cmsc 691a/491 midterm review lecture. ec objectives increasing the speed and efficiency of business...
TRANSCRIPT
CMSC 691A/491
Midterm Review Lecture
EC Objectives
• Increasing the speed and efficiency of business
transactions and processes and improving
customer relationships and services• Business can implement new sales and marketing through
the use of WWW• The WWW provides electronic means for organizations to
display materials such as product catalogs, price lists, …• Internet security issues are resolved, businesses are selling
more and more product online, direct to their customers
Categories of ECommerce
• B2B
• B2C
• B2G
EC Models
• E Shop• E Procurement• E Auction• E Mall• 3rd Party Market Place• Virtual Communities• Value chain Providers/Integrators• Collaboration Platform• Information Brokers• ASP• Banking/Financial services
E-Commerce Infrastructure
• Network• Machines• Protocols• Security• Payment
E-Commerce Process
• Buyers and sellers find each other– Communication (via Networking, the Internet,
Core Java and Web-Based Information Architectures)
– Human-Computer Interaction, Multimedia– Intermediaries
• Negotiation– Electronic Negotiation, Intelligent agents– Foundations of Electronic Marketplaces
E-Commerce Process (cont’d)
• Transaction
– Transaction processing, Databases
– Electronic Payment Systems,
– Computer Security,
– E-Commerce Architecture
• Order fulfillment
– Manufacture (manufacturing systems)
– Delivery (tracking systems)
– Supply Chain Management
Access Security
• Access control– authorization / authentication / identity verification
• Authentication– passwords– smart card– biometrics– GPS
• Network protection, firewalls, proxy servers• Intrusion detection• Denial of service (DOS) attacks• Viruses, worms
Cryptographic Security
• Secrecy– information cannot be used if intercepted
• Integrity– data cannot be altered
• Non-repudiation– sender cannot deny sending
• Cryptography– symmetric encryption (DES)– public key cryptosystems (RSA)– digital signatures, digital certificates– public key infrastructure (PKI)
World Wide Web
• WWW is an application of the Internet.• Evolving system for publishing and accessing
resources and services across the Internet.– Open system: can be extended and implemented in new
ways without disturbing its existing functionality;– Moved beyond simple data resources to encompass
services, like electronic purchasing of goods.
HTML
• HyperText Markup Language.• Used to specify the text and images that make up
the contents of a web page, and to specify how they are formatted for presentation to the user.
• The set of markups (tags) is fixed.
Document Structure• Document Structure
– <HTML> This surrounds the entire document and lets the browser know what language is being used (<SGML> might also be used)
– <HEAD> This surrounds the header portion of the document. Title is within the head as well.
– <TITLE> The title of the document as shown in the title bar of the WWW browser.
– <BODY> The main body of the document
Example <HTML>
<HEAD>
<TITLE> Title of Page </TITLE>
The Header of the document.
</HEAD>
<BODY>
The Main body of the document
</BODY>
</HTML>
HTTP• HyperText Transfer Protocol.
– Request-reply protocol.
• main method of transfer used by Web protocols to transfer data between a server and client.
• understands URLs.
• intended for hypertext/hypermedia environments.
• Stateless– Cookies –later.
HTTP Cookies
• HTTP designed to be stateless• Web sites want to save client associated session
information• Solution: cookies
– small amounts of data save by the Web server and retrieved later from the client system;
– normally used by CGI and related server-side code.
Downloaded code• Web design requires service-related code to run
inside the browser– at the user’s computer.
• Solution: Scripting– added to HTML documents;– expands static HTML to include client-side
interactivity;– inserted into HTML document using script language
tag.
Mobile Code• Downloaded code is a subset of mobile code.• Code that can be sent from one computer to
another;– e.g., Java applets.
• The advantage of running downloaded code is network delay avoidance during interactions.
• Potential security threat to the local resources.
Scripting Languages: JavaScript• A scripting language developed by Netscape to
enable Web authors to design interactive sites. • Developed independently from Java. • Can interact with HTML source code, enabling
Web authors introduce dynamic content. • It is supported by recent browsers from Netscape
and Microsoft,– Internet Explorer supports only a subset, which
Microsoft calls JScript.
Scripting Languages: VBScript• Microsoft proprietary scripting language
– operations identical to JavaScript/JScript;– syntax familiar to Visual Basic users;– grew out of Visual Basic.
• Visual Basic is component-based:– a program is built by placing components onto a
form;– then using VB to link them together.
The Common Gateway Interface : CGI
• Static pages– same each time visited unless the file is modified on the server.
• Many WWW sites are dynamic, i.e., the contents change each time we visit.
• Need to search, fill out questionnaires, order things from catalogs. – Need two pieces:
• HTML language to create Forms • Common Gateway Interface (CGI) to process the forms.
• CGI is a way to pass information from a WWW browser to a program for further processing
Java applets• Stored on server, downloaded by web client using
HTTP.• Applets need to be embedded in another
application, normally an HTML document and run by a Java-enabled Web browser.
• Applets have a restricted security context, cannot access the client’s system, and can talk only with the server that hosted it.– http://java.sun.com/sfaq/
Java Servlets• An applet that runs on a server
– runs within a Web server environment.;
– analogous to a Java applet that runs within a Web browser environment.
• Java servlets are becoming increasingly popular as an alternative to CGI programs.
Java Servlets vs CGI• A Java applet is persistent;
– once it is started, it stays in memory and can fulfill multiple requests.
• A CGI program disappears once it has fulfilled a request.
• The persistence of Java applets makes them faster– Don’t need to initiate a new process for each request.
Extensible Markup Language (XML)
• A means for defining tags to encapsulate information.
• A subset of SGML;
• Provides syntactic interoperability:– Need to know the price – look inside the <price> tag.
• Still lacking semantic interoperability– How do I know that you and I mean the same thing by price?
• Semantic Web
WAP• Wireless Application Protocol• “An open, global specification that empowers mobile
users with wireless devices to easily access and interact with information and services instantly.” - WAP Forum
• “The de facto worldwide standard for providing Internet communications and advanced telephony services on digital mobile phones, pagers, personal digital assistants and other wireless terminals.”
- WAP Forum (www.wapforum.org)
Why is WAP needed?
• Traditional internet protocols (HTML, HTTP, TCP, etc.) and their security mechanisms (TLS) are inefficient over mobile networks.
• Handheld devices tend to have less powerful CPUs, less memory and more restrictions on power consumption than desktops, so require special considerations.
• Handheld devices tend to use input devices other than keyboards (e.g. voice, keypad).
WML
• WAP Mark-up Language
• WML is an XML application.
• Also uses WMLScript, which is similar to JavaScript.
• Optimized for use with handheld devices.
• Minimal use of CPU and memory.
Internet and Network Security
• Types of Attacks on Internet– Break-ins: Unauthorized attempts to gain access to a
secure system– Denial of service: A legitimate user is denied access to a
service (e.g. Flooding a WWW server with requests)– Bombs: Large email messages or other large data intended
to overwhelm and possibly weaken a system.– Eavesdropping - Listening in on an electronic
conversation. Perhaps with intent to gather information for a future break-in.
– Viruses.
Firewall• Monitors and controls all the traffic into and out of an intranet.• Firewall security policy
– Service control: determine which services are available for external access and reject all other requests;
• Levels of filtering: IP, TCP.• Example: reject HTTP request unless they are directed to the
official website.
– Behavioral control: prevent behavior that infringes organization policies;
• Levels of filtering: IP, TCP, application; • Example: filtering of ‘spam’ e-mail.
– User control: discriminate between users’ privileges;• Example: management of dial-up provided for off-site users.
Filtering levels• IP packet filtering
– Decisions made based on the destination and the source IP addresses, the service type field in the IP header, port numbers in TCP/UDP headers.
– Example: prohibition of external access to NFS servers.– Performed by a process within the operating system kernel
of a router.
• TCP Gateway– A TCP Gateway process checks TCP connection requests
and segment transmission for correctness.– Example: Denial-of-service attack prevention.
Filtering levels (cont’d)
• Application-level gateway– An application-level gateway process acts as a proxy for an
application process.– Example: a Telnet proxy. All telnet requests are routed
through the proxy process for approval.
• A firewall is a combination of several processes working at different protocol levels running on more than one machine (for fault-tolerance).
Two overall (mutually exclusive) policies: – Anything not explicitly denied is allowed. – Anything not explicitly allowed is denied.
Virtual Private Networks
• Suppose a company wants to connect the intranets of its 5 offices.– One option is to lease a private line.– Another is to connect through the internet.
• But then everything is open.
– The solution is to use encryption schemes to establish secure tunnels through the internet.
– Such a set-up is called a virtual private network.
Directory and Discovery Services• Directory service: A service that stores collections of
bindings between names and attributes and that looks up entries that match attribute-based specifications.– Example: MS Active Directory Service, UNIX X.500, etc.
• Discovery service: a directory service that registers the services in a spontaneous networking environment.– Provides an interface for automatically registering and de-
registering services (fax machines, printers, etc.).– Provides a lookup interface for mobile devices– Example: Jini
Jini
• A system designed for spontaneous networking.• Java-based: assumes that JVMs run on all of the
computers, allowing them to communicate through RMI (remote method invocation, a flavor of interprocess communication in an object-oriented environment).
• Provides facilities for service discovery, transactions and shared data spaces called JavaSpaces.
What is a Database
• A system that stores data
• “persistent” – Exists beyond the immediate use
• Centralized storage
• Single or multiple users
Advantages
• Reduces redundancy • Reduces inconsistency • Shared• Data representation standards can be enforced• Enables security restrictions • Integrity maintained
– Valid cross references between records
• Allows data-independent applications– Applications ignorant of how data is stored
Categories of Data Models
• High-level or conceptual– entities, attributes, relationships
• Representational or implementation or logical– relational, network hierarchical, object-
oriented, object-relational
• Physical or low-level– data storage
3-schema Architecture
• Physical level description of a database:– how things are stored on disk:
• files, record structures,
• indices,
• data structures for disk blocks,
• methodology for dealing with too long records, etc.
• Conceptual level description of a database– The description of application data (its schema) using
one of the traditional data models.
3-Schema Architecture (cont'd)
• View-level description of a database– What users of a particular application see
• their own customized schema, e.g., for payroll, for the ticket agent, for a simulation program.
• Multiple levels – helps with data independence;– helps with maintenance.
• Many views, single logical and physical schema.• Levels of abstraction give data independence.
The Entity-Relational Model
• Entity: a distinguishable object.• Entity set: a set of entities all of the same type.• Attribute: a single property of an entity;
– simple vs composite; – single-valued vs multi-valued; – stored vs derived; – null values.
• Domain: set of values permitted for that attribute.
The E-R Model (cont’d)
• Relationship: an association between two or more entities.
• Relationship set: a set of relationships all of the same type
• There is no correct schema for a batch of data. Which schema is best depends on the application.
• Many basic data modelling choices depend on an understanding of the application.
Data Model
• Data model: notation for describing data, plus a set of operations used to manipulate that data.– a set of primitives for defining the structure of a
DB;– a set of operations for specifying the retrievals
and updates on a DB;– relational, hierarchical, network, object-oriented.
The Relational Model (Codd 1970)
• The relational data model is the most important data model currently existing.
• Value-oriented, i.e., allows operations on relations whose results are relations, thus enables to combine operations.– As opposed to object-oriented models, in which
• Operations cannot be applied to the result of other operations;
• The result of an operation may be a new data type, and operations may not be available for this type.
Domain and Relation
• A domain is a set of atomic values.• A relation is a finite subset of the Cartesian
product of a finite list of domains;– relation is a set of tuples;
– order of tuples is irrelevant and
– no relation has 2 identical tuples;
– each tuple value is atomic• no composite attributes;
• no multi-valued attributes.
How a user interacts with a Web Database
• In a Web browser, a user submits a request to the Web server.
• The Web server passes it onto the middleware
• The middleware writes the request in SQL queries and sends it to a back-end database.
• The data retrieved are handed back to the middleware
• The middleware generates a Web page for the data
• The Web server sends the Web page to the browser
• The browser displays the Web page in front of the user
Decision support systems for EC• DSS: help the knowledge worker (executive, manager,
analyst) make faster and better decisions• Data Warehousing: enables On-line analytical processing
(OLAP)– OLAP is a component of decision support system
• Data mining
– Extraction of interesting knowledge (rules, regularities, patterns, constraints) from data in large databases.
– Data mining is a powerful, high-performance data analysis tool for decision support.
Potential Applications of Data Warehousing and Mining in EC
• Analysis of user access patterns and buying patterns• Customer segmentation and target marketing• Improved Web advertisement• Personalization• Association (link) analysis• Customer classification and prediction• Time-series analysis • Typical event sequence and user behavior pattern
analysis• Transition and trend analysis
Multidimensional Data• Sales volume as a function of product, time, and geography
OLAP Servers
• Relational OLAP (ROLAP)
– Extended relational DBMS that maps operations on
multidimensional data to standard relations operations
• Multidimensional OLAP (MOLAP)
– Special purpose server that directly implements
multidimensional data and operations
• Hybrid OLAP (HOLAP)
– give users/system administrators freedom to select different
partitions.
OLAP Operations
• roll-up– aggregating on a specific dimension, I.e., summarize data– total sales volume last year by product category by region
• drill-down– also called roll down, drill through – inverse of roll-up, go from higher level summary to
lower level summary or detailed data– For a particular product category, find the detailed sales
data for each salesperson by date
OLAP Operations (cont’d) • slicing
– projecting data along a subset of dimensions with an equality selection of other dimensions
– Sales of beverages in the West for Jan 98
• dicing– similar to slicing except that instead of equality selection of
other dimensions, a range selection is used– Sales of beverages in the West over the last 6 months
• Pivot– reorient cube
Working definition of an agent
• “Agents are active, persistent (software) components that perceive, reason, act, and communicate”– Huhns and Singh, 1998
• “An agent is an entity whose state is viewed as consisting of mental components such as beliefs, capabilities, choices, and commitments. [sic] In this view, therefore, agenthood is in the mind of the programmer.”– Shoham, 1993
Agent Program• Inputs = observations
– Observations: states of the agent’s domain or environment
• Outputs = actions– Actions: Speak, Search, Move, Bid
Agent
( o1, o2, … ) ( a1, a2, … )
Basic Characteristics
• Delegation abilities: The owner or user of an agent delegates a task to the agent and the agent autonomously performs the task on behalf of the user.– An agent can decompose and/or delegate the
task to other agents;– Once the task is complete the agent may need
to report to the user/agent issuing the task.
Basic Characteristics (cont’d)• Agent communication languages and protocols:
information exchange with other agents establishes a need for expressive communication and negotiation language.– KQML (Knowledge Query and Manipulation Language);
• Used to allow information agents to assert interests in information services, advertise their own services, and explicitly delegate tasks and requests for assistance from other agents.
• Can be used for developing a variety of inter-agent communication protocols that enable information agents to collectively cooperate.
Basic Characteristics (cont’d)
• Self-representation abilities: the ability to express business and system aspects of its functionality, combine them into an application or implementation.– Self-describing, dynamic reconfigurable agents;
• Facilitate composition (specification and implementation) of large-scale (distributed) applications.