October 10-11-17, 2003. E-Business Infrastructure Herwig Mannaert Master in e-Business.

October 10-11-17, 2003.

E-BusinessInfrastructure

Herwig Mannaert

Master in e-Business

2Master in e-Business, October 10-11-17, 2003.

Cast4AllThe Content Conductor

Prologue

• The Internet

• The Applications

• The Convergence

• The Standards



The Internet

• Evolution:

Internal External

Sta

tic Intranet Internet

Dyn

am

ic

Intranet Extranet



The Applications

Enterprise AERP

SCM

CRM

Enterprise BERP

SCM

VirtualMarketplace

Enterprise Portals



The Applications

• Evolution:

Host

Deskto

p

ExternalInternal

Network

DSS,ERP CRM,SCM



The Convergence

• Evolution:

ExternalInternal

Network

DSS,ERP CRM,SCM

Dyn

am

ic

Intranet ExtranetAccess PortalsE-Marketplaces



The Standards

Web

PKI

Comp, Java

XML

TCP/IP



E-Business Infrastructure

• Data Interchange

• Web Architectures

• E-Trust Services

• Q&A




• Data Interchange– Network Architecture – The XML Data Model

• Web Architectures• E-Trust Services• Q&A



The Internet

• Network of networks• First: DARPA + NASA + NSF• Replaced by commercial ISPs• Ruled by peering agreements• Paying for potential traffic• Assigning IP addresses to computers• Backbone and access networks



The Internet

• Universal Resource Locator (URL):

http://www.cnn.com/2003/TECH/biztech/02/24/microsoft.htm

protocol domain name directory path filename

http://www.amazon.com/cgi-bin/view-basket&name=mannaert&first=herwig&...

protocol domain dir parametersapplication



The Internet

• Domain Name Service (DNS):

– Converts names in IP addresses – Worldwide distributed database– Hierarchical based on delegation– Resolver in operating system– Based on iteration– Example: elessar.ufsia.ac.be



The Internet

• Networking:

HTTP Get Request: URL

HTTP Get Request: URLSource port: clientDest. port: server

HTTP Get Request: URLSource port: clientDest. port: server

Source addr.: clientDest. addr.: server



The Internet

• Routing:– Moving information across internetwork– From source to destination– Minimum 1 intermediate node

SD



Internet Architecture

• OSI reference:

L1: Physical

L4: Transport

L5: Session

L6: Presentation

L7: Application

L2: Link

L3: Network

System A System B

Data

H2 Data

H3 Data




• OSI terminology:

L1: Physical

L4: Transport

L5: Session

L6: Presentation

L7: Application

L2: Link

L3: Network

Repeater

Router

Bridge

Gateway

Packet

Frame

Message

Scr. router

Firewall

Hardware

Logical

Connectors Data Units Addresses Security




• IP standard:

L1: Physical

L4: Transport

L5: Session

L6: Presentation

L7: Application

L2: Link

L3: Network

TCP/UDP

IP

PSTN ISDN ATM SDH GSM LEO CATV

HTTPIIOPSMTP LDAP

On Line Services

DNSFTP SNMP




• Definition:

The Internet is a public computer internetwork, based on TCP/IP and standards emerging on top of it.




• Data Interchange– Network Architecture – The XML Data Model

• Web Architectures• E-Trust Services• Q&A



XML and the Web

• Vision and history:– Need to address deficiencies of HTML– Need to address lack of extensibility of HTML– XML is a meta-language, is about meaning– Feb 98: XML 1.0 approved by W3C– Q4 98: announcements of XML support– 2000: widespread adoption of XML

In 5 years, 80% of all ASCII data will be XML.



XML and the Web

• The 3rd generation Internet:

Presentation ProgrammabilityConnectivity

TCP/IP

FTP,Mail

HTMLXML

Web Sites Web Services

Technology

Functionality



XML: Structured Data

<Person><Name>

<First>Herwig </First><Last>Mannaert</Last>

</Name><Email>[email protected]</Email><Mobile>+32-478.94.22.64</Mobile><Address>

<Street>Prinsstraat 13</Street><City>Antwerp</City><ZIP>B-2000</ZIP>

</Address></Person>



XML Structure

• Namespaces:– Avoid naming conflicts– Mixing vocabularies

• DTDs• XML Schemas:

– Which elements can occur– How nested, in what order

• Access APIs:– DOM: random access– SAX: sequential access



XML Utilities

• Validation:– Control that document follows the grammar as

described in the DTD/Schema

XMLSchema

XMLValidated

XML XML Parser



XML Utilities

• Transformation/Translation– Alleviate the XML schema incompatibility issues

XSLTScript

XML(B)

XML(A)

XSLT Proc.



XML Applications

• Documents and data:– Document management– Web content management– Enterprise Application Integration– B2B e-commerce data exchange

• Simple Object Access Protocol (SOAP):– Open way for application communication– Distributed object protocol– Exchange serialized XML messages



XML and Business

• Within the enterprise:– Problem: lost information:

the cut and paste crisis– Solution: information chain integration

• Outside the enterprise:– Now: 70% terminations inside company– 2005: 70% terminations outside company



XML and B2B

• The Hub model:

Customer

Customer

Customer

Customer

Supplier

Supplier

Supplier

Supplier

Hub



XML and B2B

• The XML business bus:– Business hub with documents– Performs switching of messages– Provides additional services– Examples:

• Microsoft BizTalk• SAP Market Set

– Networks of marketplaces:• Commerce One• Ariba





• Web Architectures– Web Interactivity– Component Models

• E-Trust Services• Q&A



Application Architectures

• Client-Server:

Presentation

Presentation

Presentation

Presentation

Application Database

Database

Database

Database

Application

Application

Application



Application Architectures

• Proprietary middleware:

Presentation Application Database

SolarisAIX,HP-UX

WindowsNT/2000

OS2OS400/390

Linux

Apple

Windows95/98/NT/ME

OS2

Linux

SolarisAIX,HP-UX

WindowsNT/2000

OS2OS400/390

Linux



Web-Based Architectures

• Client-side (scripts):

HTTP

Presentation Application

WebBrowser

ScriptInterpreter

Web Page

JavaScriptVBScript

WebServer



Client JavaScript

<HTML><HEAD><TITLE>JavaScript Optelling</TITLE><SCRIPT LANGUAGE=LiveScript>function addForm(form) { form.som.value = parseInt(form.x.value) + parseInt(form.y.value);}</SCRIPT>

</HEAD><BODY><H1>JavaScript : x + y</H1><HR><FORM METHOD="POST"><H1>X: <INPUT TYPE="text" name="x" maxlength=9 size=9></H1><H1>Y: <INPUT TYPE="text" name="y" maxlength=9 size=9></H1><p><H1><INPUT TYPE="submit" value="bereken" onClick=addForm(this.form)></H1><HR><H1>X+Y: <INPUT TYPE="text" name="som" maxlength=10 size=10></H1></FORM></BODY></HTML>




• Client-side (applets):

HTTP

Presentation Application

WebBrowser

Java Virtual

Machine

Web Page

JavaByte Code

WebServer

Compiler

JavaSource



Client Java Applet

<HTML><HEAD><TITLE>Java Optelling</TITLE>

</HEAD><BODY><H1>Java Applet : x + y</H1><HR><applet code=CalcApplet.class width=250 height=100></applet></BODY></HTML>



Client Java Applet

public class CalcApplet extends Applet implements ActionListener { Button button; int sum=0; TextField field1, field2; String text1, text2, textsum="";

public void init() { field1 = new TextField(10); field2 = new TextField(10); add(field1); add(field2); button = new Button("bereken"); button.addActionListener(this); add(button); } public void actionPerformed(ActionEvent e) { text1 = field1.getText(); text2 = field2.getText(); sum = Integer.parseInt(text1) + Integer.parseInt(text2); textsum = Integer.toString(sum); repaint(); } public void paint(Graphics g) { g.drawString("X + Y =", 75, 90); g.drawString(textsum, 150, 90); }}




• Server-side CGI (2-tier):

Presentation

WebBrowser

HTTP

Application

WebServer

(Script)Application

CG

I



Server CGI Perl

<HTML><HEAD><TITLE>CGI Perl Optelling</TITLE></HEAD><BODY><H1>CGI - Perl : x + y</H1><HR><FORM ACTION= "http://localhost/cgi-bin/CalcCGIServer.pl" METHOD="GET"><H1>X: <INPUT TYPE="text" name="x" maxlength=9 size=9></H1><H1>Y: <INPUT TYPE="text" name="y" maxlength=9 size=9></H1><p><H1><INPUT TYPE="submit" value="bereken"></H1><HR><H1>X+Y: <INPUT TYPE="text" name="som" maxlength=10 size=10></H1></FORM></BODY></HTML>



Server CGI Perl

#!/usr/bin/perl

$query_string = $ENV{'QUERY_STRING'};@key_value_pairs = split(/&/, $query_string);foreach $key_value(@key_value_pairs) { ($key, $value) = split(/=/, $key_value); if ($key eq 'x') { $a = $value; } if ($key eq 'y') { $b = $value; }}$som = $a + $b;print "Content-type: text/html\n\n";print <<Einde;



Server CGI Perl

<HTML><HEAD><TITLE>CGI Perl Optelling</TITLE></HEAD><BODY><H1>CGI - C : x + y</H1><HR><FORM ACTION= "http://localhost/cgi-bin/CalcCGIServer.pl" METHOD="GET"><H1>X: <INPUT TYPE="text" name="x" maxlength=9 size=9 value=$a></H1><H1>Y: <INPUT TYPE="text" name="y" maxlength=9 size=9 value=$b></H1><p><H1><INPUT TYPE="submit" value="bereken"></H1><HR><H1>X+Y: <INPUT TYPE="text" name="som" maxlength=10 size=10 value=$som></H1></FORM></BODY></HTML>

Einde




• Server-side API (2-tier):

Presentation

WebBrowser

ApplicationModules

HTTP

Application

WebServer

API



Java Servlet API

<HTML><HEAD><TITLE>Java Servlet Optelling</TITLE></HEAD><BODY><H1>CGI - Perl : x + y</H1><HR><FORM ACTION= "http://localhost/servlet/CalcServlet" METHOD="GET"><H1>X: <INPUT TYPE="text" name="x" maxlength=9 size=9></H1><H1>Y: <INPUT TYPE="text" name="y" maxlength=9 size=9></H1><p><H1><INPUT TYPE="submit" value="bereken"></H1><HR><H1>X+Y: <INPUT TYPE="text" name="som" maxlength=10 size=10></H1></FORM></BODY></HTML>



Java Servlet API

public class CalcServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {

int sum = request.getParameter("x") + request.getParameter("y") ; response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<HTML>"); out.println("<BODY>"); out.println("<HEAD>"); out.println("<TITLE>Servlet Sum</TITLE>"); out.println("<H1>Java - Servlet : x + y</H1>"); out.println("<HR>"); out.println("<FORM ACTION= "http://localhost/servlet/CalcServlet" METHOD="GET">"); out.println("<H1>X: <INPUT TYPE="text" name="x" maxlength=9 size=9></H1>"); out.println("<H1>Y: <INPUT TYPE="text" name="y" maxlength=9 size=9></H1>"); out.println("<p>"); out.println("<H1><INPUT TYPE="submit" value="bereken"></H1>"); out.println("<HR>"); out.println("<H1>X+Y:" + sum);

out.println("</BODY>"); out.println("</HTML>"); } }



Java Server Pages

<HTML><HEAD><TITLE>Java Server Pages Optelling</TITLE></HEAD><BODY><H1>JSP : x + y</H1><HR><FORM ACTION= "http://localhost/jsp/CalcJSP" METHOD="GET"><H1>X: <INPUT TYPE="text" name="x" maxlength=9 size=9></H1><H1>Y: <INPUT TYPE="text" name="y" maxlength=9 size=9></H1><p><H1><INPUT TYPE="submit" value="bereken"></H1><HR><H1>X+Y: <INPUT TYPE="text" name="som" maxlength=10 size=10></H1></FORM></BODY></HTML>



Java Server Pages

<HTML><HEAD><TITLE>Java Server Pages Optelling</TITLE></HEAD><BODY><H1>JSP : x + y</H1><HR><FORM ACTION= "http://localhost/jsp/CalcJSP" METHOD="GET"><H1>X: <INPUT TYPE="text" name="x" maxlength=9 size=9></H1><H1>Y: <INPUT TYPE="text" name="y" maxlength=9 size=9></H1><p><H1><INPUT TYPE="submit" value="bereken"></H1><HR><H1> X+Y: <%= request.getParameter("x")+request.getParameter("y") %></H1></FORM></BODY></HTML>




• Server-side CGI (3-tier):

Presentation Database

HTTP

Application

WebBrowser

WebServer

(Script)Application

CG

I

ODBC RDBMS





HTTP


WebBrowser

WebServer

ApplicationModules

API

ODBC RDBMS




• Client-side applet (3-tier):


HTTPWebBrowser

WebServer

ApplicationModules

API

ODBC RDBMSClientObject

IIOP

API



Remote Applet Corba

public void init() { field1 = new TextField(10); field2 = new TextField(10); add(field1); add(field2); props = new Properties(); try { props.put("UseORBLocator", "true"); orb = ORB.init(this, props); calculator = CalculatorHelper.bind(orb, "Calculator"); } catch (Exception e) { e.printStackTrace(); } button = new Button("bereken"); button.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent e) { text1 = field1.getText(); text2 = field2.getText(); if (calculator != null) { sum = calculator.sum(Integer.parseInt(text1), Integer.parseIn (text2)); textsum = Integer.toString(sum); } else textsum = "N/A"; repaint(); } }); add(button); }



Remote Applet Corba

public class CalcServer {

public static void main(String[] args) { try { // Initialize the ORB. ORB orb = ORB.init(args,null); // Create the Inprise specific BOA com.inprise.vbroker.CORBA.BOA boa = ((com.inprise.vbroker.CORBA.ORB)orb).BOA_init(); // Create the servant CalculatorImpl calculator = new CalculatorImpl("Calculator"); // Export the newly created object. boa.obj_is_ready(calculator); System.out.println(calculator + " is ready."); // Wait for incoming requests boa.impl_is_ready(); } catch (Exception e) { e.printStackTrace(); } }}



Remote Applet Corba

import java.util.*;

public class CalculatorImpl extends _CalculatorImplBase {

public CalculatorImpl(String id) { super(id); }

public synchronized int sum(int x, int y) { // Return the sum. return x+y; }}





Web Tier EJB Tier Database

WebServer

ApplicationModules

JSP

EnterpriseBeans

RDBMSJDBCRMI




• Server-side XML (4-tier):

Web Tier EJB Tier Database

WebServer

Out Sream

XS

P

EnterpriseBeans

RDBMSJDBCRMI

Modules

XS

L





• Web Architectures– Web Interactivity– Component Models

• E-Trust Services• Q&A



Software Components

• What is a component:– Identifiable pieces– Not too large or too small– With boundaries and container– Defined by a component model

• Component advantages:– Faster installation– Easier maintenance– No large release cycles– Easier use of third party software



Component Models

• What is a model:– Defines component boundaries – Describes component interactions– Component coordinator framework

• Different models:– (E)JB J2EE

• J2EE Application Servers

– (D)COM Microsoft.Net• Microsoft Transaction Server



J2EE App Server Architectures

Presentation

Web Tier

ObjectsJSP

Servlets

Busines Logic

EJB Tier

ControlSessionEntity

Data Access

Data Tier

JDBCData

ConnectorsHTML Data

Development and Deployment Tools

JTS JNDI Java Mail RMI JMS

Enterprise Deployment Services

Scalability Reliability Security Manageability



Development Approach

• The solution always consists of:

The Open, Standards-based and MultipurposeFoundation Layer

The Solution

Specific Software

Generic Software



Development Approach

• Using an e-business platform:

J2EE Application Server

e-Business Applications

Components Components3rd Party

Components3rd Party

Components

Extensible e-Business Services

Content Management

WorkflowUser

ProfilingXML

Integration



Application Servers

• WebLogic Enterprise• SilverStream Application Server• IBM WebSphere• Netscape/Sun iPlanet• Oracle Application Server• Open Source Tomcat & Jboss

• Microsoft Transaction Server• SAP Application Server




• Data Interchange• Web Architectures

• E-Trust Services– The Services– The Infrastructure

• Q&A



The Services

Cryptography Trust Services Management

Symmetric Confidentiality

Asymmetric

Message Hash

Integrity

Key Management

Key Distribution

Authentication

Non-Repudiation



Cryptography

• Symmetric encryption:– 1 key to encrypt & decrypt– Standards like DES– State of the art: 128 bit key– Pro:

• Pretty fast

– Con:• Not so strong• Key exchange



Cryptography

• Asymmetric encryption:– Based on key pairs:

• Public key• Private key

– Usage: • Encrypt with public decrypt with private• Encrypt with private decrypt with public

– Standards like RSA, PGP– State of the art: 1024 bit



Cryptography

• Asymmetric encryption (ctd):– Pro:

• Very strong• Trust services

– Con: • Pretty slow• Key management

– Message hash:• Repeatable digest of message• Leads to unique digital signature



Trust Services

• Confidentiality:– Message unreadable to others

• Integrity– Message cannot be tampered with

• Authentication– Ensure identity of message sender

• Non-repudiation– Avoid possible denial of sender



Trust Services

• Confidentiality:– Operates on message:– Encrypt: public key receiver– Decrypt: private key receiver

• Other services:– Operates on message hash:– Encrypt: private key sender– Decrypt: public key sender



Hybrid Solutions

• Concept:– Use symmetric encryption for data– Use asymmetric encryption to exchange and

agree on keys

• Advantages– Speed from symmetric encryption– Reliability from asymmetric encryption



Hybrid Solutions

• Applications:

– Session security:• Between network hops• Fast and reliable mechanism

– Content distribution:• Avoids separate encryption• Allows multicast distribution• Enables different activation times



Security Layers

• Security combined in layers:– IP: IPSec– TCP: SSL– HTTP: HTTP-S– Application: PKI

A BR

Application

Transport Transport




• Data Interchange• Web Architectures

• E-Trust Services– The Services– The Infrastructure

• Q&A



Key Management

• Key management:– Generation, storage, distribution, deletion,

archiving and application of keys in accordance with a security policy.

• Key distribution:– Cooperatively generated by local and remote

entities



Certificates

• Digital certificate:– Unique identification of user entity– Administered and distributed by a Certificate

Authority (CA)– Contains:

• Identity• Public key• CA signature

– Available on a directory server



Certificates

• Security profile:– Private information for a user– Administered and distributed by a Certificate

Authority (CA)– Contains:

• Identity• Private key• Public key CA

– Stored on a PC or smart card– Locked by a user password



Public Key Infrastructure

• Certificate Authority (CA):– Certification process– Generates and revokes keys– Verifies validity of keys

• Registration Authority (CA):– Administration process– Defines users with secret codes

• Directory Server (LDAP):– Directory of entities and keys



PKI Security Processes

• Architecture:

ClientApp

PKIAgent

CAServer

LDAPServer

RAServer

Port 709

Port 389




• Certification Process:– Security officer defines user– User receives out-of-band secrets– User sends out-of-band secrets to CA– User stores and locks certificate

• Logon process:– User unlocks certificate– CA checks validity of certificate




• Encryption Process:– User asks for public key receiver– CA checks validity of certificate– User performs message encryption– User sends encrypted message

• Signing process:– CA checks validity of certificate– User performs hash encryption– User sends message and hash



SWIFT Next Generation

• Three levels of security

– IPSec at transport level– EntrustSession Toolkit at session level:

• Session-based GSS API• Certificates encoded and stored

– EntrustFile Toolkit at user level• Application entities encryption• Certificates on smart cards




• Session layer:

– Stored certificate– Stored encrypted password– Default time credentials– Default time context– Diffie-Hellman for key establishment




• Application layer:– Store and forward– Encrypt and sign– Certificate on smart card

• Administration– SWIFT certifies Local Security Officer– EntrustAdmin prepares CA– LSO uses Admin client software





• Web Architectures

• E-Trust Services

• Q&A



Q&A

[email protected]

October 10-11-17, 2003. E-Business Infrastructure Herwig Mannaert Master in e-Business.

Documents

ebusiness slide

scm slide

server slide

internet evolution

internet network of

java xml tcpip slide

internet domain

internet networking