Wireless Application Protocol (WAP) by Aurangzeb Bhatti

WAP

Wireless Application Protocol Zeb Bhatti 1

About the Author - Aurangzeb “Zeb” Bhatti launched Computerland LAX in 1985 and through acquisitions of PACTEL InfoSystems and NYNEX Computer Systems grew the company to a US$ 250 million+ and 400 employees. The new company called NovaQuest InfoSystems was sold to SARCOM, Inc. in 1998. In 1999, Zeb launched WebVision Inc, and acquired eNom Inc. in 1999. eNom is the largest wholesaler of Internet domains in the world, providing domain name registration and other online services to small and home-based businesses, individuals, traffic aggregators and resellers (http://www.enom.com). In 2004, Zeb launched an On-Line university (McKinley University) and authored the Virtual University System (VUS) product. EXPERTISE: Network, Systems and Telecommunications ( Architected and Build a Fiber-Optics Network and a series of Data Centers connecting five major cities in he US. The high-speed network was one of the first to implement EMC Storage Area Network technology for real-time mirroring and redundancy) Information Security – Chief Information Security Officer - Zeb has United States Patents on the Virtual University Appliance (“VU Appliance”) -used by educational institutions to E-Learning environments easily. Software has features for creating/aggregating content for courses, Courseware Repository, Learning Management and Registration System (LMS), Online Quiz and Exams Server, Online Evaluations by Students and Instructors, Collaboration, Discussion, Online Marketing for courses and recruiting Instructor/Mentors - CO-Author of Curum Gold VIP (Visual Iconic Programming Language)

Timeline of Wireless Mobile Internet voice

It’s a phone! data

It’s a computer!

voice & data

Digital Cell Phone

It’s both

Nokia, Ericsson, Sprint, BellSouth …

1990

Java phone

Pagers Motorola, Ericsson, etc.

Handheld Computer Grid, Slate, Go

PDA

Handheld Communicator

Newton Palm, Handspring share with my desk

Mobile Desktop Winpad, Wince, PocketPC wirelessknowledge Windows Everywhere! (not)

2000

ICRAS (General Magic) Mix’n’match peripherals

Company X

Smart Radio

2010

Teleputer Voice interfaces Broadband optical

Mobile Devices

Transcoded media

Norand, Telxon, Symbol, Psion The trucks of the industry

Wireless Carrier Standards

3G ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Connected LAN vs Wireless WAN

Professional

2.4Mb/sec vs 9K bits per second

LAN Wireless 802.11 Ethernet – solid connect 2.4M – proximity requirements; custom Education, Gov’t, Large Corp. Canvases Vertical industries: Warehouse SCM, Transport

Consumer

WAN Wireless – Unpredictable Connections 300 bits (SMS) 9.2 (CDPD), GSM – 9.6K Dial up 33.6 – 128K (Metricom, now under Chapter 11)

Connected LAN vs Wireless WAN

Professional

Wireless Ethernet (802.11x) This standard is a product of the IEEE 802.11 Working Group Utilizes the 2.4 GHz Band (Industrial, Scientific and Medical Band â&#x20AC;&#x201C; or ISM Band) Allows for 2mb/sec & 11mb/sec data rates at distances of up to 3.5 miles More improvements are made to the QoS, Security and data rate aspects of this standard. Can expect data rates of upto 20mb/sec within a couple of years

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Connected LAN vs Wireless WAN

Professional

Wireless Ethernet (802.11x)

The 802.11 standard allows for two different Air Interfaces (Radio Interfaces) DSSS: Direct Sequence Spread Spectrum FHSS: Frequency Hopping Spread Spectrum

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Wireless Carrier Network Limitations Hostile network environment Lack of IP addressability Low bandwidth Reliability The limited characteristics of devices Connection library availability Limited CPU, memory, and networking resources

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

3G Wireless

Wireless Carrier Messaging Standards & Convergence

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Optimal WAP Bearer & Wireless Carrier Messaging SMS - Short Messaging Service USSD – Unstructured Supplementary Services Data CSD – Circuit Switched Data

SMS - Short Messaging Service Given its limited length of 160 characters per short message, SMS may not be an adequate bearer for WAP because of the weight protocol of the protocol. The overhead of the WAP protocol that would be required to be transmitted in an SMS message would mean that even for the simplest of transactions several SMS messages may in fact have to be sent. This means that using SMS as a bearer can be a time consuming and expensive exercise. Only one network operator- SBC of the US- is known to be developing WAP services based on SMS.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

CSD - CIRCUIT SWITCHED DATA Most of the trial WAP based services use CSD as the underlying bearer. Since CSD has relatively few users currently, WAP could kickstart usage of and traffic generated by this bearer. However, CSD lacks immediacy- a dial up connection taking about 10 seconds is required to connect the WAP client to the WAP Gateway, and this is the best case scenario when there is an complete end to end digital callin the case of the need for analog modem handshaking (because the WAP phone does not support V.110 the digital protocol, or the WAP Gateway does not have a digital direct connection such as ISDN into the mobile network), the connect time is increased to about 30 seconds.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

UNSTRUCTURED SUPPLEMENTARY SERVICES DATA Unstructured Supplementary Services Data (USSD) is a means of transmitting information or instructions over a GSM network. USSD has some similarities with SMS since both use the GSM network's signaling path. Unlike SMS, USSD is not a store and forward service and is session-oriented such that when a user accesses a USSD service, a session is established and the radio connection stays open until the user, application, or time out releases it. This has more in common with Circuit Switched Data than SMS. USSD text messages can be up to 182 characters in length.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

UNSTRUCTURED SUPPLEMENTARY SERVICES DATA USSD has some advantages and disadvantages as a tool for deploying services on mobile networks: Turnaround response times for interactive applications are shorter for USSD than SMS because of the sessionbased feature of USSD, and because it is NOT a store and forward service. According to Nokia, USSD can be up to seven times faster than SMS to carry out the same two-way transaction. Users do not need to access any particular phone menu to access services with USSD- they can enter the Unstructured Supplementary Services Data (USSD) command direct from the initial mobile phone screen. Because USSD commands are routed back to the home mobile network's

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

UNSTRUCTURED SUPPLEMENTARY SERVICES DATA Home Location Register (HLR), services based on USSD work just as well and in exactly the same way when users are roaming. Unstructured Supplementary Services Data (USSD) works on all existing GSM mobile phones. Both SIM Application Toolkit and the Wireless Application Protocol support USSD. USSD Stage 2 has been incorporated into the GSM standard. Whereas

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

UNSTRUCTURED SUPPLEMENTARY SERVICES DATA USSD was previously a one way bearer useful for administrative purposes such as service access, Stage 2 is more advanced and interactive. By sending in a USSD2 command, the user can receive an information services menu. As such, USSD Stage 2 provides WAP-like features on EXISTING phones. USSD strings are typically complicated for the user to remember, involving the use of the "*" and "#" characters to denote the start and finish of the USSD string. However, USSD) strings for regularly used services can be stored in the phonebook, reducing the need to remember and reenter them. As such, USSD could be an ideal bearer for WAP on GSM networks.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

General Packet Radio Service (GPRS) The General Packet Radio Service (GPRS) is a new packetbased bearer that is being introduced on many GSM and TDMA mobile networks from the year 2000 onwards. It is an exciting new bearer because it is immediate (there is no dial up connection), relatively fast (up to 177.2 kbps in the very best theoretical extreme) and supports virtual connectivity, allowing relevant information to be sent from the network as and when it is generated. At the time of writing , there has been no confirmation from any handset vendors that mobile terminated GPRS traffic (i.e. direct receipt of GPRS packets on the mobile phone) will be supported by the initial GPRS terminals. Availability or not of GPRS MT is a central question with critical impact on the GPRS business case such as application migration from other nonvoice bearers.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

General Packet Radio Service (GPRS) There are two efficient means of delivering proactively sending ("pushing") content to a mobile phone: by the Short Message Service which is of course one of WAP bearers or by the user maintaining more or less a permanent GPRS (mobile originated) session with the content server. However, mobile terminated IP traffic might allow unsolicited information to reach the terminal. Internet sources originating such unsolicited content may not be chargeable. A possible worse case scenario would be that mobile users would have to pay for receiving unsolicited junk content. This is a potential reason for a mobile vendor NOT to support GPRS Mobile Terminate in their GPRS terminals. However, by originating the session themselves from their handset, users confirm their agreement to pay for the delivery of content from that service. Users could make their requests via a WAP session, which would not therefore need to be blocked. As such, a WAP session initiated from the WAP microbrowser could well be the only way that GPRS users can receive information onto their mobile terminals.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

General Packet Radio Service (GPRS) Since all but the early WAP enabled phones will also support the General Packet Radio Service, WAP and GPRS could well be synergistic and be used widely together. For the kinds of interactive, menu based information exchanges that WAP anticipates, Circuit Switched Data is not immediate enough because of the need to set up a call. Early prototypes of WAP services based on Circuit Switched Data were therefore close to unusable. SMS on the other hand is immediate but is ALWAYS store and forward, such that even when a subscriber has just requested information from their microbrowser, the SMS Center resources are used in the information transfer. As such, GPRS and WAP are ideal bearers for each other. Additionally, WAP incorporates two different connection modesWSP connection mode or WSP connectionless protocol. This is very similar to the two GPRS Point to Point services- connection oriented and connection less.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

General Packet Radio Service (GPRS) The predominant bearer for WAP-based services will depend on delays in availability of WAP handsets and delays in the availability of GPRS terminals. If WAP terminals are delayed until the year 2000, most WAP terminals will support GPRS as well. If the first WAP terminals support SMS and Circuit Switched Data, but not GPRS, then SMS could become the predominant initial WAP bearer. WAP certainly will be important for the development of GPRSbased applications. Because the bearer level is separated from the application layer in the WAP protocol stack, WAP provides the ideal and defined and standardized means to port the same application to different bearers. As such, many application developers will use WAP to facilitate the migration of their applications across bearers once GPRS based WAP protocols are supported.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

An Internet Primer The Internet is like a spider’s web because it is physically made up of millions of interconnected computers. It is a network of networks—including thousands of corporate, government, and university networks, as well as commercial online services such as America Online and Prodigy. They are all connected by phone lines and other types of media, which we’ll discuss later. The Internet is also like a cloud because it’s huge and formless. No one owns the Internet, no one governs or controls it, and no one even knows exactly how big it is. Yet anyone can use it. Most experts agree that it is used by at least 150 million people around the world.

An Internet Primer The network itself is simply a medium over which messages travel. To enable messages to travel safely and reliably between different types of networking media, certain standards must be enforced. For example, the Internet consists of many different types of computers connected by a wide range of physical media. However, all computers connected to the Internet share one common communications language: Transmission Control Protocol/Internet Protocol (TCP/IP), which enables them to communicate with one another. ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

An Internet Primer The Internet is rapidly establishing standards on numerous fronts to make it easier to use and to assure seamless communication. For example, many different types of e-mail systems are used on the Internet. To enable e-mail messages to be sent and received among these varying systems, Simple Mail Transfer Protocol (SMTP) was developed. SMTP allows the exchange of electronic mail between any user and any host on the Internet. The Internet also employs standards that simplify the publication of content onto World Wide Web pages so that users can interact with it. HyperText Transfer Protocol (HTTP) is the key to enabling users to access documents and software on the Web. ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

An Internet Primer Web documents themselves are created using another standard: hypertext markup language (HTML). The HTML language was designed to make it easy for developers to include graphics in their documents and to facilitate linking one document to another. By simply clicking on a hypertext link, users are taken to the area of interest automatically. Documents are published on the Internet as “Web pages.” In order for users to access a particular Web page, each Web site is assigned an address called a Uniform Resource Locator (URL). The URL is presented as a string of characters such as http://www.cisco.com.

An Internet Addressing Primer All computers on the Internet use a common ‘addressing’ scheme to identify and reach each other. This is a ‘32-bit IP address’ scheme known as IPv4 Addresses. Just not enough numbers for everyone to have one. 2^32 = 4,294,967,296 Classless Internet Domain Routing (CIDR) was the first accepted answer Dynamic IP was the next answer Still not good enough. Enter Network Address Translation (NAT) gateways (IPv6 is a number of years away)

Network Address Translation (NAT) Today Everyone on a private network, sharing one IP The private network’s router maintains who’s who Ramifications: No unique IP address means I cannot be a server to others Less vulnerable to attacks Many, many devices will live in private networks

NAT Ramifications I no longer have a unique IP address for my device (PC, Phone, etc). I canâ&#x20AC;&#x2122;t by default be a publicly accessible server . But, the peers inside the private network are much less vulnerable to attacks It is very likely that many devices will live in private networks Check out http://me.enhydra.org/ for technologies to overcome NAT limitations Locumi and kHTTP for J2ME devices

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Summary: Wireless Realities Measure in bits and cents Infrastructure is huge and moves slowly: 2-3 year lag times from standard. Base station territories rule! Incompatibility everywhere - Handsets must match towers, bill plan, roaming agreements. Worse internationally. Even with dual-band, tri-mode phones the fine print reads: This is a network and subscription dependent feature--not available in all areas.

Preservation of voice market slows advance (TDMA/GSM) The primary users of the phone network are computers, not people â&#x20AC;&#x201C; but is was engineered for people.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

How Technology will Influence WAP

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

How Technology will Influence WAP

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

How Technology will Influence WAP

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Development of Radio Technology

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Development of Radio Technology

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

How Technology will Influence WAP

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

How Technology will Influence WAP

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

How Technology will Influence WAP

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

How Technology will Influence WAP

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

What is WAP?

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

What is WAP? What is WAP? What services are possible How does it work What is the WAP forum?

What is WML? What are wireless devices? How is content displayed on a wireless device Pros and cons of using WAP Issues for content creators

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

What is WAP? WAP stands for ‘Wireless Application Protocol’ Very different to SMS (Short Message Service) that many of us use every day via our mobile phones Fast becoming the defacto global standard for providing internet content and services to mobile device users Uniform technology platform i.e. same technology is provided to all vendors regardless of the network they use Aims to get manufacturers, application developers & content providers focused on developing compatible products ‘the Internet on your phone’ ©2001-2009, Aurangzeb Bhatti, Digital Learning Institute

What is WAP? Designed to work with most wireless networks e.g. CDPD, CDMA, GSM Compatible with most operating systems e.g. PalmOS, Windows, OS/9 Currently over 50 million WAP-enabled handsets in circulation By 2004 est. WAP users in Western Europe alone predicted at 200 million WAP standard is created by wireless and Internet companies around the world in order to to make accessing the Internet as easy and convenient as using a cellular phone

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

WAP Principles A complete Wireless Internet Solution that: Uses existing standards Optimized for Wireless Promotes new and open standards Provides Air Interface Independence Provides Device Independence Provides Network-independent Works on packet, circuit, SMS, or a combination Strong industry consensus - over 300 members

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

The WAP Model Email Servers Web Servers

MSC Message Center

SMTP TCP/IP Intranet/ Internet

Wireless Network WAP Server Suite

HTML HTTP TCP/IP

Micro Browser

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

WAP Infrastructure

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

WAP Infrastructure Filter HTML/ WML Server

WML

Wireless Network

WAP Proxy

Binary WML

WML Web Server

WML

Binary WML

WTA Server

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Micro Browser

Protocol Translation Wireless Network Browser

Service Request

URL WSP WTP WTLS WDP

Internet Web Server

Gateway URL WSP WTP WTLS WDP

A URL G HTTP(s) E SSL/TLS N TCP T

WMLc WSP Service Response

WTP WTLS WDP

URL HTTP(s) SSL/TLS TCP IP HTML/WML

WMLc WSP WTP WTLS WDP

A HTML/WML G HTTP(s) E SSL/TLS N TCP T

HTTP(s) SSL/TLS TCP IP

How does WAP work?

“WAP will let me surf the web” WTP

HTTP WAP Gateway

CSD

Web Web Server Server

Server

SMS GPRS UMTS

Content Store

How does WAP work?

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

What services are possible with WAP? customer care and provisioning message notification and call management e-mail telephony value-added services and unified messaging mapping and locater services weather and traffic alerts news, sports and information services e-commerce transactions and banking services online address books & directory services corporate intranet applications ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Example: One Personâ&#x20AC;&#x2122;s Day Now Company telephone list Personal contact list

Future Bank Transactions Train timetable Traffic reports

e-mail addresses

Airlines Schedule

Diary/Schedule

Product Help Guides

Weather forecast

Job reporting Component stock and ordering Expenses and mileage Sandwiches to Order

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Vertical Applications High TECH

UTILITIES & CABLE

LEGAL

MEDICAL

REAL ESTATE

SERVICE DISPATCH

COURIER

TRANSPORTATION

DISPATCH OFFICE SUPPLIES

FOOD & CONSTRUCBEVERAGE TION

FURNITURE & APPLIANCES

DELIVERY

Acknowledgement:

Unwired Planet

A General Purpose Platform For All Applications

SCP

HLR MSC

Cust Care

SS7

Infranet

Intranet Acknowledgement:

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Internet Unwired Planet 52

What are wireless devices? Handhelds Descendants of the Palm Pilot Now powerful computers that run many applications and increasingly connect to the Internet

Net-enabled phones Wireless and wired phones that connect to the Internet

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

What are wireless devices? Net appliances Small counter-top devices providing fast, easy Internet connections

TV/Set-top boxes Provide Internet connectivity through your TV

Two-way pagers Net-enabled paging devices supporting mainly email

Other appliances Net-enabled household appliances

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

What are Wireless Devices Today?

Two-way Paging / Messaging

3. Read message

2. Scroll to message 1. Tap mail function

J2ME capable pager devices from Motorola Now ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Palm / Symbol / Handspring / pdQ Consumer & some business Dockable PIM device Optional card slots APIs SDK 3.5, Program in C, ROMS, simulator. J2ME MIDp & PDAp [late 2001] Presentation Technologies: Web clipping – PQA, Palm Query Application WML browsers J2ME / MIDp Samsung, Kyocera, etc Esmertec & others for JVMs/KVMs ©2001-2009, Aurangzeb Bhatti, Digital Learning Institute

PocketPC - Microsoft ‘Windows Everywhere” APIs for persistent applications 3rd generation Windows CE: C++, CE Basic, Java 1.1.8

Presentation for dynamic applications But, the desktop does not work well in the hand. Network communications architectures Good LAN Weak WAN

iPQA overcame PALM in Q2/2001

WAP enabled Devices?

New wireless devices?

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

New wireless devices?

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

WAP content on WAP Phones

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Pros of using WAP Portability of mobile devices favors wireless over wired technologies Many, many more people have mobile phones than PCs Immediacy of available information – don’t have to be near a landline or computer Personalization of information Location awareness

Challenges of using WAP Mobile, handheld devices have: Less powerful CPUs Less memory Restricted power consumption (battery life) Smaller displays and different display sizes and shapes Different input devices e.g. keypad, touch screen, voice input, handwriting recognition

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Challenges of using WAP Wireless networks Less bandwidth Less connection stability Less predictable availability

Cost Currently in Australia, users must dial up to access the WAP server i.e. every item of content costs

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Alternatives to WAP WAP isnâ&#x20AC;&#x2122;t the only protocol being used or suggested Other industry groups are also working on other suggestions e.g. i-Mode, LEAP Some people and orgs have serious concerns about WAP see e.g. http://www.freeprotocols.org/LEAP/Manifesto/article/TheWA PTrap/split/main.html

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Examples of WAP content - PDA

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Optimizing content for handhelds Provide only the most essential information Avoid scrolling Use simple, easy to understand symbols Offer content in neat, tabular arrangements

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Optimizing content for handhelds Provide drill-down navigation via hypertext links Use a navigation system that is easy to move forward and back Use a deep hierarchy rather than long scrolling pages Set up links to each page via anchor links (acting like a table of contents) Test that your content works across different screen sizes e.g. 160 X 160 pixels; 240 X 320 pixels

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Optimizing content for handhelds

Notice how this content layout works on two different sized screens

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

What is the WAP Forum ? ™

The organization established to create and constantly improve the WAP specification Industry-wide association Responsible for drafting the global WAP specifications (now up to version 2.0) Founded by Nokia, Ericsson, Motorola and Wired Planet in 1998

Over 450 current members comprised of Manufacturers representing over 95% of the world’s handsets Carriers representing over 200 million subscribers Leading Internet and wireless infrastructure providers PC software companies Other companies delivering solutions to the wireless industry.

What is the WAP Forum ? â&#x201E;˘

The Wireless Industry has chosen the WAP Standard because it is: An open industry-established world standard Based on Internet standards including XML and IP Committed to by handset manufacturers representing over 90% of the world market across all technologies Supported by network operators representing 100 Million subscribers

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

WAP Wireless Operators

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

WAP Device Manufacturers

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

WAP Software Companies

SOFTLINE

CCL

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

WAP Infrastructure Companies

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Objectives of the WAP Forum Bring Internet content and advanced services to wireless handsets and other wireless terminals Create a global wireless protocol specification to work across differing wireless network technologies Submit specifications for adoption by appropriate industry and standards bodies Enable applications to scale across a variety of transport options and device types

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

The Goals of The WAP Forum

â&#x201E;˘

Ensure interoperability Foster growth of the wireless market. Make accessing the Internet portable and convenient

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Open Standards Assure interoperability Encourage innovation Foster competition

Benefit the carrier by creating multiple suppliers of interoperable components and valuable applications ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Bearer Independence Allows Applications developed once to work across all networks -- today and tomorrow Protects the Carrierâ&#x20AC;&#x2122;s investment in wireless data as networks evolve Enables Handset Manufacturers to use common code across product lines

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Device Independence Allows Applications developed once to work across many devices from small handsets to powerful PDA’s Promotes consistent user experience across all of a carrier’s handset offerings Encourages wealth of applications for handset manufacturers that implement the standard

Challenge: Bandwidth is limited Power and spectrum limitations mean low bandwidth relative to wireline. Higher bandwidth comes at economic expense Trend towards packet means shared channels

Latency is an issue Transactions very small, so users perceive latency

Reliability varies widely, and fails differently from the Internet. I.e, Out-of-coverage is a common occurrence.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

WAP Solution: Wireless-optimized Protocols WAP runs only on the Internet and WAP Protocols wireless portion WAP Protocol stack is optimized for wireless WAP runs on all networks, including IP networks WAP even works over SMS

Wireless Network

Wired Internet HTML JavaScript

Dynamic Protocol Translation

WML WML(XML (XMLLanguage) Language) WML Script WML Script

HTTP

Wireless WirelessSession Session Protocol Protocol(WSP) (WSP)

TLS - SSL

Wireless WirelessTransaction Transaction Protocol Protocol(WTP) (WTP)

TCP

Wireless WirelessTransport Transport Layer LayerSecurity Security(WTLS) (WTLS) UDP UDP/ /IP IP

WDP WDP

Wireless Bearers:

Physical

SMS USSD CSD IS-136 CDMA iDEN CDPD PDC-P

Etc..

WAP is working with W3C to merge into HTTP-NG (Next Generation) ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

WAP Solution: Wireless-optimized Protocols

Internet and WAP Protocols Wireless Network

Wired Internet HTML JavaScript

Dynamic Protocol Translation

WML WML(XML (XMLLanguage) Language) WML WMLScript Script

HTTP

Wireless WirelessSession Session Protocol Protocol(WSP) (WSP)

TLS - SSL

Wireless WirelessTransaction Transaction Protocol Protocol(WTP) (WTP)

TCP

Wireless WirelessTransport Transport Layer Security Layer Security(WTLS) (WTLS) UDP UDP/ /IP IP

WDP WDP

Wireless Bearers:

Physical

SMS USSD CSD IS-136 CDMA iDEN CDPD PDC-P

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Etc..

Challenge: The Devices are smaller Form-factor limited to comfort in the human hand Device has extremely limited CPU power, memory (RAM & ROM) space, and display size Consumers demand long battery life, and therefore low power consumption Increasing bandwidth requires more power Implications: • Screen size and input mechanisms will always be limited. • Consumer desire for longer battery life will always limit available bandwidth, CPU, memory and display. • Consumer-class applications must be handset-aware.

WAP Solution: Microbrowser optimized for the consumer handset Requires minimal RAM, ROM, Display, CPU and keys Provides carrier with consistent service UI across devices Provides Internet compatibility Enables wide array of available content and applications

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

What is a WAP Microbrowser? WAP Microbrowsers in Every Phone displays WAP “decks”

Equivalent to Primitive Web Browsers Allows:

Text Images (b&w bitmaps) Hyperlinks Text entry

WAP & 3G Spectrum is a finite resource The wireless industry has never seen a piece of spectrum it didnâ&#x20AC;&#x2122;t like (we always need more) WAP is superb at managing spectrum and delivering content using less bandwidth WAP is already working on color, graphics, multimedia and more to capitalize on 3G

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

WAP and Interoperability

Meeting the Challenge to Make All WAP-compliant devices and software interoperable

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

WAP Architecture

The WAP Architecture

Web Server

WAP Gateway

WML

WML Encoder WMLScript

WSP/WTP

WMLScript Compiler

HTTP

CGI Scripts etc.

WTAI

Protocol Adapters

Content

WML Decks with WML-Script

Client

Etc.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

The WAP Architecture

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

How does WAP work? WAP Gateway

Host

WAP content

W YELLO

Web Server

a. b. c. d. e. f.

User requests URL; phone connects to tower Tower passes request to WAP gateway (WTP) Gateway decodes, passes request to server @ URL (HTTP) Server acts on request, returns data to gateway (HTTP) Gateway encodes, passes data to phone (WTP) Phone decodes, displays WAP deck to user. ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

web content

Comparison between Internet and WAP Technologies Wireless Application Protocol Internet HTML JavaScript

Wireless Application Environment (WAE)

Other Services and Applications

Session Layer (WSP)

HTTP Transaction Layer (WTP) Security Layer (WTLS)

TLS - SSL

Transport Layer (WDP)

TCP/IP UDP/IP

Bearers:

SMS

USSD

CSD

IS-136

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

CDMA

CDPD PDC-P

Etc..

WAP v1.0 specifiesâ&#x20AC;Ś Wireless Application Environment WML Microbrowser WMLScript Virtual Machine WMLScript Standard Library Wireless Telephony Application Interface WAP Content Types

Wireless Protocols Wireless Session Protocol (WSP) Wireless Transport Layer Security (WTLS) Wireless Transaction Protocol (WTP) Wireless Datagram Protocol (WDP) Wireless network interface definitions

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

WHY WAP ? Wireless networks and phones have specific needs and requirements not addressed by existing Internet technologies.

Only be met by participation from entire industry. WAP enables any data transport TCP/IP, UDP/IP, GUTS (IS-135/6), SMS, or USSD.

The WAP architecture several modular entities together form a fully compliant Internet entity all WML content is accessed via HTTP 1.1 requests.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Converging With An XML World WAP is already prepared for convergence Understanding the “module” effect Content availability increases because less code is needed to render sites properly instead of re-writing whole sites

WAP complies with W3C’s recently approved XHTML standard WAP is Based on Internet standards including XML and IP WAP utilizes standard Internet markup language technology (XML)

WHY WAP ? Optimizing the content and airlink protocols The WML UI components map well onto existing mobile phone user interfaces no re-education of the end-users leveraging market penetration of mobile devices

WAP utilizes plain Web HTTP 1.1 servers leveraging existing development methodologies CGI, ASP, NSAPI, JAVA, Servlets, etc.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Why is HTTP/HTML not enough? Big pipe - small pipe syndrome Internet HTTP/HTML

<HTML> <HEAD> <TITLE>NNN Interactive</TITLE> <META HTTP-EQUIV="Refresh" CONTENT="1800, URL=/index.html"> </HEAD> <BODY BGCOLOR="#FFFFFF" BACKGROUND="/images/9607/bgbar5.gif" LINK="#0A3990" ALINK="#FF0000" VLINK="#FF0000" TEXT="000000" ONLOAD="if(parent.frames.length!=0)top.location='http ://nnn.com';"> <A NAME="#top"></A> <TABLE WIDTH=599 BORDER="0"> <TR ALIGN=LEFT> <TD WIDTH=117 VALIGN=TOP ALIGN=LEFT>

<HTML> <HEAD> <TITLE >NNN Intera ctive< /TITLE > <META HTTPEQUIV= "Refre sh" CONTEN T="180 0, URL=/i ndex.h tml">

Wireless network WAP

<WML> <CARD> <DO TYPE="ACCEPT"> <GO URL="/submit?Name=$N"/> </DO> Enter name: <INPUT TYPE="TEXT" KEY="N"/> </CARD> </WML>

Content encoding 010011 010011 110110 010011 011011 011101 010010 011010

Wireless Transport Protocols Wireless Session Protocol Wireless Transaction Protocol Wireless Datagram Protocol

100

Protocol Layers in WPG Wireless Session Service Access Point

Wireless Session Protocol Wireless Transaction Service Access Point

Wireless Transaction Protocol Transport Service Access Point (TSAP)

Wireless Datagram Protocol WCMP

Bearer Bearer Service Bearer Service C Service B A

Bearer Service D

Physical Layer Air Link Technology ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

101

WAP Transport Services WSP is the Session Layer Protocol WTP is the Transaction-Oriented protocol WDP is the Datagram protocol

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

102

WSP Overview Provides shared state between client and server used to optimize content transfer Provides semantics and mechanisms based on HTTP 1.1 Enhancements for WAE, wireless networks and “low-end” devices Compact encoding Push Efficient negotiation

103

HTTP 1.1 Basis Extensible request/reply methods Extensible request/reply headers Content typing Composite objects Asynchronous requests

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

104

Enhancements Beyond HTTP Binary header encoding Session headers Confirmed and non-confirmed data push Capability negotiation Suspend and resume Fully asynchronous requests Connectionless service

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

105

Why Not HTTP? Encoding not compact enough

No push facility

Inefficient capability negotiation

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

106

Header Encoding Defined compact binary encoding of headers, content type identifiers and other well-known textual or structured values Reduces the data actually sent over the network

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

107

Capabilities Capabilities are defined for: Message Size, client and server Protocol Options: Confirmed Push Facility, Push Facility, Session Suspend Facility, Acknowledgement headers Maximum Outstanding Requests Extended Methods Header Code Pages

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

108

Suspend and Resume

Server knows when client can accept a push Multi-bearer devices Dynamic addressing Allows the release of underlying bearer resources

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

109

Session Context and Push Push can take advantage of session headers

Server knows when client can accept a push

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

110

Push Push is under development Network-push of content Alerts or service indications Pre-caching of data

Goals: Extensibility and simplicity Build upon WAP 1.0 End-to-end solution Security User friendly

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

111

Connection And Connectionless Modes Connection-mode Long-lived communication Benefits of the session state Reliability

Connectionless Stateless applications No session creation overhead No reliability overhead

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

112

WSP Work-in-Progress Support for Quality of Service parameters Multicast data Ordered pipelining WSP Management entities Support for isochronous multimedia objects

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

113

Wireless Transaction Protocol (WTP) Purpose: Provide efficient request/reply based transport mechanism suitable for devices with limited resources over networks with low to medium bandwidth.

Advantages: Operator Perspective - Load more subscribers on the same network due to reduced bandwidth utilization. Individual User - Performance is improved and cost is reduced.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

114

WTP Services and Protocols WTP (Transaction) provides reliable data transfer based on request/reply paradigm no explicit connection setup or tear down data carried in first packet of protocol exchange seeks to reduce 3-way handshake on initial request supports

• • • • •

retransmission of lost packets selective-retransmission segmentation / re-assembly port number addressing (UDP ports numbers) flow control

message oriented (not stream) supports an Abort function for outstanding requests supports concatenation of PDUs

115

WTP Services and Protocols WTP uses the service primitives T-TRInvoke.req .cnf. .ind .res T-TRResult.req .cnf .ind .res T-Abort.req .ind

an example of a WTP protocol exchange Client Client T-TRInvoke.req

T-TRInvoke.cnf

(PDUs)

Invoke Ack

Server Server T-TRInvoke.ind T-TRInvoke.res

Result T-TRResult.req

T-TRResult.ind T-TRResult.res

Ack

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

T-TRResult.cnf

116

Wireless Datagram Protocol (WDP) Provide consistent interface to a fundamental transport service across all wireless bearer networks.

Provides a connectionless, unreliable datagram service.

WDP is adapted to each particular wireless network to provide the generic datagram transport.

The basic datagram service is fundamental to all wireless networks and makes it possible to utilize WAP everywhere.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

117

WDP Services and Protocols WDP (Datagram Protocol) provides a connection-less, unreliable datagram service WDP is replaced by UDP when used over an IP network layer. WDP over IP is UDP/IP

uses the Service Primitive T-UnitData.req .ind

Supports port number addressing Example: WDP is UDP when used over an IP network layer.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

118

WDP Services and Protocols Instead of a typical 64-Byte TCP packet containing 15-Bytes of payload, the WDP packet is compressed and will require approx. 20-Bytes of data in total to be transported to the mobile handset.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

119

Connection And Connectionless Modes Connection-mode Long-lived communication Benefits of the session state Reliability

Connectionless Stateless applications No session creation overhead No reliability overhead

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

120

Bearers Supported Bearers currently supported by WAP • GSM SMS, USSD, C-S Data, GPRS • IS-136 R-Data, C-S Data, Packet • CDMA SMS, C-S Data • PDC C-S Data, Packet • PHS C-S Data • CDPD • iDEN SMS, C-S Data, Packet • FLEX and ReFLEX • DataTAC

121

Service, Protocol, and Bearer Example WAP Over GSM Circuit-Switched Data WAP Proxy/Server

Mobile WAE WSP

IWF

ISP/RAS

WAE Apps on Other Servers WSP

WTP

UDP

IP PPP CSD-RF

PSTN Subnetwork Circuit

Subnetwork

PPP CSDRF

PSTN Circuit

RAS - Remote Access Server IWF - InterWorking Function

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

122

Service, Protocol, and Bearer Example WAP Over GSM Short Message Service (SMS) WAP Proxy/Server

Mobile WAE

WAE Apps on other servers

WSP

SMSC

WTP WDP SMS

WTP WDP

SMS

WDP Tunnel Protocol

Subnetwork

under development

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

123

WDP Work-in-Progress Definition of Wireless TCP via liaison with IETF PILC Working Group Over The Air Provisioning Cell Broadcast SMS-C standardized interface (WDP tunneling protocol) UDP Port number assignment from IANA

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

124

WAP Application Environment

(WAE)

125

WAP Application Environment WML and WMLScript Wireless Telephony Architecture Content Formats Push User Agent Profile

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

126

WAE Goals Network-neutral application environment; For narrowband wireless devices; With an Internet/WWW programming model; And a high degree of interoperability.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

127

WAE Requirements Leverage WSP and WTP Leverage Internet standard technology Device Independent Network Independent International Support

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

128

Requirements Vendor-controlled MMI Initial focus on phones Slow bearers Small memory Limited CPU Small screen Limited input model

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

129

WAE First Generation Architecture Application model Browser, Gateway, Content Server

WML Display language

WMLScript Scripting language

WTA Telephony services API and architecture

Content Formats Data exchange

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

130

WML Second Generation Extensions and enhancements Currently under development

User Agent Profiling Content customized for device

Push Model Network-initiated content delivery

Performance Enhancements Caching, etc.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

131

WAE Abstract Network Architecture

WSP/HTTP Request {URL}

Client

Gateway

Network Application

WSP/HTTP Reply {Content} ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

132

Network Example #1: WAP Gateway

Web Server

WAP Gateway

WML

WML Encoder WMLScript

WSP/WTP

WMLScript Compiler

HTTP

CGI Scripts etc.

WTAI

Protocol Adapters

Content

WML Decks with WML-Script

Client

Etc.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

133

Network Example #2: WAP Application Server

Client WML WMLScript WTAI

WML Encoder

WSP/WTP

WMLScript Compiler Protocol Adapters

Application Logic

Content

WML Decks with WML-Script

WAP Application Server

Etc.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

134

What is WML? WML stands for Wireless Markup Language Equivalent of HTML on wireless devices Requires very little bandwidth and processing power for data transfer Code interpreted by a browser built into a WAP device (micro browser) Content is accessed over the Internet using the same servers as web content Micro browsers have much more limited capabilities than browsers on PCs

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

135

WML Tag-based browsing language: Screen management (text, images) Data input (text, selection lists, etc.) Hyperlinks & navigation support

W3C XML-based language Inherits technology from HDML and HTML WML is XML (Subset of XML)

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

136

WML Card metaphor User interactions are split into cards Navigation occurs between cards

Explicit inter-card navigation model Hyperlinks UI Event handling History

State management and variables Reduce network traffic Results in better caching

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

137

All decks must contain... Document prologue XML & document type declaration

<WML> element Must contain one or more cards

<?xml version="1.0"?> <!DOCTYPE WML PUBLIC "-//WAPFORUM//DTD WML 1.0//EN" "http://www.wapforum.org/DTD/wml.xml"> <WML> ... </WML>

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

138

WML Example

Navigation

Variables

Input Elements

<WML> <CARD> <DO TYPE=“ACCEPT”> <GO URL=“#eCard”/> </DO Welcome! </CARD> <CARD NAME=“eCard”> <DO TYPE=“ACCEPT”> <GO URL=“/submit?N=$(N)&S=$(S)”/> </DO> Enter name: <INPUT KEY=“N”/> Choose speed: <SELECT KEY=“S”> <OPTION VALUE=“0”>Fast</OPTION> <OPTION VALUE=“1”>Slow</OPTION> <SELECT> </CARD> </WML>

Card

Deck

139

A Deck of Cards

<WML> <CARD> <DO TYPE="ACCEPT" LABEL="Next"> <GO URL="#card2"/> </DO> Acme Inc.<BR/>Directory </CARD> <CARD NAME="card2"> <DO TYPE="ACCEPT"> <GO URL="?send=$type"/> </DO> Services <SELECT KEY="type"> <OPTION VALUE="em">Email</OPTION> <OPTION VALUE="ph">Phone</OPTION> <OPTION VALUE="fx">Fax</OPTION> </SELECT> </CARD> </WML>

Acme Inc. Directory _____________ Next

Services 1>Email 2 Phone ____________ OK

140

Example: Input Activity

Back

First Name:

Last Name:

Jane_ ____________ Next

Doe_ ____________ Done

Query Deck

Accept Prev

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

141

Defining the Navigation Path <CARD> <DO TYPE="ACCEPT" LABEL="Next"> <GO URL="#card2"/> </DO> First name: <INPUT KEY="fname"/> </CARD> <CARD NAME="card2"> <DO TYPE="ACCEPT" LABEL="Done"> <GO URL="?get=person" METHOD="POST" POSTDATA="first=$fname&amp;last=$lname"/> </DO> Last name: <INPUT KEY="lname"/> </CARD>

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

142

The DO Element Binds a task to a user action Action type:

ACCEPT, OPTIONS, HELP PREV, DELETE, RESET

Label:

Text string or image (optional)

Task:

GO PREV, REFRESH, NOOP

Destination:

URL

Post data:

if METHOD=POST

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

143

Anchored Links

Bind a task to the ACCEPT action, when cursor points to a link TITLE= sets the label string (default = “Link”) Links are not allowed in select list options

<CARD> Please visit our <A TITLE="Visit"> <GO URL="home.wml"/>home page</A> for details. </CARD>

Please visit our home page for ____________ Visit

144

Task Binding Rules

User actions are scoped at three levels • Deck • Card • Anchored links & select list options (ACCEPT) When tasks are bound to an action at different levels, the action with narrower scope takes precedence

Default task bindings User Action ACCEPT, PREV Others

Task PREV NOOP

145

The TEMPLATE Element

Defines actions & events for all cards in a deck <WML> <TEMPLATE> <DO TYPE="OPTIONS" LABEL="Main"> <GO URL="main_menu.wml"/> </DO> </TEMPLATE> <CARD NAME="msg1"> <DO TYPE="ACCEPT" LABEL="Next"> <GO URL="#msg2"/> </DO> First story </CARD> <CARD NAME="msg2"> Second story </CARD> </WML>

First story … _____________ Next Main

Second story ... _____________ OK Main

146

Handling User Input Select lists Choose from a list of options

Input fields Enter a string of text or numbers

KEY variables Set by SELECT and INPUT elements How user input is passed to other cards and the application server

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

147

The SELECT Element Display a list of options Each option may set the KEY variable and/or bind a task to the ACCEPT key TITLE= dynamically sets the label string <CARD> <DO TYPE="ACCEPT" LABEL="View"> <GO URL="getcity.cgi?location=$city"/> </DO> Forecast <SELECT KEY="city"> <OPTION VALUE="ber">Berlin</OPTION> <OPTION VALUE="rom">Rome</OPTION> <OPTION TITLE="Find" ONCLICK="find.cgi">New </SELECT> </CARD>

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

Forecast 1 Berlin 2 Rome 3>New City ____________ Find City</OPTION>

148

Other SELECT Attributes

MULTIPLE="TRUE" Allows user to pick multiple items UP.Browser reserves soft key for item-picker Key value is a semicolon-separated list

DEFAULT=key_value Default KEY value, if one is not chosen Sets cursor to the default choice entry, if a corresponding OPTION / VALUE exists

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

149

A Long Select List <CARD> <DO TYPE="ACCEPT"> <GO URL="get_addr.cgi?id=$recid"/> </DO> Addr [1..9] <SELECT KEY="recid" MULTIPLE="TRUE" DEFAULT="1;3;5"> <OPTION VALUE="1">Neil</OPTION> <OPTION VALUE="2">Kurt</OPTION> <OPTION VALUE="3">Jim</OPTION> <OPTION VALUE="4">Natasha</OPTION> <OPTION VALUE="5">Liz</OPTION> <OPTION VALUE="6">Aneesh</OPTION> <OPTION VALUE="7">Jennifer</OPTION> <OPTION VALUE="8">Jesse</OPTION> <OPTION VALUE="9">Dawnell</OPTION> <OPTION ONCLICK="#card2">More...</OPTION> </SELECT> </CARD>

150

The INPUT Element Prompts user to enter a string of text Use FORMAT= to constrain input

UP.Browser reserves soft key for text entry mode, if necessary Soc. Security:

<CARD> <DO TYPE="ACCEPT"> <GO URL="?get=person" METHOD="POST" POSTDATA="userid=$ssn"/> </DO> Soc Security: <INPUT KEY="ssn" FORMAT="NNN\-NN\-NNNN"/> </CARD>

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

287-33- _ ____________ NUM Soc. Security: 287-33- 7629 ____________ OK

151

Other INPUT Attributes

DEFAULT=key_value Default KEY variable (displayed to user)

FORMAT=format_specifier If omitted, free-form entry is allowed

EMPTYOK="TRUE" Browser will accept null input, even with format

TYPE="PASSWORD" Special entry mode handled by the browser

MAXLENGTH=number Maximum number of allowed characters

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

152

FORMAT Control Characters

Numeric character

A, a

Alphabetic character

X, x

Numeric or alphabetic character

M, m

Any character

Leading backslash specifies forced characters Forced characters included in KEY variable value

Leading * specifies 0 or more characters Password:

FORMAT=“mmmm*m”

Leading number specifies 0..N characters Zipcode:

FORMAT=“NNNNN\-4N”

153

Displaying Images Insert app images or local icons within display text 1-bit BMP format

Images are ignored by non-bitmapped devices Check HTTP_ACCEPT for “image/bmp” <CARD> <DO TYPE="ACCEPT"> <GO URL="#c2"/> </DO> Continue <IMG LOCALSRC="righthand" ALT="forward..."/> </CARD> <CARD NAME="c2"> <IMG SRC="../images/logo.bmp" ALT="Unwired Planet"/> <BR/>Welcome! </CARD>

154

Special WML Characters

Use character entities in display text &quot; &amp; &apos; &lt; &gt; &nbsp; &shy;

" & ' < > Blank space Soft hyphen (discretionary line break)

Replace the “&” character in URL strings URL="query.cgi?first=$fname&amp;last=$lname"

Use “$$” to display a single “$” character

155

Doing more with WML

Setting card styles to create forms Using variables to cache user data Using card intrinsic events to trigger transparent tasks Using timers Securing WML decks Bookmarking decks

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

156

WMLScript Scripting language: Procedural logic, loops, conditionals, etc. Optimized for small-memory, small-cpu devices

Derived from JavaScriptâ&#x201E;˘ Integrated with WML Powerful extension mechanism Reduces overall network traffic

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

157

WMLScript Bytecode-based virtual machine Stack-oriented design ROM-able Designed for simple, low-impact implementation

Compiler in network Better network bandwidth use Better use of terminal memory/cpu.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

158

WMLScript Standard Libraries Lang - VM constants, general-purpose math functionality, etc. String - string processing functions URL - URL processing Browser - WML browser interface Dialog - simple user interface Float - floating point functions

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

159

WMLScript Example Uses Reduce network round-trips and enhance functionality. Field validation Check for formatting, input ranges, etc.

Device extensions Access device or vendor-specific API

Conditional logic Download intelligence into the device

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

160

WMLScript Example WMLScript is very similar to JavaScript Functions Variables Programming Constructs

161

WTA Tools for building telephony applications Designed primarily for: Network Operators / Carriers Equipment Vendors

Network security and reliability a major consideration

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

162

WTA WTA Browser Extensions added to standard WML/WMLScript browser Exposes additional API (WTAI)

WTAI includes: Call control Network text messaging Phone book interface Indicator control Event processing

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

163

WTA Network model for client/server interaction Event signaling Client requests to server

Security model: segregation Separate WTA browser Separate WTA port

WTAI available in WML & WMLScript

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

164

WTA Example Placing an outgoing call with WTAI:

WTAI Call Input Element

<WML> <CARD> <DO TYPE=“ACCEPT”> <GO URL=“wtai:cc/mc;$(N)”/> </DO> Enter phone number: <INPUT TYPE=“TEXT” KEY=“N”/> </CARD> </WML>

165

WTA Example

Placing an outgoing call with WTAI:

WTAI Call

function checkNumber(N) { if (Lang.isInt(N)) WTAI.makeCall(N); else Dialog.alert(“Bad phone number”); }

166

Content Formats Common interchange formats Promoting interoperability Formats: Business cards: IMC vCard standard Calendar: IMC vCalendar standard Images: WBMP (Wireless BitMaP) Compiled WML, WMLScript

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

167

New WAP Content Formats Newly defined formats: WML text and tokenized format WMLScript text and bytecode format WBMP image format

Binary format for size reduction Bytecodes/tokens for common values and operators Compressed headers Data compression (e.g. images)

General-purpose transport compression can still be applied

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

168

Content Format Example Example Use of an Image:

Image Element

<WML> <CARD> Hello World!<BR/> <IMG SRC=“/world.wbmp” ALT=“[Globe]” /> </CARD> </WML>

169

Push Push is under development Network-push of content Alerts or service indications Pre-caching of data

Goals: Extensibility and simplicity Build upon WAP 1.0 End-to-end solution Security User friendly

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

170

User Agent Profiles (UAProf) UAProf is under development Goal: content personalization, based upon: Device characteristics, user preferences Other profile information

Working with W3C on CC/PP RDF-based content format Describes “capability and profile” info

Efficient transport over wireless links, caching, etc.

171

WMLScript Example Uses Reduce network round-trips and enhance functionality. Field validation Check for formatting, input ranges, etc.

Device extensions Access device or vendor-specific API

Conditional logic Download intelligence into the device

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

172

WTA (WAP Telephony API) Tools for building telephony applications Designed primarily for: Network Operators / Carriers Equipment Vendors

Network security and reliability a major consideration

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

173

WTA WTA Browser Extensions added to standard WML/WMLScript browser Exposes additional API (WTAI)

WTAI includes: Call control Network text messaging Phone book interface Indicator control Event processing

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

174

WTA Network model for client/server interaction Event signaling Client requests to server

Security model: segregation Separate WTA browser Separate WTA port

WTAI available in WML & WMLScript

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

175

WTA Example Placing an outgoing call with WTAI:

WTAI Call Input Element

<WML> <CARD> <DO TYPE=“ACCEPT”> <GO URL=“wtai:cc/mc;$(N)”/> </DO> Enter phone number: <INPUT TYPE=“TEXT” KEY=“N”/> </CARD> </WML>

176

WTA Example

Placing an outgoing call with WTAI:

WTAI Call

function checkNumber(N) { if (Lang.isInt(N)) WTAI.makeCall(N); else Dialog.alert(“Bad phone number”); }

177

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

178

New WAP Content Formats Newly defined formats: WML text and tokenized format WMLScript text and bytecode format WBMP image format

Binary format for size reduction Bytecodes/tokens for common values and operators Compressed headers Data compression (e.g. images)

General-purpose transport compression can still be applied

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

179

Content Format Example Example Use of an Image:

Image Element

<WML> <CARD> Hello World!<BR/> <IMG SRC=“/world.wbmp” ALT=“[Globe]” /> </CARD> </WML>

180

WAP Development for Handheld Devices

181

WAP - Advantages Universal middleware (networks rolling out worldwide, with initial takeup in corporate accounts) Common communications protocol and applications interface -- can be used across a variety of wireless networks, operating systems, and handheld devices Accelerator for mobile data -- greater variety of System Integrators (SIâ&#x20AC;&#x2122;s) and VARs now entering marketplace

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

182

WAP - Disadvantages Limited functionality in 1.1 (particularly personalisation and localisation) Proprietary browsers (Nokia, Ericsson, other) Poor graphics capability (WBMP) Little processing capabilities (WMLScript is subset of Java Script) No end-to-end security (gateway must be trusted)

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

183

WAP Limitations WAP runs across phones, PDAs, PCs, etc Info. often limited to few lines of text plus cascading menus Cannot offer end to end security Ideal for simple look up applications on 1/4 VGA devices and below

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

184

Key Corporate Considerations Synchronisation - identical versions of applications & data maintained on multiple devices Connection to data sources - shop, customer information, pricing (including legacy systems) User interface on device - WAP enabled ‘Smartphones’ and handheld devices may lower training requirements Performance - call set up, speed of access, coverage, recovery from lost connections Support for management of databases Level of security required - needs to be end to end for financial transactions

185

Why Develop WAP Games? Better environment than SMS Links & Lists make for better UI Not limited to 160 characters Can rely on image-display capability Latency issues not as brutal

Main Format for Games in North America and acceptable in Europe

Functional business model ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

186

Game Session Should Take < 10 Minutes If They’ve Got More Time, They’ll Find a Real Game Machine

Can Mean: Short Game Saved Gamestate Playable in 5 Minute Chunks

187

Think COLS, not Internet Entering URLs is a Pain in the Ass People stick with the carrier’s navigational hierarchy

People Pay—the Carriers, Not You Like the old Commercial Online Services Need a deal to gain access to customers… Customers funnelled to you Share revenue with the carrier

188

WAP Is Inconsistently Implemented

Inconsistent Browser Behavior Test for Nokia, Ericsson, OpenWave Use URL Links, not Select Lists Avoid Soft Buttons & Tables

Cookies Not Always Available Use URL Encoding

User Timers, Not Push Forget about WTAI & WMLScript ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

189

Latency of 1-2 Seconds Unlike SMS (can be 1 min +)

Multiple Interactions Within a Session Each can be of modest importance

Forget Twitch Games

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

190

Network Not Reliable Handle Drops Gracefully Design so Player Disappearance Doesn’t Matter AI Take-Over Allow Player Re-Entry Stand-bys?

Allow Reentry Without Data Inconsistency Time-Outs on Decks

191

Decks Must be < 1.4k Well, it’s better than SMS Unlike HTTP, Text & Images Sent as a Single Request

HTTP > WTP Encoding Includes Compression

192

Dealing with 1.4k Limit

Write Tersely

Use Graphics Sparely Make Animations Separate Deck with timer to autoload next deck

193

Evolution of WAP Near-Term: WMLScript WTAI (Wireless Telephony Application Interface)

WAP 2.0: Supports HTTP & TCP/IP XHTML (Mobile Profile) Cascading Stylesheets Local persistent storage MMS Integration

WAP likely to no longer be the main event ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

194

A Web Browser for Mobile Phones? Shared Web Features information sources addressed by the URL information can be anywhere in hyperspace information source appears similar to hypertext dynamically generated information is available

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

195

What do WAP Applications Use WAP Transport Layer WAP Mark-Up Language WAP Script

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

196

WAP Limits Very slow data communications Screen small black and white only text and icons only

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

197

WAP Vision Access to public information Multi layer indexes controlled by network operator Visit other addresses by keying in URL Service provider interprets and converts web information for WAP use

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

198

Application Features The application must be stored in the SIM transfer to RAM to run be written in WAP Script provide the user interface include security include validation accept personalisation

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

199

Storing WML and WAP Script All applications are pages of mark-up language or script Need to be able to temporarily store test edit permanently store on SIM

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

200

Progress Achieved a recommendation that all terminals should have adequate RAM

Yet to be achieved terminals with a development software interface terminals with program storage

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

201

Wireless Internet WANs WAP, i-mode & J2ME

202

The WAP Architecture

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

203

Wireless Internet WAN PROTOCOL USA CDPD, Mobitex, DataTAC, GSM

HDML & WML Handheld Dynamic Markup Language

Europe WAP (GSM)

Japan i-mode (PDC-P)

Any Network

PRESENTATION WML Wireless Markup Language

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

cHTML

J2ME MIDlet GUI Components

Compact Hypertext Markup Language

204

The Wireless World Today i-mode: 60% of the world's wireless internet users WAP: 39% of the world's wireless internet users Palm: 1% of the world's wireless internet users

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

205

WAP WAP Forum alliance of carriers & handset manufacturers, promising uniformity of deployment WML Derived from Phone.comâ&#x20AC;&#x2122;s HDML WML is an XML language WAP incorporates its own scripting language and security stack Optimized for network constraints WAP in USA & Europe is far more limited than WAP in Japan

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

206

i-mode A presentation language, a protocol, and a carrier all in one NTT has a near monopoly Packet Network â&#x20AC;&#x201C; 9.6kbs [64-384kbs begin 10/01], always on Devices are RIGIDLY enforced to i-mode specs NTT sets the standards, the handset manufacturers comply Guaranteed 16 chars [8 double-byte chars] by 6 lines

Phones have an IP stack, and most offer SSL / TLS support

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

207

J2ME J2SE J2EE The smallest of the Java continuum Targeting mobile devices, runtime of equivalent size to WAP 2.0 / imode 3.0 browser stacks MIDlets installed via a Palm-like synchronization Over the air install in October - Nextel

MIDlets offer persistence, offline use Licensing of J2ME requires passing compatibility test suite (Motorola, Nokia, RIM, etc.) Watch Nextel, Cingular, and Sprint

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

208

WAP Pros 2nd largest global penetration to end users, ubiquity in Europe, not USA Carrier and handset independent 500 members in WAPforum

Provides light-weight scripting language Committed to move toward XHTML-basic in v. 2.0

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

209

WAP Cons Geoworks Patent – all providers must currently pay royalties Gateway required transcoding occurs, unpredictably between vendors Difficult debugging, browser & server implementations vary Security hole between WAP and Web [fixed in WAP 2.0 in Q3/01] 1k page size, nominal graphics, no color [except Japan!] Language not open No W3C spec Language not consistently implemented – especially USA Existing HTML sites must be rewritten, code optimized per device

210

i-mode: Pros Real Business Model for 3rd Party Application Providers Packet Network means push and pull, today Moving to XHTML-Basic in i-mode 3.0, Q2/01 Large 5k per page capability (<2K recommended) Color support, animated GIF support on 502i color models Gateway / Security / VPN– network gateway required, https supported

–

I-Appli supports MIDlets, full HTTPS support, 5M!!!! Strongest WW penetration – 25.9 million subscribers, 30,000+ sites

–

Location-aware today [i-area]

–

Language is scaleable: HTML/cHTML use existing web-based tools.

211

i-mode: Cons Controlled by a single corporation i-mode is only by NTT DoCoMo roaming now in Africa/EC/ AT&T,etc. No scripting language like WMLScript i-mode email limited to 500 bytes cHTML is a proposed W3C standard, but really controlled by i-mode

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

212

J2ME Pros: Security Supports HTTPS protocol for e2e security – Nextel/DoCoMo

No gateways Lower costs, simpler testing and more…

MIDlet GUI offers uniform behavior across devices Adopted by handset manufacturers and carriers globally MIDlet GUI components familiar to Swing developers ©2001-2009, Aurangzeb Bhatti, Digital Learning Institute

213

J2ME Cons: Nominal penetration: 5M devices released since 02/01 Existing HTML sites/solutions must be re-written [same as WAP] Extremely limited GUI components [2 elements: text and graphics] Installation overhead Over the air in future, available in Japan, USA and Europe today (as a pilot)

Requires different UI designer; HTML designers add little value in developing presentations Technology is early, many missteps Sony, NEC & crew have recalled > 1M ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

214

Comparing and Contrasting the APIs One Sample app 4 presentations [HTML, cHTML, WAP, J2ME] Server side code handles the database access Easily extensible to your own types of query based applications

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

215

Simple Tutorial – An Address Book Easily extensible for other needs Local restaurants [query by city & type] Local movies [query by city & time] Your UPS package [query by name & ID]

Sample Application Phone Book – retrieve contact information Supports 4 client types HTML – web browser WML – WAP phone cHTML – i-mode phone XML – J2ME client application

Demonstrates how device independence is implemented Assumes you’re adding a J2ME client to an existing application

216

High Level Address Book Architecture

Web PC

cHTML

User Interface: HTML Resident Software: Browser

HTML

WML Gateway

J2ME Device XML

User Interface: J2ME GUI components Resident Software: KVM, MIDlet (which embeds kXML)

Enhydra Application Server A Servlet with Presentation/Business/Data layers HP-UX, NT, Linux, e3000 JDBC

InstantDB ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

217

Enhydra XMLC™ - What is it? An Open Source development tool A member of the Enhydra Open Source family of technologies A methodology for… generating content (e.g., HTML, WML, J2ME) dynamically from Java leveraging XML to build easy to maintain Web application presentations. building device-independent application presentations Building presentations that can be reworked without modifications to Java code

A portable presentation technology (e.g., Enhydra, BEA)

218

About XMLC Open Source alternative to JSP A push strategy: dynamic content is pushed into a DOM, rather than pulled in by a JSP tag http://xmlc.enhydra.org Book: Enhydra XMLC for Java Presentations

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

219

Enhydra XMLC Key Elements XML – more than just data transport Defined by W3C Foundation for evolving standards, e.g. VoiceXML, WML, XHTML, CML)

DOM – Document Object Model Defined by W3C How a program represents an XML/HTML document in memory A hierarchical representation of an XML/HTML document as represented in a software programming language, e.g. Java Library for traversing, pruning, accessing portions of the DOM “tree”

220

Enhydra XMLC Key Elements XML Parser (from Apache Xerces Project) Parses an XML text file, turning the results into a Java DOM tree in memory.

CSS ID attributes Used to “tag” elements targeted for dynamic content. And for eliminating need to write lots of tree traversal logic

221

Sample Application Structure

Unlike HTML & WML clients, J2ME clients receive XML data streams from the application server. The XML is parsed by kXML, and displayed using the MIDP GUI components

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

222

Presentation Tier PoBoDo Detects incoming client type Requires the developer to create unique presentations for each presentation technology WML cHTML HTML J2ME/MIDP

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

223

Business Tier

BoDo

Focus on business logic at this level Decision making processes happen here. Main workflow is clear in this layer. The ‘meat’ of the application

Resist temptation to put any presentation or data specific code into this layer.

224

Four Aspects For Device Independence 1. Device specific templates. 2. Common XMLC API. 3. Template selection mechanism. 4. Generic DOM template manipulation.

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

225

XMLC Key Elements XML – more than just portable data Defined by W3C Foundation for evolving standards, e.g. XHTML, VXML, WML, CML)

DOM – Document Object Model Defined by W3C How a program stores an XML/HTML document in memory A hierarchical representation of an XML/HTML document as represented in a software programming language, e.g. Java Library for traversing, pruning, accessing portions of the DOM “tree”

XML Parser (from Apache Xerces Project) Translating an XML text file into a Java DOM tree in memory.

226

kXML.enhydra.org HttpConnection conn = (HttpConnection) Connector.open (URL); XmlReader parser = new XmlReader ( new InputStreamReader (conn.openInputStraem())); … while (parser.skip() != Xml.END_TAG) { parser.require(Xml.START_TAG, null, null); String name = parser.getName(); parser.next(); String text = parser.readText(); if (name.equals(“title”)) title = text; parser.require (Xml.END_TAG, null, name); } ©2001-2009, Aurangzeb Bhatti, Digital Learning Institute

227

HTML & WAP Device Specific Templates <p id="person">

HTML

<b><span id="name">John Doe</span></b><br> <b>Position: </b><span id="position">President</span><br> <b>Phone: </b><span id="phone">111.2222</span><br> <b>Fax: </b><span id="fax">222.3333</span><br>

WML

</p> <card id="indexTemplate" title="Details"> <p id="person"> <b><em id="name">John Doe</em></b><br /> <b>Position: </b><em id="position">President</em><br /> <b>Phone: </b><em id="phone">111.2222</em><br /> <b>Fax: </b><em id="fax">222.3333</em><br /> </p> </card>

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

228

J2ME Device Specific Template XML - Details.xml

sample.dtd

...

<!ELEMENT Person (Name, Phone, Position, Fax)>

<!ATTLIST Person id ID #IMPLIED>

<Phone id='phone'>111.2222</Phone> <Position id='position'>President</Position>

<!ELEMENT Name (#PCDATA)> <!ATTLIST Name id ID #IMPLIED>

<!ELEMENT Phone (#PCDATA)> <!ATTLIST Phone id ID #IMPLIED>

<!ELEMENT Position (#PCDATA)> <!ATTLIST Position id ID #IMPLIED>

<!ELEMENT Fax (#PCDATA)> <!ATTLIST Fax id ID #IMPLIED>

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

229

J2ME HTTPConnection /** * Retrieves the contact information for a particular person */ public Person getDetails(String oid) throws IOException { HttpConnection con = null; InputStream in = null; Document document = null;

try { StringBuffer detailsURL = new StringBuffer(DETAILS_SERVICE); detailsURL.append("?id="); detailsURL.append(oid);

con = (HttpConnection) Connector.open(detailsURL.toString(), Connector.READ, true); con.setRequestMethod(HttpConnection.GET); con.setRequestProperty("Accept", "text/xml"); con.setRequestProperty("Content-Language", "en-US"); in = con.openInputStream(); ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

230

J2ME GUI for Details.java /** * Builds the screen with the information of a particular Person. */ private void buildPersonInfo(Object person) { if (size() != 0) { clearScreen(); }

Person p = (Person) person; setTitle(p.getName()); append("Phone: " + p.getPhone(), null); append("Position: " + p.getPosition(), null); append("Fax: " + p.getFax(), null); }

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

231

WAP Security WTLS Services & Characteristics

232

WSG Work Area Provide mechanisms for secure transfer of content, to allow for applications needing privacy, identification, verified message integrity and non-repudiation Transport level security is WTLS, based on SSL and TLS from the Internet community Working on various mechanisms for improved end-to-end security and application-level security

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

233

WTLS Services and Characteristics Specifies a framework for secure connections, using protocol elements from common Internet security protocols like SSL and TLS. Provides security facilities for encryption, strong authentication, integrity, and key management Compliance with regulations on the use of cryptographic algorithms and key lengths in different countries Provides end-to-end security between protocol end points

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

234

WTLS Services and Characteristics Provides connection security for two communicating applications privacy (encryption) data integrity (MACs) authentication (public-key and symmetric)

Lightweight and efficient protocol with respect to bandwidth, memory and processing power Employs special adapted mechanisms for wireless usage Long lived secure sessions Optimised handshake procedures Provides simple data reliability for operation over datagram bearers

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

235

Goals and Requirements for WTLS Interoperable protocols Scalability to allow large scale application deployment First class security level Support for public-key certificates Support for WAP transport protocols

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

236

WTLS Internal Architecture

Transaction Protocol (WTP)

WTLS

Handshake Protocol

Alert Protocol

Application Protocol

Change Cipher Spec Protocol

Record Protocol Record protocol

Datagram Protocol (WDP/UDP)

Bearer networks

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

237

Current Work Items Improved support for end-to-end security Various mechanisms under consideration for extending WTLS protocol endpoint beyond WAP Gateway Introduction of application level mechanisms for encryption and signing, which will be interoperable between WAP and the Internet world

Integrating Smart Cards for security functions Wireless Identity Module specification will integrate Smart Cards into the security framework of WAP Uses Smart Card for storage of security parameters, as well as performing security functions

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

238

Current Work Items Providing a scalable framework for Client Identification Public Key Infrastructure for provisioning and management of certificates Simpler mechanisms for clients that do not support certificates

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

239

Services and Protocols Provide reliable data transfer based on request/reply paradigm No explicit connection setup or tear down Data carried in first packet of protocol exchange Seeks to reduce 3-way handshake on initial request Supports port number addressing Message oriented (not stream) Supports an Abort function for outstanding requests Supports concatenation of PDUs User acknowledgement or Stack acknowledgement option acks may be forced from the WTP user (upper layer) default is stack ack ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

240

Classes of Operation WTP Classes of Service Class 0 Unconfirmed Invoke message with no Result message a datagram that can be sent within the context of an existing WSP (Session) connection

Class 1 Confirmed Invoke message with no Result message used for data push, where no response from the destination is expected

Class 2 Confirmed Invoke message with one confirmed Result message a single request produces a single reply

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

241

WTP Ongoing Work Items Define a connection oriented protocol (IETF) Bearer selection/switching Management entity definition (functions and interface) Protocol verification (reference implementation) Quality of service definitions

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

242

WAP End-to-end security the problems and the solutions

243

End-to-End Security with WAP

Wireless terminal

WAP server

Privacy – encryption

Integrity – hashing (cryptographic check-sums)

Authentication – client and server certificates (WTLS class 2 and 3)

244

Security – Threat Models

Eavesdropping Passive recording of data

Impersonation, ”Trojan horse” Attacker creates a ”ghost” WAPapplication to record sensitive information

Man-in-the-middle Intercepts and replaces information

245

What is true end-to-end security – WAP Gateway scenarios 1. Operator hosted WAP gateway

The classic configuration with a WAP gateway located at the operator’s site. There are several obvious security problems with this solution:

no way for the web server to require that the phone use the security protocol WTLS

anyone with access to the Internet can make requests to the web server

all data is always decrypted at the gateway

246

WAP Gateway scenarios 2. Corporate operated WAP gateway

To host the WAP gateway at the corporate premises is the natural next step to try to increase the security.

slightly increases server side security

communication security between gateway and web server still has to be trusted in ”blind” by client

considerably easier for those with physical access to the WAP gateway or the computer network to monitor or modify WAP traffic

247

WAP Gateway scenarios 3a. Proprietary WAP server

A WAP server communicates directly with the WAP phone without a gateway. A WAP server may be used to achieve end-to-end security.

proprietary solutions (e.g. Nokia)

require additional training to handle configuration, support and application development

often used as gateways connecting real web servers -> non-secure ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

248

WAP Gateway scenarios 3b. WAP server based on existing web server

The WAP-stack is built into or integrated with an existing webserver, e.g. Microsoft IIS or Netscape I-Planet. This solution combines the best of two worlds.

maximum ease of use and minimal administration

support and application base of an industry strength web server

end-to-end security of a WAP server

WAP Security Connector ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

249

When is security important and what information needs to be protected? This a question that can only be answered by each organization Firewall

Internet

Corporate network

GSM Mail GPRS

ISP

Databases WAP Security Connector

UMTS

ERP

Intranet

WAP with WTLS Class 3

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

250

Examining Consumer vs. Corporate security Consumer

Corporate

•Transactions, eBusiness

•Access to corporate data

•Integrity

•Device can be standardized

•No control of device

PUBLIC NETWORKS Public services:

Corporate services:

Banking

Mail, calendar, contacts

Stock trading

Surveillance

Gambling

ERP systems

Purchasing

Decision support

Reservations, bookings

File systems

LAN 251

Can WTLS take the weight

WAP Forum has specified implementation of WTLS in different classes

Class 1 Encryption

Class 2 Encryption + server certificate

Class 3 Encryption + client/server certificates

WTLS can take the weight especially when creating corporate security ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

252

WAP Security â&#x20AC;&#x201C; Certificates

A certificate holds someones identity

Root (CA) certificates Downloaded to WAP device (or pre-installed) Represents a trusted third-party Same in web world

Server- and client certificates A trusted third-party (CA) validates and signs the certificate Examples of CA companies: VeriSign, Entrust and Baltimore ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

253

Conclusion The Wireless Industry has chosen the WAP Standard because it is: An open industry-established world standard Based on Internet standards including XML and IP Committed to by handset manufacturers representing over 90% of the world market across all technologies Supported by network operators representing 100 Million subscribers

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

254

Conclusion WAP is not a “Product” nor a “Service” WAP is an “enabling technology” that overcomes current constraints in the delivery of Time-Critical Information to mobile users WAP is an innovative and exciting technology WAP is a market opportunity !

255

WAP URLs WAP Forum: www.wapforum.org OpenWave SDK (includes emulator): http://developer.openwave.com/download/ Nokia WAP emulator: http://www.forum.nokia.com/wapforum/nokiasim _new.html Ericsson WAP emulator: http://www.ericsson.com/mobilityworld/sub/open /technologies/wap/tools.html

ÂŠ2001-2009, Aurangzeb Bhatti, Digital Learning Institute

256

Questions & Answers