
In order to address this issue, one needs to pick global naming conversions and use a URI address to specify
wherethisuniversallyagreedtocollectionofnamescanbefound.
ThisURIisthenusedinall XML documentsthatusethisnamespace.Asnotedatthebeginningofthissection,
XMLallowsmorecomplexlinkingthanjustunidirectionallinks,whichareusedtolinkoneresourcetoanother.
XML(Xlink)providesthishyperlinkingfacility.
XLinkhastwokindsoflinks:
Simplelinks,whicharesimilartoHTMLlinks(i.e.,simpleunidirectionalinlinelinks)
Extendedlinks
InordertouseXlink,oneusestheXlink:attributetospecifyalink,e.g.,
<Examplexlink:type=simplex1ink:href=book.xml>
Anextendedlinkcanconnectseveralresources,canbebidirectional,andcanhaveroles.XMLiscertaintoplaya
majorroleinecommerceinthefuture.
Page73
DataMining
Oneofthefeaturesofecommercesystemsisthatonestartstocollectlargeamountsofdataarisingfromthe
following:
1. previouscustomerorders;
2. webaccessesrecordedinaweblog;
3. iftheecommercesystemisabrokerthatusesagentstovisitotherwebsiteinformationonthestructure
andcontentsofthesewebsites.
Currentlyinmostsystems,onlyverylimiteduseismadeoftheselargevolumesofdata.Considertheinformation
stored in a database on previous purchases made by customers. The main kind of information obtained from
suchadatabaseisasetofrecordsthatsatisfiesaparticularcondition,e.g.,obtainallpurchasersofToyotaforthe
monthofJuly2000inHongKongIsland.ThisquerywouldbemadeinSQL.Itwouldreturnthesetofrecordsthat
fulfilledtheseconditions.Insteadofjustobtainingasetofrecords,onecouldlookfordifferenttypesofpatterns
orknowledgeinthedata.Anexampleofsuchapatternwouldbe
IfonepurchasedaToyotaCamryinthelastthreeyearsandearnsmorethanUS$80,000,thepersonisverylikely
topurchaseaBMW.
Sucharuledoesnotretrieveaparticularsetofrecordsbutprovidesknowledgeorpatternsthatareembeddedin
thedata.Suchknowledgeorpatternsareveryusefulfortargetedmarketing.Theycanhelptoidentifythelikely
future purchase a customer will make given the customers previous purchases. The value of data mining to
determinepatternsorknowledgeindatahasnotbeenconfinedtoecommercesystems,buttheabilitytoutilize
this knowledge once it is uncovered is considerably greater in the ecommerce system as each customer
identifieshimselfwhenhenextvisitsthewebsite,allowingthesystemtotriggerappropriatepatternsandhence
presenthimwithalistoftargetedproductsthatheislikelytobeinterestedinimmediately.Oralternatively,ifhe
choosestopurchaseanitem,anassociativerulewillbetriggeredtodisplayotherlikelyitemshemightpurchase.
Associationrules
Associationrulesrepresentrelationshipsbetweenitemsinverylargedatabases.Specifically,theyaddressmarket
basket databases. An example would be given a market database, it was found that 80% of customers who
boughtthebookXMLforbeginnersandinternetprogrammingalsoboughtabookonJavaprogramming.IfX
andYaretwosetsofdisjointitems,thenanassociationrulecanbeexpressedasconditionalimplication
X=>Y
i.e. the occurrence of the set of items X in the market basket implies that the set of items Y will occur in this
marketbasket.Twoimportantaspectsofanassociationruleareconfidenceandsupportandthesearedefined
as:
The confidence of an association rule r: X=>Y is the conditional probability that a transaction contains Y given
thatitcontainsX,i.e.confidence(X=>Y)= P (X,Y)/p(X).
ThesupportofanassociationruleisthepercentageoftransactionsinthedatabasethatcontainbothXandY,i.e.
Support(X=>Y)= P(X,Y).Theproblemofminingassociationrulescanbestatedsimplyasfollows:
Given predefined values for minimum support and minimum confidence, find all association rules which hold
withmorethanminimumsupportandminimumconfidence.
Thisproblemisnormallybrokendownintotwosubproblems:
1. findallfrequentitemsetsinthedatabasewithsupportgreaterthanorequaltominimumsupport
Page74
1. 2.foreachfrequentset X, generateallassociationrulesY=>XY|YCXwith confidencegreaterthanor

equaltominimumconfidence.
DecisionTree
Decision trees can be represented as a directed graph consisting of nodes and directed arcs. The decision tree
consistsof
arootnodefromwhichthedecisiontreeisexpanded;
intermediatenodesthatcanbefurtherexpanded;and
leavesthatcannotbefurtherexpandedandcorrespondtoaspecificoutputclass.
Both the root node and intermediate nodes correspond to a test, which determines the directed arc to be
traversedatthispoint,asshowninFigurebelow.Anyintermediatenodecanbeconsideredarootforthesub
treestartingfromthatpointleadingtoarecursivedefinition.Choosingthetesttoapplyataparticularnodecan
be reduced to selecting an attribute for testing. The choice of the order in which the attributes are selected
greatlyaffectsthequality,shape,andnumberofnodesinthetree.Whenconstructingatree,oneneedstohave
ameansofdetermining
theimportantattributesneededforclassification
theorderingoftheimportantattributes
Afeatureselectioncriterionisusedtodeterminetherankingoftheinputattributes.Eachcriteriontestusingthe
featureselectioncriterionisnormallyrestrictedtobeingafunctionofoneoftheattributesatatime.Thereare
severalfeatureselectioncriteriaandtheseinclude:
1. Theinformationgaincriteria
2. ThesymmetricGoodmanKruskallTaudevelopedbyZhouandDillon.
Sincethedataislikelytobenoisy,withmissingattributes,itisimportantthatthefeatureselectioncriterionbe
abletocopewiththis.Thesecondcriterionisrobustwithrespecttothese.Essentially,whenusingthedecision
treemethod,onedefines asetofoutputclassesacustomermightbelongto andalsoasetofinputvariables,
whichwillhelpclassifythiscustomer.Thedataisanalyzedusinganappropriatefeatureselectioncriterion,anda
decision tree is developed. This decision tree is then used to categorize any customer by noting his individual
purchasingbehavior.Theoutputclassescould,forinstance,beindividualpurchasingcircles.
Page75
Webmining
Inadditiontominingpatternsfromdataonpurchasesandordersindatabases,thereisalsoarelatedareaofweb
mining.Thiscanaddresstheproblemofdeterminingpatternsin
1. datalogsofwebaccessestodeterminethepatternofaccessestoawebsite;thisiscalledwebusage
miningandprovidesimportantinformationontheusabilityofthewebsitearchitecture.
2. thestructureofawebsitetodeterminethesitearchitectureofawebsiteandrelatedlinks.Thefocus
hereisonlinkinformation.Thisiscalledwebstructureminingandcouldbeofusetoagentsusedby
brokerstovisitotherwebsites.
3. thecontentofwebsitestodetermineanypatterninthecontentofwebsites.
Thisisreferredtoaswebcontentminingandagaincouldbeusefultovisitoragents.
Page76
RichInternetApplication
LimitationOfCurrentWebApplications
TheInternetwasoriginallydesignedforsimplytransportingdocumentsandinformation.Thetechnologyitwas
builtuponlackedtheinteractivityofdesktopapplications.
Thats changed in the past decade as innovators have developed a richer user experience, despite huge
challenges.
RichInternetApplications(RIAs)
Rich Internet Applications (RIAs) are web applications that have many of the characteristics of desktop
applications,typicallydeliveredeitherbywayofasitespecificbrowser,viaabrowserplugin,orindependently
sandboxesorvirtualmachines.AdobeFlash,Java,andMicrosoftSilverlightarecurrentlythethreemostcommon
platforms, with penetration rates around 97%, 80%, and 54% respectively. Although new web standards have
emerged,theystillusetheprinciplesbehindRIAs.
Usersgenerallyneedtoinstallasoftwareframeworkusingthecomputer'soperatingsystembeforelaunchingthe
application, which typically downloads, updates, verifies and executes the RIA. This is the main differentiator
from JavaScriptbased alternatives like Ajax which use builtin browser functionality to implement comparable
interfaces.WhilesomeconsidersuchinterfacestobeRIAs,someconsiderthemcompetitorstoRIAsandothers,
includingGartner,treatthemassimilarbutseparatetechnologies.
RIAsdominateinonlinegamingaswellasapplicationswhichrequireaccesstovideocapture(withthenotable
exception of Gmail, which uses its own taskspecific browser plugin). Nevertheless, web standards such as
HTML5 have developed and the compliance of web browsers with those standards has somewhat improved.
However,theneedforpluginbasedRIAsforaccessingvideocaptureanddistributionhasnotdiminished,even
with the emergence of HTML5 and JavaScriptbased desktoplike widget sets that provide alternative solutions
formobilewebbrowsing.
Keycharacteristics
Searchability : RIAs present indexing challenges to search engines, but Adobe Flash content is
nowatleastpartiallyindexable.
Advanced communications with supporting servers can improve the user experience: for
example,byusingoptimisednetworkprotocols,asynchronousI/O,andprefetchingdata(asin
GoogleMaps).Accordingly,manyRIAsrequirereliablebroadbandconnections.
Complexityofadvancedsolutions(thoughmakingthemmoredifficulttodesign,develop,deploy
and debug than traditional web applications) typically reduces in RIAs comparedto traditional
applicationsoftware)
Consistency of userinterface and experience becomes controllable across operating systems
(thoughperformancemonitoringandfaultdiagnosiscanprovideparticulardifficulties).
Installationandmaintenanceofplugins,sandboxesorvirtualmachines,thoughrequired,make
applicationssmallerthantheirpredecessorsandtypicallyallowautomatedupdates.RIAsoften
install faster than application software but slower than native web applications, which do not
alwaysallowautomation.
Offlineusemayoccurbyretainingstatelocallyontheclientmachine(butdevelopmentsinweb
standardshavealsoenabledthisfornativewebapplications)
Securitycanimproveoverthatofapplicationsoftware(forexamplethroughuseofsandboxes
and automatic updates), but the extensions themselves remain subject to vulnerabilities and
Page77
accesspossiblyisoftenmuchgreaterthanthatofnativewebapplications.Forsecuritypurposes,
mostRIAsruntheirclientportions withinaspecialisolatedareaoftheclientdesktopcalleda
sandbox.Thesandboxlimitsvisibilityandaccesstothefilesystemandtotheoperatingsystem
ontheclienttotheapplicationserverontheothersideoftheconnection.Thisapproachallows
the client system to handle local activities, calculations, reformatting and so forth, thereby
loweringtheamountandfrequencyofclientservertraffic,especiallyascomparedtotheclient
serverimplementationsbuiltaroundsocalledthinclients.
Performance can improve depending on the application and network characteristics. In
particular, applications which can avoid the latency of roundtrips to the server by processing
locallyontheclientoftenrunalotfaster.Offloadingworktotheclientscanalsoimproveserver
performance. Conversely the resource requirements can become prohibitive for small,
embedded and mobile devices. An RIA can use a wider range of controls to improve users
interaction with the interface, allowing efficient interactions, better errormanagement,
feedbackandoveralluserexperience.
Richnessbywayoffeaturesnotsupportednativelybythewebbrowsersuchasvideocapture
(for example: Adobe Flash). RIAs are usually richer in functionality as they offer userinterface
behaviorsusingonlytheHTMLwidgetsthatcanincludeanytechnologybeingusedbytheclient
side,includingdraganddrop,usingaslidertochangedata,calculationsperformedonlybythe
clientandnotneedtobesentbacktotheserver.
A subwindowing choice of MDIbased, tabbed, or stacked collapsible panes, preferably user
selectable;andrelatedfeaturessuchasmodaldialogboxes.
AjaxandRIA(RichInternetApplications)
Ajax(AsynchronousJavaScriptandXML)isamethodofbuildinginteractiveapplicationsfortheWebthatprocess
user requests immediately. A rich Internet application (RIA) is a Web application designed to deliver the same
features and functions normally associated with desktop applications. Learn more Ajax and RIA basics with
learningguidesandbestpracticesforSOAandWebservicesarchitectsanddevelopers.
Page78
Web2.0
ThetermWeb2.0iscommonlyassociatedwithwebapplicationsthatfacilitateinteractiveinformationsharing,
interoperability,usercentereddesign,andcollaborationontheWorldWideWeb.AWeb2.0sitegivesitsusers
the free choice to interact or collaborate with each other in a social media dialogue as creators (prosumer) of
usergeneratedcontentinavirtualcommunity,incontrasttowebsiteswhereusers(consumer)arelimitedtothe
passiveviewingofcontentthatwascreatedforthem.ExamplesofWeb2.0includesocialnetworkingsites,blogs,
wikis,videosharingsites,hostedservices,webapplications,mashupsandfolksonomies.
The term is closely associated with Tim O'Reilly because of the O'Reilly Media Web 2.0 conference in 2004.
AlthoughthetermsuggestsanewversionoftheWorldWideWeb,itdoesnotrefertoanupdatetoanytechnical
specifications, but rather to cumulative changes in the ways software developers and endusers use the Web.
WhetherWeb2.0isqualitativelydifferentfrompriorwebtechnologieshasbeenchallengedbyWorldWideWeb
inventorTimBernersLee,whocalledtheterma"pieceofjargon"preciselybecauseheintendedtheWebin
his vision as "a collaborative medium, a place where we [could] all meet and read and write". He called it the
'Read/WriteWeb'.
CHARACTERISTICS
Participation
EveryaspectofWeb2.0isdrivenbyparticipation.ThetransitiontoWeb2.0wasenabledbytheemergenceof
platforms such as blogging, social networks, and free image and video uploading, that collectively allowed
extremelyeasycontentcreationandsharingbyanyone.
Standards
StandardsprovideanessentialplatformforWeb2.0.Commoninterfacesforaccessingcontentandapplications
arethegluethatallowsintegrationacrossthemanyelementsoftheemergentweb.
Decentralization
Page79
Web 2.0 is decentralized in its architecture, participation, and usage. Power and flexibility emerges from
distributing applications and content over many computers and systems, rather than maintaining them on
centralizedsystems.
Openness
TheworldofWeb2.0hasonlybecomepossiblethroughaspiritofopennesswherebydevelopersandcompanies
provideopen,transparentaccesstotheirapplicationsandcontent.
Modularity
Web 2.0 is the antithesis of the monolithic. It emerges from many, many components or modules that are
designedtolinkandintegratewithothers,togetherbuildingawholethatisgreaterthanthesumofitsparts.
UserControl
AprimarydirectionofWeb2.0isforuserstocontrolthecontenttheycreate,thedatacapturedabouttheirweb
activities,andtheiridentity.Thispowerfultrendisdrivenbythecleardesiresofparticipants.
Identity
IdentityisacriticalelementofbothWeb2.0andthefuturedirectionoftheinternet.Wecanincreasinglychoose
torepresentouridentitieshoweverweplease,acrossinteractions,virtualworlds,andsocialnetworks.
Web2.0websitesallowuserstodomorethanjustretrieveinformation.Byincreasingwhatwasalreadypossible
in "Web 1.0", they provide the user with more userinterface, software and storage facilities, all through their
browser.Thishasbeencalled"Networkasplatform"computing.UserscanprovidethedatathatisonaWeb2.0
site and exercise some control over that data. These sites may have an "Architecture of participation" that
encouragesuserstoaddvaluetotheapplicationastheyuseit.
The concept of Webasparticipationplatform captures many of these characteristics. Bart Decrem, a founder
andformerCEOofFlock,callsWeb2.0the"participatoryWebandregardstheWebasinformationsourceas
Web1.0.
The impossibility of excluding groupmembers who dont contribute to the provision of goods from sharing
profitsgivesrisetothepossibilitythatrationalmemberswillprefertowithholdtheircontributionofeffortand
freerideonthecontributionofothers.ThisrequireswhatissometimescalledRadicalTrustbythemanagement
of the website. According to Best, the characteristics of Web 2.0 are: rich user experience, user participation,
dynamic content, metadata, web standards and scalability. Further characteristics, such as openness, freedom
andcollectiveintelligencebywayofuserparticipation,canalsobeviewedasessentialattributesofWeb2.0.
TECHNOLOGIES
Aggregation
Bringingmultiplecontentsourcestogetherintooneinterfaceorapplication.
AJAX
(Asynchronous JavaScript and XML): A combination of technologies that enables highly interactive web
applications.
API
(Application Programming Interface): A defined interface to a computer application or database that allows
accessbyotherapplications.
Embedding
Page80
Integratingcontentoranapplicationintoawebpage,whiletheoriginalformatismaintained.
Folksonomy
Rich categorization of information that is collectively created by users, through tagging and other actions. (cf.
taxonomy)
Mashups
Combinationofdifferenttypesofcontentordata,usuallyfromdifferentsources,tocreatesomethingnew.
Remixing
Extractingandcombiningsamplesofcontenttocreateanewoutput.Thetermwasoriginallyusedinmusicbutis
nowalsoappliedtovideoandothercontent.
RSS
(Really Simple Syndication) A group of formats to publish (syndicate) content on the internet so that users or
applicationsautomaticallyreceiveanyupdates.
RubyonRails
AnopensourcewebapplicationframeworkthatisfrequentlyusedinWeb2.0websitedevelopment.
Tagcloud
A visual depiction of tags that have been used to describe a piece of content, with higher frequency tags
emphasizedtoassistcontentcomprehensionandnavigation.
Tagging
Attachingdescriptionstoinformationorcontent.
Virtualarchitecture
The creation of avatars (alternative representations of people), buildings, objects, and other artifacts inside
virtualspaces.
Widget
Small,portablewebapplicationthatcanbeembeddedintoanywebpage.
XML
(eXtensibleMarkupLanguage)Anopenstandardfordescribingdata,whichenableseasyexchangeofinformation
betweenapplicationsandorganizations.
FEATURES
Web 2.0 websites typically include some of the following features and techniques. Andrew McAfee used the
acronymSLATEStorefertothem:
Search
Findinginformationthroughkeywordsearch.
Links
Page81
Connects information together into a meaningful information ecosystem using the model of the Web, and
provideslowbarriersocialtools.
Authoring
The ability to create and update content leads to the collaborative work of many rather than just a few web
authors. In wikis, users may extend, undo and redo each other's work. In blogs, posts and the comments of
individualsbuildupovertime.
Tags
Categorizationofcontentbyusersadding"tags"short,usuallyoneworddescriptionstofacilitatesearching,
withoutdependenceonpremade categories.Collectionsoftags createdby manyuserswithinasinglesystem
may be referred to as "folksonomies" (i.e., folk taxonomies). Extensions Software that makes the Web an
applicationplatformaswellasadocumentserver.
Signals
TheuseofsyndicationtechnologysuchasRSStonotifyusersofcontentchanges.
Web3.0
Technologistslovetechnology
Opportunityinwhattheyvemadeeasy
Findnewsthingsthatmakeoldthingsbetter
BTW, Web 3.0 is the sensorweb, in which the architecture of participation will be an automatic
byproductofthedeviceswecarryaroundwithus.
RESTWebServices
RepresentationalStateTransfer(REST)isastyleofsoftwarearchitecturefordistributedhypermediasystemssuch
astheWorldWideWeb.ThetermRepresentationalStateTransferwasintroducedanddefinedin2000byRoy
Fielding in his doctoral dissertation. Fielding is one of the principal authors of the Hypertext Transfer Protocol
(HTTP)specificationversions1.0and1.1.
WhatsaWebService?
Awebserviceisjustawebpagemeantforacomputertorequestandprocess.Moreprecisely,aWebserviceis
aWebpagethatsmeanttobeconsumedbyanautonomousprogramasopposedtoaWebbrowserorsimilarUI
tool.WebServicesrequireanarchitecturalstyletomakesenseofthem,becausetheresnosmarthumanbeing
ontheclientendtokeeptrackThepreWebtechniquesofcomputerinteractiondon'tscaleontheInternet.They
weredesignedforsmallscalesandsingletrustdomains.
Concept
RESTstyle architectures consist of clients and servers. Clients initiate requests to servers; servers process
requests and return appropriate responses. Requests and responses are built around the transfer of
"representations"of"resources".Aresourcecanbeessentiallyanycoherentandmeaningfulconceptthatmaybe
addressed.Arepresentationofaresourceistypicallyadocumentthatcapturesthecurrentorintendedstateofa
resource.
Atanyparticulartime,aclientcaneitherbeintransitionbetweenapplicationstatesor"atrest".Aclientinarest
stateisabletointeractwithitsuser,butcreatesnoloadandconsumesnoperclientstorageonthesetofservers
oronthenetwork.
Page82
The client begins sending requests when it is ready to make the transition to a new state. While one or more
requestsareoutstanding,theclientisconsideredtobeintransition.Therepresentationofeachapplicationstate
containslinksthatmaybeusednexttimetheclientchoosestoinitiateanewstatetransition.
RESTwasinitiallydescribedinthecontextofHTTP,butisnotlimitedtothatprotocol.RESTfularchitecturescan
be based on other Application Layer protocols if they already provide a rich and uniform vocabulary for
applicationsbasedonthetransferofmeaningfulrepresentationalstate.RESTfulapplicationsmaximizetheuseof
thepreexisting,welldefinedinterfaceandotherbuiltincapabilitiesprovidedbythechosennetworkprotocol,
andminimizetheadditionofnewapplicationspecificfeaturesontopofit.
PrinciplesofRESTWebServiceDesign
1. Identifyallconceptualentitiestobeexposedasservices
1. singlebookmark,bookmarkcollection,keywordlist
2. CreateaURLtoeachresource
3. AvoidRPCstyleandusingverbs.
4. Categorizeresourcesaccordingtoavailableoperations
5. GET,PUT,POST,DELETE
1. ResourcesaccessibleviaHTTPGETshouldbesideeffectfree
2. Norepresentationshouldbeanisland
Puthyperlinksintoresourcerepresentations
Enablesclientstoobtainrelatedoradditionalinformation.
3. Designtorevealdatagradually
Noteverythinginasingleresponsedocument
Providehyperlinkstoobtainmoredetails
4. Specifytheformatofresponsedatausingaschema(DTD,XSD,)
ForPOSTandPUTservicesprovidearequestspecification
5. DescribehowtoinvokeservicesusingaWSDL,oranHTMLdocument
Assets
Developmentandtestingwithoutcomplextoolkits
DebuggingofRESTrequestswithawebbrowser
RequiresabasicHTTPclient,availableineverycommon
language
RESTservicescanbeeasilyusedbyAJAXapplications
APIsinRESTstylearemoreconsumablethencomplexAPIs
Lowerlearningcurveforconsumer
EverythingaccessiblethroughuniversalAPI
Drawbacks
Onlyfewtools
RestrictionsforGETlengthsometimesmaybeaproblem
NodirectbridgetotheOOPworld
SecuritywithREST
Firewall
OperationsbasedonURIsandHTTPmethods
Canbefilterbyfirewalls
Noneedtoinspectandparsee.g.SOAP
ServerSide
SimpleACLbasedsecuritypossible
SecurityandauthenticationthroughHTTP(S)
RequestandresponsedatamaybesecuredbyOASISWebServicesSecurity
Page83
SOAPvs.RESTStyle
CriticismonSOAPfromRESTpointofview
RedefinessemanticofHTTPoperations
Doesntcomplywithwebarchitecture
POSTaSOAPmessagetoaURI
POSTismeanttoaddasubordinatetoaresource
SOAPRequestsi.e.amethodcall
UsingStatusCode200forSOAPErrors
SOAP1.2
BindingofSOAPtoHTTPintendedtomakeappropriateduse
ofHTTPasapplicationprotocol
ItispossibletoretrieveaapplicationstateviaGET
Correctusageofstatuscodes(200,4xx,5xx)
ProSOAP
Rigidstrongtyping,interfacecontract
Richsupport,toolsforcodeandmodeling
Summary
RESTis
Aarchitecturalstyle,nostandard
TheWaytheWebworks
Resourcecentric
Basedonmaturestandards
Lightweight,comparedtoSOAP
Page84
WebMashup
In Web development, a mashup is a Web page or application that uses and combines data, presentation or
functionalityfromtwoormoresourcestocreatenewservices.Thetermimplieseasy,fastintegration,frequently
usingopenAPIsanddatasourcestoproduceenrichedresultsthatwerenotnecessarilytheoriginalreasonfor
producingtherawsourcedata.
Tobeabletopermanentlyaccessthedataofotherservices,mashupsaregenerallyclientapplicationsorhosted
online. Since 2010, two major mashup vendors have added support for hosted deployment based on Cloud
computingsolutions.
Inthepastyears,moreandmoreWebapplicationshavepublishedAPIsthatenablesoftwaredeveloperstoeasily
integrate data and functions instead of building them by themselves. Mashups can be considered to have an
activeroleintheevolutionofsocialsoftwareandWeb2.0.Mashupscompositiontoolsareusuallysimpleenough
tobeusedbyendusers.Theygenerallydonotrequireprogrammingskills,theyrathersupportvisualwiringof
GUIwidgets,servicesandcomponentstogether.Therefore,thesetoolscontributetoanewvisionoftheWeb,
whereusersareabletocontribute.
Typesofmashups
Therearemanytypesofmashups,suchasdatamashups,consumermashups,andenterprisemashups.Themost
commontypeofmashupistheconsumermashup,aimedatthegeneralpublic.
Data mashups combine similar types of media and information from multiple sources into a single
representation.ThecombinationofalltheseresourcescreatesanewanddistinctWebservicethatwas
notoriginallyprovidedbyeithersource.
1.
Consumer mashups, opposite to the data mashup, combines different data types. Generally visual
elementsanddatafrommultiplesources.
Businessmashupsgenerallydefineapplicationsthatcombinetheirownresources,applicationanddata,
withotherexternalwebservices.Theyfocusdataintoasinglepresentationandallowforcollaborative
action among businesses and developers. This works well for an Agile Development project, which
requires collaboration between the Developers and Customer (or Customer proxy, typically a product
manager) for defining and implementing the business requirements. Enterprise Mashups are secure,
visually rich web applications that expose actionable information from diverse internal and external
informationsources.
Mashupsversusportals
Mashupsandportalsarebothcontentaggregationtechnologies.Portalsareanoldertechnologydesignedasan
extensiontotraditionaldynamicWebapplications,inwhichtheprocessofconvertingdatacontentintomarked
upWebpagesissplitintotwophases:generationofmarkup"fragments"andaggregationofthefragmentsinto
pages.Eachmarkupfragmentisgeneratedbya"portlet",andtheportalcombinesthemintoasingleWebpage.
Portletsmaybehostedlocallyontheportalserverorremotelyonaseparateserver.Portaltechnologydefinesa
completeeventmodelcoveringreadsandupdates.Arequestforanaggregatepageonaportalistranslatedinto
individualreadoperationsonalltheportletsthatformthepage("render"operationsonlocal,JSR168portletsor
"getMarkup"operationsonremote,WSRPportlets).Ifasubmitbuttonispressedonanyportletonaportalpage,
it is translated into an update operation on that portlet alone ("processAction" on a local portlet or
"performBlockingInteraction"onaremote,WSRPportlet).Theupdateisthenimmediatelyfollowedbyareadon
allportletsonthepage.Portaltechnologyisaboutserverside,presentationtieraggregation.Itcannotbeused
todrivemorerobustformsofapplicationintegrationsuchastwophasecommit.
Page85
Mashupsdifferfromportalsinthefollowingrespects:
The portal model has been around longer and has had greater investment and product research. Portal
technology is therefore more standardized and mature. Over time, increasing maturity and standardization of
mashuptechnologywilllikelymakeitmorepopularthanportaltechnologybecauseitismorecloselyassociated
with Web 2.0 and lately Serviceoriented Architectures. New versions of portal products are expected to
eventually add mashup support while still supporting legacy portlet applications. Mashup technologies, in
contrast,arenotexpectedtoprovidesupportforportalstandards.
Businessmashups
Mashupuseisexpandinginthebusinessenvironment.Businessmashupsareusefulforintegratingbusinessand
dataservices,asbusinessmashupstechnologiesprovidetheabilitytodevelopnewintegratedservicesquickly,to
combineinternalserviceswithexternalorpersonalizedinformation,andtomaketheseservicestangibletothe
businessuserthroughuserfriendlyWebbrowserinterfaces.Businessmashupsdifferfromconsumermashupsin
thelevelofintegrationwithbusinesscomputingenvironments,securityandaccesscontrolfeatures,governance,
and the sophistication of the programming tools (mashup editors) used. Another difference between business
mashups and consumer mashups is a growing trend of using Business mashups in commercial software as a
service(SaaS)offering.ManyoftheprovidersofBusinessMashupstechnologieshaveaddedSOAfeatures.
Architecturalaspectsofmashups
Architecturally, there are two styles of mashups: Webbased and serverbased. Whereas Webbased mashups
typically use the user's Web browser to combine and reformat the data, serverbased mashups analyze and
reformat the data on a remote server and transmit the data to the user's browser in its final form. Mashups
appeartobeavariationofaFacadepattern.Thatis,itisasoftwareengineeringdesignpatternthatprovidesa
simplifiedinterfacetoalargerbodyofcode(inthiscasethecodetoaggregatethedifferentfeedswithdifferent
APIs).
Page86
Mashupscanbeusedwithsoftwareprovidedasaservice(SaaS).Afterseveralyearsofstandardsdevelopment,
mainstreambusinessesarestartingtoadoptServiceorientedArchitectures(SOA)tointegratedisparatedataby
makingthemavailableasdiscreteWebservices.Webservicesprovideopen,standardizedprotocolstoprovidea
unified means of accessing information from a diverse set of platforms (operating systems, programming
languages,applications).TheseWebservicescanbereusedtoprovidecompletelynewservicesandapplications
withinandacrossorganizations,providingbusinessflexibility.
Page87
WorkingofSearchEngines
Introduction
The web creates new challenges for information retrieval. The amount of information on the web is growing
rapidly,aswellasthenumberofnewusersinexperiencedintheartofwebresearch.Peoplearelikelytosurfthe
webusingitslinkgraph,oftenstartingwithhighqualityhumanmaintainedindicessuchasYahoo!orwithsearch
engines. Human maintained lists cover popular topics effectively but are subjective, expensive to build and
maintain,slowtoimprove,andcannotcoverallesoterictopics.Automatedsearchenginesthatrelyonkeyword
matchingusuallyreturntoomanylowqualitymatches.Tomakemattersworse,someadvertisersattempttogain
peoplesattentionbytakingmeasuresmeanttomisleadautomatedsearchengines.Wehavebuiltalargescale
searchenginewhichaddressesmanyoftheproblemsofexistingsystems.It makesespeciallyheavyuseofthe
additionalstructurepresentinhypertexttoprovidemuchhigherqualitysearchresults.Theterm"searchengine"
isoftenusedgenericallytodescribebothcrawlerbasedsearchenginesandhumanpowereddirectories.These
twotypesofsearchenginesgathertheirlistingsinradicallydifferentways.
HowitWorks
CrawlerBasedSearchEngines
Crawlerbased search engines, such as Google, create their listings automatically. They "crawl" or spider" the
web, then people search through what they have found. If you change your web pages, crawlerbased search
engineseventuallyfindthesechanges,andthatcanaffecthowyouarelisted.Pagetitles,bodycopyandother
elementsallplayarole.
HumanPoweredDirectories
Ahumanpowereddirectory,suchastheOpenDirectory,dependsonhumansforitslistings.Yousubmitashort
description to the directory for your entire site, or editors write one for sites they review. A search looks for
matchesonlyinthedescriptionssubmitted.Changingyourwebpageshasnoeffectonyourlisting.Thingsthat
areusefulforimprovingalistingwithasearchenginehavenothingtodowithimprovingalistinginadirectory.
Theonlyexceptionisthatagoodsite,withgoodcontent,mightbemorelikelytogetreviewedforfreethana
poorsite.
"HybridSearchEngines"OrMixedResults
In the web's early days, it used to be that a search engine either presented crawlerbased results or human
poweredlistings.Today,itextremelycommonforbothtypesofresultstobepresented.Usually,ahybridsearch
engine will favor one type of listings over another. For example, MSN Search is more likely to present human
poweredlistingsfromLookSmart.However,itdoesalsopresentcrawlerbasedresults(asprovidedbyInktomi),
especiallyformoreobscurequeries.
ThePartsOfACrawlerBasedSearchEngine
Crawlerbasedsearchengineshavethreemajorelements.Firstisthespider,alsocalledthecrawler.Thespider
visits a web page, reads it, and then follows links to other pages within the site. This is what it means when
someonereferstoasitebeing"spidered"or"crawled."Thespiderreturnstothesiteonaregularbasis,suchas
every month or two, to look for changes. Everything the spider finds goes into the second part of the search
engine,theindex.Theindex,sometimescalledthecatalog,islikeagiantbookcontainingacopyofeveryweb
pagethatthespiderfinds.Ifawebpagechanges,thenthisbookisupdatedwithnewinformation.
Sometimesitcantakeawhilefornewpagesorchangesthatthespiderfindstobeaddedtotheindex.Thus,a
webpagemayhavebeen"spidered"butnotyet"indexed."Untilitisindexedaddedtotheindexitisnot
availabletothosesearchingwiththesearchengine.
Searchenginesoftwareisthethirdpartofasearchengine.Thisistheprogramthatsiftsthroughthemillionsof
pages recorded in the index to find matches to a search and rank them in order of what it believes is most
Page88
relevant. You can learn more about how search engine software ranks web pages on the aptlynamed How
SearchEnginesRankWebPagespage.Allcrawlerbasedsearchengineshavethebasicpartsdescribedabove,but
therearedifferencesinhowthesepartsaretuned.Thatiswhythesamesearchondifferentsearchenginesoften
producesdifferentresults.Someofthesignificantdifferencesbetweenthemajorcrawlerbasedsearchengines
are summarized on the Search Engine Features Page. Information on this page has been drawn from the help
pagesofeachsearchengine,alongwithknowledgegainedfromarticles,reviews,books,independentresearch,
tipsfromothersandadditionalinformationreceiveddirectlyfromthevarioussearchengines.
PageRank
DescriptionofPageRankCalculation
Academic citation literature has been applied to the web, largely by counting citations or backlinks to a given
page. This gives some approximation of a page's importance or quality. PageRank extends this idea by not
countinglinksfromallpagesequally,andbynormalizingbythenumberoflinksonapage.PageRankisdefinedas
follows:
WeassumepageAhaspagesT1...Tnwhichpointtoit(i.e.,arecitations).Theparameterdisadampingfactor
whichcanbesetbetween0and1.Weusuallysetdto0.85.Therearemoredetailsaboutdinthenextsection.
AlsoC(A)isdefinedasthenumberoflinksgoingoutofpageA.ThePageRankofapageAisgivenasfollows:
PR(A)=(1d)+d(PR(T1)/C(T1)+...+PR(Tn)/C(Tn))
NotethatthePageRanksformaprobabilitydistributionoverwebpages,sothesumofallwebpages'PageRanks
willbeone.
PageRank or PR(A) can be calculated using a simple iterative algorithm, and corresponds to the principal
eigenvectorofthenormalizedlinkmatrixoftheweb.Also,aPageRankfor26millionwebpagescanbecomputed
inafewhoursonamediumsizeworkstation.Therearemanyotherdetailswhicharebeyondthescopeofthis
paper.
Simplifiedalgorithm
Assume a small universe of four web pages: A, B, C and D. The initial approximation of PageRank would be
evenlydividedbetweenthesefourdocuments.Hence,eachdocumentwouldbeginwithanestimatedPageRank
of0.25.IntheoriginalformofPageRankinitialvaluesweresimply1.Thismeantthatthesumofallpageswasthe
total number of pages on the web. Later versions of PageRank (see the formulas below) would assume a
probability distribution between 0 and 1. Here a simple probability distribution will be used hence the initial
valueof0.25.IfpagesB,C,andD eachonlylinktoA,theywouldeachconfer0.25PageRanktoA.AllPageRank
PR( ) inthissimplisticsystemwouldthusgathertoA becausealllinkswouldbepointingtoA.
Thisis0.75.
SupposethatpageB hasalinktopageC aswellastopageA,whilepageD haslinkstoallthreepages.The
value of the link-votes is divided among all the outbound links on a page.Thus,pageB givesavoteworth
0.125topageA andavoteworth0.125topageC.OnlyonethirdofD'sPageRankiscountedforA'sPageRank
(approximately0.083).
Page89
In other words, the PageRank conferred by an outbound link is equal to the document's own PageRank score
dividedbythenormalizednumberofoutboundlinksL()(itisassumedthatlinkstospecificURLsonlycountonce
perdocument).
Inthegeneralcase,thePageRankvalueforanypageu canbeexpressedas:
i.e.thePageRankvalueforapageu isdependentonthePageRankvaluesforeachpagev outofthesetBu (this

setcontainsallpageslinkingtopageu),dividedbythenumberL(v)oflinksfrompagev.
Page90
IntuitiveJustification
PageRankcanbethoughtofasamodelofuserbehavior.Weassumethereisa"randomsurfer"whoisgivena
web page at random and keeps clicking on links, never hitting "back" but eventually gets bored and starts on
anotherrandompage.TheprobabilitythattherandomsurfervisitsapageisitsPageRank.And,theddamping
factoristheprobabilityateachpagethe"randomsurfer"willgetboredandrequestanotherrandompage.One
important variation is to only add the damping factor d to a single page, or a group of pages. This allows for
personalization and can make it nearly impossible to deliberately mislead the system in order to get a higher
ranking.
AnotherintuitivejustificationisthatapagecanhaveahighPageRankiftherearemanypagesthatpointtoit,or
iftherearesomepagesthatpointtoitandhaveahighPageRank.Intuitively,pagesthatarewellcitedfrommany
placesaroundthewebareworthlookingat.Also,pagesthathaveperhapsonlyonecitationfromsomethinglike
theYahoo!homepagearealsogenerallyworthlookingat.Ifapagewasnothighquality,orwasabrokenlink,itis
quite likely that Yahoo's homepage would not link to it. PageRank handles both these cases and everything in
betweenbyrecursivelypropagatingweightsthroughthelinkstructureoftheweb.
Searchengineoptimization
Searchengineoptimization(SEO)istheprocessofimprovingthevisibilityofawebsiteorawebpageinsearch
engines via the "natural" or unpaid ("organic" or "algorithmic") search results. Other forms of search engine
marketing(SEM)targetpaidlistings.Ingeneral,theearlier(orhigheronthepage),andmorefrequentlyasite
appearsinthesearchresultslist,themorevisitorsitwillreceivefromthesearchengine.SEOmaytargetdifferent
kindsofsearch,includingimagesearch,localsearch,videosearchandindustryspecificverticalsearchengines.
Thisgivesawebsitewebpresence.
As an Internet marketing strategy, SEO considers how search engines work and what people search for.
Optimizing a website may involve editing its content and HTML and associated coding to both increase its
relevancetospecifickeywordsandtoremovebarrierstotheindexingactivitiesofsearchengines.Promotinga
sitetoincreasethenumberofbacklinks,orinboundlinks,isanotherSEOtactic.
Theacronym"SEO"canreferto"searchengineoptimizers,"atermadoptedbyanindustryofconsultantswho
carryoutoptimizationprojectsonbehalfofclients,andbyemployeeswhoperformSEOservicesinhouse.Search
engineoptimizersmayofferSEOasastandaloneserviceorasapartofabroadermarketingcampaign.Because
effectiveSEOmayrequirechangestotheHTMLsourcecodeofasite,SEOtacticsmaybeincorporatedintoweb
site development and design. The term "search engine friendly" may be used to describe web site designs,
menus, content management systems, images, videos, shopping carts, and other elements that have been
optimizedforthepurposeofsearchengineexposure.
Anotherclassoftechniques,knownasblackhatSEOorspamdexing,usesmethodssuchaslinkfarms,keyword
stuffingandarticlespinningthatdegradeboththerelevanceofsearchresultsandtheuserexperienceofsearch
engines.Searchengineslookforsitesthatemploythesetechniquesinordertoremovethemfromtheirindices.
Page91
InternetSecurity
Here,wewillexaminehowtomakeuseofthecryptographictechniquestobuildasecureecommercesystem.
Basically,securitycanbeaddressedateitherthenetworklayerorthetransportlayer.Servingasthefirstlineof
defense,firewallsarecommonlyemployedtoprotectanintranet(privatenetwork)againstpossibleattacksfrom
theinternet(publicnetwork).Theytypicallycontroltheadmissionofpacketsenteringanintranet.Theoriginal
InternetProtocol(IP)doesnotaddresssecurityissues.
Asanoption,IPSecprovidesbothauthenticationandencryptionservicestoIPpackets.ByusingIPSec,companies
and their trading partners can build secure virtual private networks over the public internet. At the transport
layer,theSecureSocketLayer(SSL)protocolisusedtoensuresecuredatatransferbetweentwohostcomputers
particularlyforHTTP.Typically,SSLisusedfortransferringsensitivedata(e.g.creditcardinformation)betweena
webclientandawebserver.Therefore,SSLisextremelyimportantinB2Cecommerce.Bycombiningfirewalls,
IPSec,andSSL,wecanbuildaverysecureecommercesystemovertheinternet.
IPSecprotocol
As a security option for the current IP, IP Security Protocol (IPSec) [RFC 24012406] supports authentication
and/or encryption service(s) at the network layer. As shown in Figure 8.1, this is done by adding a new IPSec
headerbetweentheIPheaderandtheIPpayload.Theheaderisinsertedeitherbyanenduserscomputerifthe
computercansupportIPSecorbyanIPSecenabledgateway.Asexplainedlaterinthischapter,thisnewIPSec
header provides the necessary protection. There are two types of IPSec headers or IPSec services, namely the
Authentication Header (AH) and the Encapsulating Security Payload (ESP), The AH verifies the identity of an IP
packetandensuresthecontentintegrity.Inotherwords,ifthecontentisaltered,thereceivercandetectitso
thatappropriateactioncanbetaken(e.g.,requeststhesendertoretransmitthepacket).However,thecontent
ofthepacketisnotkeptconfidentialbecausethepacketisnotencrypted.Attheexpenseofalongerprocessing
time, ESP provides an encryption service and an optional authentication service. There are two modes of
operationforbothAHandESP,namelythetransportmodeandthetunnelmode.Forthetransportmode,the
upperlayerdata(i.e.,dataabovethenetworklayer)isprotected.Itisusuallyusediftheenduserscansupport
IPSec.Forthetunnelmode,theprotectioncoversthewholepacket.Inthiscase,theendusersdonotneedto
supportIPSecbecauseanIPSecenabledgatewayisemployedtoapplytherequiredprotection.
SettingUpSecurityAssociations
Before employing IPSec between two devices, they need to setup a security association (SA) which defines a
simplexsecurityrelationshipbetweenthem.Thatmeans,iftwohostsXandYwanttouseIPSecinboththeXtoY
andYtoXdirections,theyneedtosetuptwoSAS.NotethattheconfigurationforthetwoSAScanbedifferent.
Page92
Thus,forinstance,theycouldusedifferentcryptographicalgorithms.Amongotherinformation,eachSAbasically
definestherequiredprotection (AH or ESP): theencryptionand/orauthenticationmethodsthecorresponding
key(s)forperformingthecryptographicfunctions.AnSAcanbesetupeithermanuallyordynamically.Thesetup
procedureinvolvestheestablishmentofvariouscryptographickeysandsecurityparameters.Inthemanualcase,
anetworkadministratorcanconfiguretheSAduringsystemsetup.Inthedynamiccase,twocomputersnegotiate
an SA by using the Internet Key Exchange (IKE) protocol as defined in RFC2409. IKE is based on the internet
Security Association and Key Management Protocol (ISAKMP) as defined in RFC2408 and the Oakley key
management protocol. The latter protocol is an enhanced version of the DiffieHellman key exchange protocol
that was described earlier. Generally speaking, the ISAKMP defines the generic protocol including the data
structure for establishing the cryptographic key(s) and setting up the security parameters. Once an SA is
established,asecurityparameterindex(SPI)is assignedtotheSA.TheSPIisspecifiedintheIPSecheaderofallIP
packets belonging to the SA. Note that an SPI may not be globally unique. Therefore, the SA of a packet is
identifiedbytheSPIintheIPSecheadertogetherwiththedestinationIPaddressintheIPheader.
ToimplementIPSec,twodatabasesarerequired,namelyanSADatabase(SAD)andaSecurityPolicyDatabase
(SPD). SAD stores the information on the SAS, and SPD defines the security policy and maintains the mapping
betweenIPtrafficandtheSAS.Notethatan IP packetmaybelongtomorethanoneSA(i.e.abundleofSAS).
For example, as described later, it is possible to combine the transport mode and the tunnel mode to provide
endtoendsecurityinsideanIPtunnel.TheSA(s)ofanIPpacketisidentifiedbyselectedfieldsintheIPpacket
knownasselectors.Forexample,thesourceIPaddresscanbeusedasaselector.Inthiscase,theIPSecdevice
identifiestheSAbymatchingthesourceIPaddressintheIPpacketswiththat of theSPDfields.Afterfindinga
match,thecorrespondingIPSecprotectionwillbeappliedtothepacket.
The basic operation of the IPSec service is as follows. After receiving an outgoing packet, the IPSec device
identifiestheSAofthepacketfromtheSPDbasedontheselectorfieldsintheIPpacket.ThentherequiredIPSec
headerwiththecorrespondingSPIwillbeaddedandtherequiredprotectionwillbeappliedtothepacket.The
resultantpacketisthentransmittedtothedestination.
Having received the inbound packet, the receiving IPSec device identifies the SA by reading the SPI and other
informationinthepacket.Thepacketisthenprocessedwiththerequiredcryptographicalgorithmsbeforeitis
deliveredtothereceiver.
Page93
TheAuthenticationHeader(Ah)Service
Figure 8.2 (above) shows how to apply an Authentication Header (AH) to an IP packet* by using the transport
mode. Basically, the AH is inserted between the IP header and the upper layer data. Inside the AH, a
cryptographic check value is included to ensure content integrity. Essentially, it is generated by means of a
MessageAuthenticationCode(MAC)algorithmsuchasKeyed MD5orHMAC.(seeRFC1828). Thecomputation
onlyappliestofixedorpredictablefieldsintheIPpacket.NotethatcertainfieldsintheIPheader(e.g.timeto
livefield)maybealteredduringtransit,sotheprotectiondoesnotcoverthesemutablefields.Figure8.3(below)
showstheAHserviceunderthetunnelmode.Inthiscase,thesendinghostmaynotsupportIPSec,soitneedsto
sendthepackettoanIPSecgatewayforapplyingtheIPSecservice.Afterreceivingthepacket,theIPSecgateway
insertsitsownIPheaderintotheoriginalIPpacket.ThentheAHisincludedbytreatingtheoriginalIPpacketas
thenewIPpacketpayload.Inotherwords,theoriginalpacketisencapsulatedinsideanewpacket.Thisiswhyit
iscalledtunneling.
TheEncapsulationSecurityPayload
Figure 8.4 shows how to apply the ESP service to an IP packet by using the transport mode. As shown in the
figure,theESPheaderisaddedbetweentheIPheaderandtheupperlayerdata.TheESPtraileristhenattached
totheIPpacket.TheupperlayerdatatogetherwiththeESPtrailerisencryptedtoensuredataconfidentiality.
The default encryption method is DES in the Cipher Block Chaining (CBC) mode. Should authentication be
required, an ESP authentication trailer (ESP Auth) is appended to the end of the packet. This trailer contains a
cryptographic check value to ensure data integrity. The computation applies to the ESP header, the IP packet
payload(i.e.theupperlayerdata),andtheESPtrailer.
Page94
AswiththeAHservice,somecomputersmaynotsupportIPSec.Inthiscase,thetunnelmodecanbeused.TheIP
packetisfirstsenttoanIPSecgateway.ThegatewaythenappendsitsIPheadertotheoriginalIPpacketbefore
adding the ESP header, ESP trailer, and ESP Auth and applying the required protection as shown in Figure 8.5
(below).
PreventingReplayAttack
IPSecalsodefinesamechanismtopreventreplayattackasshownlaterbasedon.Inotherwords,itpreventsan
intruderfromattackingthenetworkbyreplayingapreviouspacket.Thisantireplayattackserviceappliestoboth
AHandESPservices.Ingeneral,thisisdonebyincludingasequencenumberintheIPSecheader(boththeAH
andESPheader)foreachSAandbyemployingaslidingwindowinthereceivertodeterminewhetherapacket
should be accepted. After setting up an SA, the sending side will keep track of the sequence number of the
corresponding packets. Before transmitting a packet of the SA, the corresponding sequence number will be
written into the IPSec header of the packet. Note that the nth packet of the SA has a sequence number of n.
When n equals 232, the SA will be set up again. This ensures that all accepted packets of an SA have unique
sequencenumbers.Onthereceivingside,aslidingwindowiskept.Denote R asthelargestsequencenumberof
thepacketthathasbeenacceptedand L asthelowestsequencenumberofthepacketthatcanbeacceptedor
hasbeenaccepted.Hence,RandLgivetherightandleftboundsoftheslidingwindow,respectively.Thewindow
sizeTisfixedwhere32< T(therecommendedvalueis64).Hence,wehaveR=L+T- 1.
HavingreceivedapacketofaparticularSA,itwillbeacceptedonlyifitmeetsallofthefollowingconditions:
a. Ithasnotbeenreceivedbefore.
b. ItisvalidatedaccordingtothecorrespondingSA,e.g.,thecryptographiccheck
c. Its sequence number is greater than, or equal to, that of the left bound of the flagged packet in the
slidingwindow.
Ifapacketisaccepted,thepositionintheslidingwindowwillbeflagged.Thisindicatesthatthepackethasbeen
received,soanyfuturepacketwiththesamesequencenumberwillberejected.Iftheacceptedpacketisoutside
theslidingwindow,i.e.,itssequencenumberisgreaterthanR,theslidingwindowwillbemovedaccordingly(i.e.
tothenew R). Notethattheleftboundofthewindowwillalsobeincreasedtokeepthewindowsizefixedat T.
Thismayrejectvalidpacketsthathavebeendelayedinthenetworkbecauseofthethirdconditionmentioned
previously.However,asthewindowsizeislarge,thisshouldoccurinfrequently.
ApplicationOfIPSec:VirtualPrivateNetwork
LetusexamineatypicalapplicationofIPSec.SupposethatourVBSwantstoestablishasecureconnectionwitha
businesspartner.IfthesenderandreceivercansupportIPSec,anSAcanbeestablishedbetweenthembyusing
Page95
the AH or ESP service in transport mode. In this case, the required IPSec service is applied by the end users
computers. However, many existing computers may not support IPSec and it may not be costeffective to
upgradeallcomputerstosupportIPSecintheshortterm.Alternatively,virtualprivatenetworksorextranetscan
be formed between the VBS and the business partners. Figure 8.6 (below) shows how a basic virtual private
networkcanbesetupbetweentwointranets(i.e.privatenetworks)byusingtheIPSecprotocol.Inthiscase,the
hostcomputersdonotnecessarilysupportIPSec.
As shown in the figure, IPSec gateways are employed to connect two Intranets over the Internet. Packets are
forwarded to the gateways first so that the required protection can be applied by using the AH or ESP tunnel
modeservice.Essentially,thegatewayaddsitsownIPpacketheadertotheoriginalIPpacketsandtheninserts
therequiredIPSecheaderandtrailer,ifany,beforesendingthepacketstotheinternet.Essentially,atunnelis
formedbetweenthetwogatewaysandpacketsaredeliveredviatheinternettunnelstothereceivinggateway.
Thereceivinggatewayprocessesthepacketsaccordingly(e.g.,checkingthecryptographiccheckvalue),stripsoff
theouterIPpacketheader,andthenforwardstheoriginalIPpacketstothereceivinghost.Notethattheinner
packetsmaynotnecessarilybeIPpackets.Inotherwords,theintranetscanrunothernetworkprotocols,e.g.IPX,
andusetheinternettunnelstodelivernonIPpacketstotheotherend.AsshowninFigure8.6,theendusers
computerscanalsoimplementanendtoendSAinsideatunnel SA iftheycansupportIPSec.Thisgives a better
degreeofsecurity.Nextwediscussfirewalls,whichcanexistinvariousformsrangingfromageneralcomputerto
specialnetworkingequipment.AsshowninFigure8.7,afirewallisinstalledbetweenasecureintranetandthe
insecureinternet.Allinboundtraffic(i.e.,trafficenteringtheintranet)andoutboundtraffic(i.e.trafficleavingthe
intranet) need to pass through the firewall so that a particular security policy can be carried out. Besides
protecting against possible attacks from the internet, a firewall is commonly used for performing network
management and implementing the aforementioned IPSec protocol due to its strategic location. For some
organizations,firewallsmaybeusedtoperformnetworkaddresstranslation.AnorganizationmayuseitsownIP
addressschemewithintheintranet.Foroutboundtraffic,valid(i.e.globallyunique) IP addressesmustbeused.
Theaddresstranslationisdoneatthefirewalls.Thisapproachmayprovideatemporarysolutiontotheshortage
ofIPaddresses.OfcoursethelongtermsolutionistouseIPv6.
Page96
DifferentTypesOfFirewalls
In general, there are three types of firewall: packet filtering router, application gateway, and circuit level
gateway.Asdescribedlater,theycanbecombinedtobuildanevenmoresecurefirewallsystem.
Packetfilteringrouter
The packet filtering router (see Figure 8.8) operates at the network layer. It filters packets according to
predefined filtering rules typically based on source/destination IP address and source/destination port number
onthepackets.Forexample,apacketfilteringroutermaybeconfiguredtoallowinboundpacketstoaccessthe
public web server only. In this case, the packet filtering router will examine the destination IP address of all
incomingpacketsandadmitonlythosepacketsthataredestinedforthewebservertoentertheintranet.This
prevents inbound packets being able to access other computers in the intranet. In addition, a packet filtering
routercanbeusedtofilterpacketsbasedontheserviceused.
Inthiscase,usersarelimitedtoaccesscertaininternetapplicationsonlytypicallybasedontheportnumberon
thepacket.Recallthatsomeportnumbersindicatethetypesofservicesbeingusedsuchas23forTELNET.For
example, the firewall of our VBS may disallow external users to use the TELNET service by denying packets
destined for port 23. A packet filtering router can also be configured to disallow certain hosts to access a
particularservice.Forexample,thefirewallofourVBSmaybeconfiguredsuchthataparticularuser(basedon
thesourceIPaddress)cannotaccesstheTELNETservice.Whilethepacketfilteringrouter is simpletouse,itis
oftendifficulttosetfilteringrulesforalargenetwork.Furthermore,asitonlyoperatesonthenetworklayer,it
cannotcaterforallsecurityrequirements.Forexample,itcannotrestricttheuseofapplicationlevelcommands
(e.g.allowcopyingdataonly).Insomecases,itmightevenbepossible to gothrough a packetfilteringrouterby
means oftunneling(i.e.,apacketwhichshouldbediscardedbyapacketfilteringroutermightgainaccesstothe
intranetbyencapsulatingitinsideanotherpacket).
Page97
Applicationgateway/proxyserver
In contrast to packet filtering routers, application gateways (see Figure 8.9) operate at the application layer.
Acting as a proxy server,access control is performed at the application layer rather than the network layer. In
order to use a particular application, the corresponding proxy service must be installed in the application
gateway.Auserfirstconnectstotheapplicationgateway.
The application gateway then accesses the required service on behalf of the user. For example, a user first
accessesthe applicationgatewaythroughthecorrespondingproxyservice.Aftersuccessfulauthentication,the
applicationgatewayconnectstotheremotecomputerandtransferstheapplicationdataaccordingly.Hence,the
connection between the sender and the receiver is broken into two connections: the connection between the
host and the application gateway and the connection between the application gateway and the destined host.
Compared to packet filtering routers, it is more powerful. In particular, it can be used to control the users
behavior(i.e.,controlhowuserscanuseaparticularapplication)[Smith,19971.Forinstance,thefirewallofour
VBSmaydisallowuserstodownloadexecutablefilesduetoconcernoverviruses.Applicationgatewaysaremore
securenotonlybecausetheycancontrolapplicationlevelcommandsbuttheycanalsomaketheinternalhosts
hidingfromtheoutsideworld.
This is because whenever a packet is sent out to the internet, only the source IP address of the application
gateway is included in the IP packet. Hence, the IP address of the originated host can be kept confidential.
However, application gateways introduce more processing delay. In other words, they may become the
bottleneckoftheintranet.
Circuit level gateway

Inasimilarmannertoapplicationgateways,circuitlevelgatewaysalsoserveasanagentbetweenthesender
andthereceiverasshowninFigure8.10.Conceptually,itworkslikeatelephoneconnection.Auserneedsto
make a connection before data can be transferred. Hence, special client software may be required. After
establishingaconnection,packetsaretransferredbetweentheinternetandtheintranetovertheconnection.A
wellknownexampleistheSOCKSprotocolversion5(seeRFC1928).Inthiscase,aclientmakesaTCPconnection
to port 1080 of the SOCKS server. After successful authentication, the requested connection is available for
transferring data. SOCKS version 5 supports a wide range of authentication mechanisms (e.g. IPSec), key
managementprotocols(e.g.SKIP),andencryptionmethods(e.g.DES)
Page98
ExamplesofFirewallSystems
Letuslookatsomecommonlyusedfirewallsystems.Ingeneral,anorganizationliketheVBShastwotypesof
servers: public servers such as the web server and private servers. The former allows public access while the
latterisrestrictedtointernalaccessonly.InternalhostsaretypicallyconnectedinaLAN.Inalargeorganization,
there may be many LANs interconnected by internal routers as well. The objective of a firewall system is to
protect the internal network(s) (called intranet) while allowing external people to access a limited set of
resourcessuchasthewebserverandotherpublicservers.
Inthesimplestfirewallsystem,apacketfilteringroutercanbeinstalledbetweentheintranetandtheinternet.
Tomaximizetheprotection,thedefaultfilteringruleistodiscardallpackets(i.e.,apacketisdiscardedunlessitis
explicitly allowed), For example, the packet filtering router can be configured to admit traffic destined for the
webserveronly.ThiscanbedonebysettingthefilteringrulebasedontheIPaddressorportnumberoftheweb
server(e.g.,port80,thedefaultportforHTTP).Bydoingso, allinboundpacketsnotdestinedforthewebserver
willbediscardedbythepacketfilteringrouter.Thispreventsinboundtrafficaccessingcomputersotherthanthe
webserverwithintheintranet.
In the second example, as shown in Figure 8.11, a packet filtering router and an application gateway are
combinedtoachieveagreaterdegreeofsecurity.Itisoftenknownasascreenedhostfirewallsystem.Thepacket
filteringrouterservesasthefirstlineofdefensebyfilteringinboundpackets.Inparticular,itcanrestrictinbound
packetstoreachthepublicserver(e.g.webserver)andthebastionhostonly.
The bastion host is a very secure station in which the application gateway is installed. It controls information
accessattheapplicationlevelandactsonbehalfofaninternalusertoaccessotherexternalservers.Bydoingso,
itcanrestrictausertouseaparticularsetofapplicationlevelcommands.Toeliminateasinglepointofcontact
between the internal and the external connections, two network interfaces are installed in the bastion host.
Hence, it is called a dual home bastion host. As shown in the filtering table, the packet filtering router is
configuredsuchthatitdeniesallpacketsexceptthoseoriginatingfrom,anddestinedto,thebastionhostandthe
publicserver(s).
Page99

Inthethirdexample,wecanbuildaverysecuresystembyusingthesocalledscreenedsubnetfirewallsystem
withademilitarizedzone(DMZ).AsshowninFigure8.12,thisinvolvessettingupabastionhostwithtwopacket
filteringrouters.AnetworkcalledDMZiscreatedtoseparatetheinternetfromtheintranet.Thepublicservers,
modems,andbastionhostareinstalledwithintheDMZ.Thesecurityfeaturesincludethefollowing:
Actingasthesecurityguard,theoutsidepacketfilteringroutereliminatesmaliciouspacketsfromthe
internetbyfilteringpacketsaccordingtoapredefinedfilteringrule.
Theoutside packetfilteringrouteris configuredsuch thatinboundpacketscanonlyreachthebastion
hostandthepublicserver(s).Furthermore,itadmitsonlyoutboundpacketsfromthebastionhostand
thepublicserver(s).
The inside packet filtering router is configured to admit packets from the bastion host only. In other
words,onlythebastionhostcansendpacketsintotheintranet.T
The inside packet filtering router is configured such that intranet hosts can only use the internet
applicationsthroughthebastionhost.
Page100
Page101
SecureSocketLayer
Ingeneral,firewallsandIPSecprotocolprovidesecurityatthenetworklayer.
Alternatively,wecanalsoaddresssecurityatthetransportlayer.Currently,themostpopularsecurityprotocol
forthetransportlayeristheSecureSocketLayer(SSL)protocolproposedbyNetscape.
WorkingabovetheTCPlayer,SSLprovidesasecuredatatransportservicefortheapplicationlayerprotocols.In
many secure ecommerce systems (e.g. banking applications), SSL works in conjunction with HT to support
securedatatransferbetweenawebclientandawebserver.InthecontextofourVBS,thecustomerscanmake
useofSSLtosendsensitivedata,suchascreditcardinformation,tothewebserverovertheinsecureinternet.
Recall that the default port number for HTTP is 80. If SSL is used, the TCP connection is set up to port 443
insteadofport80ofthewebserver.
In the URL, the protocol part is specified as https rather than http. Although SSL is commonly used for
transferringcreditcardinformation,itisnotaspecificpaymentprotocolbutonlyagenericsecurityprotocol.
In fact, other application layer protocols such as the file transfer protocol can also make use of SSL. We will
discuss payment protocols in the next chapter. Furthermore, the Internet Engineering Task Force (IETF) has
establishedaspecialgrouptodevelopatransportlayersecuritystandardbasedonSSL.
SSLoperatesoverTCP/IP.Ithasfoursubprotocolsasfollows:
SSL handshake protocol: It is used for a web server and a web client to create a session (i.e., a logical
relationship).Throughthehandshakeprotocol,thetwosidescanauthenticate(handshake)witheach
otherandsetupthesecurityparametersforthesubsequentdatatransfer.
SSL alert protocol: It is for passing alert messages between the web client and the web server if an
abnormaleventoccurs.
SSLchangecipherspecprotocol:Itsimplychangesthecipherspecforthecurrentconnection.Itisused
towardstheendofthehandshakingphaseasdescribedinthenextsubsection.
SSL record protocol: It provides encryption and data integrity services for transporting the application
layerdata.
SSLhandshakeprotocol
Before transferring data between a web client and a web server securely, a session should be set up between
them by using the SSL handshake protocol. Among other information, each session state contains a session
identifier,thecorrespondingcipherspec,andasharedmastersecret.Foreachsession,multipleconnectionscan
besetupbetweentheclientandtheserver.Eachconnectiontypicallyusesthesamesessionparametersbutmay
employdifferentkeysforcarryingoutthecryptographicalgorithms.Forexample,aspecificencryptionalgorithm
isdefinedforasession,buteachconnectionmayuseadifferentkeyforencryptingthedata.AsshowninFigure
8.13aanormalsessionisestablishedbygoingthroughthefollowinghandshakingprocedures:
1. TheclientsendsaClientHellomessagetotheserver.ThemessageincludestheSSLversionsupportedby
the client, the clients random, a session identity (ID) (if any) for identifying the session, the possible
cipher suites (i.e., cryptographic capabilities supported by the client), and the compression methods
supportedbytheclient.TheclientmayspecifyaprevioussessionIDtoresumeaprevioussession(see
Figure8.13b).Foranewsession,theclientleavesthesessionIDblank.
Page102
2. The server returns a ServerHello message to the client including the SSL version, compression method,
andciphersuiteithaschosen,togetherwiththeserversrandomandsessionID.
3. Inmostcases,theclientneedstoverifytheidentityoftheserver.Ifauthenticationisrequired,theserver
sendsitsdigitalcertificate(s)totheclient..Insomecases,alistofdigitalcertificatesmaybeforwardedto
theclientforauthenticationpurposes.
4. Ifrequired,theservermayalsosendaServerKeyExchangemessagetotheclient.Thisisforexchanging
keyparametersinordertoestablishthenecessarycryptographickey(s).Forexample,theserverandthe
clientmayusetheDiffieHellmanprotocoltoestablishasharedsecretkey.
5. Optionally,theservermaysendaCertificateRequestmessagetotheclientrequestingtheclienttosend
itsdigitalcertificate(s)totheserver.
6. The server sends a ServerHelloDone message to terminate the hello phase and then listens for the
clientsresponse.
7. After successful verification of the information provided by the server, the client forwards its digital
certificate(s)totheserverifrequested.Currently,thisstepisnotusedveryoften,butitwillbeusedmore
commonlyinthefuturewhendigitalcertificatesarewidelydeployed.
8. The client sends the ClientKeyExchange message to the server. This is a compulsory step in order to
establishasharedsecretkeybetweentheclientandtheserver.Forexample,ifRSAisusedforthekey
exchange,theclientwillencrypta48bytepremastersecretwiththeserverspublickeyasobtainedfrom
itsdigitalcertificate(s)andthensendittotheserver.Byusingthepremastersecret,amastersecretkey
willbegeneratedbyboththeserverandtheclientbasedonapredefinedformulaintheSSLstandard.
The master secret key is used to generate other necessary cryptographic keys for the subsequent data
transfer,e.g.,keysforcreatingtheMAC.
9. Ifrequired,theclientneedstosendaCertificateverifymessagetotheserver
10. TheclientforwardsaChangeCipherSpecmessagetotheserverandupdates.
Page103
11. ThentheclientsendstheFinishedmessagetotheserveraccordingtothenewmessage.
12. Uponreceivingtheclientsmessage,theserverreturnsaChangecipherspec.
13. Finally,theserversendstheFinishedmessagetotheclienttocompletethehandshakingphase.
Thisshowsthefullversionofthehandshakingprocedures.IfawebclientwantstoresumeapreviousSSLsession,
thesimplifiedhandshakingproceduresasshowninFigure8.13bcanbeusedtospeeduptheprocessingtime
SSLrecordprotocol
After setting up a session by using the SSL handshake protocol, the application level message (e.g. HTTP
messages)isthentransportedsecurelybyusingtheSSLrecordprotocol.Thebasicoperationisasfollows:
Fragmentation:Theapplicationinformationisdividedintomessages
2. Compression:Eachrecordisusuallycompressedbyalosslesscompression
3. Protectiontoensureconfidentialityandintegrity:AMACisappendedtotherecords.
1.
Compressedrecordfromstep2toensuremessageintegrity.Theresultantrecordisthenencryptedbyusingthe
agreed encryption method (the one agreed during the handshake phase). After this processing, a header is
attachedtoeachrecordbeforetransmittingitovertheinternetusingtheTCP/IPprotocol.
TheSSLchangecipherspecprotocolandthealertprotocol
TherearealsotwoSSLsubprotocolscalledtheSSLchangecipherspecprotocolandtheSSLalertprotocol.The
formerprotocolissimplyusedtochangethecipherspecfortherespectivesession.Asdescribedearlier,itisused
towardstheendoftheSSLhandshakeprotocol.ThepurposeoftheSSLalertprotocolistosendanalertmessage
totheotherside,shouldanabnormaleventoccur.Analertmessagehastwofields,whichareusedtoindicate
thealertlevel(warningorfatal)andthecorrespondingalertcode,respectively.Avarietyofalertcodesare
definedintheSSLstandard.Forexample,iftheclientreceivesarevokedcertificate,itwillsendanalertmessage
totheserverwithanalertcodeof44.
Page104
InternetPaymentSystems
Characteristicsofcurrentpaymentsystem
Introduction
Paymentinitsmostprimitiveforminvolvesbarter:thedirectexchangeofgoodsandservicesforothergoodsand
services.Althoughstillusedinprimitiveeconomiesandonthefringesofdevelopedones,thisformofpayment
suffersfromtheneedtoestablishwhatisknownasadoublecoincidenceofwants.Thismeans,forexample,that
apersonwishingtoexchangefoodforabicyclemustfirstfindanotherpersonwhoisbothhungryandhasaspare
bicycle!Consequently,overthecenturies,barterarrangementshavebeenreplacedwithvariousformsofmoney.
Theearliestmoneywascalledcommoditymoney,wherephysicalcommodities(suchascorn,salt,orgold)whose
valueswerewellknownwereusedtoeffectpayment.
In order to acquire a number of desirable properties including portability and divisibility, gold and silver coins
becamethemostcommonlyusedcommoditymoney,particularlyaftertheindustrialrevolutioninthe1800s.
The next step in the progression of money was the use of tokens such as paper notes, which were backed by
depositsofgoldandsilverheldbythenoteissuer.Thisisreferredtoasadoptingacommoditystandard.Asan
economy becomes highly stable and governments (in the form of central banks) are trusted, it becomes
unnecessary to have commodity backing for notes that are issued. This is referred to as fiat money since the
tokensonlyhavevaluebyvirtueofthefactthatthegovernmentdeclaresittobeso,andthisassertioniswidely
accepted.Cashpaymentisthemostpopularformofmoneytransferusedtoday,butasamountsgetlargerand
securitybecomesanissue,peoplearelessinclinedtoholdtheirwealthintheformofcashandstarttoavailof
theservicesofafinancialinstitutionsuchasabank.Ifbothpartiestoapaymentholdaccountswiththesame
bank,thenapaymentcanbeeffectedbymakingatransferoffundsfromoneaccounttoanother.Thisessential
mechanism is at the root of a wide variety of payment schemes facilitated by the financial services industry
today.Thefollowingsectionswilllookatsomeoftheseandhowtheycomparewithtraditionalcashpayment.
Cashpayments
Onfirstexamination,paymentbycashappearstobethesimplestandmosteffectiveofallofthealternatives.It
iseasilytransferredfromoneindividualtoanother.Inpaperform,itisquiteportableandlargeamountscanbe
carriedinapocketorbriefcase.Therearenotransactionchargesleviedwhenapaymentismade,whichmakesit
very suitable for transactions with a low value, and no audit trail is left behind. This last attribute makes cash
paymentafavoritepaymentmethodforthoseengagedincriminalactivity.Butcontrarytoappearances,cashis
notfree.Thereisahugeamountofcashincirculation.Itwasestimatedin1999,that$500billioninU.S.currency
wasinthehandsofthepublic.Thiscurrencywearsout.A$1billhasalifeexpectancyof18months,whilethe
less common $50 bill usually lasts about nine years. Each year, around 10 billion notes are destroyed and
replacedwithnewlyprintedones.Regardlessofthedenomination,eachnotecostssome4toproduce,andthis
costisultimatelybornebythetaxpayer.Asimilarsituationexistsineverycountryintheworld.Oncethecashhas
been produced, it must then be transferred to and from banks or companies under very high security. Vaults
mustbebuilttostoreit,andheavyinsurancepremiumspaidtocoverlossesduetotheft.Allofthesecostsare
eventuallypassedonbyavarietyofindirectmeanstothecashuser.Withrecentadvancesincolorphotocopying
techniques,theriskfromcounterfeitersisalsogrowingatanalarmingrate.
Nevertheless,cashisthemostcommonlyusedformofpayment,accountingforabout80%ofalltransactions.As
anexample,U.S.statisticsandestimatessuggestthatin1993,nearly300billioncashtransactionstookplacein
the American economy with a total dollar value of some $3.4 trillion. The fact that this yields an average
transaction value of around $11 reflects the fact that cash is mostly used to buy low value goods. One of the
factorsthathasallowedcashtoremainthedominantformofpaymentisthedevelopmentofautomatedteller
machines(ATMs),whichallowconsumersmucheasieraccesstomoneyincashform.Thebankingindustry,which
Page105
actsasthedistributorofcashintheeconomy,hasbeenattemptingformanyyearstoweanconsumersoffcash
andintoelectronicbankmediatedpaymentsandinrecentyearshasbeguntohavesomesuccess.
Paymentthroughbanks
Wherebothpartieshavelodgedtheircashwithabankforsafekeeping,itbecomesunnecessaryforonepartyto
withdrawnotesinordertomakeapaymenttoanother.Instead,theycanwriteacheck,whichisanordertotheir
banktopayaspecifiedamounttothenamedpayee.Thepayeecancollectthefundsbygoingtothepayersbank
andcashingthecheck.Alternatively,thepayeecanlodgethechecksothatthefundsaretransferredfromthe
accountofthepayertothatofthepayee.
Paymentbycheck
Ifthepartiesholdaccountswithseparatebanks,thentheprocessgetsmorecomplicated.Thecyclebeginswhen
ApresentsacheckinpaymenttoB.WhathappensnextisshowninFigurebelow.PartyBlodgesthecheck with
his bank (referred to as the collecting bank), which will collect the funds on his behalf. In most cases, a credit is
made to Bs account as soon as the check is lodged, but this immediate funds availability is not always the case.
Figure: The check clearing process.
AllcheckslodgedwithbankBoverthecourseofadaywillbesenttotheclearing department,wheretheyare
sortedinorderofthebanksonwhichtheyaredrawn.Thefollowingday,theyarebroughttoaclearinghouse,
whereagroupofbanksmeettoexchangechecks.ThecheckinquestionwillbegiventobankAand(usually)one
day later bank A will verify that the funds are available to meet the check and debit A.s account for the sum
involved.
Iffundsarenotavailable,thesignatureonthecheckdoesnotmatchwithsamples,oranyotherproblemoccurs,
thenthecheckmustbereturnedtothecollectingbanktogetherwithsomeindicationastowhyitcouldnotbe
processed.BankAmustattendtothispromptly,usuallywithinoneworkingday.Thesesocalledreturned items
are the major problem with the check as a payment instrument in that their existence introduces uncertainty,
and the fact that they need individual attention from banking staff means that they are very expensive to
process.
TheprincipalloserinthissituationisB,whofindshimselfinpossessionofadishonoredcheckwithheftybank
charges to pay. In general, however, the banks changes are seldom high enough to cover their processing
expenses.Iffundsareavailabletomeetthecheck,thenthefollowingdaythebanksthatarepartoftheclearing
arrangementwillcalculatehowmuchtheyowetoorareowedbythegroupofclearingbanksasawhole.
Page106
Thisamountisthensettled bymakingacreditordebitfromaspecialaccountusuallymaintainedbythecentral
bank.Theclearingofpaperchecksisamajoroperation,andintheUnitedKingdomover2.8billionitemswent
throughthesystemin1999,withavalueof1.3trillion.Volumeshavedeclinedbybetween2%and4%peryear
since 1991. The cost to the member banks of operating the clearing system is very high and in the United
Kingdomhasbeenestimatedatover1.5billionperyear.Onewaytoreducethecostsistokeepthecheckat
thecollectingbankandforwardthetransactiondetailselectronicallythroughtheclearingsystem.Thesemaybe
accompanied by a scanned image of the check to allow signatures to be verified. This process is known as
truncation, and has been implemented in many countries since the early 1970s, but was forbidden by law in
some jurisdictions. The United Kingdom, for example, until May 1996, required that a check be physically
presentedatthebankbranchonwhichitwasdrawn.
Paymentbygiroorcredittransfer
The returned items problem is the single biggest drawback with checks as a payment method. This problem is
eliminatedusingacredittransferorgiropayment.Agiroisaninstructiontothepayersbanktotransferfundsto
the payees bank. As the figure below shows, the processing of a giro is similar to a check, with the main
difference being that the transaction cannot be initiated unless A has the funds available. This eliminates any
uncertainty and extra cost imposed by the need to process returned items. It is an easier process to conduct
electronicallysincethecorrectprocessingofthepaymentdoesnotrequiresendingthesigneddocumentthrough
the clearing system. This form of payment is quite popular in many European countries where national post
offices rather than banks tend to operate the system. The payment method is not used in paper form in the
UnitedStates,butcredittransfersinelectronicformarepossible.
Figure
Payment by credit transfer or giro.
Automatedclearinghouse(ACH)payments
Fromtheirinception,paperbasedpayments(checksandgiros)grewinpopularityandasthetaskofcarryingout
paperbased clearing grew, the banks began to look for more automated ways to make payments. In 1968, a
groupofCalifornianbankerscametogethertoformtheSpecialCommitteeonPaperlessEntries(SCOPE),which
ledtotheformationin1972oftheCaliforniaClearingHouseAssociation,thefirstregionalautomatedclearing
house(ACH)intheUnitedStates.
In the United Kingdom, similar moves were happening, and an automated clearing center was established in
1968, which was incorporated in 1971 as the Bankers Automated Clearing Service (BACS). The ACH system
Page107
operates in a similar way to paper clearing except that the payment instructions are in electronic form. In the
earlydaysofACH,bankspreparedmagnetictapesofthesetransactionsthatweretransportedtotheACH,sorted
by destination bank, and distributed in much the same way as paper checks and giros, but increasingly this
methodisbeingreplacedbyrealtimetransactionssentontelecommunicationslinks.
IntheUnitedStatesACHsystem,thefirstmessagetobeusedwasacorporatecashdisbursement(CCD)message
consistingofa94charactermessagetoidentifythepayee,amount,andanyotherdetails.Inmorerecentyears,
moremessageformatshavebeenadded,andmessageformatshavebeenchangingfromproprietaryformatsto
onesthatcomplywithopenstandardsdefinedbytheelectronicdatainterchange(EDI)communityThesystemis
now used extensively by employers to pay wages directly into workers bank accounts, to implement standing
orders,directdebits,anddirectcredits.
IntheUnitedKingdomin2000,BACSprocessed3.2billiontransactionstothevalueof1.8trillion.IntheUnited
States, usage of ACH has been growing at between 9% and 22% per year and in 1999 processed 6.2 billion
transactions with a value of $19.4 trillion. More than half of the recipients of Social Security use it for direct
deposit,andnearlyhalfoftheprivatesectorreceivetheirwagesbyACH.
There is considerable variation in the operation of ACH payments systems in different countries around the
world. In general, there is no compatibility between the messages used in individual countries, but there are
majordevelopmentsbothinEuropeandgloballythatarenoteworthy.
Spurredonbyimpendingmonetaryunionandtheintroductionofacommoncurrency,manyEuropeancountries
cametogetherin1999toformahighvaluemoneytransfersystemcalledTransEuropeanAutomatedRealTime
GrosssettlementExpressTransfer(TARGET)system,whichlinksnationalpaymentsystemstogether.
ThoughTARGETisintendedtocaterforhighvaluepayments,asimilarlowvaluesystemcalledStraightThrough
Euro Processing (STEP) is being proposed by the Euro Banking Association, with the first phase of this (called
STEP1)carryinglivetransactionssinceNovember1999.
This system has a maximum transaction value of Euro 50,000 and a low processing fee of Euro 0.48. It is
anticipated that as European Monetary Union progresses, demand for these kind of crossborder lowvalue
transactionswillmushroom.
On a more global level, a consortium of global banking players referred to as the Worldwide Automated
Transaction Clearing House (WATCH) came together in late 2000 to plan a global system that would bridge
national ACH systems with a target of achieving live operation by July 2002. This would initially provide only
credittransfersinsixtoeightcurrencieswithmorefunctionsbeingaddedovertime.
Wiretransferservices
The ACH method of effecting payment is ideal for mid to lowvalue transactions. In 1999, for example, the
averagevalueofacreditACHpaymentintheUnitedStateswasaround$3,000.Wherethevalueofpaymentsis
considerablyhigher,therisklevelrisesanddifferentproceduresInvolvingmorescrutinyarerequired.Thesehigh
valuepaymentsarereferredtoaswiretransfers.
In the United States, the Federal Reserve (central bank) operates the Fedwire payment system, and a private
sector organization called the Clearing House Interbank Payment System (CHIPS) is also in operation. Typically,
these systems handle payments between corporations and banks and to and from government. In 1998, the
averagewiretransferpaymentwasworth$4.3million.
Page108
Usingpaymentcards
Theideaofpaymentusingcardsfirstarosein1915,whenasmallnumberofU.S.hotelsanddepartmentstores
begantoissuewhatwerethenreferredtoas.shoppersplates.Itwasnotuntil1947thattheFlatbushNational
Bankissuedcardstoitslocalcustomers.Thiswasfollowedin1950bytheDinersClub,whichwasthefirsttravel&
entertainment.orchargecard,andeightyearslatertheAmericanExpresscardwasborn.
Over the years, many card companies have started up and failed, but two major card companies, made up of
largenumbersofmemberbanks,havecometodominatethisworldwidebusiness.TheseareVisaInternational
andMasterCard.Creditcardsaredesignedtocaterforpaymentsintheretailsituation.Thismeansthatpayments
canonlybemadefromacardholdertoamerchantwhohaspreregisteredtoacceptpaymentsusingthecard.The
cardcompaniesthemselvesdonotdealwithcardholdersormerchants,butratherlicensememberorganizations
(usuallybanks)todothisforthem.
Abankthatissuescardstoitscustomersiscalledacardissuingbank.Thismeansthatitregistersthecardholder,
producesacardincorporatingthecardassociationslogo,andoperatesacardaccounttowhichpaymentscanbe
charged. Merchants who wish to accept payments must also register with a bank. In this case, the bank is
referred to as the acquiring bank, or simply the acquirer. In a paperbased credit card payment, a merchant
preparesasalesvouchercontainingthepayerscardnumber,theamountofthepayment,thedate,andagoods
description.
Depending on policy, the transaction may need to be authorized. This will involve contacting an authorization
center operated by or on behalf of the acquiring bank to see if the payment can go ahead. This may simply
involveverifyingthatthecarddoesnotappearinablacklistofcards,oritmayinvolveareferencetothecard
issuingbanktoensurethatfundsareavailabletomeetthepayment.Assumingitcanbeauthorized,thepayment
completes.
At the end of the day, the merchant will bring the sales vouchers to the acquiring bank, which will clear them
usingaclearingsystemnotunlikethatusedforpaperchecksandgirosbutoperatedbyoronbehalfofthecard
associations. The merchants account is credited, the cardholders is debited, and the transaction details will
appearonthenextmonthlystatement.Inrecentyears,thecardassociationsandtheirmemberbankshavemade
greateffortstoeliminatepaperfromcreditcardtransactions.
This has meant that sales vouchers with the cardholders signature only come into play when a dispute arises,
andmostoftheinformationflowsinFigurebelowareentirelyelectronic.Allthecostsassociatedwithacredit
cardtransactionarebornebythemerchantinvolved.Thecardholderwillseeonlytheamountofthetransaction
onhisorherstatement,butthemerchanttypicallypaysoverasmallpercentageofthetransactionvaluewith
someassociatedminimumchargethatisdividedbetweentheacquiringbankandthecardassociation.Forthis
reason, credit cards are not worthwhile for transactions in which the amount is below a certain threshold
(typically around $2). The reason why a credit card is so named is that the balance owing on a cardholders
accountneednotnecessarilybepaidattheendofthemonthlyperiod.Thecardholdercanpayinterestonthe
outstanding balance and use the card for credit. Other arrangements are possible; for example, if the balance
mustbepaidinfullattheendoftheperiod,itiscalledachargecard.
Page109
Figure Stages in a credit card payment.
Anotherpossibilityistolinkthecardtoanormalbankaccount,andtoprocessthetransactioninrealtime.This
meansthatatthetimethetransactiontakesplace,theamountistransferredfromthecustomertothemerchant
bankaccount.Thisarrangementiscalledadebitcard.Onefinalwaytouseapaymentcardistoincorporatea
storage facility into the card that can be loaded with cash from the cardholders bank account. Bankers often
classifypaymentcardsintothreetypes:paybefore(electronicpurse),paynow(debitcards),andpaylater(credit
cards).
Consumerpreferencesinpaymentsystems
Thesectionsabovehavedescribedmostmethodscommonlyusedtoeffectpaymenttoday.Thedegreetowhich
theyareuseddiffersbetweencountriesforavarietyofreasonsincludingthelevelofdevelopmentofthecountry
andthestateofthebankingsystem.Consumersinallcountriesusecashforsomewherebetween70%and80%
ofalloftheirtransactions.
Itcanbeseenthat,ofthedevelopedcountries,theUnitedStatesisunusualinthatchecksarethemostpopular
form of noncash payment with very little use of credit or debit transfers. The picture in Europe shows
considerablylesscheckusagewithamoreevenspreadofpaymentoptions.Turkey,whosefinancialsystemsare
perhapslessdevelopedthantheUnitedStatesorEuropeancountries,showsanunusuallyhighusageofpayment
cards, while the national banks in Namibia, at least during 1996, were not offering payment cards to their
customersatall.Thisrepresentsthestartingpositionbeforethe electronicpayment methodsdiscussedinthis
bookareintroduced.
Allotherthingsbeingequal,onewouldexpectthatanelectronicpaymentmethodthatwaschecklikewouldbe
popularintheUnitedStates,butmaynothavethesameappealinEuropeancountries.Itwouldalsobeunlikely
thatanelectronicpaymentschemebasedoncreditcardswouldfindareadymarketinNamibia.Ofcourse,the
marketshareofnetworkpaymentmethodsmaydepartradicallyfromtheaboveintheeventofoneelectronic
paymentschemebeingimmenselysuperiortoothers.
Regulatoryframework
Payment systems are crucial to the efficient functioning of any economy, and consequently governments are
keentoexertsomecontrolandregulationoverhowthesesystemsoperate.Conventionalpaymentinstruments
have,inthepastatleast,beenoperatedbybanksthataresubjecttoregulationbytheirnationalcentralbank.
Typically, a bank must be licensed to operate, and in the course of obtaining this license will subject itself to
scrutiny. This will include a test to ensure that the individuals representing the bank are .fit and proper.
Individuals, that the bank has a minimum level of capital, and that it meets the needs of some section of the
community.
Thesetestsaremainlyaimedatensuringthatconsumersareprotectedfromtheconsequencesofbankfailure.
Indeed,inmanycountriesbanksarerequiredtotakeoutinsurancetocoversuchaneventuality.Allconventional
payment methods involving banks have been the subject of central bank regulation in the past. The newer
Page110
electronicpayment methodsdescribedinthisbookhaveonlyjuststarted toattract thescrutinyof thecentral

bankregulators.
Manyofthenewermethodsofpaymentare,toacertainextent,electronicextensionsofexistingbankoperated
payment methods and thus can be covered by minor adjustments to existing regulations. For example, in the
United States, the Electronic Funds Transfer Act of 1980 as implemented by the Federal Reserve Regulation E
coversavarietyofbankingtransactionsincludingelectronicbillpayment,paymentatthepointofsale,andmany
others. It limits consumers liability for unauthorized electronic withdrawals, provides procedures for resolving
errors,andrequiresinstitutionstoprovideterminalreceiptsandaccountstatements.
Thisrepresentsagoodstartingpointforregulatinganyformofelectronicpayment.Thepaymentmethodthat
has caused most concern is the preloaded storedvalue card. In Europe, a working group consisting of
representatives of central banks from all countries in the European Union convened in 1993 and produced a
reportdetailingwhatchangesinpolicywouldberequiredtocopewiththeelectronicpurse.
Theydistinguishedbetweensinglepurposeelectronicpurses(e.g.,cardsforpayphonesorpublictransport)and
multipurposecards.Inthecaseofthelatter,theyrecommendedthatonlycreditinstitutions(meaningfinancial
institutionsthatarealreadysubjecttocentralbankregulation)shouldbeallowedtoissuesuchcards.Itfurther
suggestedthatcentralbanksmaywishtodiscouragesomeelectronicpurseinitiativesiftheywereworriedabout
theadequacyofthesecurityfeaturesofthescheme.
A more recent study undertaken by the Bank for International Settlements reviewed the issues raised by
electronicmoneybutstoppedshortofmakinganydefiniterecommendations.IntheUnitedStates,thepolicyon
thenewformsofpaymenthasbeentoadoptawaitandseeattitude.AlandmarkspeechbyAlanBlinder,avice
chairmanoftheFederalReserveBoardofGovernorsin1995statedasfollows:.
Thepresentis,webelieve,anappropriatetimeforpublicdebateanddiscussion,apoortimeforregulationand
legislation.Anotherareawhereconcerncouldbeexpectedisintheareaofmonetarypolicy.Ifthegovernmentis
theonlyissuerofcashinaneconomy,itcankeepatightreinontheamountofcashincirculation.
Operators of storedvalue cards or other electronic cash systems could, in principle, affect this balance,
decreasing the amount of control a government can exert. This possibility is dismissed by the U.S. Federal
Reserve members who believe that the impact of electronic payment systems on the money supply will be
insignificantintheshorttomediumterm.
Thereare,ofcoursemanyotherissuesrelatingtoelectronicpaymentthatgovernments maywishtoregulate.
These include the question of the levying of taxes on transactions that take place electronically, protection
againstmoneylaundering,andmanyothers.ItseemsthatbothinEuropeandtheUnitedStates,theauthorities
haveonlybeguntoconsidertheissuesinvolved.
SecureElectronicTransactions(SET)protocolforcreditcardpayment.
By 1995, many different players in the credit card and software industries were applying their minds to the
problem of securing credit card payments on the Internet. CyberCash, Inc. of Reston, Virginia, was a company
Page111
founded in 1994 which developed its own set of protocols and deployed wallet and cashregister software
successfullyforanumberofyears.
Two major competing consortia were also formed; each led by a major Credit Card Company. MasterCard
combined with Netscape Corporation, IBM, and others to produce a fully specified system called the Secure
Electronic Payment Protocol (SEPP) in October 1995. Within days of this launch, the second consortium led by
VisaandMicrosoftreleasedadifferentandincompatiblesystemcalledSecureTransactionTechnology(STT).
Both consortia proceeded to develop reference implementations of their efforts and formulate global rollout
plans. Had this situation persisted, it would have led to an unfortunate situation in which transactions would
need to be processed differently depending on which card association brand they were associated with.
Ultimately,goodsenseprevailed,andinJanuary1996,thecompaniesannouncedthattheywouldcometogether
todevelopaunifiedsystemthatwouldbecalledSecureElectronicTransactions(SET).
InFebruary1996,twodocumentswereissued,thefirstofwhichgaveabusinessoverviewoftheprotocols,and
the second of which gave more technical details. This was followed by a public comment period during which
interested parties discussed the specifications, and identified flaws. Following this, a revised book 3 protocol
descriptionwasreleasedthatdefinestheproductionSETprotocol.
InordertocoordinatethedevelopmentoftheSETstandard,thetwoleadingproponents,VisaandMasterCard,
formedanindependentcompanycalledSecureElectronicTransactionLLC(SETCo)inDecember1997.Amongthe
thingsthatthiscompanydoesareproposingandapprovingextensionsandmodificationstotheSETstandard.At
thetimeofwriting,eightdifferentextensionshadbeenapproved.
The scope of the SET protocols was quite restricted from the outset. First, it was intended only as a payment
protocol.Thespecificationdocumentsmakeclearthatprotocolswouldbedevelopedbyotherpartiestoaddress
onlineshopping,pricenegotiation,paymentmethodselection,andotherelectroniccommercefunctions.
SETwouldonlycomeintoplayafterthecustomerhaddecidedwhattobuy,forhowmuch,andthatthecustomer
wantedtopaywithapaymentcard.InaconventionalMOTOcreditcardtransaction,acardholderforwardshisor
herdetailstothemerchant,whowillthencontacthisorher(themerchants)acquirertoobtainclearanceforthe
payment. The acquirer can obtain this authorization from the institution that issued the card via a financial
networkoperatedbythecardassociation(e.g.,MasterCardorVisa).
Theseprivatenetworkshaveexistedforsometimeandhavetheirownsetofproprietaryprotocolsoperatingon
dedicated links with appropriate security mechanisms in operation. Thus, an infrastructure of links and
transactionprocessingcomputerhardwareexiststoelectronicallyauthorizecreditcardpayments.SETassumes
theexistenceofsuchafacilityandonlyspecifiesthesubsetofdialoguesbetweenthecustomerand merchant
andbetweenthemerchantandanentityknownasthepaymentgateway.
An overview of the payment process is shown in Figure below. The cardholder initiates a payment with the
merchantusingSET.ThemerchantthenusesSETtohavethepaymentauthorized.Theentityinvolvediscalled
thepaymentgatewayanditmaybeoperatedbyanacquirerorcouldbesomesharedfacilityoperatedbyagroup
ofacquirers(or,indeed,thecardassociation).
Thepaymentgatewayactsasthefrontendtotheexistingfinancialnetwork,andthroughthisthecardissuercan
becontactedtoexplicitlyauthorizeeachandeverytransactionthattakesplace.Itisclearfromthediagramsthat
SET is not intended to be a general purpose payment protocol and is restricted to payment card or similar
applicationswherepartieswilltakeontheroleofbuyer,merchant,oracquirer.
It does not address transfer of funds from one individual to another and relies on the existing credit card
infrastructuretoeffectthepayment.ThecardholderwillseeSETtransactionsonhisorhercreditcardstatement
Page112
sidebysidewithmoreconventionalcreditcardpayments,andtheacquirerwillseethisasanextensionofthe
currentrelationshipheorshehaswithhisorhermerchantcustomers.
Figure
Phases of a credit card payment addressed by SET standards.
SETmessagestructure
The SET protocol consists of request/response message pairs, such as the PReq and PRes messages shown in
Figurebelow.Inthissection,thecontentsandflowofthemessagesrequiredtocompleteapurchasetransaction
are presented. To allow interoperability, the messages are defined in a machineindependent format in the
specification.
ThiswillallowclientsproducedbyonesoftwarecompanytoperformaSETtransactionwithaserverdeveloped
byacompletelydifferentcompany.
Encryption is performed on parts of certain messages. This endtoend solution allows information contained
withthemessagetobeselectivelyrevealedtopartiesasrequired.Forexample,thefinancialdataaboutacredit
cardisnotrevealedtothemerchant,anddataaboutthepurchasedproductisconcealedfromtheacquirer.
Pointtopointencryptionofaconnectionlinkwouldnotallowsuchselectiontooccur.Themessagesneededto
performacompletepurchasetransactionusuallyinclude:
Initialization(PInitReq/PInitRes);
Purchaseorder(PReq/PRes);
Authorization(AuthReq/AuthRes);
Captureofpayment(CapReq/CapRes);
Cardholderinquiry(InqReq/InqRes)[optional].
Page113
Figure Steps in a SET transaction.
These messages are not necessarily in this order. The contents and function of each pair are now examined in
turn.
Note:ReferChanforadditionalaspectsofSET
Ecash
Introduction
One of the first companies to launch an electronic cash payment scheme was DigiCash, which was based in
HollandandtheUnitedStates.ThecompanywasfoundedbyDavidChaumwhowasoneofthepioneersinthe
fieldofelectroniccash,andhasbeencalledbysome,.thefatherofdigitalcash.
EcashwasdevelopedbyDigiCashtoallowfullyanonymoussecureelectroniccashtobeusedontheInternet.It
providestheprivacyofpapercashwiththeaddedsecurityrequiredforopennetworks.Itisanonlinesoftware
solutionallowingpaymentforinformation,hardgoods,andevenpayoutservices,inwhichaclientmightreceive
backapaymentaspartoftheservice.
Ecash is said to be fully anonymous because clients withdraw coins from a bank in such a way that the bank
cannotknowtheserialnumbersofthosecoins.Thecoinscanbespentanonymouslywithamerchant,andeven
collusionbetweenboththebankandmerchantwillfailtoidentifythespender.
Strongsecurityisprovidedinthesystemthroughextensiveuseofbothsymmetricandasymmetric(publickey)
cryptography. In 1995 the Mark Twain Bank in St. Louis, Missouri, started issuing Ecash coins worth real
monetaryvalueinU.S.currency.Thetrialranforaboutthreeyears,wheninNovember1998DigiCashfiledfor
Chapter11bankruptcyprotection.SincethenDigiCashhasbeenrelaunchedaseCashTechnologies,Inc.
TheEcashmodel
The participants within the system are clients, merchants, and banks, as shown in Figure below. Clients and
merchantshaveaccountsatanEcashbank.Clientscanwithdrawcoinsagainsttheiraccountandstorethemin
theirEcashwalletsoftwarethatresidesontheircomputer.
TheEcashwalletsoftwareisknownasacyberwallet.Itstoresandmanagesaclientscoins,keepsrecordsofall
transactions, and makes the protocol steps appear as transparent as possible to the client. The withdrawal
Page114
protocolpreventsthebankfrombeingabletoseetheserialnumbersofthecoinsitisissuing.Aclientcanusethe
coinstolaterpayamerchant.
Atthetimeofpurchase,themerchantmustforwardthecoinstothemintingbanktoensurethattheyhavenot
alreadybeenspent.Ifthecoinsarevalid,theywillbedepositedintothemerchantsaccount.Themerchantcan
thensendthepurchasedgoodsorareceipttotheclient.Amerchantcanalsomakepaymentstoaclientusing
thesameprocedure.
This is useful for making refunds or providing payout services. Currently, both client and merchant must have
accountsatthesameEcashbank.Coinsobtainedfromonebankwillnotbeacceptedbyanother.
AsEcashbecomesmorewidespread,itislikelythatthirdpartiesmightexchangecoinsfromdifferentbanksor
thebanksmightprovidethisexchangethemselves.Interbankclearingmayalsobecomepossible,althoughcoins
willstillhavetobeforwardedtothemintingbankforverification.
Figure:EntitiesandtheirfunctionswithintheEcashsystem.
ReferChanforBlindSignatures
Ecashcoins
TheelectroniccoinsusedwithintheEcashsystemareuniqueinthattheyarepartlymintedbytheclientbefore
beingsignedbythebank.Eachcoinhasaserialnumberthatisgeneratedbytheclientscyberwalletsoftware.
Theserialnumbersarechosenrandomlyandarelargeenoughsothatthereisverylittlechancethatanyoneelse
willevergeneratethesameserialnumbers.Forexample,usinga100digitserialnumbercanguaranteethis.
Theserialnumberisblindedandsenttothebanktobesigned.Thebankisunabletoseetheserialnumberon
thecoinitissigning.Themethodcanbeconsideredsimilartoputtingthecoinandapieceofcarbonpaperinto
anenvelope.
The envelope is sent to the bank where it is signed and returned to the client, as shown in Figure below. The
clientopenstheenvelopeandtakesoutthecoin(unblindsit).Thecoinhasnowbeensigned.Thecarbonpaper
ensuredthatthebankssignaturewentthroughtheenvelope.
Page115
Thesignatureontheunblindedcoinappearsthesameasanyothernormaldigitalsignature.Thereisnowayto
tellfromitthatthecoinwassignedusingtheblindsignatureprotocol.
Figure: Blind signature analogy for withdrawing E-cash coins.
Coinkeys
However,thereisaproblemwiththismethod.Sincethebankcannotseewhatitissigning,howcanavaluebe
assignedtothecoin?Thevaluecannotbeincludedwiththeserialnumberinthefieldsofthecoinbecausethe
bankcannotseethis.
Theclientmightassignaveryhighvalueandtellthebankthatitisonlyalowvaluedcoin.Theproblemcanbe
solvedbythebankusingadifferentsignaturekeyforeachcoindenomination.Theclientinformsthebankofthe
valueitwantstheblindedcointobeworth.
Thebankthensignsthecoinwiththe signaturekeyrepresentingthisdenominationanddeductsthatamount
fromtheclientsaccount.Forexample,thebankmighthaveaonecentsignature,a5centsignature,a10cent
signature,andsoon.
Figurebelowshowsacoinworth10cents.Afterthewithdrawalprocess,acoinessentiallyconsistsofaserial
numberencryptedwiththeappropriatesecretkeyofthebank.
Figure: An E-cash coin worth 10 cents.
Doublespendingprevention
Like other forms of electronic cash, Ecash coins are just pieces of data that can be copied. To prevent copied
coinsfrombeingspentrepeatedly,thispossibledoublespendingmustbeprevented.Sincethebankcannotsee
the serial numbers on the coins it issues, it cannot record these during a withdrawal. While providing full
anonymity,thismakesthebankstaskofpreventingdoublespendingallthemoredifficult.Toensurethataserial
numberisnotspenttwice,themintingbankmustrecordeverycointhatisdepositedbacktothatbank.Avery
largedatabaseofall spent serial numbers soondevelops.Avalidunspentcoinmust:
Page116
Besigned,withanydenominationalsignature,bythebank;
Haveanexpirydateassociatedwithitthatislaterthanthepresentdate;
Notappearinthedatabaseofspentcoins.
Thethirdrequirementcanonlybecheckedbythemintingbankthatmaintainsthedatabase,andthuscoinsmust
be forwarded to it for online verification during a purchase, as shown in Figure below. When a valid coin is
accepted,itthenbecomesspentanditsserialnumberisenteredintothedatabase.Anattempttospendthecoin
againshouldfail.Likemanyelectroniccashschemes,Ecashcoinscanonlybespentonce.
Figure: Preventing double spending of E-cash coins.
Clearly,thesizeoftheEcashdatabasecouldbecomeverylargeandunmanageable.Byusingexpirydateswith
coins,theserialnumbersofthosecoinscanberemovedaftertheexpirydate.Coinsthathaveexpiredwillnotbe
acceptedaslegaltender.Thewalletsoftwarecanautomaticallyensurethatcoinsarereturnedtothebankbefore
theyexpire.
The bank host machine needs to have an internal scalable structure to cope with the size of the database. To
further handle the problem of scalability, multiple banks, each minting and managing their own currency with
interbankclearing,couldbeused.Evenstill,ifalargenumberofpeoplestarttouseEcashregularly,thesystem
maybegintoshowunacceptabledelaysandsignsofoverloading.
IntegrationwiththeWeb
FigurebelowshowshowEcashisnormallyintegratedwiththeWebatpresent.Theclientrunsthecyberwallet
software and a Web browser side by side. When an order is selected from a merchants Web page, the
merchantsEcashsoftwareisautomaticallystartedbymeansofacommongatewayinterface(CGI)script.
TheCGIsimplyprovidesameansofrunningaprogramfromaWebserverandallowingittopassbackresults
throughthatserver.
ThemerchantsoftwareproceedswiththeEcashpurchaseasbefore.
Ifthepaymentwassuccessful,theitemorpurchaseindicationmaybereturnedthroughtheWebtotheclients
browserasshown(steps8and9).ThismethodhastheadvantagethatitcanbeeasilyintegratedwithmostWeb
browsersandservers.
Page117
Figure: Using E-cash with the World Wide Web.
Ecashinthemail
Ecashpaymentsmayalsobemadeusingelectronicmail.
Themerchantstillcontactsthebank,throughemail,todepositthecoinsandpreventdoublespendingbefore
deliveringthegoods.Thecoinsareprotectedinthesamewayaswiththeonlineprotocol.
TransferringEcash
UsertousertransferofEcashispossible,althoughtheamounttransferredstillhastobeforwardedtothebank
forverification.TheexchangeusesthesameprotocolsaswithanEcashpurchase,asshowninFigurebelow.
The coinsareforwardedthrough thepayeeto the bankwhere theyare deposited. New coinsworththesame
amountarethenreturnedtothepayee.
Thisisalldonetransparentlybythesoftwaresothatitappearsthatthenewcoinswerereceiveddirectlyfrom
thepayer.
Page118
Figure: User-to-user transfer of E-cash.
Currently, as with merchant payments, both users must have accounts at the same Ecash bank in order to
performausertousertransfer.
Lostcoins
If the network fails or the computer crashes during a payment transaction, coins might be lost. There is a
mechanismavailabletorecoverthevalueoftheselostcoins.Theclientwhosecoinshavebeenlostnotifiesthe
minting bank of this occurrence. The bank then sends the exact messages from the last n withdrawals to the
client.Currentlyn =16,sothatallthesignedblindedcoinsfromthelast16withdrawalsaresent,asshownin
Figure below. The client must still have the blinding factor used for these withdrawals; otherwise, the coins
cannot be unblinded. The clients wallet will unblind all the coins and then deposit them into the clients
accountatthebank.Itisnecessarytodepositthecoinsbecauseitwillnotbeknownwhichcoinsfromthelast16
withdrawalshavealreadybeenspentandwhichhavenot.
Thebankwillcheckeachcoindepositedtoseeifithasalreadybeenspentornot.Thisisthenormalverification
topreventdoublespending.Theclientsaccountwillbecreditedtheunspentamount.Thevalueofanylostcoins
willhavebeenrecoveredandtheclientcannowwithdrawnewcoinstospend.
Figure: Recovering lost E-cash coins.
Ecashandcrime
Thereisaconcernthatfullyanonymouselectroniccash,likepapercash,willhelptohidetheidentityofcriminals.
There are fears that it could be used for money laundering, tax evasion, bribes, black markets, and other such
Page119
crimes.WithEcash,onlythepayer(client)isanonymous.Thepayee(merchant)whoreceivesapaymentmust
deposititintoabankaccounttovalidatethecoins.
The bank can monitor the deposits of suspected criminals. However, it would still be possible for a criminal to
acceptpaymentsundertheguiseofalegalbusiness.AsdescribedinSection6.1.9,itisalsopossibleforapayerto
provetoabankthatthepayermadeapayment.
Thus,withthecooperationoftheclientwhomadethepayment,thepayeecanbeidentifiedasacceptingthat
payment.Whilethepersonwhoreceivesapaymentcanbemonitored,newcoinsthathavebeenwithdrawnare
completelyanonymous.
The cryptographer Bruce Schneider described how to commit the perfect crime and obtain such anonymous
coins:
Ananonymouskidnappertakesahostage.
Thekidnapperthenpreparesalargenumberofblindedcoins.Thesearesentanonymouslytothebankas
aransomdemand.
Thebanksignsthecoinsduetothehostagesituation.
Thekidnapperdemandsthatthesignedblindedcoinsbepublishedinapublicplacesuchasanewspaper
orontelevision.Thiswillpreventthepickupbeingtraced.Nobodyelsecanunblindthecoins.
Thekidnappercansafelytaketheblindedcoinsfromthenewspaperortelevisionandsavethemon
computer.Thecoinsarethenunblindedandthekidnappernowhasafortuneinanonymousdigitalcash.
Electronicchecks
Paperbasedpaymentsusingacheck,whilestillhighlypopularintheUnitedStates,havebeenfallingoutoffavor
inEuropeancountries.Thisprocessofdeclinehasbeenencouragedbybanksfortworeasons.First,paperbased
checksareexpensivetoprocess.
Theymayinvolvethetransportofthesignedcheckallthewaytothebankonwhichitisdrawnbeforebeingable
todeterminethatthepaymentcanbemade.
Theexpenseinvolvedinthesocalledreturneditems(bouncedchecks)meansthattheaveragecostpercheckis
quitehigh.
Second,theuseofdebitcards,inwhicheachtransactioninvolvesanelectronicverificationoftheavailabilityof
funds,hasallthepropertiesofacheckbasedpaymentwithouttheattendantdisadvantages.
Itisclear,though,thatthereisaneedforachecklikepaymentsysteminwhichfundsaretransferredfromthe
payersbankaccounttothepayeesbankaccountatthetimethetransactiontakesplace.
Fromthebankspointofview,itwouldbedesirabletouseexistinginterbankfundstransfernetworksasmuchas
possible.Thischapterwillexamineanumberofelectroniccheckschemesandalternativechecklikemethodsthat
allowvaluetobetransferredbetweenbankaccountsduringapurchase.
Some of these payment systems are standalone in technology terms, while others make maximal use of the
existingbankinginfrastructure.
Echeckconcept
As with its paper counterpart, the electronic check will contain an instruction to the payers bank to make a
paymentofaspecifiedamounttoanidentifiedpayee.Thefactthatthecheckisinelectronicformandisbeing
conveyedacrosscomputernetworksshouldallowmoreflexibilityinthehandlingofthecheck.
Page120
New services can be provided, such as the ability to immediately verify funds availability. Security can be
enhanced by allowing digital signature validation and check payments can more easily be integrated into
electronicorderingandbillingprocesses.
Figurebelowshowstheoverallconcept.Apayerwouldissueacheckbyassemblingmuchthesameinformation
asispresentonapapercheck.UsersareissuedanX.509certificatebythebankwithwhichtheyhaveachecking
account.
The certificate is used by the payee to verify the payers digital signature on the check. The bank can include
account restrictions within the certificate, such as the maximum check value, currencies allowed, or a
requirementformultiplesignaturesinthecaseofacorporateaccount.
It is envisioned that a central bank or government agency will act as the root certificate authority and issue
certificatesforparticipatingbanks.
Figure The FSTC electronic check concept.
TheFinancialServicesTechnologyConsortium(FSTC)isagroupofU.S.banks,researchagencies,andgovernment
organizations, formed in 1993, that have come together to assist in enhancing the competitiveness of the U.S.
financialserviceindustry.
Electroniccheckfunctionalflows
The ability to rapidly move the information in an electronic check from one party to another across computer
networksmeansthattheelectroniccheckmaybeusedinavarietyofdifferentpaymentscenarios.
TheFSTChasidentifiedfourdistinctscenariosthatarelikelytobeofimportance.Thedepositandclearscenario
isthefirstoftheseandmirrorsthewayinwhichmostconventionalpaperchecksareused.Figurebelowshows
thestepsinvolved.
Page121
Figure:Functionalflowsinthedepositandclearscenario.
Thepayerissuesanelectronicchecksignedinconjunctionwiththepayerscheckbookdevice.Thisissenttothe
payee,whoendorsesit,alsousingasecurehardwaredevicebeforeforwardingittohisorherbank.Thebankwill
then clear the check with the payers bank using ACH transfers. Steps 4 and 5 show the banks informing their
customersofprogress,usingreportsandstatements.Thesearenotkeytothemainmessageflow,andindeed
couldbepaperreportspostedoutatregularintervals.
Oneofthedisadvantagesofusingthedepositandclearscenarioisthatallpartiesmusthavetheirnetworking
andprocessingcapabilitiesupgradedtodealwithelectronicchecks,beforeasinglepaymentcanbemade.Figure
belowshowsanalternativescenarioreferredtoascashandtransfer.Inthiscase,whilethepayeecanaccept
checks electronically, his or her bank cannot. So in step 2, the payee cashes the check by presenting it to the
payersbank,specifyingdetailsofhisorherbankaccountintheprocess.ThepayersbankrespondswithaNotify
message and then credits the payees bank account using a conventional interbank electronic funds transfer
(EFT).
Figure:Functionalflowsinthecashandtransferscenario.
ThethirdscenarioenvisagedbytheFSTCisreferredtoasthelockbox scenario.Inthiscase,theelectroniccheck
is sent not to the payee, but to the payees bank. The destination account may be either the payees primary
bankaccountoraspecialpurposeaccountreferredtoasalockbox, whichismaintainedbyabankorotherthird
party on behalf of the payee. The lockbox facility corresponds to a service offered by U.S. banks to corporate
clientswhendealingwithconventionalpaperbasedchecks.Figurebelowshowsthepayeesbankclearingthisin
step 2 and sending details to the payee in the form of an accounts receivable update. The transaction will
ultimatelyappearinaregularstatementsenttothepayer
Page122
Figure Functional flows in the lockbox scenario.
Thefinalscenarioisreferredtoasthefundstransferscenario.Itisverysimilartothedirectcreditbankingfacility
thatisinwidespreadusetoday.AsshowninFigurebelow,thepayergeneratesanelectroniccheckandforwards
itdirectlytothepayeesbank.Thebanktransfersthevaluetothepayeesbankaccount,anddebitsthatofthe
payer using conventional interbank EFT. In this case, only the payers bank needs to be equipped to process
electronicchecks,asallotherflowsarehandledbyexistingbankmessagingsystems.Thesefourscenarioshave
outlined how electronic checks can be used as a payment method in ways that fit well with existing banking
procedures.Nevertheless,bankswishingtotakefulladvantageoftheelectroniccheckmustprovidesomenew
infrastructuretohandlethisnewformofpayment.Onceagain,theemphasisintheFSTCisoncausingminimum
disturbancetothesystemsthatarealreadyinuse.
Function Functional flows in the funds transfer scenario.
Micropaymentsystem
Introduction
Oftheconventionalpaymentinstrumentsofcash,check,andcard,theonemostsuitedtolowvaluetransactions
iscash.Versatileasitis,itislimitedinthat notransactioncan involvelessthanthevalueofthesmallestcoin
(e.g.,apenny).
Thereareentireclassesofgoodsandserviceswherethisposesaproblem.Someexamplesincludeobtaininga
quotationofthecurrentpriceofashareonthestockmarketormakingasinglequeryofadatabaseservice.
Page123
Inconventionalcommerce,thesolutiontothishasbeentouseasubscriptionmodeofpayment,wherethebuyer
pays in advance and can avail of the product or service for a fixed period. While this ensures that the content
providercanbepaidforservicesrendered,itsealsoffwhatisinmanycasesalargecustomerbaseofpeoplewho
mayonlywishtouseaserviceveryoccasionally.
It also restricts the ability of people to try out a service. It is clear that the subscription model does not
adequately solve the problem and that there is a need for a payment system that can efficiently transfer very
smallamounts,perhapslessthanapenny,inasingletransaction.
Thisimpliesthatcommunicationstraffic,whichinitselfcostsmoney,mustbekepttoanabsoluteminimum.A
systeminwhichthecostsofconveyingthepaymentaregreaterthanthepaymentitselfisunlikelytosucceed.In
manyofthepaymentsystemscoveredinpreviouschapters,amerchantvalidatedeachpaymentbyhavingareal
time dialogue with a server on the network representing the payment systems provider, either to check that
fundsareavailable,ortocompletethepayment.
This represents a very high pertransaction overhead and must be eliminated in the design of a micropayment
system.Thelowvaluepertransactionalsomeansthattheprofitmadeoneachtransactionmustalsobesmall.
Foraservertobeviableundertheseconditions,itmustbeabletoprocesstransactionsatahighrate.
This gives rise to a further requirement that micropayment systems must be able to make the payment
verificationinexpensively.Ifaserveristakingappreciabletimetodopublickeyencryptionordecryption,thenits
throughput, measured in transactions, cannot be very great. Consequently, a successful micropayment system
mustnotinvolvecomputationallyexpensivecryptographictechniques.
The electronic payment methods outlined earlier have involved systems that mirror the properties of
conventional payment instruments already in existence. Micropayments, however, have not been available in
conventionalcommerce,andtheirintroductionopensupmanynewareasofbusiness.
One can envisage network users paying to consult an online encyclopedia, purchasing a single song from an
album,orderingjustthebusinesspagesfromaselectionofdailynewspapers,andsoforth.Theremainderofthis
chapterwilloutlinethemostinfluentialsystemsavailableinthisnewfieldofelectroniccommerce.
Millicent
Millicent is a decentralized micropayment scheme that was developed at Digital Equipment Corporation (now
Compaq) which is designed to allow payments as low as onetenth of a cent ($0.001) to be made. A Millicent
paymentcanbeefficientlyvalidatedatavendorssitewithouttheneedtocontactathirdparty.
This distributed approach, without any additional communication, expensive public key encryption, or offline
processing, allows it to scale effectively for repeated small payments. The Millicent system uses a form of
electroniccurrencycalledScrip.Scripcanbethoughtofastheloosechangeyoucarryaroundinyourpocket.
Itisfastandefficienttoverifythatitisvalid,andifonelosesasmallpieceofchangebyaccident,itisnotofgreat
concern.Scripisvendorspecificinthatithasvalueatoneparticularvendoronly.
The security of the protocol is designed to make the cost of committing a fraud more than the value of a
purchase.Byusingfastsymmetricencryptiontheprotocolcanbebothlightweightandsecure.
PurchasingwithMillicent
Initially,thecustomerbuyssomebrokerscripusingoneofthemacropaymentsystems,asshowninFigurebelow.
Typically,enoughbrokerscriptolastaweekmightbebought,althoughmorecanbeobtainedatanytime.
Page124
Figure: buying broker scrip
Whenacustomerfirstencountersanewvendor,heorshemustbuyvendorscripfromthebrokertospendat
thatvendorssite.Figurebelowshowsacustomerbuying20centsofvendorscripusingthe$5ofbrokerscrip
purchasedearlier.Boththenewvendorscripandthechangeinbrokerscriparereturned.Thesameprocesswill
takeplacewhenacustomerneedsmorevendorscrip,perhapsatthestartofanewday.Thevendorscripissent
tothemerchantwithapurchaserequest.Thevendorwillreturnanewpieceofvendorscripaschangealongwith
thepurchasedcontent.Remember,scripisvendorspecific,andcanbespentonlyataparticularmerchant.
Figure Purchasing from a vendor.
Figurebelowshowsthecustomerbuyingfromthe samevendoragainusing thechange. Thecustomeralready

hasvalidvendorscripforthevendor,sothereisnoneedtocontactthebroker.Again,thescripandpurchase
requestaresenttothevendorwhoreturnstheitemandthecorrectchange.Inthisexamplethecustomerhas
boughtanarticlecosting4cents.
Repeated payments at a specific vendor are highly efficient in regard to network connections. If the customer
already has valid scrip for that vendor, only a single network connection is required. Compare this with the
numberofnetworkconnectionsrequiredinasecuremacropaymentschemesuchasSETorEcash.
This increased communications efficiency is provided at the cost of slightly relaxing the security, as discussed
later.
Page125
Figure Further purchases from the same vendor.
Scrip
Scrip is a piece of data used to represent microcurrency within the Millicent system. Scrip has the following
properties:
Apieceofscriprepresentsaprepaidvalue,muchlikeprepaidphonecards,farecards,orcoupons.
Scripcanrepresentanydenominationofcurrency.Expectedvaluesrangefromonetenthofacentupto
about$5,althoughtherearenodefinedupperorlowerboundlimits.
Thesecurityofscripisbasedontheassumptionthatitisonlyusedtorepresentsmallamountsofmoney.
Itisvendorspecificandthushasvalueatonevendoronly.
Itcanbespentonlyonce.Doublespendingwillbedetectedlocallybythevendoratthetimeofpurchase.
Itcanbespentonlybyitsowner.Asharedsecretisusedtopreventstolenscripbeingspent.
Scripcannotbetamperedwithoritsvaluechanged.
Itiscomputationallyexpensivetocounterfeitscrip.Thecostofdoingsooutweighsthevalueofthescrip
itself.
Scripmakesnouseofpublickeycryptography.Itcanbeefficientlyproduced,validated,andprotected
usingaonewayhashfunctionandlimitedsymmetriccryptography.
Scripcannotprovidefullanonymity.Ithasvisibleserialnumbersthatcouldberecordedandtraced.
PayWord
PayWordisacreditbasedmicropaymentschemedesignedbyRonRivest(MITLaboratoryforComputerScience,
Massachusetts)andAdiShamir(WeizmannInstituteofScience,Rehovot,Israel).Theschemeaimstoreducethe
numberofpublickeyoperationsrequiredperpaymentbyusinghashfunctions,whicharefaster.Symmetric,and
hashfunctions,thatcanbeperformedpersecondonatypicalworkstation.
Themeasurementsweretakenona850MHzIntelCeleronprocessorunderWindows2000,usingCrypto++,to
provideaC++implementationofallthealgorithms.Theoperationsperformedpersecondarebasedona64byte
inputmessagesize.Fasthashfunctionsandsymmetrickeycryptographyaremoresuitableformicropayments,
where speed is important, than the slower publickey cryptography used in many macropayment schemes.
PayWord uses chains of hash values to represent user credit within the system. Each hash value, called a
PayWord,canbesenttoamerchantpayment.APayWordchainisvendorspecificandtheuserdigitallysignsa
commitment to honor payments for that chain. Brokers mediate between users and vendors and maintain
accounts for both. They vouch for users by issuing a PayWord certificate allowing that user to generate
PayWords. They redeem spent PayWord chains from vendors, transferring the amount spent from the users
accounttothevendor.Itisnotnecessaryforbothavendorandusertohaveanaccountatthesamebroker.As
Page126
withothermicropaymentschemes,securityisrelaxedtoincreaseefficiency.Whileitispossibleforsomeusersto
overspend,partiesthatcontinuetoabusethesystemcanbedetectedandremoved.
FormoreonPayWord,referChan
Probabilitybasedmicropayments
Inthepreviousmicropaymentschemeseachandeverypaymentisprocessedbythevendorandlaterverifiedand
redeemedatabrokerorbank.Tominimizethenumberofmicropaymenttransactionsthatmustbeperformed,
theprobabilitytheorycanbeappliedsothatthereisaspecifiedlikelihoodorchancethatthepaymentwillbe
performed.
Thevalueofthetransactionisequaltotheprobabilityofmakinganactualpaymentmultipliedbythevalueof
thatactualpayment:Transaction_value=Probability*Payment_amountForexample,insteadofmaking1,000
micropaymentseachworth1cent,onemightmakea$10paymentwitha1/1,000probability.
Mostofthetimenopaymentwillbemade,butapproximatelyevery1,000transactions,a$10paymentwilloccur
giving an average cost of 1 cent. Over time each party will get approximately the correct amount. In such a
probabilistic payment scheme there is a known probability, corresponding to the transaction value, that the
payment will actually be made. The scheme must provide a mechanism for fairly deciding the outcome of a
randomeventwiththisknownprobability.
In the first probabilistic payment scheme that we examine a coin flip, performed over the network, is used to
decidewhetherpaymentshouldbemade.Thesecondschemethatisdescribedproposestheuseofelectronic
lottery tickets, each with a specific probability of being a winning ticket and a stated amount to be paid if the
ticketwins.
Probabilitybased micropayments eliminate the cost of making the actual micropayment for most transactions,
butaddtheoverheadoffairlypredictingarandomeventwithknownprobability.
Page127
ECommerceStrategies
StrategiesforMarketing
Ausefulwaytothinkaboutelectroniccommerceimplementationsistoconsiderhowtheycangeneraterevenue.
However, it is important to remember that not all electronic commerce initiatives have the goal of providing
revenue;someareundertakentoreducecostsorimprovecustomerservice.
Webcataloguerevenuemodels
In this revenue model, the seller establishes a brand image, and then uses the strength of that image to sell
throughprintedcataloguesmailedtoprospectivebuyers.
Buyersplaceordersbymailorbycallingatelephonenumberprovided.Thisrevenuemodel,whichisoftencalled
themailorderorcataloguemodel,hasproventobesuccessfulforawidevarietyofconsumeritems,including
clothing,computers,electronics,householdgoods,andgifts.
When a company of this type wishes to enter the ecommerce market, they transfer or supplement their
cataloguewithanonlineversion.Whenthecataloguemodelisexpandedinthisway,itisoftencalledtheweb
cataloguerevenuemodel.
Digitalcontentrevenuemodels
Thewebisanewandhighlyefficientdistributionmechanismforfirmsthatownwritteninformation(wordsor
numbers)orrightstothatinformation.Forexample,LexisNexisbeganasalegalresearchtool,andithasbeen
availableasanonlineproductforyears.Today,LexisNexisoffersavarietyofinformationservices,includinglegal
information,corporateinformation,governmentinformation,news,andresourcesforacademiclibraries.
One of the first academic organizations to make the transition to electronic distribution on the web was (not
surprisingly) the Association for Computer Machinery (ACM). The ACM Digital Library offers subscriptions to
electronicversionsofitsjournalstoitsmembersandtolibraryandinstitutionalsubscribers.Academicpublishing
has always been a difficult business in which to make a profit because the base of potential subscribers is so
small.Eventhemosthighlyregardedacademicjournalsoftenhavefewerthan2000subscribers.Tobreakeven,
academicjournalsmustoftenchargeeachsubscriberhundredsoreventhousandsofdollarsperyear.Electronic
publishingeliminatesthehighcostsofpaper,printing,anddelivery,andmakesdisseminationofresearchresults
moreefficientandlessexpensive.
Advertisingsupportedrevenuemodels
Mosttelevisionchanneloutputisenabledbyanadvertisingsupportedrevenuemodel.Broadcastersprovidefree
programmingtoanaudiencealongwithadvertisingmessages.
Theadvertisingrevenueissufficienttosupporttheoperationsofthenetworkandthecreationorpurchaseofthe
programs. Many observers of the web in its early growth period believed that the potential for internet
advertisingwastremendous.
Webadvertisinggrewfromessentiallyzeroin1994to$2billionin1998.However,webadvertisingwasflator
declining in the years 2000 through 2002. Since then, web advertising has once again started to grow, but at
muchslowerratesthanintheearlyyearsoftheweb.
The overall success of online advertising has been hampered by two major problems. First, no consensus has
emergedonhowtomeasureandchargeforsitevisitorviews.Ithasbeendifficultforwebadvertiserstodevelop
astandardforadvertisingchargesbecauseinteractionwiththewebcanbemeasuredinamultipleofcomplex
ways.
Page128
Interactionwithawebsitemaybemeasuredintermsofnumberofvisitors,numberofuniquevisitors,numberof
clickthroughs, and other attributes of visitor behavior. In addition to the number of visitors or page views,
stickinessisacriticalelementincreatingapresencethatattractsadvertisers.
If a website is sticky, people will spend more time on it, visit it often and bookmark it (add it to their list of
favoritewebsites).
Learningactivity
What do you think makes a website sticky? Consider the websites that you have bookmarked or listed as
favorites.Whydoyoufavorthesewebsitescomparedwithothersthatmaycontainsimilarmaterial?
Asmostsuccessfuladvertisingonthewebistargetedatveryspecificgroups,thesecondproblemisthatveryfew
websites have a sufficient number of visitors to interest large advertisers. The set of characteristics that
marketers use to group visitors is called demographic information. This includes personal information such as
address,age,gender,incomelevel,typeofjobheld,hobbiesandreligion.
Advertisingsubscriptionmixedrevenuemodels
In an advertisingsubscription mixed revenue model, which has been used for many years by traditional print
newspapersandmagazines,subscriberspayafeeandacceptsomelevelofadvertising.
Onwebsitesthatusetheadvertisingsubscriptionrevenuemodel,subscribersaretypicallysubjectedtomuchless
advertisingthantheyareonadvertisingsupportedsites.Firmshavehadvaryinglevelsofsuccessinapplyingthis
modelandanumberofcompanieshavemovedtoorfromthismodelovertheirlifetimes.
Twooftheworldsmostdistinguishednewspapers,TheNewYorkTimesandTheWallStreetJournal,useamixed
advertisingsubscriptionmodel.TheNewYorkTimesversionismostlyadvertisingsupported,butthenewspaper
hasexperimentedinrecentyearswithchargingfeesforaccesstovariouspartsofitssite.
In2005,TheNewYorkTimesbeganchargingafeeforaccesstoitsOpEdandnewscolumns.Thenewspaperalso
chargesforaccesstoitspremiumcrosswordpuzzlepages.TheNewYorkTimesalsoprovidesasearchablearchive
ofarticlesdatingbackto1996andchargesasmallfeeforviewinganyarticleolderthanoneweek.
The Wall Street Journals mixed model is weighted more heavily to subscription revenue. The site allows non
subscribervisitorstoviewtheclassifiedadsandcertainstoriesfromthenewspaper,butmostofthecontentis
reservedforsubscriberswhopayanannualfeeforaccesstothesite.Visitorswhoalreadysubscribetotheprint
editionareofferedareducedrateonsubscriptionstotheonlineedition.
Feefortransactionrevenuemodels
Inthefeefortransactionrevenuemodel,businessesofferservicesandchargeafeebasedonthenumberorsize
oftransactionstheyprocess.Someoftheseserviceslendthemselveswelltooperatingonthewebcompanies
can offer much of the personal service formerly provided by human agents, as the website can offer visitors
similarinformationtheywouldhavepreviouslyheardfromoneofthecompanysphoneoperatives.
Ifconsumersarewillingtoentertransactioninformationintowebsiteforms,thesesitescanprovideoptionsand
execute transactions much less expensively than traditional transaction service providers. The removal of an
intermediary,suchasahumanagent,fromavaluechainiscalleddisintermediation.Theintroductionofanew
intermediary,suchasafeefortransactionwebsite,intoavaluechainiscalledreintermediation.
Feeforservicerevenuemodels
Companies are offering an increasing variety of services on the web for which they charge a fee. These are
neither broker services nor services for which the charge is based on the number or size of transactions
processed.
Page129
Thefeeisbasedonthevalueoftheserviceprovided.Thesefeeforservicerevenuemodelsrangefromgames
andentertainmenttofinancialadviceandtheprofessionalservicesofaccountants,lawyers,andphysicians.
SalesandPromotions
ThefourPsofmarketing:
Product: Thephysicalitemorservicethatacompanyisselling.
Price: Theamounttheconsumerpaysfortheproduct.
Promotion: Includes any means of spreading the word about the product. The internet provides many
variedpossibilitiesforcommunicatingwithexistingandpotentialconsumers.
Place: Theneedtohaveproductsorservicesavailableinmanydifferentlocations.
Communicatingwithdifferentmarketingstrategies
Identifyinggroupsofpotentialconsumersisjustthefirststepinsellingtothoseconsumers.Anequallyimportant
componentofanymarketingstrategyistheselectionofcommunicationmediatocarrythemarketingmessage.
Asanonlinefirmdoesnothaveaphysicalpresence,mediaselectioncanbecritical.Theonlycontactapotential
consumermighthavewithanonlinefirmcouldwellbetheimageitprojectsthroughthemediaandthroughits
website.
The challenge for online businesses is to convince consumers to trust them even though they do not have an
immediatephysicalpresence.
Trustandmediachoice
The web acts as an intermediate step between mass media and personal contact, but it is a very broad step.
Using the web to communicate with potential consumers offers many of the advantages of personal contact
sellingandmanyofthecostsavingsofmassmedia.
Companies can use the web to capture some of the benefits of personal contact, yet avoid some of the costs
inherentinthatapproach.Mostexpertsagreethatitisbettertomakeuseofthetrustbasedmodelofpersonal
contactwhensellingontheweb,ratherthantoadoptthemassmarketingapproach.
The development of ecommerce occurred during a particular financial context rising consumer expectations
and reduced product differentiation leading to increased competition and a splintering of mass markets. The
resultofthiswasareductionintheeffectivenessofmassmediaadvertising.Thus,theinternetprovidedanew
vehicleforachievinghighlevelsofconsumerfocusedmarketingstrategies.Itstechnologysuitsmarketdiversity
andconsumerdemand.
Page130
High level of
trust
Low level of trust

Trust in three information dissemination models
Marketsegmentation
Theresponsetothedecreaseinadvertisingeffectivenesswastoidentifyspecificportionsoftheirmarketsand
target them with specific advertising messages. This practice, called market segmentation, divides the pool of
potentialconsumersintosegments.
Segmentsareusuallydefinedintermsofdemographiccharacteristicssuchasage,gender,maritalstatus,income
level,andgeographiclocation.Thus,forexample,unmarriedmenbetweentheagesof19and25mightbeone
marketsegment.Otherformsofmarketsegmentationare:
Micromarketing: Practiceoftargetingverysmallmarketsegments.
Geographic segmentation: Firmsdividetheirconsumersintogroupsbywheretheyliveorwork.
Demographic segmentation: Usesinformationaboutage,gender,familysize,income,education,religion,
orethnicitytogroupconsumers.
Psychographic segmentation: Marketerstrytogroupconsumersbyvariablessuchassocialclass,
personality,ortheirapproachtolife.
Marketsegmentationontheweb
Thewebgivescompaniesanopportunitytopresentdifferentstoreenvironmentsonline.Forexample,ifyouvisit
thehomepagesofSteveMaddenandTalbots,youwillfindthatbothpagesarewelldesignedandfunctional.
However, they are each directed to different market segments. The Steve Madden site is targeted at young,
fashionconsciousbuyers.Thesiteusesawidevarietyoftypefaces,boldgraphics,andphotosofbrightlycolored
productstoconveyitstone.
Theemphasisistomakeanexcitinghighfashionstatementthatvisitorsofthetargetgroupcanidentifywith.In
contrast, the Talbots siteis rendered in a more muted, conservative style. The site is designed for older, more
establishedbuyers.
Themessagesemphasizedarestability,homelife,andthetrademarkTalbotsreddoors.Theseimagesappealtoa
marketsegmentofpeoplelookingforclassicsinsteadofthelatesttrends.
Page131
Offeringconsumersachoiceontheweb
As an example of a very successful ecommerce company, Dell is a useful case to study. Its website offers
consumersa numberofdifferentways todobusinesswiththe company.Its USA home pageincludes linksfor
each major group of consumers it has identified, including home, small business, medium and large business,
government,education,andhealthcare.Oncethesitevisitorhasselectedaconsumercategory,specificproducts
andproductcategoriesareavailableaslinks.
Beyondmarketsegmentation:consumerbehaviorandrelationshipintensity
Segmentationusingconsumerbehavior
Thedevelopmentofthewebfollowsandinsomecases,drivesdevelopmentswithinmarketing,andhasledto
increasingly complex and effective marketing strategies. Behavioral segmentation is the creation of separate
experiencesforconsumersbasedontheirbehavior.
When the behavioral segmentation is based on things that happen at a specific time or occasion, behavioral
segmentation is sometimes called occasion segmentation. Marketing researchers are just beginning to study how
and why people prefer different combinations of products, services, and website features and how these
preferencesareaffectedbytheirmodesofinteractionwiththesite.
Marketresearchhasfoundthatpeoplewantwebsitestoofferarangeofinteractionpossibilitiesfromwhichthey
canselecttomeet their needs.Rememberthata particular personmightvisitaparticularwebsiteatdifferent
timesandmightsearchfordifferentinteractionseachtime.
Customizing visitor experiences to match the site usage behavior patterns of each visitor or type of visitor is
called usage-based market segmentation. Researchers havebegun toidentifycommonpatternsofbehaviorandto
categorize those behavior patterns. One set of categories that marketers use today includes browsers, buyers,
andshoppers.
Consumerrelationshipintensityandlifecyclesegmentation
Onegoalofmarketingistocreatestrongrelationshipsbetweenacompanyanditsconsumers.Thereasonthat
onetoonemarketingandusagebasedsegmentationaresovaluableisthattheyhelptostrengthencompanies'
relationshipswiththeirconsumers.
Goodconsumerexperiencescanhelpcreateanintensefeelingofloyaltytowardthecompanyanditsproductsor
services.Researchershaveidentifiedseveralstagesofloyaltyasconsumerrelationshipsdevelopovertime.
Fivestagemodelofconsumerloyalty
Awareness: Consumerswhorecognizethenameofthecompanyoroneofitsproductsareinthe
awarenessstageofconsumerloyalty.
Exploration: Inthisstagepotentialconsumerslearnmoreaboutthecompanyoritsproducts.
Familiarity: Consumerswhohavecompletedseveraltransactionsandareawareofthecompany's
policiesregardingreturns,credits,andpricingflexibilityareinthisstage.
Commitment: Afterexperiencingaconsiderablenumberofhighlysatisfactoryencounterswitha
company,someconsumersdevelopafierceloyaltyorstrongpreferencefortheproductsorbrandsof
thatcompany.
Separation: Overtime,theconditionsthatmadetherelationshipvaluablemightchange.Theconsumer
mightbeseverelydisappointedbychangesinthelevelofservice(eitherasprovidedbythecompanyor
asperceivedbytheconsumer)orproductquality.
Page132

AwarenessExplorationFamiliarityCommitmentSeparation
Time
Fivestagesofcustomerloyalty
Acquisition,conversion,andretentionofconsumers
In ecommerce, new visitor acquisition varies according to the revenue model adopted by the company. For
example,anadvertisingsupportedsiteisinterestedinattractingasmanyvisitorsaspossibletothesiteandthen
keepingthosevisitorsatthesiteforaslongaspossible.
Inthisway,thesitedisplaysthemaximumamountofadvertisingmessagestoitsvisitors,whichishowthesite
earnsaprofit.Ontheotherhand,forsitesthatoperateawebcataloguemodel,chargeafeeforservicesorthat
aresupportedbysubscriptions,attractingvisitorstothesiteisonlythefirststepintheprocessofturningthose
visitorsintoconsumers.
Thetotalamountofmoneythatasitespends,onaverage,todrawonevisitortothesiteiscalledthe acquisition
cost. Thesecondstepthatawebbusinesswantstotakeistoconvertthefirsttimevisitorintoaconsumer.Thisis
called a conversion. For advertisingsupported sites, the conversion is usually considered to happen when the
visitorregistersatthesite,or,insomecases,whenaregisteredvisitorreturnstoasiteseveraltimes.
For sites with other revenue models, the conversion occurs when the site visitor buys a good or service or
subscribestothesite'scontent.Thetotalamountofmoneythatasitespends,onaverage,toinduceonevisitor
to make a purchase, sign up for a subscription, or (on an advertisingsupported site) register, is called the
conversion cost.
Consumeracquisition,conversion,andretention:thefunnelmodel
A funnel is a good analogy for the operation of a marketing strategy because almost every marketing strategy
startswithalargenumberofprospectsandconvertsfewerandfewerofthoseprospectsintoseriousprospects,
consumers,andfinally,loyalconsumers.
Page133
Funnel model of customer acquisition, conversion, and retention
Advertisingontheweb
Mostadvertisingonthewebusesbanner ads. Abanneradisasmallrectangularobjectonawebpagethatdisplays
a stationary or moving graphic and includes a hyperlink to the advertiser's website. Banner ads are versatile
advertisingvehicles.
Theirgraphicimagescanhelpincreaseawareness,anduserscanclickthemtoopentheadvertiser'swebsiteand
learnmoreabouttheproduct.Thus,banneradscanservebothinformativeandpersuasivefunctions.
Bannerads
Banner ads: Therearethreedifferentwayscompaniesarrangeforotherwebsitestodisplaytheirbanner
ads.Thefirstistouseabannerexchangenetwork.Thesecondwayistofindwebsitesthatappealtoone
ofthecompany'smarketsegmentsandthenpaythosesitestocarrytheads.Athirdwayistousea
banneradvertisingnetwork.
Measuring banner ad cost and effectiveness: Whenacompanypurchasesmassmediaadvertising,itpaysa
dollaramountforeverythousandpeopleintheestimatedaudience.Thispricingmetriciscalledcostper
thousandandisoftenabbreviatedCPM.
Otherwebadformats
Thesteadydeclineintheeffectivenessofbanneradshaspromptedadvertiserstoexploreotherformatsforweb
ads.Oneoftheseformatsisthe pop-up advertisement. Apopupadisanadthatappearsinitsownwindowwhen
theuseropensorclosesawebpage.
Thewindowinwhichtheadappearsdoesnotincludetheusualbrowsercontrols.Theonlywaytodismissthead
istoclickthesmallclosebuttonintheupperrightcornerofthewindow'sframe.Otheradformatsare:
Pop-behind ad: Apopupadthatisfollowedveryquicklybyacommandthatreturnsthefocustothe
originalbrowserwindow.
Interstitial ad: Whenauserclicksalinktoloadapage,theinterstitialadopensinitsownbrowser
window,insteadofthepagethattheuserintendedtoload.
Rich media ads (active ads): Generategraphicalactivitythat"floats"overthewebpageitselfinsteadof
openinginaseparatewindow.
Page134
Sitessponsorships
Somewebsitesofferadvertiserstheopportunitytosponsorallorpartsoftheirsites.Thesesitesponsorshipsgive
advertisersachancetopromotetheirproducts,services,orbrandsinamoresubtlewaythanbyplacingbanner
orpopupadsonthesites(althoughsomesponsorshippackagesincludeacertainnumberofbannerandpopup
ads).
Effectivenessofonlineadvertising
Afteryearsofexperimentingwithavarietyofonlineadvertisingformats,theeffectivenessofonlineadvertising
remainsdifficulttomeasure.Amajorproblemisthelackofasingleindustrystandardmeasuringservice,suchas
the service that the Nielsen ratings provide for television broadcasting or the Audit Bureau of Circulations
proceduresprovidefortheprintmedia.
In2003,theInteractiveAdvertisingBureau(IAB)andtheInstituteofPractitionersinAdvertising(IPA)createda
joint task force to review four media measurement systems (Nielsen//NetRatings, ComScore, Hitwise, and
RedSheriff)andrecommendoneasthesinglestandardordeviseanalternativemeasurementsystem.
ThetaskforcehasannouncedthatitiscurrentlyconsideringonlyComScoreandNielsen//NetRatings.
Emailmarketingandpermissionmarketing
Akeyelementinanyemailmarketingstrategyistoobtainconsumers'approvalsbeforesendingthemanyemail
that includes a marketing or promotional message. Many businesses are finding that they can maintain an
effectivedialogwiththeirconsumersbyusingautomatedemailcommunications.
Sending one email message to a consumer can cost less than one cent if the company already has the
consumer'semailaddress.Purchasingtheemailaddressesofpeoplewhoasktoreceivespecifickindsofemail
messagesaddsbetweenafewcentsandadollartothecostofeachmessagesent.Anotherfactortoconsideris
theconversionrate.
Theconversionrateofanadvertisingmethodisthepercentageofrecipientswhorespondtoanadorpromotion.
Conversion rates on requested email messages range from 10 percent to over 30 percent. These are much
higherthantheclickthroughratesonbannerads,whicharecurrentlyunder0.5percentanddecreasing.
Combiningcontentandadvertising
Onestrategyforgettingemailacceptedbyconsumersandpotentialconsumersistocombinecontentwithan
advertisingemail.Manycompanieshavefoundthistobeasuccessfulmarketingapproach.Offeringarticlesand
newsstoriesthatareofinteresttoaspecificmarketsegmentisagoodwaytoincreaseacceptanceofemail.
Outsourcingemailprocessing
Manycompaniesfindthatthenumberofconsumerswhooptintoinformationladenemailscangrowrapidly.
The job of handling email lists and massmailing software can quickly outgrow the capacity of the company's
informationtechnologystaff.
Anumberofcompaniesofferemailmanagementservices,andmostsmallormediumsizecompaniesoutsource
theiremailprocessingoperations.Anemailmanagementcompanywilltypicallymanageanemailcampaignfor
acostofbetween1and2centspervalidemailaddress.
Technologyenabledconsumerrelationshipmanagement
The nature of the web, with its twoway communication features and traceable connection technology, allows
firms to gather much more information about consumer behavior and preferences than they can gather using
micromarketingapproaches.
Page135
Now, companies can measure large amounts of informative data regarding navigational choices, as consumers
andpotentialconsumersgatherinformationandmakepurchasingdecisions.Theinformationthatawebsitecan
gatheraboutitsvisitors(whichpageswereviewed,howlongeachpagewasviewed,thesequence,andsimilar
data)iscalledaclickstream.
Technologyenabledrelationshipmanagementhasbecomepossiblewhenpromotingandsellingontheweb.This
occurs when a firm obtains detailed information about a consumer's behavior, preferences, needs, and buying
patterns. The firm then uses that information to set prices negotiate terms, tailor promotions, add product
features,andotherwisecustomizeitsentirerelationshipwiththatconsumer.
CRMasasourceofvalueinthemarketspace
Foryears,businesseshaveviewedinformationasapartofthevaluechain'ssupportingactivities,buttheyhave
notconsideredhowinformationitselfmightbeasourceofvalue.Inthemarketspace,firmscanuseinformation
tocreatenewvalueforconsumers.
Many electronic commerce websites today offer consumers the convenience of an online order history,
recommendations based on previous purchases, and show current information about products in which the
consumermightbeinterested.
Creatingandmaintainingbrandsontheweb
A brand name which is known and respected can present a powerful statement to potential consumers. It
representsquality,value,andotherdesirablequalitiesinonerecognizableelement.Brandedproductsareeasier
toadvertiseandpromote,becauseeachproductcarriesthereputationofthebrandname.
Companies have developed and nurtured their branding programs in the physical marketplace for many years.
ConsumerbrandssuchasIvorysoap,WaltDisneyentertainment,Maytagappliances,andFordautomobileshave
beendevelopedovermanyyearswiththeexpenditureoftremendousamountsofmoney.However,thevalueof
theseandothertrustedmajorbrandsfarexceedsthecostofcreatingthem.
Elementsofbranding:
Product differentiation: Thefirstconditionthatmustbemettocreateaproductorservicebrand.
Relevance: Thedegreetowhichtheproductoffersutilitytoapotentialconsumer.
Perceived value: Akeyelementincreatingabrandthathasvalue.
Emotionalbrandingvs.rationalbranding
Companieshavetraditionallyusedemotionalappealsintheiradvertisingandpromotioneffortstoestablishand
maintainbrands.Onebrandingexpert,TedLeonhardt,hasdescribed"brand"as"anemotionalshortcutbetween
acompanyanditsconsumer."
Theseemotionalappealsworkwellontelevision,radio,billboards,andinprintmedia,becausetheadtargetsare
in a passive mode of information acceptance. However, emotional appeals are difficult to convey on the web
becauseitisanactivemediumcontrolledtoagreatextentbytheconsumer.
Manywebusersareactivelyengagedinsuchactivitiesasfindinginformation,buyingairlinetickets,makinghotel
reservations, and obtaining weather forecasts. These users are busy people who will rapidly click away from
emotionalappeals.
Asanalternative,rationalbrandingisbasedontheprincipleofvalueexchangeinwhichgoodsandservicesare
exchanged between the company and prospective consumers in payment for prospective consumers viewing
advertising.RationalbrandingisapopularstrategyforWWWmarketerstocreateandmaintainbrandsonline.
Page136
Brandleveragingstrategies
Therearemanyotherwaystobuildbrandsontheweb.Onemethodthatisworkingforwellestablishedwebsites
istoextendtheirdominantpositionstootherproductsandservices,astrategycalledbrand leveraging.
Yahoo!isanexcellentexampleofacompanythathasusedbrandleveragingstrategies.Yahoo!wasoneofthe
firstdirectoriesontheweb.Itaddedasearchenginefunctionearlyoninitsdevelopmentandhascontinuedto
maintainitsleadingpositionbyacquiringotherwebbusinessesandexpandingitsexistingofferings.
Yahoo!acquiredGeoCitiesandBroadcast.com,andenteredintoanextensivecrosspromotionpartnershipwitha
numberofFoxentertainmentandmediacompanies.Thusituseditsinfluenceinthe markettohighlighttoits
users services offered by other companies it had teamed up with. Yahoo! continues to lead its two nearest
competitors,ExciteandGo.com,inadrevenuebyaddingfeaturesthatwebusersfindusefulandthatincrease
thesite'svaluetoadvertisers.
Brandconsolidationstrategies
Brandconsolidationtakesbrandleverageonestagefurtherandactivelytwinstwoormorecompaniestogether,
usually to a specific target market. This was pioneered by Della & James, an online bridal registry that is now
doingbusinessaspartofWeddingChannel.com.
Although a number of national department store chains, such as Macy's, had established online registries for
theirownstores,Della&Jamescreatedasingleregistrythatconnectedtoseverallocalandnationaldepartment
andgiftstores,includingCrate&Barrel,Gump's,NeimanMarcus,Tiffany&Co.,andWilliamsSonoma.
ThelogoandbrandingofeachparticipatingstorearefeaturedprominentlyontheWeddingChannel.comsite.The
founders identified an opening for a market intermediary because specific research showed that the average
coupleengagedtobemarriedregistersatthreedifferentstores.Thus,WeddingChannel.comprovidesavaluable
consolidating activity for registering couples and their wedding guests that no store operating alone could
provide.
Costsofbranding
Itismucheasiertotransferanexistingbrandtotheweb,orusethewebtomaintainanexistingbrand,rather
thancreatinganentirelynewbrandontheweb.Thishasprovedtobemuchmoredifficultandexpensive.In
1998,alargenumberofcompaniesspentsignificantamountsofmoneyonbuildingnewbrandsontheweb.
AccordingtostudiesbytheIntermarketGroup,eachofthetop100electroniccommercesitesspentanaverage
of$8millioninthatoneyeartocreateandbuildtheironlinebrands.Twoofthebrandsthatbattleditoutatthe
top of the spending bracket included Amazon.com, which spent $133 million, and BarnesandNoble.com, which
spent $70 million. Most of this spending was for television, radio, and print media not for online advertising.
Online brokerages E*TRADE and Ameritrade Holding were also among the top five in that first year of major
brandbuildingontheweb,spending$71millionand$44million,respectively.
Affiliatemarketingstrategies
Affiliate marketing is when one firm includes details, descriptions, reviews, ratings, or other information about
another company's product on its (the affiliate firm) website. The consumer will be able to click on the
informationandgostraighttotheotherfirm'ssitetobuytheproduct.Foreveryvisitorwhofollowsalinkfrom
theaffiliate'ssitetotheseller'ssite,theaffiliatesitereceivesacommission.
Oneofthemoreinterestingmarketingtacticsmadepossiblebythewebis cause marketing, whichisanaffiliate
marketing program that benefits a charitable organization (and, thus, supports a "cause"). In cause marketing,
the affiliate site is created to benefit the charitable organization. When visitors click a link on the affiliate's
webpage,adonationismadebyasponsoringcompany.Thepagethatloadsafterthevisitorclicksthedonation
Page137
link carries advertising for the sponsoring companies. Research demonstrates that the clickthrough rates on
theseadsaremuchhigherthanthetypicalbanneradclickthroughrates.
Viralmarketingstrategies
Viral marketing usessatisfiedcustomerstotellpotentialcustomersaboutproductsorservicestheyhaveenjoyed
using. Much as affiliate marketing uses websites to spread the word about a company, viral marketing
approaches use individual consumers to do the same thing. It is called viral marketing because it reaches
increasingnumbersofconsumersinthesamewaythatavirusmultipliesandspreads.
Searchenginepositioninganddomainnames
Research demonstrates that potential consumers find websites in many different ways. Some site visitors are
referredbyafriend.Othersarereferredbyanaffiliatemarketingpartnerofthesite.Someseethesite'sURLina
printadvertisementorontelevision.OthersarriveaftertypingaURLthatissimilartothecompany'sname.But
manysitevisitorsaredirectedtothesitebyasearchengineordirectorywebsite.
Searchenginesandwebdirectories
Searchenginesarewebsitesthathelppeoplefindwhattheyarelookingforinthevastcyberspacearena.Search
engines contain three major parts. The first part, called a spider, a crawler, or a robot (or simply bot), is a
programthatautomaticallysearchesthewebtofindwebpagesthatmightbeinterestingtopeople.
Whenthespiderfindswebpagesthatmightinterestsearchenginesitevisitors,itcollectstheURLofthepage
andinformationcontainedonthepage.Thisinformationmightincludethepage'stitle,keywordsincludedinthe
page'stext,andinformationaboutotherpagesonthatwebsite.
Inadditiontowordsthatappearonthewebpage,websitedesignerscanspecifyadditionalkeywordsinthepage
thatarehiddenfromtheviewofwebsitevisitors,butthatarevisibletospiders.Thesekeywordsareenclosedin
anHTMLtagsetcalledMetatags.Theword"meta"isusedforthistagsettoindicatethatthekeywordsdescribe
thecontentofawebpageandarenotthemselvespartofthecontent.
Thespiderreturnsthisinformationtothesecondpartofthesearchenginetobestored.Thestorageelementofa
searchengineiscalleditsindexordatabase.Theindexcheckstoseeifinformationaboutthewebpageisalready
stored.
Ifitis,itcomparesthestoredinformationtothenewinformationanddetermineswhethertoupdatethepage
information.Theindexisdesignedtoallowfastsearchesofitsverylargeamountofstoredinformation.
Thethirdpartofthesearchengineisthesearchutility.Visitorstothesearchenginesiteenteratermpartofa
word,aword,orwordstheywishtosearchandthesearchutilitytakesthosetermsandfindsentriesforweb
pagesinitsindexthatmatchthosesearchterms.Thesearchutilityisaprograminitself:itcreatesawebpage
whichappearstothevisitorasalistoflinkstoURLs.Thevisitorcanthenclickthelinkstovisitthosesites.
Paidsearchengineinclusionandplacement
Astheinternetcontinuestogrowrapidly,theamountofpotentialinformationmatchingasearchtermcanseem
daunting to a visitor and exasperating to a business if their company does not appear high on the list. An
increasingnumberofsearchenginesiteshavestartedmakingthetaskeasierbutforaprice.
These search engine sites offer companies a paid placement which is the option of purchasing a top listing on
resultspagesforaparticularsetofsearchterms.Thisisalsocalledasponsorshiporasearchtermsponsorship;
however,notethatthesesearchtermsponsorshipsarenotthesamethingasthegeneralsitesponsorshipsyou
learnedaboutearlierinthischapter.Therateschargedvarytremendouslydependingonthedesirabilityofthe
searchtermstopotentialsponsors.
Page138
Websitenamingissues
Obtainingidentifiablenamestouseonthewebcanbeanimportantpartofestablishingawebpresencethatis
consistentwiththecompany'sexistingimageinthephysicalworld.Companiesthathaveawellestablishedbrand
nameorreputationinaparticularlineofbusinessusuallywanttheURLsfortheirwebsitestoreflectthatnameor
reputation.
Misnamingwebsitescanleadtocustomerfrustrationandeventualcustomerloss.Twoairlinesthatstartedtheir
online businesses with troublesome domain names have both now purchased more suitable domain names.
SouthwestAirlines'domainnamewaswww.iflyswa.comuntilitpurchasedwww.southwest.com.
DeltaAirLines'originaldomainnamewaswww.deltaair.com.Afterseveralyearsofcomplaintsfromconfused
consumers who could never remember to include the hyphen, the company purchased the domain name
www.delta.com.
Companies often buy more than one domain name. Some companies buy additional domain names to ensure
that potential site visitors who misspell the URL will still be redirected (through the misspelled URL) to the
intendedsite.
For example, Yahoo! owns the name Yahow.com. Other companies own many URLs because they have many
differentnamesorformsofnamesassociatedwiththem.
Page139
StrategiesforWebAuctions
One of the Internet's strengths is that it can bring together people who share narrow interests but are
geographicallydispersed.Onlineauctionscancapitalizeonthatabilitybyeithercateringtoanarrowinterestor
providingageneralauctionsitethathassectionsdevotedtospecificinterests.
OriginsofAuctions
The earliest written records of auctions are from Babylon and date from 500 BC. In those auctions, men bid
againsteachotherforthewomentheywishedtomarry.Romansoldiersusedauctionstoliquidatetheproperty
theytookfromtheirvanquishedfoes.
InAD193,thePraetorianGuardauctionedofftheentireRomanEmpireafterkillingtheEmperorPertinax.Inlater
years,Buddhisttemplesheldauctionstoselloffthepossessionsofdeceasedmonks.
Auctions became common activities in 17thcentury England, where taverns held regular auctions of art and
furniture. The 18th century saw the birth of two British auction housesSotheby's in 1744 and Christie's in
1766thatcontinuetobemajorauctionfirmstoday.
The British settlers of the colonies that would become the United States brought auctions with them. Colonial
auctionswereusedtosellfarmequipment,animals,tobacco,and,sadtosay,humanbeings.
Inanauction,aselleroffersanitemoritemsforsale,butdoesnotestablishaprice.Thisiscalled"puttinganitem
upforbid"or"puttinganitemonthe(auction)block."Potentialbuyersaregiveninformationabouttheitemor
someopportunitytoexamineit;theythenofferbids,whicharethepricestheyarewillingtopayfortheitem.
Thepotentialbuyers,orbidders,eachhavedevelopedprivatevaluations,oramountstheyarewillingtopayfor
the item. The whole auction process is managed by an auctioneer. In some auctions, people employed by the
sellerortheauctioneercanmakebidsonbehalfoftheseller.Thesepeoplearecalledshillbidders.Shillbidders
canartificiallyinflatethepriceofanitemandmaybeprohibitedfrombiddingbytherulesofaparticularauction.
EnglishAuctions
Many different kinds of auctions exist. Most people who have attended or seen an auction on television have
experienced only one type of auction, the English auction, in which bidders publicly announce their successive
higher bids until no higher bid is forthcoming. At that point, the auctioneer pronounces the item sold to the
highestbidderatthatbiddersprice.
This type of auction is also called an ascendingprice auction. An English auction is sometimes called an open
auction (or openoutcry auction) because the bids are publicly announced; however, there are other types of
auctionsthatusepubliclyannouncedbidsthatarealsocalledopenauctions.
Insomecases,anEnglishauctionhasaminimumbid,orreserveprice.Aminimumbidisthepriceatwhichan
auctionbegins.Ifnobiddersarewillingtopaythatprice,theitemisremovedfromtheauctionandnotsold.In
someauctions,aminimumbidisnotannounced,butsellerscanestablishaminimumacceptableprice,calleda
reserveprice,orsimplyreserve.
Ifthereservepriceisnotexceeded,theitemiswithdrawnfromtheauctionandnotsold.Englishauctionsthat
offer multiple units of an item for sale and allow bidders to specify the quantity they want to buy are called
Yankeeauctions.WhenthebiddingconcludesinaYankeeauction,thehighestbidderisallottedthequantityhe
orshebid.Ifitemsremainaftersatisfyingthehighestbidder,thoseremainingitemsareallocatedtosuccessive
lower (nexthighest) bidders until all items are distributed. Although all successful bidders (except possibly the
lowest successful bidder) receive the quantity of items on which they bid, they only pay the price bid by the
lowestsuccessfulbidder
Page140
To understand Yankee auctions better, consider this example A seller places nine items up for bid. When the
biddersstopincreasingtheirbids,thesuccessfulbiddersinclude:thehighestbidder,whobid$85,quantityfive;
thesecondhighestbidder,whobid$83,quantitythree;andthethirdhighestbidder,whobid$81,quantityfour.
All three of the successful bidders pay $81 per item, but the highest bidder receives five items, the second
highestbidderreceivesthreeitems,andthethirdhighestbidderreceivestheoneremainingitem,despitehaving
bidforaquantityoffour,becauseonlyoneisleftaftersatisfyingthequantitybidsofthehigherbidders.
Englishauctionshavedrawbacksforbothsellersandbidders.Becausethewinningbidderisonlyrequiredtobida
small amount more than the nexthighest bidder, winning bidders tend not to bid their full private valuations,
whichpreventssellersfromobtainingthemaximumpossibleprice.
Bidders risk: becoming caught up in the excitement of competitive bidding and then bidding more than their
privatevaluations.Thispsychologicalphenomenon,calledthewinner'scurse,hasbeenextensivelydocumented
byWilliamThalerandotherbehavioraleconomists.
DutchAuctions
The Dutch auction is a form of open auction in which bidding starts at a high price and drops until a bidder
accepts the price. Because the price drops until a bidder claims the item, Dutch auctions are also called
descendingprice auctions. Farmers' cooperatives in the Netherlands use this type of auction to sell perishable
goodssuchasproduceandflowers,whichishowitcametobeknownasa"Dutch"auction.
InmostDutchauctions,theselleroffersanumberofsimilaritemsforsale.Onecommonimplementationofa
Dutchauctionusesaclockthatdropsthepricewitheachtick.Thefirstbiddertocallout"stop,"whichstopsthe
clock,becomesthewinningbidder.
Thewinningbiddercantakealloranypartoftheauctioneditemsatthatprice.Ifanyitemsremain,theclockis
restartedandcontinuestorununtilalltheitemsaretakenbysuccessivelowerbidders.ADutchauctionisoften
betterforthesellerbecausethebidderwiththehighestprivatevaluationwillnotletthebiddropmuchbelow
thatvaluationforfearoflosingtheitemtoanotherbidder.
Dutchauctionsareparticularlygoodformovinglargenumbersofcommodityitemsquickly.Afewonlinestores
haveofferedDutchauctionsfromtimetotime.Forseveralyears,ColdwaterCreekusedDutchauctionstosell
closeoutitemsonitssite.
Most online retailers who have tried Dutch auctions have found that they do not increase sales or generate
interestintheproductswellenoughtojustifythecostsofoperatingtheauction.Theyalsohavefoundthattheir
customers are confused by sites that include a Dutch auction as an alternative to regular sales of closeout or
markeddownitems.
ThisdoesnotmeanthatDutchauctionsareneveruseful.In2004,GoogleusedaDutchauctiontosellitsstockto
investorsinitsinitialpublicoffering.ThefinancialcommunityconsideredthisuseofaDutchauctiontobehighly
innovativeandverysuccessful.
FirstPriceSealedBidAuctions
In sealedbid auctions, bidders submit their bids independently and are usually prohibited from sharing
information with each other. In a firstprice sealedbid auction, the highest bidder wins. If multiple items are
auctioned,successivelower(nexthighest)biddersareawardedtheremainingitemsatthepricestheybid.
Page141
SecondPriceSealedBidAuctions
The secondprice sealedbid auction is the same as the firstprice sealedbid auction except that the highest
bidderisawardedtheitematthepricebidbythesecondhighestbidder.Atfirstglance,onemightwonderwhya
sellerwouldevenconsidersuchanauctionbecauseitgivestheitemtothewinningbidderatalowerprice.
WilliamVickreywonthe1996NobelPrizeinEconomicsforhisstudiesofthepropertiesofthisauctiontype.He
concludedthatityieldshigherreturnsfortheseller,encouragesallbidderstobidtheamountsoftheirprivate
valuations, and reduces the tendency for bidders to collude. Because the winning bidder is protected from an
erroneouslyhighbid,allbidderstendtobidhigherthantheywouldinafirstpricesealedbidauction.Second
pricesealedbidauctionsarecommonlycalledVickreyauctions.
OpenOutcryDoubleAuctions
TheChicagoBoardofTradeconductsopenoutcrydoubleauctionsofcommodityfuturesandstockoptions.The
buyandselloffersareshoutedbytradersstandinginasmallareaontheexchangefloorcalledatradingpit.Each
commodityorstockoptionistradedinitsownpit.Theactioninatradingpitcanbecomequitefrenziedas20or
30tradersshoutoffersaloud.
Doubleauctions,eithersealedbidoropenoutcry,workwellonlyforitemsofknownquality,suchassecuritiesor
graded agricultural products that are regularly traded in large quantities. Such items can be auctioned without
biddersinspectingtheitemsbeforeplacingtheirbids.
SealedBidDoubleAuctions
In a double auction, buyers and sellers each submit combined pricequantity bids to an auctioneer. The
auctioneer matches the sellers' offers (starting with the lowest price and then going up) to the buyers' offers
(startingwiththehighestpriceandthengoingdown)untilallthequantitiesofferedforsalearesoldtobuyers.
Double auctions can be operated in either sealedbid or openoutcry formats. The New York Stock Exchange
conductssealedbiddoubleauctionsofstocksandbondsinwhichtheauctioneer,calledaspecialist,managesthe
marketforaparticularstockorbondissue.Thespecialistcompanymustuseitsownfunds,whennecessary,to
maintainastablemarketinthespecificsecurityitmanages.
Reverse(SellerBid)Auctions
In a reverse auction (also called a sellerbid auction), multiple sellers submit price bids to an auctioneer who
representsasinglebuyer.Thebidsareforagivenamountofaspecificitemthatthebuyerwantstopurchase.
Thepricesgodownasthebiddingcontinuesuntilnoselleriswillingtobidlower.Reverseauctionsareusedby
consumers,butthevastmajorityoftheseauctions(andbyfarthelargestportionofthedollarvolumeofthese
auctions)involvesbusinessesthatarebothbuyersandsellers.
Inmanybusinessreverseauctions,thebuyeractsasauctioneerandscreenssellersbeforetheycanparticipate.
Youwilllearnmoreaboutspecificimplementationsofreverseauctions,bothconsumerandbusiness,laterinthis
chapter.
OnlineAuctionsandRelatedBusinesses
Onlineauctionsareoneofthefastestgrowingsegmentsofonlinebusinesstoday.Millionsofpeoplebuyandsell
alltypesofgoodsonconsumerauctionsiteseachyear.Althoughtheonlineauctionbusinessischangingrapidly
as it grows, three broad categories of auction Web sites have emerged: general consumer auctions, specialty
consumerauctions,andbusinesstobusinessauctions.
Some industry analysts consider the two types of consumer auctions to be businesstoconsumer electronic
commerce. Other analysts believe that a more appropriate term for the electronic commerce that occurs in
Page142
general consumer auctions is consumertoconsumer or even consumertobusiness (because the bidders at a

generalconsumerauctionmightbebusinesses).
Theirargumentisthatmanysellerswhoparticipateingeneralconsumerauctionsarenotreallybusinesses;they
areordinarypeoplewhousetheseauctionstosellpersonalitemsinsteadofholdingagaragesale,forexample.
Whetheryouprefertothinkofonlineauctionsasbusinesstoconsumer,consumertoconsumer,orconsumer
tobusiness,thelargestnumberoftransactionsoccursongeneralconsumerauctionsites.
GeneralConsumerAuctions
ThemostsuccessfulconsumerauctionWebsitetoday(byfar)iseBay,thecompanydescribedintheintroduction
tothischapter.The eBayhomepage includeslinkstocategoriesofitems.Alternatively,apotential biddercan
usethesearchboxfeaturetofindaspecificitembyenteringdescriptiveterms.
The bottom of the page includes a link to the thirdparty assurance provider TRUSTe. Organizations such as
TRUSTeprovideassurancethattheprivacypoliciesoftheWebsitesmeetcertainstandards.Sellersandbuyers
mustregisterwitheBayandagreetothesite'sbasictermsofdoingbusiness.SellerspayeBayalistingfeeanda
slidingpercentageofthefinalsellingprice.
BuyerspaynothingtoeBay.Inadditiontopayingthebasicfees,sellerscanchoosefromavarietyofenhanced
andextracostservices,includinghavingtheirauctionslistedinboldfacetypeandfeaturedinlistsofpreferred
auctions.
In an attempt to address buyer concerns about seller reliability, eBay instituted a rating system. Buyers can
submitratingsofsellersafterdoing businesswiththem.Theseratingsareconvertedintographicsthat appear
withtheseller'snicknameineachauctioninwhichthatsellerparticipates.
Althoughthissystemisnotwithoutflaws,manyeBaybiddersfeelthatitaffordsthemsomelevelofprotection
fromunscrupuloussellers.Theconverseistruealso;sellersratebuyers,whichprovidesellerssomeprotection
fromunscrupulousbuyers.
AlthougheBaydoesnotreleaseanystatisticsaboutbuyerandsellerfrauds,mostindustryobserversagreethat
sellersfacelargerpotentiallossesthanbuyers.Sellers'greatestrisksarefrombuyerswhousestolencreditcard
numbersorwhoplacethewinningbidbutnevercontactthesellertoconcludethetransaction.
Buyers'risksincludesellerswhoneverdeliverorwhomisrepresenttheirmerchandise.Youwilllearnaboutways
thatsellersandbuyerscanprotectthemselveslaterinthischapter.ThemostcommonformatusedoneBayisa
computerizedversionoftheEnglishauction.TheeBayEnglishauctionallowsthesellertosetareserveprice.
IneBayEnglishauctions,thebiddersarelisted,butthebidamountsarenotdiscloseduntilaftertheauctionis
over. This is a slight variation on the inperson English auction, but because eBay always shows a continually
updatedhighbidamount,abidderwhomonitorstheauctioncanseethebiddingpatternasitoccurs.
ThemaindifferencebetweeneBayandaliveEnglishauctionisthatbiddersdonotknowwhoplacedwhichbid
untiltheauctionisover.TheeBayEnglishauctionalsoallowssellerstospecifythatanauctionbemadeprivate.In
aneBayprivateauction,thesiteneverdisclosesbidders'identitiesandthepricestheybid.
At the conclusion of the auction, eBay notifies only the seller and the highest bidder. Another auction type
offeredbyeBayisanincreasingpriceformatformultipleitemauctionsthateBaycallsaDutchauction.However,
eBayauctionsinthisformatarenottrueDutchauctions;theyareconsideredYankeeauctions.
In either type of eBay auction, bidders must constantly monitor the bidding activity. All eBay auctions have a
minimumbidincrement,theamountbywhichonebidmustexceedthepreviousbid,whichisabout3percentof
Page143
the bid amount. To make bidding easier, eBay allows bidders to make a proxy bid. In a proxy bid, the bidder
specifiesamaximumbid.
Ifthatmaximumbidexceedsthecurrentbid,theeBaysiteautomaticallyentersabidthatisoneminimumbid
increment higher than the current bid. As new bidders enter the auction, the eBay site software continually
entershigherbidsforallbidderswhoplacedproxybids.
Although this feature is designed to make bidding require less bidder attention, if a number of bidders enter
proxybidsononeitem,thebiddingrisesrapidlytothehighestproxybidoffered.Thisrapidriseinthecurrentbid
oftenoccursintheclosinghoursofaneBayauction.
EBayhasbeensosuccessfulbecauseitwasthefirstmajorWebauctionsiteforconsumersthatdidnotcatertoa
specificaudienceandbecauseitadvertiseswidely.EBayspendsmorethan$800millioneachyeartomarketand
promoteitsWebsite.
Asignificantportionofthispromotionalbudgetisdevotedtotraditionalmassmediaoutlets,suchastelevision
advertising.ForeBay,suchadvertisinghasproventobethebestwaytoreachitsmainmarket:peoplewhohave
ahobbyoraveryspecificinterestinitemsthatarenotlocallyavailable.
Whether those items are jewelry, antique furniture, coins, firstedition books, or stuffed animals, eBay has
createdaplacewherepeoplecanbecomecollectors,disposeoftheircollections,ortradeoutoftheircollections.
SpecialtyConsumerAuctions
Rather than struggle to compete with a wellestablished rival such as eBay in the general consumer auction
market, a number of firms have decided to identify specialinterest market targets and create specialized Web
auctionsitesthatmeettheneedsofthosemarketsegments.
Several early Web auction sites started by featuring technology items such as computers, computer parts,
photographicequipment,andconsumerelectronics.DougSalotwasbuyingandsellingcomputerequipmenton
theInternet'sUsenetnewsgroupsbeforetheWebexisted.
HesawthepotentialfortheWeb'sgraphicaluserinterfaceincreatingauctions,and,inSeptember1996,started
anauctionsite,HaggleOnline,forcomputerequipment.Hagglewasboughtandsoldseveraltimesbetween1999
and2002.Today,theHaggleOnlineauctionbusinessisoperatedunderthebrandnameuBid.
Unlikemostonlineauctionsites,uBidsellsitsowninventoryofcloseouts,refurbishedcomputers,andcomputer
relateditems.Althoughcomputersandtechnologywereobviousearlymarketsegmentsthatwouldfindonline
auctions appealing in the first wave of electronic commerce, a number of other specialized Web auction sites
emergedastheWebmatured.
Althoughtheiroperationsaremuchsmallerthanthoseofgeneralconsumerauctionsites,somecompaniesthat
operate specialty consumer auctions have succeeded in building loyal followings. PotteryAuction.com and
JustBeads.com are two examples of auction sites that cater to buyers and sellers who are geographically
dispersedbutsharehighlyfocusedinterests.
StubHuboperatesanauctionsiteforeventtickets.Thesiteincludesticketsofferedforsalebyticketbrokersand
also by individuals for fixed prices. Other specialty consumer auction sites include Cigarbid.com, Golf Club
Exchange, and Winebid. These sites gain an advantage by identifying a strong market segment with readily
identifiableproductsthataredesiredbypeoplewithrelativelyhighlevelsofdisposableincome.Golfclubs,cigars,
wine,andtechnologyproductsallmeettheserequirements.
Page144
As other Web auction site developers identify similar market segments, these specialized consumer auctions
mightbecomeprofitablenichesthatcansuccessfullycoexistwithlargegeneralconsumersites,suchaseBay.
ConsumerReverseAuctionsandGroupPurchasingSites
Sites such as Respond.com offer reverse auctions directed at a consumer market. For example, at the
Respond.comsite,asitevisitorfillsoutaformthatdescribestheitemorserviceinwhichheorsheisinterested.
Thesitethenroutesthevisitor'srequesttoagroupofparticipatingmerchantswhoreplytothevisitorbyemail
withofferstosupplytheitemataparticularprice.Thistypeofofferisoftencalledareversebid.Thebuyercan
thenacceptthelowestofferortheofferthatbestmatchesthebuyer'scriteria.
ManypeoplethinkofPriceline.comasasellerbidauctionsite.Priceline.comallowssitevisitorstostateaprice
they are willing to pay for airline tickets, car rentals, hotel rooms, and a few other services. If the price is
sufficientlyhigh,thetransactioniscompleted.However,Priceline.comcompletesmanyofitstransactionsfrom
aninventorythatithaspurchasedfromairlines,carrentalagencies,andhotels.
TotheextentthatPricelinesellsoutofitsinventory,itoperatesmoreasaliquidationbroker(youwilllearnmore
aboutliquidationbrokersinthenextsection)thanasatruereverseauctionsite.
Another new type of business made possible by the Internet is the group purchasing site, which is similar to a
consumerreverseauction.Onagrouppurchasingsite,thesellerpostsanitemwithaprice.Asindividualbuyers
enterbidsonanitem(thesebidsareagreementstobuyoneunitofthatitem,butnopriceisspecified),thesite
cannegotiateabetterpricewiththeitem'sprovider.
Thepostedpriceultimatelydecreasesasthenumberofbidsincreases,butonlyifthenumberofbidsincreases.
Thus,agrouppurchasingsitebuildsupanumberofbuyerswhowillforcethesellertoreduceitsprice.Theeffect
isverymuchliketheoneachievedbyaconsumerreverseauction.
The types of products that are ideal for group purchasing sites are branded products with wellestablished
reputations.Thisallowsbuyerstofeelconfidentthattheyaregettingagoodbargainandarenottradingoffprice
forreducedquality.Theproductsshouldalsohaveahighvaluetosizeratioandshouldnotbeperishable.
Mercatawasthefirstmajorgrouppurchasingsite,butitcloseditsdoorsinJanuary2001.TheEuropeangroup
purchasingsiteLetsBuyIt.comhasalsoexperienceddifficultiesinmaintainingaprofitableoperation.Ingeneral,
consumergrouppurchasingsiteshavehaddifficultyattractingsellers'interest.
Fewcompaniessellingproductsthatarewellsuitedtogrouppurchasingeffortssuchascomputers,consumer
electronics,andsmallapplianceshavebeenwillingtoworkwiththegrouppurchasingsites.Thesesellershave
not found any compelling advantage in offering reduced prices on their merchandise to the group purchasing
sites.
Most of these sellers believe that these sites cannibalize product sales in their existing sales channels and are
reluctanttooffendthecurrentdistributorsoftheirproductsbysellingthroughgrouppurchasingsites.Without
eagersellers,therevenuemodelbehindconsumergrouppurchasingsitesfellapart.
BusinesstoBusinessAuctions
Unlikeconsumeronlineauctions,businesstobusinessonlineauctionsevolvedtomeetaspecificexistingneed.
Manymanufacturingcompaniesperiodicallyneed todisposeofunusableor excessinventory.Despite thebest
effortsofprocurementandproductionmanagement,businessesoccasionallybuymorerawmaterialsthanthey
need.
Many times, unforeseen changes in customer demand for a product can saddle manufacturers with excess
finishedgoodsorspareparts.Dependingonitssize,afirmtypicallyusesoneoftwomethodstodistributeexcess
Page145
inventory.Largecompaniessometimeshaveliquidationspecialistswhofindbuyersfortheseunusableinventory
items.
Smallerbusinessesoftenselltheirunusableandexcessinventorytoliquidationbrokers,whicharefirmsthatfind
buyersfortheseitems.Onlineauctionsarethelogicalextensionoftheseinventoryliquidationactivitiestoanew
andmoreefficientchannel,theInternet.
Two of the three emerging businesstobusiness Web auction models are direct descendants of these two
traditional methods for handling excess inventory. In the largecompany model, the business creates its own
auction site that sells excess inventory. In the smallcompany model, a thirdparty Web auction site takes the
placeoftheliquidationbrokerandauctionsexcessinventorylistedonthesitebyanumberofsmallersellers.
The third businesstobusiness Web auction model resembles consumer online auctions. In this model, a new
businessentityentersamarketthatlackedefficiencyandcreatesasiteatwhichbuyersandsellerswhohavenot
historically done business with each other can participate in auctions. An alternative implementation of this
modeloccurswhenaWebauctionreplacesanexistingsaleschannel.
One of the earliest examples of the largecompany model is Ingram Micro's Auction Block site, which Ingram
Microstartedin1997.IngramMicroisamajordistributorofcomputersandrelatedequipmenttovalueadded
resellers(VARs),whicharecompaniesthatconfigurecomputerhardwareandsoftware,suchasnetworkservers,
forbusinessusers.
Because computer technology changes rapidly, Ingram Micro often finds itself with outdated disk drives,
computerchips,andotheritemsthatitformerlyturnedovertoliquidationbrokers.IngramMicronowauctions
thoseitemstoitsestablishedcustomersthroughitsinternallyoperatedAuctionBlocksite.
Auctionvolumeismorethan$6millionperyearandtheVARsthatareIngramMicro'smaincustomersnowhave
theoptionofputtingtheAuctionBlockprogramontheirownsites,whichallowstheircustomerstoparticipatein
thebidding.ThesoftwareusedbyIngramMicroanditscustomerswasdevelopedbyMoaiTechnologies,which
nowsellsthesoftwaretoothercompaniesthatwanttofollowIngramMicro'sstrategy.
Ingram Micro estimates that the auction prices it receives on the site average about 60 percent of the items'
costs.Thispercentagecomparesfavorablytotheaverageof10percentto25percentofcostthatIngramMicro
was obtaining from liquidation brokers. In effect, large companies such as Ingram Micro are removing the
liquidationbrokersfromthevaluechainandclaimingthebrokers'intermediaryprofits.Recallthatthisprocessis
calleddisintermediation.Anotherlargecomputertechnologycompanythatdecidedtobuilditsownauctionsite
todisposeofobsoleteinventoryisCompUSA.AlthoughCompUSAsellstoindividuals,itmakes280
a
significantportionofitssalestocorporatecustomers.Insteadofselling throughliquidationbrokers,CompUSA
decidedtoletmidsizedandsmallerbusinessesbiddirectlyonitstechnologyinventory.
In the second businesstobusiness auction model, smaller firms sell their obsolete inventory through an
independentthirdpartyauctionsite.Insomecases,theseonlineauctionsareconductedbythesameliquidation
brokersthathavealwayshandledthedispositionofobsoleteinventory.
Thesebrokersadaptedtothechangedenvironmentandimplementedelectroniccommercetostayinbusiness.
One example is the Dove Bid site established by the RossDove Company, a traditional liquidation broker for
manyyears.
GordonBrothersGroup,anotherliquidationbroker,hasbeensellingtheinventoryoffailedretailerssince1903.
ThecompanyhasuseditsexpertisetolaunchorhelpotherslaunchWebsitesthatliquidateretailerinventories,
including GB RetailExchange and SmartBargains.com. As many dotcom companies began to fail, the savvy
liquidationcompanyidentifiedyetanotherbusinessopportunity.GordonBrotherscreatedaseparatesubsidiary
Page146
thatsellsentireWebsites,software,hardware,andeventheintellectualpropertyleftinthewakeoffailedWeb
ventures.
Other thirdparty auction sites have been started by newcomers or companies that want to liquidate their
inventoryandarewillingtodothesameforothercompaniesintheirindustry.Insomeindustries,newauction
marketsontheWebarereplacingolderwaysofdoingbusiness.Forexample,telecommunicationscompaniescan
buyorselltimeontheirnetworkstoeachotherthroughtheBandXWebauctionsite.Sellerslistthenumberof
minutes they have available, and the price of airtime minutes fluctuates in response to buyers' bids on those
minutes.EstablishedsecuritiestradingorganizationssuchastheNewYorkStockExchange(NYSE)andtheChicago
BoardofTrade(CBOT)arefacinganelectronicchallengetotheirtimehonoredwaysofdoingbusiness.In1998,a
new venture called the International Securities Exchange (ISE) was funded by electronic brokers E*TRADE and
AmeritradeHoldings,withcontributionsfromseveralotherbrokeragefirms.
ThisnewsecuritiesexchangewasthefirsttoberegisteredintheUnitedStatessince1973.InMay2000,theISE
beganitsoperationswithtradingin82ofthemostactivelytradedstockoptionscontracts.By2005,theISEwas
completingmorethan40milliontradespermonthandhadbecomethelargestequityoptionstradingcompany
intheUnitedStates.In2000,thePacificExchange,atraditionalstockexchangethathasbeeninbusinesssince
1862, joined with Archipelago Holdings to develop an electronic exchange, ArcaEx, which replaced the Pacific
Exchange'sphysicaltradingfloorinMarch2002.ArcaExtradessecuritieslistedontheNYSE,theAmericanStock
Exchange,thePacificExchange,andNASDAQStockMarket.
Electronicsecuritiesexchangesposeathreattoallexistingphysicalsecuritiesexchangesbecausetheirlowerfees
mightattractthemostlucrativelargetradesofactiveissuesfromexistingexchanges.Industryanalystsquestion
whethertraditionalexchangessuchastheNYSEandtheCBOTcancontinuetoexistonceelectronicexchanges
becomebetterestablished.
In2005,theNYSEannouncedaproposedmergerwithArcaEx,whichwouldgivetheNYSEaccesstotheArcaEx
electronictradingplatform.ThemergerplanwasresistedbysomelongtimeNYSEmemberfirmsthatbelieved
theNYSEcoulddeveloponlinetradingcapabilitiesonitsown.Thecompletionofthemergerhasbeendelayedby
the objections of these member firms. Another online auction innovation is the new approach to bidding
pioneered by FreeMarkets, now a part of Ariba. Instead of using a public online auction site, the FreeMarkets
approach provides software and hardware tools to coordinate private online auctions that allow businesses to
solicitbidsfromsuppliers.
Instead of sending out request for proposal packages to many suppliers, a business can list its request for
proposalswithAriba.Companiesthathaveusedthisapproachreportsavingsof10percentto20percentintheir
procurement costs. In effect, Ariba has moved the traditional firstprice sealedbid auction form onto the
Internet.
Agrowingnumberofhospitalsandotherorganizationsareusingonlineauctionstofilltemporaryemployment
openings. Health care workers, such as nurses, perform similar duties in specific health care settings in most
hospitals.
For example, the duties performed by an intensive care unit nurse are almost identical across hospitals. State
regulations on nurse licensing require that nurses have similar levels of knowledge, skills, and abilities. Having
similarjobfunctionsinworkplacesandhavingsimilarlyqualifiedpersonsworkinginthosejobsallowsbothnurses
andemployerstotreatthenursingfunctionasacommodity.
Therefore, nurses can easily work for a variety of employers and do not require long periods of training or
learning procedures specific to a particular hospital. In the past, nurse agencies would coordinate placement,
Page147
matchingnurseswhowantedtoworkparticulardaysorshiftswithhospitalsandotherhealthcareorganizations
whohadshiftstofill.
The agency would earn a commission on each placement. Today, companies such as BidShift sell software to
employersthatletsthemoperatetheirownshiftauctions.Nursesbidontheshiftstheywouldprefertoworkand
thesoftwaremanagestheauctions.Inanefficientmatchingofsupplyanddemand,employersmeettheirstaffing
needsefficiently,nursesgettoworkwhentheywant,andtheagencyfeeisavoided.
BusinesstoBusinessReverseAuctions
Earlier, you learned how businesses are creating various types of electronic marketplaces to conduct B2B
transactions. Many of these marketplaces include auctions and reverse auctions. In 2001, glass and building
materialsproducerOwensCorningheldmorethan200reverseauctionsforavarietyofitemsincludingchemicals
(directmaterials),conveyors(fixedassets),andpipefittings(MRO).OwensCorningevenheldareverseauctionto
buybottledwater.
Asking its suppliers to bid has reduced the cost of those items by an average of 10 percent. Because Owens
Corningbuysbillionsofdollarsworthofmaterials,fixedassets,andMROitemseachyear,thepotentialforcost
savings is significant. Both the U.S. Navy and the federal government's General Services Administration are
experimenting with reverse auctions to acquire a small part of the billions of dollars worth of materials and
supplies they purchase each year. Companies that use reverse auctions include Agilent, BankOne, Bechtel,
Boeing,Raytheon,andSony.
Not all companies are enthusiastic about reverse auctions. Some purchasing executives argue that reverse
auctions causesupplierstocompeteonpricealone,whichcanleadsuppliersto cutcornersonquality ormiss
scheduleddeliverydates.
Others argue that reverse auctions can be useful for nonstrategic commodity items with established quality
standards. However, as R. Gene Richter (a supply management pioneer at IBM) noted in a 2001 interview
publishedinPurchasing,"Everythingisstrategictosomebody.Talkaboutballpointpens.Asecretaryhasspotsall
overherbrandnewblousebecausethepenyouboughtforacentandahalfisleaking."
Companies that have considered reverse auctions and decided not to use them include Cisco, Cubic, IBM, and
SolarTurbines.Withcompellingargumentsonbothsides,theextenttowhichreverseauctionswillbeusedinthe
B2Bsectorisnotyetclear;however,someguidelinesfordecidingwhethertousereverseauctionsarebeginning
toemerge.
In some industry supply chains, the need for trust and longterm strategic relationships with suppliers makes
reverseauctionslessattractive.Infact,thetrendinpurchasingmanagementoverthelast20yearshasbeento
increase trustbased relationships that endure for many years. Using reverse auctions replaces trusting
relationships with a bidding activity that pits suppliers against each other and is seen by many purchasing
managersasastepbackward.
Insomeindustries,suppliersarelargerandmorepowerfulthanthebuyers.Inthoseindustries,supplierssimply
do not agree to participate in reverse auctions. If enough important suppliers refuse to participate, it is
impossibletoconductreverseauctions.
Inindustrieswherethereisahighdegreeofcompetitionamongsuppliers,however,reverseauctionscanbean
efficientwaytoconductandmanagethepricebiddingthatwouldnaturallyoccurinthatmarket.
SupplyChainCharacteristicsthatSupportReverseAuctions:
Suppliersarehighlycompetitive.
Productfeaturescanbeclearlyspecified.
Page148
Suppliersarewillingtoreducethemargintheyearnonthisproduct.
Suppliersarewillingtoparticipateinreverseauctions.
SupplyChainCharacteristicsthatDiscourageReverseAuctions:
Productishighlycomplexorrequiresregularchangesindesign.
Producthascustomizedfeatures.
Longtermstrategicrelationshipsareimportanttobuyersandsuppliers.
Switchingcostsarehigh.
AuctionRelatedServices
The growth of eBay and other auction sites has encouraged entrepreneurs to create businesses that provide
auctionrelated services of various kinds. These include escrow services, auction directory and information
services,auctionsoftware(forbothsellersandbuyers),andauctionconsignmentservices.Thissectiondescribes
eachofthesenewindustriesthathavearisentomeettheneedsofauctionparticipants.
AuctionEscrowServices
Acommonconcernamongpeoplebiddinginonlineauctionsisthereliabilityofthesellers.Surveysindicatethat
asmanyas15percentofallWebauctionbuyerseitherdonotreceivetheitemstheypurchased,orfindtheitems
tobedifferentfromtheseller'srepresentationinsomesignificantway.
Abouthalfofthosebuyersareunabletoresolvetheirdisputestotheirsatisfaction.Whenpurchasinghighvalue
items, buyers can use an escrow service to protect their interests. You learned earlier in this chapter that an
escrowserviceisanindependentpartythatholdsabuyer'spaymentuntilthebuyerreceivesthepurchaseditem
andissatisfiedthattheitemiswhatthesellerrepresentedittobe.
Someescrowservicestakedeliveryoftheitemfromthesellerandperformtheinspectionforthebuyer.Insuch
situations,buyersgivetheescrowserviceauthoritytoexamine.Usually,escrowagentsthatperformthisservice
are art appraisers, antique appraisers, and the like who are qualified to judge quality, usually with better
judgmentthanthebuyer.
Escrowservicesdo,however,chargefeesrangingfrom1percentto10percentoftheitem'scost,subjecttoa
minimumfee,typicallybetween$5and$50.Theminimumfeeprovisioncanmakeescrowservicestooexpensive
forsmallpurchases.
EscrowservicesthathandleWebauctiontransactionsincludeEscrow.com,SafeBuyer.com,eDeposit,andSquare
Trade. Some of these escrow firms also sell auction buyer's insurance, which can protect buyers from non
deliveryandsomequalityrisks.
Warybiddersinlowpriceauctions(forwhichtheminimumescrowchargeswouldbeexcessive)dohavesome
otherwaystoprotectthemselves.Onewayistoconsultthesellersrecordontheauctionsitetoseehowthe
sellerisrated.
Also,someWebsitesofferlistsofauctionsellerswhohavefailedtodelivermerchandiseorwhohaveotherwise
cheatedbiddersinthepast.Thesesitesareoperatedasfreeservices(oftenbybidderswhohavebeencheated),
so they sometimes contain unreliable information and they open and close periodically, but you can use your
favoritesearchenginetolocatesitesthatcurrentlycarrysuchlists.
AuctionDirectoryandInformationServices
AnotherserviceofferedbysomefirmsontheWebisadirectoryofauctions.SitessuchasAuctionguide.comoffer
guidancefornewauctionparticipantsandhelpfulhintsandtipsformoreexperiencedbuyersandsellersalong
with directories of online auction sites. AuctionBytes is an auction information site that publishes an email
newsletterwitharticlesaboutdevelopmentsintheonlineauctionindustry.
Page149
TheStrongNumberssiteoffersinformationaboutfairmarketvalueforawidevarietyofproductsandcollectibles.
Thisinformationcanbeusefultosellerswhoaretryingtosetareservepriceortobuyersdecidingwhethertobid
orhowmuchtobid.
Price Watch is an advertisersupported site on which those advertisers post their current selling prices for
computerhardware,software,andconsumerelectronicsitems.Althoughthismonitoringisaretailpricingservice
designedtohelpshoppersfindthebestpriceonnewitems,Webauctionparticipantsfinditcanhelpthemwith
theirbiddingstrategies.
PriceSCAN is a similar pricemonitoring service that also includes prices on books, movies, music, and sporting
goods,inadditiontothetypesofitemsmonitoredbyPriceWatch.
AuctionSoftware
Bothauctionbuyersandsellerspurchasesoftwaretohelpthemmanagetheironlineauctions.Sellersoftenrun
manyauctionsatthesametime.CompaniessuchasAndale,AuctionHawk,andVendiosellauctionmanagement
softwareandservicesforbothbuyersandsellers.Forsellers,thesecompaniesoffersoftwareandservicesthat
can help with or automate tasks such as image hosting, advertising, page design, bulk repeatable listings,
feedbacktrackingandmanagement,reporttracking,andemailmanagement.
Using these tools, sellers can create attractive layouts for their pages and manage hundreds of auctions. For
buyers, a number of companies sell auction sniping software. Sniping software observes auction progress until
thelastsecondortwooftheauctionclock.Justastheauctionisabouttoexpire,thesnipingsoftwareplacesa
bidhighenoughtowintheauction(unlessthatbidexceedsalimitsetbythesnipingsoftware'sowner).
The act of placing a winning bid at the last second is called a snipe. Because sniping software synchronizes its
internal clock to the auction site clock and executes its bid with a computer's precision, the software almost
alwayswinsoutoverahumanbidder.Thefirstsnipingsoftware,namedCricketJr.,waswrittenbyDavidEcclesin
1997.HesellsthesoftwareonhisCricketSnipingSoftwaresite.Anumberofothersnipingsoftwaresellershave
enteredthemarketeachclaimingthatitssoftwarewilloutbidothersnipingsoftware.Somesitesoffersniping
services; that is, the sniping software runs on their Web site and customers enter their sniping instructions on
thatsite.
Someofthesecompaniesoffersubscriptions;othersuseamixedrevenuemodelinwhichtheyoffersomefree
snipes supported by advertising, but require payment for additional snipes. A good source for current
informationaboutthesnipingsoftwareandservicesbusinessistheAuctionBytesWebsite.
AuctionConsignmentServices
Severalentrepreneurshaveidentifiedyetanotherauctionrelatedbusinessthatmeetstheneedsofpeopleand
smallbusinessesthatwanttouseanonlineauction,butdonothavetheskillsorthetimetobecomeaseller.
Thesecompanies,calledauctionconsignmentservices,takeanitemandcreateanonlineauctionforthatitem,
handlethetransaction,andremitthebalanceoftheproceedsafterdeductingafeethatrangesfrom10percent
to40percentofthesellingpriceobtained.Itemsthatdonotsellarereturnedordonatedtocharity.
ThemainauctionconsignmentbusinessesincludeAuctionDrop,QuickDrop,andPictureitSOLD.Becauseonekey
tosuccessinthisbusinessishavingconvenientlocationsatwhichcustomerscandropofftheiritems,allofthese
companiesareplanningtoopentheirownstoresandfranchisestoresasrapidlyaspossible.
Allfouroftheseauctionrelatedbusinessesareexcellentexamplesofthesecondwaveofelectroniccommerce.
In the first wave, the online auction business was made possible by the Web. In the second wave, the online
auctionbusinesshasitselfcreatedopportunitiesforevenmoreentirelynewtypesofbusiness.
Page150
VirtualCommunitiesandWebPortals
Online auctions and related activities are not the only new businesses made possible by the Internet. As you
learnedinearlierchapters,theInternetreducestransactioncostsinvaluechainsandoffersanefficientmeansof
communicationtoanyonewithanInternetconnection.
Combining the Internet's transaction cost reduction potential with its role as a facilitator of communication
amongpeople,companieshavedevelopedtwoothernewapproachestomakingmoneyontheInternetandthe
Web:virtualcommunitiesandWebportals.Considerthefollowingscenario:
FranDennisonhasarrivedinParisonedayearlyforaseriesofbusinessmeetings.Shehopestorecoverfromher
jet lag and enjoy a little French food before her work begins. She finds a lovely cafe and, using her basic
knowledgeofFrench,successfullyorderslunch.
FranisreadingthebusinesssectionofLeMonde,alocalnewspaper.Shebeginsreadinganarticleaboutoneof
thebusinesspartnersshewillmeettomorrow,butherFrenchisnotgoodenoughtocompletelyunderstandthe
article.Franopenshernotebookcomputerandentersarequestfortranslationservices.
Shespecifiesthatsheneedsimmediaterealtimetranslationofupto500wordsandiswilling topayupto20
centsperword.Shenotesthatthematerialtobetranslatedisanarticleintoday'sLeMonde;shealsoentersthe
titleofthearticle.
Her computer, which contains a cellular link to her office network, launches an immediate search of online
communities and marketplaces for this exact service. Two minutes later, a message appears on her computer
fromaFrenchgraduatestudentintheUnitedStates,PhilippeDesmarest.
His message indicates that he is willing to provide an immediate translation at Fran's quoted rate and that his
computerhasfoundthearticleontheLeMondeWebsite.Fiveminuteslater,anEnglishtranslationappearsin
Fran'smailboxand$94.20hasbeenmovedfromhercheckingaccounttoPhilippe's. Franhastimetoreadthe
articleandthinkabouthowshewilladjustherpresentationattomorrow'smeetingbeforehersaladarrives.
Thisscenarioisveryclosetobecomingpossibletoday.Threekeyelementsarerequiredtomakethingssuchas
Fran's ondemand translation a reality: cellularsatellite (mobile) communications technology, electronic
marketplaces,andsoftwareagents.Allthreeoftheseelementsexisttoday,buttheyhaveyettobecompletely
integrated.Youwilllearnabouteachoftheseelementsinthefollowingsections.
MobileCommunicationsTechnology
Cellularsatellite communications technology capable of linking Fran to the Internet can be packaged with
notebookcomputers,personaldigitalassistants(PDAs),andmobilephones.ThePDAshowninthefiguredisplays
aWebpagesentusingtheWirelessApplicationProtocol(WAP).
WAP allows Web pages formatted in HTML to be displayed on devices with small screens, such as PDAs and
mobile phones. As mobile technology improves, more and more devices will become Webenabled and will
includeotherfeaturesthatwillopendoorstoasecondwaveofelectroniccommerce.
For example, Garmin makes a PDA that includes a Global Positioning Service (GPS) receiver. The user enters a
destination address and the PDA displays a map. As the user drives toward the destination, the GPS receiver
tracks the PDA's current location (using signals from GPS satellites) and causes the PDA to announce driving
directions,suchas"turnright300feetahead."
ThePDAmakestheannouncementsbasedoninformationcontainedintheGPSsignalsitreceivesandamapof
theareathatisstoredinitsmemory.OthercompaniesarebeginningtointegratewirelessInternetconnectivity
withGPStoolstocreatecompletelynewproductsforindividualsandbusinesses.
Page151
Asthesecondwaveofelectroniccommercecontinuestoevolve,thistypeoftechnologyconvergencewillprovide
newrevenueopportunitiesforinnovativebusinesses.
MobileBusiness
Earlier, you learned that electronic marketplaces have grown in the B2B sector. As wireless and satellite data
transmissiontechnologiesbecomeintegratedwithmarketplaces,thesemarketplacescanservepeoplewhowant
tobuyandsellawiderangeofproductsandservices.
Mostindustryobserversagreethatrevenuemodelsformobilebusinesscanbedevelopedoncemobilephones,
notebook computers with wireless Internet connections, and online marketplaces are interconnected in ways
thatletpeopleswitchamongmodesofaccessseamlessly.Thishasnotoccurredyet,butmanyexpertsbelieve
thatwearegettingclose.
Themuchheraldedpotentialofmobilebusinesscouldmaterializeatlast.FirmssuchasAvantGoalreadyprovide
PDAswithdownloadsofWebsitecontents,news,restaurantreviews,andmaps.Userscancreateaccountswith
AvantGo that permit AvantGo to send these downloads to their wireless PDAs, telephones, or other mobile
devicesautomatically.Thecompanyearnsrevenuebysellingadsthatappearwiththedownloadedcontent.
Anothercompanythathasbeensuccessfulatgeneratingrevenuefrommobiletechnologyanditsconvergence
withGPSisWherifyWireless.Wherifysellssmallmobilephonesthatdonothaveastandardkeypad.Thephone
has five programmable buttons for outgoing calls, but the key feature is that the phone continually reports its
locationtotheWherifytrackingcenter.
Subscribers can give the mobile phones to their children, elderly parents, or employees and obtain location
informationbycallingthetrackingcenterorconnectingtothetrackingcenterthroughtheInternet.Thewireless
technology and Internet technology combination that Wherify uses is a good example of the type of seamless
integrationthatcompanieswillusetogeneraterevenueastheydevelopmobilebusinessideasinthefuture.
IntelligentSoftwareAgents
SomecompaniesprovideWebsitesthathelpusersfindproductsandservicesforsaleontheWeb.Thesesites
useintelligentsoftwareagents (alsocalledsoftware robots,orbots),whichareprograms thatsearchtheWeb
andfinditemsforsalethatmeetabuyer'sspecifications.
Somesoftwareagentsarefocusedonaparticularcategoryofproduct,suchasBestBookBuys,whichsearches
more than 20 online bookstores for the best prices on books. In addition to obtaining price information,
researchersaredevelopingothersoftwareagentsthattrackratingsofbuyerandsellerreputations.
InmuchthesamewaythateBaymakesreputationreportsavailabletoitsbiddersandsellersabouteachother,
moregeneralsoftwareagentscancreateandsearchdatabasesofallkindsofbuyselltransactionsontheWeb.
TheMITMediaLabSoftwareAgentsGroupandtheCarnegieMellonIntelligentSoftwareAgentsLabhavebeen
leadersinthedevelopmentofintelligentsoftwareagents.
TheBotSpotWebsiteisagoodsourceofinformationaboutsoftwareagentsandincludeslinkstodownloadable
botprograms.Simonisoneofthebestshoppingagentscurrentlyavailable.Inadditiontofindingproductitem
matches,softwareagentssuchasSimoncanfindthelowestpriceforanitem.YoucanfindSimonatthemySimon
Website.
VirtualCommunities
Avirtualcommunity,alsocalledaWebcommunityoranonlinecommunity,isagatheringplaceforpeopleand
businessesthatdonothaveaphysicalexistence.
Page152
VirtualcommunitiesexistontheInternettodayinvariousforms,includingUsenetnewsgroups,chatrooms,and
Web sites. These communities offer people a way to connect with each other and discuss common issues and
interests.Thesocialinteractioninthesecommunitiescanbeconsiderableandmanysociologistsbelievethatthe
communication and relationshipforming activities that occur online are similar to those that occur in physical
communities.
Oneformofvirtualcommunitywithwhichyoumightbefamiliaristhevirtuallearningcommunity.Manycolleges
anduniversitiesnowoffercoursesthatusedistancelearningplatformssuchasBlackboardorWebCTforstudent
instructorinteraction.
These distance learning platforms include tools such as bulletin boards, chat rooms, and drawing boards that
allowstudentstointeractwiththeirinstructorsandeachotherinwaysthataresimilartotheinteractionsthat
mightoccurinaphysicalclassroomsetting.
Someopensourcesoftwareprojectsaredevotedtothedevelopmentofvirtuallearningcommunities,including
Moodleand uPortal.Inadditiontofulfillingthesocialinteractionneedsofindividuals,virtualcommunitiescan
help companies, their customers, and their suppliers plan, collaborate, transact business, and interact in ways
thatbenefitallofthem.
Another approach to electronic commerce using virtual communities is Google Answers site. Google Answers
givespeopleaplacetoaskquestionsthatarethenansweredbyanexpert(calledaGoogleAnswersResearcher)
forafee.
Google administers a test to determine which members of the community qualify to become Google Answers
Researchers.Thequestionersetsthefee(thereisaminimumfeeof$2.50)anddetermineswhetheranansweris
sufficientbeforeauthorizingthepaymentofthefee.
Mostquestionspostedtodatehavebeenansweredforfeesbetween$10and$200.Membersofthecommunity
whoarenotGoogleAnswersResearchersarealsopermittedtoanswerquestions,buttheydonotcollectafee.
Manyofthecommunitymemberswhoareactiveanswerprovidershavegoneontotakethetestandbecome
Google Answers Researchers. When a question is answered, the question and answer appear on the Google
Answerssite.
EarlyWebCommunities
OneofthefirstWebcommunitieswastheWELL.TheWELL,whichisanacronymfor"wholeearth'lectroniclink,"
predatestheWeb.ItbeganasaseriesofdialogsamongtheauthorsandreadersoftheWholeEarthReviewin
1985.
Most WELL members were originally from the San Francisco Bay area, and the influence of that area's
countercultureheritageisasignificantpartoftheWELL'sambiance.MembersoftheWELLpayamonthlyfeeto
participateinitsforumsandconferences.
TheWELLhasbeenhometomanyimportantresearchersandparticipantsinthegrowthoftheInternetandthe
Web. Its membership also includes noted writers and artists. In 1999, Salon.com bought the WELL and has
maintainedthesenseofcommunitythathadexistedtherefor14years.
AccesstotheWELLcommunitynowrequiresa$10permonthsubscription.Apremiumsubscriptionthatincludes
a "@well.com" email address and the ability to start your own conferences within the WELL costs $15 per
month.
Page153
AstheWebemergedinthemid1990s,itspotentialforcreatingnewvirtualcommunitieswasquicklyexploited.
In 1995, Beverly Hills Internet opened a virtual community site that featured two Webcams aimed down
Hollywood streets and links to entertainment information Web sites. The theme of this community was the
formationofdigitalcitiesaroundthefocusoftheWebcams.
The founders of Beverly Hills Internet wanted to create a sense of community and thought that the Webcams
would help accomplish that goal. Their hope was that people would be attracted by the Webcam images and
wouldwanttoaddtheirowncontributions,thusbecomingmembersofavirtualneighborhood.
MembersweregivenfreespaceontheWebsitetocreatepageswithinthesevirtualcitiesonwhichtoaddtheir
contributions.Asitturnedout,theWebcamsneverdidattractmuchtraffic,buttheofferoffreeWebspacedid.
ThefirstofthesedigitalcitieswerecreatedaroundWebcamsintheLosAngelesareaandthereforewerenamed
forLosAngelesareacommunities.
Asthesitegrewtoincludemoregeographicareas,itchangeditsnametoGeoCities.GeoCitiesearnedrevenue
by selling advertising on members' Web pages and popup pages that appeared whenever a visitor accessed a
member'ssite.GeoCitiesgrewrapidlyandwaspurchasedin1999byYahoo!for$5billion.
Other similar sites became virtual communities. Tripod was founded in 1995 in Massachusetts and offered its
participants free Web page space, chat rooms, news and weather updates, and health information pages. Like
GeoCities,Tripodsoldadvertisingonitsmainpagesandonparticipants'Webpages.ThesearchenginesiteLycos
purchasedTripodin1998for$58million.
Theglobe.com,alsostartedin1995,wastheoutgrowthofaclassprojectatCornellUniversity.Thestudents,who
created the site included bulletin boards, chat rooms, discussion areas, and personal ads. They then sold
advertising to support the site's operation. Later additions included news feeds, an online art gallery, and
shoppingpages.
Although Theglobe.com offered free Web page space, it did not emphasize that feature to the same extent as
competingvirtualcommunities.Theglobe.comturneddownseveralofferstopurchaseitscommunityduringits
lifetime.Thecompanyexperienceddeclinesinadvertisingrevenuesduringtheeconomicslowdownof2000and
finallyclosedin2001.
WebCommunityConsolidation
Virtual communities for consumers can succeed as moneymaking propositions if they offer something
sufficientlyvaluabletojustifyachargeformembership.Forexample,peoplejoiningtheWELLcommunityobtain
accesstoaveryinterestingsetofexistingmemberswhofrequenttheWELL'sdiscussionareas.Theseareasare
openonlytomembers.
Thus,WELLownerSalon.comcanchargeasubscriptionfeeforaccesstotheWELLcommunity.Asyoulearnedin
theprevioussection,mostvirtualcommunitieshavebeenunabletosupportthemselvesandhaveeitherclosed
or been sold to companies such as Yahoo! or sites that have other revenuegenerating activities that they can
providetothepurchasedcommunity.
WebCommunitiesintheSecondWaveofElectronicCommerce
IntheearlydaysoftheInternet,virtualcommunitieswereanessentialpartoftheonlineexperienceforthesmall
numberofpeoplewhoregularlyusedthemedium.AstheInternetandWebgrew,someofthesecommunities
grew,butothersfoundthattheirpurposeasaplaceforsharingthenewexperiencesofonlinecommunication
begantofade.Inthesecondwaveofelectroniccommerce,anewphenomenoninonlinecommunicationbegan.
PeoplewhowerenowusingtheInternetnolongerfoundacommonbondinthefactthattheywereusingthe
Internet.Multiplecommonbondsjoinedpeoplewithalltypesofcommoninterests.TheInternetwasnolonger
Page154
the focus of the community, but was simply a tool that enabled communication among members of the
community.
WebLogs(Blogs)
Asyoulearnedearlier,Weblogs,orblogs,areWebsitesthatcontaincommentaryoncurrenteventsorspecific
issueswrittenbyindividuals.Manyblogsinvitevisitorstoaddcomments,whichtheblogownermayormaynot
edit.Theresultisacontinuingdiscussionofthetopicwiththepossibilityofmanyinterestedpersonscontributing
tothatdiscussion.
Mostoftheearlyblogswerefocusedontechnologytopicsorontopicsaboutwhichpeoplehavestrongbeliefs
(forexample,politicalorreligiousissues).The2004U.S.electionssawthefirstmajoruseofblogsasapolitical
networkingtool.
Inpreviouselections,candidateshadWebsitesandpoliticalpartiessentoutemailmessagestosupportersand
potentialdonors,butinthe2004elections,theseactivitieswerecoordinatedinanewway.Individualsworking
aloneorwithestablishedpoliticalorganizationssetupWebsitesthatprovidedaplaceforpeopleinterestedina
candidate or an issue to communicate with each other. These sites allowed people to discuss issues, plan
strategies,andevenarrangeinpersonmeetingscalledmeetups.
Afterseeingthesuccessofblogsandvirtualcommunitiesaspoliticalnetworkingtools,someretailersembraced
blogsasawaytoengageWebsitevisitorswhowerenotreadytobuyfromthesite,butwhowereinterestedin
theproductsorservicesoffered.Bluefly.com,theonlinediscountapparelretailer,creditsitsblogFlypaperwith
drawingnewcustomerstothestore.
TheFlypaperblogwasopenedin2005andinvitesvisitorstodiscussanythingrelatedtofashion.Bluefly.comis
tryingtoappealmoretowomenwhowanttobuyclothesandaccessoriesthatarecurrentlyfashionablerather
than their current customer base of women who are looking for discounted items that might no longer be
fashionable.
OnlinejewelerIce.comoperatesseveralblogs,includingonefocusedoncelebrityjewelry.Thecompanybelieves
thattheblogsencouragepotentialcustomerstovisittheironlinestore.Asblogsbecomemorecommon,many
businessesarelikelytoworkthemintotheiroperatingplans.CNNregularlyincludesinformationfromblogson
their television newscasts and a number of newspapers are experimenting with blogs and virtual community
spacesontheirWebsites.
Some small town newspapers now depend on readers to contribute information about community issues and
events.EvenlargernewspaperswouldratherrunablogorWebsitewithreadercontributionsthanpayreporters
towritestoriesabouteventsorissuesthatwouldinterestonlyasmallsegmentoftheirreadership.
By inviting information and opinion contributions, newspapers hope to reach members of the 1835 year old
generation,agroupthatreadsnewspapersfarlessthantheirparentsdid.Thistrendtowardhavingreadershelp
writetheonlinenewspaperiscalledparticipatoryjournalism.
SocialNetworkingWebSites
InadditiontoWebsitesandchatcommunitiesbuiltoncommoninterests,thesecondwavesawtheintroduction
of new virtual communities that existed for the sole purpose of community. These sites are sometimes called
socialnetworkingsites.
Oneofthefirstofthesewascraigslist,aninformationresourceforSanFranciscoarearesidentsthatwascreated
in 1995 by WELL member Craig Newmark. That community has grown to include information for most major
citiesintheUnitedStatesandinseveralothercountries.Thesiteisoperatedbyanotforprofitfoundation,and
allpostingsotherthanhelpwantedadsarefree.
Page155
The craigslist Web site was an early pioneer, but significant growth in profitfocused virtual community sites
emerged during the second wave of electronic commerce. For example, the virtual community site Friendster
wasfoundedbyJonathanAbramsin2002.Othersitesfollowed,includingLinkedInandTribe.net.
Thesevirtualcommunitieshavebecomeusefultoolsforpersonswhowanttomakenewlocalfriends,establish
acquaintancesbeforemovingtoanewlocation,obtainadviceofvariouskinds,orwhoarelookingforajob.
The idea behind these sites is that people are invited to join by existing members who think they would be
valuableadditionstothecommunity. Thesiteprovidesadirectorythatlistsmembers'locations,interests,and
qualities.Thedirectorydoesnotdisclosethenameorcontactinformationofmembers,however.
Amembercanoffertocommunicatewithanyothermember,butthecommunicationdoesnotoccuruntilthe
intendedrecipientapprovesthecontact(usuallyafterreviewingthesender'sdirectoryinformation).
In addition to searching the directory of the community, new members can work through friends they have
establishedinthecommunity(perhapsstartingwiththepersonwhoinvitedthemtojoin).Bygraduallybuilding
upasetofconnections,memberscandevelopcontactswithinthecommunitythatmightprovevaluablelater.
IdeaBasedVirtualCommunities
Social networking sites form communities based on connections among people. Other Web sites create
communitiesbasedontheconnectionsbetweenideas.Thesemoreabstractcommunitiesarecalledideabased
virtualcommunitiesandthepeoplewhoparticipateinthemaresaidtobeengaginginideabasednetworking.
The del.icio.us site calls itself a "social bookmarks manager." Individuals place Web page bookmarks with one
word tags that describe the Web page in a communityaccessible location on the site. The bookmarktag
combinations are focused on ideas and the contributions of all community members build a shared base of
knowledgeaboutthoseideas.Amongthemostactivetagnamesonthesitearewordssuchasdesign,reference,
tools,music,news,howto,andphotography.Anotherideabasedvirtualcommunitythatusessharedtagsis43
Things.
Althoughall ofthesevirtualcommunitysitesarestillfairlynew,theyshow greatpromiseforrecreating(ona
much larger scale) the essence of the original Internet communities. Strategies that build on a combination of
virtualcommunitiesandotheractivitiesarecalledWebportalrevenuemodels,discussedinthenextsection.
RevenueModelsforWebPortalsandVirtualCommunities
Bythelate1990s,virtualcommunitiesweresellingadvertisingtogeneraterevenue.SearchenginesitesandWeb
directories were also selling advertising to generate revenue. Beginning in 1998, a wave of purchases and
mergersoccurredamongthesesites.
Thenewsitesthatemergedstillusedanadvertisingonlyrevenuegenerationmodelandincludedallthefeatures
offered by virtual community sites, search engine sites, Web directories, and other informationproviding and
entertainmentsites.TheseportalsaresonamedbecausetheirgoalistobeeveryWebsurfer'sdoorwaytothe
Web.
AdvertisingSupportedWebPortalsandVirtualCommunities
Some Web observers believe that Web portal sites could be the great revenuegenerating businesses of the
future. They argue that adding portal features to existing sites or converting sites to portals can be a wise
business strategy. They believe that combining Web communities' sense of belonging with search engine and
Web directory tools will yield Web sites with high degrees of stickiness that will be extremely attractive to
advertisers.
Page156
One rough measure of stickiness is how long each user spends at the site. Figure 616 shows the same
information for users who accessed the sites that month using computers at work (Note: People who have
broadbandaccessatworkandnotathomeoftenusetheiratworkcomputersforpersonalbusinessduringnon
workhours).
TheinformationinbothfiguresisadaptedfromNielsen//NetRatingsreportsandshowssitesgroupedbyowner.
Forexample,thenumbersforMicrosoftincludeactivityonallsitesoperatedbyMicrosoft,includingpeoplewith
HotmailaccountscheckingtheiremailandMSNsubscribersusingthatWebportal'sservices.
Owner
Millionsofuniquevisitors
Averagetimepervisit(H:MM)
Microsoft
51
2:05
Yahoo!
44
3:41
Google
41
0:53
TimeWarner
40
4:26
U.S.Government
31
0:27
eBay
26
2:03
FIGURE616StickinessofpopularWebsitesaccessedfromworkcomputers
Nielsen/NetRatingsdeterminessitepopularitybymeasuringthenumberofuniquevisitorstoasite.Theleading
sitesoftenhavemorethan100millionuniquevisitorspermonth.Inthefigure,thesiteownersarenotrankedby
popularity,butbytheaveragenumberofminutesthatusersspentonthesites.
BecauseWebportalsasktheirmemberstoprovidedemographicinformationaboutthemselves,thepotentialfor
targetedmarketingisveryhigh.IndustryobserversarepredictingthatWebportalscouldbeoneofthesuccess
storiesofthesecondwaveofelectroniccommerce.
Microsoft,TimeWarner(throughitsAOLdivision),andYahoo!eachdrawasignificantnumberoftheirvisitorsat
theirWebportalsites.Highvisitorcountscanyieldhighadvertisingratesforthesesites.Intheboomyearsofthe
firstwave,Webportalswereabletoobtainupfrontcashpaymentsfromadvertisers,whichisveryunusualfor
anykindofadvertisingsale.
Forexample,theExcitesearchenginesitepaidNetscape(nowapartofTimeWarner)a$70millionadvancefee
fortwoyearrightstoaprominentadvertisinglocationonitsNetcenterWebportalsite.Otherportalsiteshave
negotiatedadvertisingdealsthatincludedapercentageofsalesgeneratedfromsalesleadsontheportalsite.
The companies that run Web portals have added sticky features such as chat rooms, email, and calendar
functionsoften by purchasing the companies that create those features. In addition to buying the virtual
communitysiteTripod,LycospurchasedtheonlinedirectoryWhoWhere?for$133million.In1999alone,Yahoo!
spentover$10billionincashandstocktoexpandtherangeofservicesavailableonitsWebportalsite.
Thisspendingspree endedwiththedeclineinonlineinvestmentthatoccurredin20002002atthe endof the
first wave of electronic commerce. This downturn created serious doubts about whether even the largest and
mostwellknownWebportals,suchasYahoo!andExcite,couldsurvive.
Manysmallerportalsclosed.ThefutureoftheadvertisingsupportedWebportalisuncertainatthistime.Second
wave portal strategies are based less on upfront site sponsorship payments and more on the generation of
revenues from continuing relationships with people who use their portal sites. The larger portals that have
survivedareturningtomixedmodelsthatoffermorestabilityintheirrevenuestreams.
Page157
MixedRevenueWebPortalsandVirtualCommunities
OneofthemostsuccessfulWebportalsisTimeWarner'sAOLunit,whichhasalwayschargedafeetoitsusers
andhasalwaysrunadvertisingonitssite.ManyWebportalsthathavestruggledwiththeiradvertisingsupported
revenuemodelshavebeenmovingtowardAOL'sstrategy.
Yahoo!nowchargesfortheInternetphoneservicethatitoriginallyofferedatnocost.Itstilloffersfreeemail
accounts, but now sells other features, such as more space to store messages and attached files, to members
whopayforthe"premium"emailservice.Afteryearsofrapidgrowth,
Yahoo!becameunprofitablewhenInternetadvertisingdroppedsuddenly.TerrySemel,amediaexecutivewith
yearsofexperienceworkingformediagiantsWarnerBrothers,CBS,andDisney,wasbroughtintorunYahoo!in
2001.
Semelcutcostsandreorganizedthecompany,thensetagoal:by2004,Yahoo!wouldderivemorethanhalfofits
revenue from nonadvertising sources. In 2002, Yahoo! announced a partnership with SBC to sell DSL access,
whichmovedthecompanyevenclosertoanAOLstylerevenuemodel.Semel'sstrategyappearstobeworking.
In recent years, Yahoo! has sharply increased its revenues from nonadvertising sources and is once again
reportingsignificantprofits.
OtheradvertisingsupportedWebportalsarefollowingtheleadofYahoo!inastrategycalledmonetizingeyeballs
or monetizing visitors. Monetizing refers to the conversion of existing regular site visitors seeking free
informationorservicesintofeepayingsubscribersorpurchasersofservices.
Manyoftheportalsthatareconductingthesemonetizingcampaignsareworriedaboutvisitorbacklash.Theyare
unsurehowmanyexistingvisitorswillstayandpayforservicestheyhadbecomeaccustomedtoreceivingatno
cost.
OtherexamplesofWebportalsthatuseamixedrevenuemodelarefinancialinformationsitesTheMotleyFool
andTheStreet.com.Thesesitesofferinvestmentadvice,stockquotes,andfinancialplanninghelp.Someofthe
informationisprovidedatnocost,additionalinformationisavailabletosubscriberswhopaynofeebutwhoare
requiredtoprovidepersonalinformation,andevenmoreinformationisavailableforafee.
Recently,moreandmoreindustryanalystsarepredictingtheendofthe"freeWeb."Althoughthelargestportal
sitesshouldbeabletosurviveusingamixedrevenuemodel,itisunclearhowsmallerportalswillfare.
InternalWebPortalsandVirtualCommunities
A growing number of large organizations have built Web portals to provide information to their employees.
Internal Web portals run on the intranets you learned earlier. These portals can save significant amounts of
moneybyreplacingtheprintinganddistributionofpapermemos,newsletters,andothercorrespondencewitha
Web site. Organizations use internal Web portals to publish employee handbooks, newsletters, and employee
benefitsinformation.
TheseorganizationsarealsofindingthattheinternalportalWebsitecanbecomeagoodwayofcreatingavirtual
communityamongemployeeswhoaredispersedoverawidegeographicarea.Forexample,aglobalcompany
couldcreateaquestionandanswerpage(similartotheGoogleAnswerspageyoulearnedaboutearlierinthis
chapter)forallofitsnetworkingtechnicians.Suchapagewouldprovidementoringandinformalhelpfunctions
forthenetworkingtechniciancommunitywithinthecompany.
Manycompaniesareaddingwirelessconnectivitytotheirinternalportalsandusingthistechnologytoextendthe
reachoftheportaltoemployeeswhoaretraveling,meetingwithcustomersorsuppliers,ortelecommutingfrom
home.Theseextendedportalsareyetanotherexampleofasecondwavecombinationoftechnology(wireless
communications)withabusinessstrategyfromthefirstwave(internalWebportals).
Page158

Ecom Notes

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Ecom Notes

Caricato da

Copyright:

Formati disponibili

2010

Wherec x andr x andarethesizesofthexthcolumnandrow,respectively.Theunitsareexpressedintermsofa

As it is a formal programming language, debugging is easier. Furthermore, its objectoriented features

Type 1: JDBC-ODBC bridge

IBMs Aglet (http://www.trl.ibm.co.jp/aglets): Aglet is created from the words Agent

(codebaseURL, agletcode, object);

1. 2.foreachfrequentset X, generateallassociationrulesY=>XY|YCXwith confidencegreaterthanor

i.e.thePageRankvalueforapageu isdependentonthePageRankvaluesforeachpagev outofthesetBu (this

Circuit level gateway

Figure: The check clearing process.

Payment by credit transfer or giro.

Figure Stages in a credit card payment.

electronicpayment methodsdescribedinthisbookhaveonlyjuststarted toattract thescrutinyof thecentral

Phases of a credit card payment addressed by SET standards.

Figure Steps in a SET transaction.

Figure: Blind signature analogy for withdrawing E-cash coins.

Figure: An E-cash coin worth 10 cents.

Figure: Preventing double spending of E-cash coins.

Figure: Using E-cash with the World Wide Web.

Figure: User-to-user transfer of E-cash.

Figure: Recovering lost E-cash coins.

Figure The FSTC electronic check concept.

Figure Functional flows in the lockbox scenario.

Function Functional flows in the funds transfer scenario.

Figure: buying broker scrip

Figure Purchasing from a vendor.

Figurebelowshowsthecustomerbuyingfromthe samevendoragainusing thechange. Thecustomeralready

Figure Further purchases from the same vendor.

Low level of trust

Geographic segmentation: Firmsdividetheirconsumersintogroupsbywheretheyliveorwork.

Demographic segmentation: Usesinformationaboutage,gender,familysize,income,education,religion,

Funnel model of customer acquisition, conversion, and retention

Banner ads: Therearethreedifferentwayscompaniesarrangeforotherwebsitestodisplaytheirbanner

Pop-behind ad: Apopupadthatisfollowedveryquicklybyacommandthatreturnsthefocustothe

Product differentiation: Thefirstconditionthatmustbemettocreateaproductorservicebrand.

Perceived value: Akeyelementincreatingabrandthathasvalue.

general consumer auctions is consumertoconsumer or even consumertobusiness (because the bidders at a

Potrebbero piacerti anche