Transcript here

CMSC 691A/491
Midterm Review Lecture
EC Objectives
• Increasing the speed and efficiency of business
transactions and processes and improving
customer relationships and services
• Business can implement new sales and marketing through
the use of WWW
• The WWW provides electronic means for organizations to
display materials such as product catalogs, price lists, …
• Internet security issues are resolved, businesses are selling
more and more product online, direct to their customers
Categories of ECommerce
• B2B
• B2C
• B2G
EC Models
•
•
•
•
•
•
•
•
•
•
•
E Shop
E Procurement
E Auction
E Mall
3rd Party Market Place
Virtual Communities
Value chain Providers/Integrators
Collaboration Platform
Information Brokers
ASP
Banking/Financial services
E-Commerce Infrastructure
•
•
•
•
•
Network
Machines
Protocols
Security
Payment
E-Commerce Process
• Buyers and sellers find each other
– Communication (via Networking, the Internet,
Core Java and Web-Based Information
Architectures)
– Human-Computer Interaction, Multimedia
– Intermediaries
• Negotiation
– Electronic Negotiation, Intelligent agents
– Foundations of Electronic Marketplaces
E-Commerce Process (cont’d)
• Transaction
– Transaction processing, Databases
– Electronic Payment Systems,
– Computer Security,
– E-Commerce Architecture
• Order fulfillment
– Manufacture (manufacturing systems)
– Delivery (tracking systems)
– Supply Chain Management
Access Security
• Access control
– authorization / authentication / identity verification
• Authentication
– passwords
– smart card
– biometrics
– GPS
• Network protection, firewalls, proxy servers
• Intrusion detection
• Denial of service (DOS) attacks
• Viruses, worms
Cryptographic Security
• Secrecy
– information cannot be used if intercepted
• Integrity
– data cannot be altered
• Non-repudiation
– sender cannot deny sending
• Cryptography
– symmetric encryption (DES)
– public key cryptosystems (RSA)
– digital signatures, digital certificates
– public key infrastructure (PKI)
World Wide Web
• WWW is an application of the Internet.
• Evolving system for publishing and accessing
resources and services across the Internet.
– Open system: can be extended and implemented in new
ways without disturbing its existing functionality;
– Moved beyond simple data resources to encompass
services, like electronic purchasing of goods.
HTML
• HyperText Markup Language.
• Used to specify the text and images that make up
the contents of a web page, and to specify how
they are formatted for presentation to the user.
• The set of markups (tags) is fixed.
Document Structure
• Document Structure
– <HTML> This surrounds the entire document and lets
the browser know what language is being used
(<SGML> might also be used)
– <HEAD> This surrounds the header portion of the
document. Title is within the head as well.
– <TITLE> The title of the document as shown in the
title bar of the WWW browser.
– <BODY> The main body of the document
Example
<HTML>
<HEAD>
<TITLE> Title of Page </TITLE>
The Header of the document.
</HEAD>
<BODY>
The Main body of the document
</BODY>
</HTML>
HTTP
•
HyperText Transfer Protocol.
– Request-reply protocol.
• main method of transfer used by Web protocols to transfer
data between a server and client.
• understands URLs.
• intended for hypertext/hypermedia environments.
• Stateless
– Cookies –later.
HTTP Cookies
• HTTP designed to be stateless
• Web sites want to save client associated session
information
• Solution: cookies
– small amounts of data save by the Web server and
retrieved later from the client system;
– normally used by CGI and related server-side code.
Downloaded code
• Web design requires service-related code to run
inside the browser
– at the user’s computer.
• Solution: Scripting
– added to HTML documents;
– expands static HTML to include client-side interactivity;
– inserted into HTML document using script language tag.
Mobile Code
• Downloaded code is a subset of mobile code.
• Code that can be sent from one computer to
another;
– e.g., Java applets.
• The advantage of running downloaded code is
network delay avoidance during interactions.
• Potential security threat to the local resources.
Scripting Languages: JavaScript
• A scripting language developed by Netscape to
enable Web authors to design interactive sites.
• Developed independently from Java.
• Can interact with HTML source code, enabling Web
authors introduce dynamic content.
• It is supported by recent browsers from Netscape
and Microsoft,
– Internet Explorer supports only a subset, which
Microsoft calls JScript.
Scripting Languages: VBScript
• Microsoft proprietary scripting language
– operations identical to JavaScript/JScript;
– syntax familiar to Visual Basic users;
– grew out of Visual Basic.
• Visual Basic is component-based:
– a program is built by placing components onto a
form;
– then using VB to link them together.
The Common Gateway Interface :
CGI
• Static pages
– same each time visited unless the file is modified on the server.
• Many WWW sites are dynamic, i.e., the contents change
each time we visit.
• Need to search, fill out questionnaires, order things from
catalogs.
– Need two pieces:
• HTML language to create Forms
• Common Gateway Interface (CGI) to process the forms.
• CGI is a way to pass information from a WWW browser to
a program for further processing
Java applets
• Stored on server, downloaded by web client using
HTTP.
• Applets need to be embedded in another
application, normally an HTML document and run
by a Java-enabled Web browser.
• Applets have a restricted security context, cannot
access the client’s system, and can talk only with
the server that hosted it.
– http://java.sun.com/sfaq/
Java Servlets
• An applet that runs on a server
– runs within a Web server environment.;
– analogous to a Java applet that runs within a Web
browser environment.
• Java servlets are becoming increasingly popular as
an alternative to CGI programs.
Java Servlets vs CGI
• A Java applet is persistent;
– once it is started, it stays in memory and can fulfill
multiple requests.
• A CGI program disappears once it has fulfilled a
request.
• The persistence of Java applets makes them faster
– Don’t need to initiate a new process for each request.
Extensible Markup Language
(XML)
• A means for defining tags to encapsulate information.
• A subset of SGML;
• Provides syntactic interoperability:
– Need to know the price – look inside the <price> tag.
• Still lacking semantic interoperability
– How do I know that you and I mean the same thing by price?
• Semantic Web
WAP
• Wireless Application Protocol
• “An open, global specification that empowers mobile
users with wireless devices to easily access and interact
with information and services instantly.”
- WAP Forum
• “The de facto worldwide standard for providing
Internet communications and advanced telephony
services on digital mobile phones, pagers, personal
digital assistants and other wireless terminals.”
- WAP Forum (www.wapforum.org)
Why is WAP needed?
• Traditional internet protocols (HTML, HTTP,
TCP, etc.) and their security mechanisms (TLS)
are inefficient over mobile networks.
• Handheld devices tend to have less powerful
CPUs, less memory and more restrictions on
power consumption than desktops, so require
special considerations.
• Handheld devices tend to use input devices other
than keyboards (e.g. voice, keypad).
WML
• WAP Mark-up Language
• WML is an XML application.
• Also uses WMLScript, which is similar to
JavaScript.
• Optimized for use with handheld devices.
• Minimal use of CPU and memory.
Internet and Network Security
• Types of Attacks on Internet
– Break-ins: Unauthorized attempts to gain access to a
secure system
– Denial of service: A legitimate user is denied access to a
service (e.g. Flooding a WWW server with requests)
– Bombs: Large email messages or other large data intended
to overwhelm and possibly weaken a system.
– Eavesdropping - Listening in on an electronic
conversation. Perhaps with intent to gather information for
a future break-in.
– Viruses.
Firewall
• Monitors and controls all the traffic into and out of an intranet.
• Firewall security policy
– Service control: determine which services are available for
external access and reject all other requests;
• Levels of filtering: IP, TCP.
• Example: reject HTTP request unless they are directed to the
official website.
– Behavioral control: prevent behavior that infringes organization
policies;
• Levels of filtering: IP, TCP, application;
• Example: filtering of ‘spam’ e-mail.
– User control: discriminate between users’ privileges;
• Example: management of dial-up provided for off-site users.
Filtering levels
• IP packet filtering
– Decisions made based on the destination and the source IP
addresses, the service type field in the IP header, port
numbers in TCP/UDP headers.
– Example: prohibition of external access to NFS servers.
– Performed by a process within the operating system kernel
of a router.
• TCP Gateway
– A TCP Gateway process checks TCP connection requests
and segment transmission for correctness.
– Example: Denial-of-service attack prevention.
Filtering levels (cont’d)
• Application-level gateway
– An application-level gateway process acts as a proxy for an
application process.
– Example: a Telnet proxy. All telnet requests are routed
through the proxy process for approval.
• A firewall is a combination of several processes
working at different protocol levels running on more
than one machine (for fault-tolerance).
 Two overall (mutually exclusive) policies:
– Anything not explicitly denied is allowed.
– Anything not explicitly allowed is denied.
Virtual Private Networks
• Suppose a company wants to connect the
intranets of its 5 offices.
– One option is to lease a private line.
– Another is to connect through the internet.
• But then everything is open.
– The solution is to use encryption schemes to
establish secure tunnels through the internet.
– Such a set-up is called a virtual private
network.
Directory and Discovery Services
• Directory service: A service that stores collections of
bindings between names and attributes and that looks up
entries that match attribute-based specifications.
– Example: MS Active Directory Service, UNIX X.500, etc.
• Discovery service: a directory service that registers the
services in a spontaneous networking environment.
– Provides an interface for automatically registering and deregistering services (fax machines, printers, etc.).
– Provides a lookup interface for mobile devices
– Example: Jini
Jini
• A system designed for spontaneous networking.
• Java-based: assumes that JVMs run on all of the
computers, allowing them to communicate
through RMI (remote method invocation, a flavor
of interprocess communication in an objectoriented environment).
• Provides facilities for service discovery,
transactions and shared data spaces called
JavaSpaces.
What is a Database
• A system that stores data
• “persistent” – Exists beyond the immediate
use
• Centralized storage
• Single or multiple users
Advantages
•
•
•
•
•
•
Reduces redundancy
Reduces inconsistency
Shared
Data representation standards can be enforced
Enables security restrictions
Integrity maintained
– Valid cross references between records
• Allows data-independent applications
– Applications ignorant of how data is stored
Categories of Data Models
• High-level or conceptual
– entities, attributes, relationships
• Representational or implementation or
logical
– relational, network hierarchical, objectoriented, object-relational
• Physical or low-level
– data storage
3-schema Architecture
• Physical level description of a database:
– how things are stored on disk:
•
•
•
•
files, record structures,
indices,
data structures for disk blocks,
methodology for dealing with too long records, etc.
• Conceptual level description of a database
– The description of application data (its schema) using
one of the traditional data models.
3-Schema Architecture (cont'd)
• View-level description of a database
– What users of a particular application see
• their own customized schema, e.g., for payroll, for the ticket
agent, for a simulation program.
• Multiple levels
– helps with data independence;
– helps with maintenance.
• Many views, single logical and physical schema.
• Levels of abstraction give data independence.
The Entity-Relational Model
• Entity: a distinguishable object.
• Entity set: a set of entities all of the same type.
• Attribute: a single property of an entity;
– simple vs composite;
– single-valued vs multi-valued;
– stored vs derived;
– null values.
• Domain: set of values permitted for that attribute.
The E-R Model (cont’d)
• Relationship: an association between two or more
entities.
• Relationship set: a set of relationships all of the
same type
• There is no correct schema for a batch of data.
Which schema is best depends on the application.
• Many basic data modelling choices depend on an
understanding of the application.
Data Model
• Data model: notation for describing data,
plus a set of operations used to manipulate
that data.
– a set of primitives for defining the structure of
a DB;
– a set of operations for specifying the retrievals
and updates on a DB;
– relational, hierarchical, network, objectoriented.
The Relational Model (Codd 1970)
• The relational data model is the most important data
model currently existing.
• Value-oriented, i.e., allows operations on relations
whose results are relations, thus enables to combine
operations.
– As opposed to object-oriented models, in which
• Operations cannot be applied to the result of other operations;
• The result of an operation may be a new data type, and operations
may not be available for this type.
Domain and Relation
• A domain is a set of atomic values.
• A relation is a finite subset of the Cartesian
product of a finite list of domains;
–
–
–
–
relation is a set of tuples;
order of tuples is irrelevant and
no relation has 2 identical tuples;
each tuple value is atomic
• no composite attributes;
• no multi-valued attributes.
•
•
•
•
•
•
•
How a user interacts with a Web
Database
In a Web browser, a user submits a
request to the Web server.
The Web server passes it onto the
middleware
The middleware writes the request in
SQL queries and sends it to a backend database.
The data retrieved are handed back
to the middleware
The middleware generates a Web
page for the data
The Web server sends the Web page
to the browser
The browser displays the Web page
in front of the user
Decision support systems for EC
• DSS: help the knowledge worker (executive, manager,
analyst) make faster and better decisions
• Data Warehousing: enables On-line analytical processing
(OLAP)
– OLAP is a component of decision support system
• Data mining
– Extraction of interesting knowledge (rules, regularities,
patterns, constraints) from data in large databases.
– Data mining is a powerful, high-performance data
analysis tool for decision support.
Potential Applications of Data Warehousing
and Mining in EC
•
•
•
•
•
•
•
•
Analysis of user access patterns and buying patterns
Customer segmentation and target marketing
Improved Web advertisement
Personalization
Association (link) analysis
Customer classification and prediction
Time-series analysis
Typical event sequence and user behavior pattern
analysis
• Transition and trend analysis
Multidimensional
Datatime, and
• Sales volume
as a function of product,
geography
OLAP Servers
• Relational OLAP (ROLAP)
– Extended relational DBMS that maps
operations on multidimensional data to standard
relations operations
• Multidimensional OLAP (MOLAP)
– Special purpose server that directly implements
multidimensional data and operations
• Hybrid OLAP (HOLAP)
OLAP Operations
• roll-up
– aggregating on a specific dimension, I.e.,
summarize data
– total sales volume last year by product category
by region
• drill-down
– also called roll down, drill through
– inverse of roll-up, go from higher level
summary to lower level summary or detailed
data
OLAP Operations (cont’d)
• slicing
– projecting data along a subset of dimensions
with an equality selection of other dimensions
– Sales of beverages in the West for Jan 98
• dicing
– similar to slicing except that instead of equality
selection of other dimensions, a range selection
is used
– Sales of beverages in the West over the last 6
months
Working definition of an agent
• “Agents are active, persistent (software)
components that perceive, reason, act, and
communicate”
– Huhns and Singh, 1998
• “An agent is an entity whose state is viewed as
consisting of mental components such as beliefs,
capabilities, choices, and commitments. [sic] In
this view, therefore, agenthood is in the mind of
the programmer.”
– Shoham, 1993
Agent Program
• Inputs = observations
– Observations: states of the agent’s domain or environment
• Outputs = actions
– Actions: Speak, Search, Move, Bid
( o1, o2, … )
( a 1 , a2 , … )
Agent
Basic Characteristics
• Delegation abilities: The owner or user of
an agent delegates a task to the agent and
the agent autonomously performs the task
on behalf of the user.
– An agent can decompose and/or delegate the
task to other agents;
– Once the task is complete the agent may need
to report to the user/agent issuing the task.
Basic Characteristics (cont’d)
• Agent communication languages and protocols:
information exchange with other agents establishes a
need for expressive communication and negotiation
language.
– KQML (Knowledge Query and Manipulation Language);
• Used to allow information agents to assert interests in information
services, advertise their own services, and explicitly delegate tasks
and requests for assistance from other agents.
• Can be used for developing a variety of inter-agent communication
protocols that enable information agents to collectively cooperate.
Basic Characteristics (cont’d)
• Self-representation abilities: the ability to
express business and system aspects of its
functionality, combine them into an
application or implementation.
– Self-describing, dynamic reconfigurable agents;
• Facilitate composition (specification and
implementation) of large-scale (distributed)
applications.