22:010:622 internet technology and e-businessrutgers business school ... qdesigning web pages...
TRANSCRIPT
February 26, 2003Dr. Peter R Gillett 1
22:010:622Internet Technology and
E-Business
Dr. Peter R. GillettAssociate Professor
Department of Accounting & Information SystemsRutgers Business School – Newark & New Brunswick
February 26, 2003Dr. Peter R Gillett 2
Outline
Designing Web Pages
Implementing Security for EC
Introduction to Cryptography
B2B EC Frameworks
Active Server Pages
February 26, 2003Dr. Peter R Gillett 3
Designing Web SitesWeb Usability
Page DesignContent DesignSite DesignIntranet DesignAccessibility for Users with DisabilitiesInternational Users
February 26, 2003Dr. Peter R Gillett 4
Designing Web SitesWeb Usability
“Designing Web Usability”: Jakob Nielson: New Riders Publishing (2000)
High-quality ContentOften UpdatedMinimal Download TimeEase of Use
Relevant to Users’ NeedsUnique to the Online MediumNet-centric Corporate Culture
February 26, 2003Dr. Peter R Gillett 5
Designing Web SitesWeb Usability
What metrics will you use to measure the success of your Web Site?
Unique hits?Total hits?Return visits?
February 26, 2003Dr. Peter R Gillett 6
Designing Web SitesPage Design
Avoid fixed width text for material that may need to be printed
Narrow columns are wasteful and annoy usersWide columns that do not fit the page are even more frustrating600 pixels is 8.3 inches at 72 pixels per inch
Allowing for printer margins, this exceeds standard letter paper
Do not force users to scroll horizontally!
February 26, 2003Dr. Peter R Gillett 7
Designing Web Sites“Creating Killer Web Sites”: David Siegel: Hayden Books (2nd Edition 1997)
3rd generation designUse (but don’t overuse) metaphorGIF, JPEG, GIF89a, etc.
TransparencyCompress images to reduce download times
February 26, 2003Dr. Peter R Gillett 8
Designing Web Sites3rd Generation Design
Entry points (splash screens)Load quicklyCapture usersTell them where they are and what’s happening
Fish FoodFree goodies
The Core PageCan be more than oneGuide users – offer choices but also suggestionsAvoid endless vertical lists of links
ExitsA well-marked exit entices users to stay!Keep users within the siteCollect feedback?
February 26, 2003Dr. Peter R Gillett 9
Designing Web SitesDavid Siegel:
Control vertical spaceBanish horizontal rulesIn text, use proper indentation rather than extra space to delineate paragraphs
Don’t indent initial paragraph, or after white spaceUse proper marginsAvoid long lines of text – they slow the reader down (10-12 words is ideal)
February 26, 2003Dr. Peter R Gillett 10
Designing Web SitesDavid Siegel:
Use tables with invisible cells to control page layoutTurn off bordersInsert a single space at the end of text in each column (but a soft carriage return at the end of text in the final column) to help break up text for users with old (non-table) browsers
The single-pixel gif trickScaling controls vertical or horizontal spacingShould become less important as designers gain more control over browser behavior
February 26, 2003Dr. Peter R Gillett 11
Designing Web SitesDavid Siegel:
If you use frames, remember to add a No-Frames page
Useful for index or other links you want to keep visible during scrolling
Frame navigation is more complex and requires careDon’t load new pages within old frames
February 26, 2003Dr. Peter R Gillett 12
Designing Web SitesDavid Siegel’s Deadly Sins:
Blank line typographyHorizontal rulesBackground images that interfereThe Slow LoadIllegal use of the third dimensionAliasing, dithering and halos
February 26, 2003Dr. Peter R Gillett 13
Designing Web SitesSome additional references:
“Universal Web Design”: Crystal Waters: New Riders Publishing (1997)
Creating accessible Web Sites“Web Concept & Design”: Crystal Waters: New Riders Publishing (1996)
Creating effective Web Sites
February 26, 2003Dr. Peter R Gillett 14
Designing Web SitesDesigning Web Graphics.3”: Lynda Weinman: New Riders Publishing (3rd Edition1999)
Preparing Images and Media for the WebRGB color v. CMYK color
CMYKSubtractivePrinting
RGBAdditiveComputer screensHexadecimal colors (#FFFFFF)
February 26, 2003Dr. Peter R Gillett 15
Designing Web SitesBrowser-Safe Colors
216 common from palettes of 256 for Mac, Windows, Windows 95Formed from hex 00, 33, 66, 99, CC and FF
Multiples of 51 for decimal-thinkers!
sRGBMicrosoft/HP proposal
Background colors and background images (tiles)
Use transparency
February 26, 2003Dr. Peter R Gillett 16
Designing Web SitesSome graphics software:
Adobe PhotoshopPaint Shop ProThe GimpDeBabelizer
February 26, 2003Dr. Peter R Gillett 17
Designing Web SitesMany, many other things we have not discussed . . .
Image mapsCascading style sheets (CSS)DHTMLShockwaveVideo, audio, etc.
February 26, 2003Dr. Peter R Gillett 18
Designing Web SitesContent Design
Short textPlain languageUsers tend to scan rather than readTitles/headersPut the conclusion near the top!Page chunkingHypertext – non-linear design
February 26, 2003Dr. Peter R Gillett 19
Designing Web SitesSite Design
Splash screens should dieUse metaphor effectively but sparingly
Shopping cartsNavigation
Where am I? Where have I been? Where can I go?Breadth v. depthSite structure
Don’t include searches of the whole web on your siteURL design
Users guess!
February 26, 2003Dr. Peter R Gillett 20
Designing Web SitesIntranet Design
General principles apply, butUsers are employees rather than customersThere are typically many more pagesMore advanced browsers features may be safely used if reasonable presumptions can be made about the facilities that users will have available
February 26, 2003Dr. Peter R Gillett 21
Implementing Security for ECProtecting Electronic Commerce Assets
Secrecy & PrivacyIntegrityAvailabilityKey managementNonrepudiationAuthentication
February 26, 2003Dr. Peter R Gillett 22
Implementing Security for ECIntellectual Property and Privacy
Department of Justice: Computer Crime and Intellectual Property SectionMany other active bodiesWatermarks, ect.WebSide Story
Cookie demonstration
February 26, 2003Dr. Peter R Gillett 23
Implementing Security for ECProtecting Client Computers
Monitoring active contentDigital certificates
VeriSign, etc.Microsoft Explorer: AuthenticodeNetscape
Antivirus softwareForensic experts
February 26, 2003Dr. Peter R Gillett 24
Implementing Security for ECProtecting Electronic Commerce Channels
Transaction PrivacyEncryptionAlgorithms and StandardsSecure Sockets Layer ProtocolS-HTTP
Transaction IntegrityHash FunctionsDigital Signatures (encrypted hash functions)
Transaction Delivery
February 26, 2003Dr. Peter R Gillett 25
Implementing Security for ECProtecting the Commerce Server
Access Control and AuthenticationOperating System ControlsFirewalls
February 26, 2003Dr. Peter R Gillett 26
Introduction to CryptographyNo longer only the domain of the militaryImportant business Issue
Financial transactionsLimiting distributionKeeping important documents or transmissions confidential
Issues of Government restrictions and economic well-being of US firms
February 26, 2003Dr. Peter R Gillett 27
Motivation for CryptographyGeneral Reasons
Open data gives the Internet powerAuthenticity in a very simulated environment!Sharing information is important
February 26, 2003Dr. Peter R Gillett 28
Motivation for CryptographyEconomic Reasons
Selling to comfortable customersCurrency transactions!Monitor copying, etc.Easy access to business information does not mean easy access by your competitors!
February 26, 2003Dr. Peter R Gillett 29
Basic TermsPlaintext or cleartextEncryptionCiphertextCryptography Public key crypto systems (asymmetric)Private key crypto systems (symmetric)
February 26, 2003Dr. Peter R Gillett 30
Caesar Cipher: rotation of alphabetsAlan Turing and his team: cracked the German Enigma in the early 1940s
Used the ACE computerC. Shannon at Bell Labs, 1940s
Showed the One-Time-Pad is the only “unbreakable code”
Diffie-Hellman and the asymmetric or public key codes
Basic History
February 26, 2003Dr. Peter R Gillett 31
HistoryRivest, Shamir and Aldeman: RSA public key cryptography
Found a good use for apparently very hard mathematical problems!Unless there is a great mathematical breakthrough, the RSA and its relatives are VERY costly to break
The US Government forbids export of this technology for now
February 26, 2003Dr. Peter R Gillett 32
Caesar CipherABCDEFGHIJKLMNOPQRSTUVWXYZ
Mapped toDEFGHIJKLMNOPQRSTUVWXYZABCExample: “GIVE ME TEN”Becomes: “JLYH PH WHP”Attacks: probability of letters occurring in English
February 26, 2003Dr. Peter R Gillett 33
One-Time PadClassic example: military frequency hoppingPre-agreed encryption key, like Gettysburg Address “Four Score and Seven Years Ago...” becomes the key to work fromIf the enemy discovers the pre-agreed key we loose!Only use this pre-agreed key once!
February 26, 2003Dr. Peter R Gillett 34
Pros and Cons of One-Time PadMathematically unbreakable!Good for one-off messages (very few Internet transactions are one-offs!)Have to have pre-agreed encryption keyCan only use each encryption key only once!If pre-agreed encryption key is in files, then it is vulnerable!
February 26, 2003Dr. Peter R Gillett 35
Encrypt-Decrypt
February 26, 2003Dr. Peter R Gillett 36
Intercepting Messages or Packets?EthernetHubsRoutersCPU Trace CyclesScreenInvasive: break in and copy/steal disks!
February 26, 2003Dr. Peter R Gillett 37
Public Key and RSAWhy so popular?
Anyone can send messages and without trusting anyone else with your private key!The mathematical problems that are at work are very well known to be very hard!Extremely well trusted!Easily integrated into present software systems
February 26, 2003Dr. Peter R Gillett 38
Public Key: How ToPublic Key PUB is seen by everyone!Private Key PRI is seen only by usPUB and PRI are inverses of each otherFrom PUB you cannot determine PRI!Transaction type 1 (secret transmission):
I Encrypt message M with YOUR PUB and email PUB(M) to you. The only way to decrypt it is using your (secret) PRI key!
February 26, 2003Dr. Peter R Gillett 39
Public Key: How ToTransaction type 2: Authentication
You encrypt M with your (secret) key PRI and email me PRI(M).I use your public key PUB to decode PRI(M) verifying that the message was from you
February 26, 2003Dr. Peter R Gillett 40
Public Key (RSA)
February 26, 2003Dr. Peter R Gillett 41
A few usesTransactions
SecretsVerifications
Digital signaturesTrusted companies or sitesDigital cash!
February 26, 2003Dr. Peter R Gillett 42
DES, the NSA and all that
Data Encryption StandardSymmetricFirst from IBM for a NBS Call for Proposals40 bits, 56 bits and now 128 bitsWhy more bits over time?It apparently costs $200,000 to crack 56 bits in 4.5 days: 1998 Electronic Frontier Foundation
February 26, 2003Dr. Peter R Gillett 43
DES, the NSA and all that8 bits allows how many keys?28 = 256 keys100 bits? 2100, a giant amount of keys!Shamir applied differential analysis and partially cracked DES
February 26, 2003Dr. Peter R Gillett 44
AttacksThe notion of randomness as good cryptographyCiphertext only attackKnown Plaintext attackChosen Plaintext attackMan-in-the-middleCorrelation attack
February 26, 2003Dr. Peter R Gillett 45
Security on the InternetMorris’s worm: exploited the send-mail server,3-Nov.-1988
Affected 10% of the internet (NSF Net)Cost: $24 million in denial, $40 million to bring backTotal cost between $64 and $100 million
The Internet is central to business nowBusiness impacts would dwarf the NFS Net costs
February 26, 2003Dr. Peter R Gillett 46
More Security on the InternetCheck out CMU’s http://www.cert.org/Classical business parallels
Phone transactionsMail transactions
Logical and physical securityCountermeasuresDealing with security threats
February 26, 2003Dr. Peter R Gillett 47
Risk AnalysisHigh Probability
Contain andControl Prevent
Ignore Insurance orBackup
Low Impact High Impact
Low Probability
February 26, 2003Dr. Peter R Gillett 48
Risk Analysis ExplainedWhy does “Low Probability” and “Low Impact” get “Insurance” or “Backup”?What does this mean for security?
February 26, 2003Dr. Peter R Gillett 49
Security in PiecesSecrecy: disclosure and authenticityIntegrity: modificationsNecessity: delays or denialsIntellectual property: copyright, patents, etc.Should you have a privacy policy?
Why?Where?How to implement?
February 26, 2003Dr. Peter R Gillett 50
Evaluation of your SecurityTesting, testing, testing!Start with the “commerce chain”Active Content
JavaScript, ActiveX, CGI, VBScript, JavaEmail attachments: viruses and Trojan HorsesCookiesWhat if you get too many security alerts?
February 26, 2003Dr. Peter R Gillett 51
Security in PiecesSniffer programsSite hoppingClick-trailsAnonymizers
anonymizer.comenonymous.com
Cyber vandalism
February 26, 2003Dr. Peter R Gillett 52
Security in PiecesMasquerading or spoofingNecessity, delay or denial
DirectIndirect
Always provide the least privileges to do a jobSuper users on Unix, Administrator in NT and Windows
February 26, 2003Dr. Peter R Gillett 53
Security in PiecesThe more passwords the better?Anonymous ftp, etc.Key economic tradeoff issue:
The more complex the security . . . . . . the more costly it is to do anything!
February 26, 2003Dr. Peter R Gillett 54
Implementing Internet SecurityPlanning testing, cycleIs the legal system prepared?Some businesses are Internet only!Robust security and trusted security is necessary for the Internet to flourishDigital signatures, digital watermarksSearch! Use search engines for copyright, trademark and patent violations
February 26, 2003Dr. Peter R Gillett 55
Additional ReferencesS. S. Y. Shim V. S. Pendyala, and J.Z Gao: “Business-to-Business E-Commerce Frameworks”, Computer, 40-47, Oct. 2000.U. Varshney, R. J. Vetter and R. Kalakota: “Mobile Commerce: A New Frontier,” Computer, 32-29, Oct. 2000.
February 26, 2003Dr. Peter R Gillett 56
B2B EC FrameworksB2B is becoming much larger than B2C
Fewer customer interactions to sell large B2B unitMore standards necessary
Tech standards not compatible: EDI in different countriesConsider business as a set of processes
Process engineering streamlines and automates processes to improve efficiency
February 26, 2003Dr. Peter R Gillett 57
B2B EC FrameworksDefining Frameworks
Make all protocols between business partners have the same protocolStandards:
data formatsecurityontologycontent management
February 26, 2003Dr. Peter R Gillett 58
B2B EC FrameworksOpen Buying on the Internet (OBI)
High-volume and low-value B2B transactionInfrastructure robustness supporting many users reliably and securelyUse digital certificates and optional digital signaturesDynamic interoperable trading web. Many participants and easy to joinChain reaction for making firms join
February 26, 2003Dr. Peter R Gillett 59
B2B EC Frameworks: OBIWork distributed among buyers and sellers; unlike e-BayComplement EDI by overcoming its drawbacksCurrent implementation CGI and HTMLFuture? XML
February 26, 2003Dr. Peter R Gillett 60
B2B EC Frameworks: OBIMain Benefits
SimplicitySecurity, reliability and robustnessCustomizable catalogues based on digital certificates
February 26, 2003Dr. Peter R Gillett 61
B2B EC Frameworks: eCoFrom CommerceNet: consortium of reps from more than 35 firmsInteroperability as a set of levels, eCouses XML documents to describe APIsBusinesses can define, publish and exchange metadata descriptionsLayered approach to defining and maintaining interactions
February 26, 2003Dr. Peter R Gillett 62
B2B EC Frameworks: eCoExtensibility: unforeseen requirementsGateway web page for search engine needsA simple set of compliance rulesAllow the discovery of EC systems and markets
February 26, 2003Dr. Peter R Gillett 63
B2B EC Frameworks: RosettaNetXML business standards for supply chain managementInteroperable EC standards for high-tech firmsBusiness process and tech spec buildingFramework for guidelines for trading partners in the supply chainGuidelines: PIPs - Partner Interface Processes
February 26, 2003Dr. Peter R Gillett 64
B2B EC Frameworks: RosettaNetBusiness dictionary: use the same languageProtocol for exchanging messages securelyGeneric organization independent business process modelBusiness process model, dictionary and implementation framework are inputs to the PIPs
February 26, 2003Dr. Peter R Gillett 65
B2B EC Frameworks: RosettaNetBenefits
In depth support for business processAddresses security issuesSupports agent protocols
February 26, 2003Dr. Peter R Gillett 66
B2B EC Frameworks: cXMLFrom Commerce XMLJoint effort of more than 40 firmscXML is open Internet based standard for
Easy exchange of catalogue contentEasy exchange of transaction informationMade of ‘light weight’ DTDs
Request/response model and asynchronous model
February 26, 2003Dr. Peter R Gillett 67
B2B EC Frameworks: cXMLUses HTTP and/or URL formed encodingsbased communicationWeb browser acts as an intermediarycXML focus on maintenance, repair and operating services (MRO).Allows us to define parts of business processesSimple to use and easy to implement
February 26, 2003Dr. Peter R Gillett 68
B2B EC Frameworks: BizTalkLeverages existing standardsApplication integration to facilitate ECIt serves as a platform to quick migration to XMLA firm’s XML schemas are:
ValidatedVersionedStored
February 26, 2003Dr. Peter R Gillett 69
B2B EC Frameworks: BizTalkBenefits
Schema versioning, better schema controlXML with support for non-XML dataTransition Planning for legacy EDI
February 26, 2003Dr. Peter R Gillett 70
B2B EC Frameworks: ComparisonIndustry targetingArchitecture
XML?With EDI?Replace EDI?
SecurityProtocols: most HTTP, one CGI
February 26, 2003Dr. Peter R Gillett 71
Active Server PagesMicrosoft innovationServer-generated pages that can invoke other programs (e.g., to access a database)Use server-side scripting with support for VBScript or JscriptMany other software tools now supportedRuns more efficiently than CGI scripts
February 26, 2003Dr. Peter R Gillett 72
Active Server PagesHas been used extensively
E.g., Amazon.comNow available on non-Microsoft serversAlthough HTML is the default output, could also be XMLNote the use of <& . . . &> pairs for server-side scriptsN.B. Now there is JSP too!
February 26, 2003Dr. Peter R Gillett 73
Active Server Pages<%
dim BrowserType set bc = Server.CreateObject("MSWC.BrowserType")if bc.browser="IE" then
BrowserType = "MSIE"elseif bc.browser="Netscape" then
BrowserType = "Netscape"elseif bc.browser="Lynx" then
BrowserType = "Lynx"end if
%>
February 26, 2003Dr. Peter R Gillett 74
Active Server Pages<%
select case BrowserTypecase "Lynx"
Response.Write("You're using Lynx! How do you manage to live without 3-D backgrounds and endless download times? Whatever!")
case "MSIE"Response.Write("You're using Internet Explorer! Thank you for helping keep Microsoft afloat!")
case "Netscape"Response.Write("You're using Netscape! And you're wearing those great pink pants! ASP knows everything about you!")
case elseResponse.Write("You're using some other browser I don't know about.")
End select%>