CMSC 691A/491 - PowerPoint PPT Presentation

About This Presentation
Title:

CMSC 691A/491

Description:

CMSC 691A/491 Midterm Review Lecture – PowerPoint PPT presentation

Number of Views:113
Avg rating:3.0/5.0
Slides: 57
Provided by: cseeUmbcE9
Category:
Tags: 691a | cmsc | chain | ecommerce | value

less

Transcript and Presenter's Notes

Title: CMSC 691A/491


1
CMSC 691A/491
  • Midterm Review Lecture

2
EC Objectives
  • Increasing the speed and efficiency of business
    transactions and processes and improving customer
    relationships and services
  • Business can implement new sales and marketing
    through the use of WWW
  • The WWW provides electronic means for
    organizations to display materials such as
    product catalogs, price lists,
  • Internet security issues are resolved, businesses
    are selling more and more product online, direct
    to their customers

3
Categories of ECommerce
  • B2B
  • B2C
  • B2G

4
EC Models
  • E Shop
  • E Procurement
  • E Auction
  • E Mall
  • 3rd Party Market Place
  • Virtual Communities
  • Value chain Providers/Integrators
  • Collaboration Platform
  • Information Brokers
  • ASP
  • Banking/Financial services

5
E-Commerce Infrastructure
  • Network
  • Machines
  • Protocols
  • Security
  • Payment

6
E-Commerce Process
  • Buyers and sellers find each other
  • Communication (via Networking, the Internet, Core
    Java and Web-Based Information Architectures)
  • Human-Computer Interaction, Multimedia
  • Intermediaries
  • Negotiation
  • Electronic Negotiation, Intelligent agents
  • Foundations of Electronic Marketplaces

7
E-Commerce Process (contd)
  • Transaction
  • Transaction processing, Databases
  • Electronic Payment Systems,
  • Computer Security,
  • E-Commerce Architecture
  • Order fulfillment
  • Manufacture (manufacturing systems)
  • Delivery (tracking systems)
  • Supply Chain Management

8
Access Security
  • Access control
  • authorization / authentication / identity
    verification
  • Authentication
  • passwords
  • smart card
  • biometrics
  • GPS
  • Network protection, firewalls, proxy servers
  • Intrusion detection
  • Denial of service (DOS) attacks
  • Viruses, worms

9
Cryptographic Security
  • Secrecy
  • information cannot be used if intercepted
  • Integrity
  • data cannot be altered
  • Non-repudiation
  • sender cannot deny sending
  • Cryptography
  • symmetric encryption (DES)
  • public key cryptosystems (RSA)
  • digital signatures, digital certificates
  • public key infrastructure (PKI)

10
World Wide Web
  • WWW is an application of the Internet.
  • Evolving system for publishing and accessing
    resources and services across the Internet.
  • Open system can be extended and implemented in
    new ways without disturbing its existing
    functionality
  • Moved beyond simple data resources to encompass
    services, like electronic purchasing of goods.

11
HTML
  • HyperText Markup Language.
  • Used to specify the text and images that make up
    the contents of a web page, and to specify how
    they are formatted for presentation to the user.
  • The set of markups (tags) is fixed.

12
Document Structure
  • Document Structure
  • ltHTMLgt This surrounds the entire document and
    lets the browser know what language is being used
    (ltSGMLgt might also be used)
  • ltHEADgt This surrounds the header portion of the
    document. Title is within the head as well.
  • ltTITLEgt The title of the document as shown in the
    title bar of the WWW browser.
  • ltBODYgt The main body of the document

13
Example
  • ltHTMLgt
  • ltHEADgt
  • ltTITLEgt Title of Page lt/TITLEgt
  • The Header of the document.
  • lt/HEADgt
  • ltBODYgt
  • The Main body of the document
  • lt/BODYgt
  • lt/HTMLgt

14
HTTP
  • HyperText Transfer Protocol.
  • Request-reply protocol.
  • main method of transfer used by Web protocols to
    transfer data between a server and client.
  • understands URLs.
  • intended for hypertext/hypermedia environments.
  • Stateless
  • Cookies later.

15
HTTP Cookies
  • HTTP designed to be stateless
  • Web sites want to save client associated session
    information
  • Solution cookies
  • small amounts of data save by the Web server and
    retrieved later from the client system
  • normally used by CGI and related server-side code.

16
Downloaded code
  • Web design requires service-related code to run
    inside the browser
  • at the users computer.
  • Solution Scripting
  • added to HTML documents
  • expands static HTML to include client-side
    interactivity
  • inserted into HTML document using script language
    tag.

17
Mobile Code
  • Downloaded code is a subset of mobile code.
  • Code that can be sent from one computer to
    another
  • e.g., Java applets.
  • The advantage of running downloaded code is
    network delay avoidance during interactions.
  • Potential security threat to the local resources.

18
Scripting Languages JavaScript
  • A scripting language developed by Netscape to
    enable Web authors to design interactive sites.
  • Developed independently from Java.
  • Can interact with HTML source code, enabling Web
    authors introduce dynamic content.
  • It is supported by recent browsers from Netscape
    and Microsoft,
  • Internet Explorer supports only a subset, which
    Microsoft calls JScript.

19
Scripting Languages VBScript
  • Microsoft proprietary scripting language
  • operations identical to JavaScript/JScript
  • syntax familiar to Visual Basic users
  • grew out of Visual Basic.
  • Visual Basic is component-based
  • a program is built by placing components onto a
    form
  • then using VB to link them together.

20
The Common Gateway Interface CGI
  • Static pages
  • same each time visited unless the file is
    modified on the server.
  • Many WWW sites are dynamic, i.e., the contents
    change each time we visit.
  • Need to search, fill out questionnaires, order
    things from catalogs.
  • Need two pieces
  • HTML language to create Forms
  • Common Gateway Interface (CGI) to process the
    forms.
  • CGI is a way to pass information from a WWW
    browser to a program for further processing

21
Java applets
  • Stored on server, downloaded by web client using
    HTTP.
  • Applets need to be embedded in another
    application, normally an HTML document and run by
    a Java-enabled Web browser.
  • Applets have a restricted security context,
    cannot access the clients system, and can talk
    only with the server that hosted it.
  • http//java.sun.com/sfaq/

22
Java Servlets
  • An applet that runs on a server
  • runs within a Web server environment.
  • analogous to a Java applet that runs within a Web
    browser environment.
  • Java servlets are becoming increasingly popular
    as an alternative to CGI programs.

23
Java Servlets vs CGI
  • A Java applet is persistent
  • once it is started, it stays in memory and can
    fulfill multiple requests.
  • A CGI program disappears once it has fulfilled a
    request.
  • The persistence of Java applets makes them faster
  • Dont need to initiate a new process for each
    request.

24
Extensible Markup Language (XML)
  • A means for defining tags to encapsulate
    information.
  • A subset of SGML
  • Provides syntactic interoperability
  • Need to know the price look inside the ltpricegt
    tag.
  • Still lacking semantic interoperability
  • How do I know that you and I mean the same thing
    by price?
  • Semantic Web

25
WAP
  • Wireless Application Protocol
  • An open, global specification that empowers
    mobile users with wireless devices to easily
    access and interact with information and services
    instantly. -
    WAP Forum
  • The de facto worldwide standard for providing
    Internet communications and advanced telephony
    services on digital mobile phones, pagers,
    personal digital assistants and other wireless
    terminals.
  • - WAP Forum (www.wapforum.org)

26
Why is WAP needed?
  • Traditional internet protocols (HTML, HTTP, TCP,
    etc.) and their security mechanisms (TLS) are
    inefficient over mobile networks.
  • Handheld devices tend to have less powerful CPUs,
    less memory and more restrictions on power
    consumption than desktops, so require special
    considerations.
  • Handheld devices tend to use input devices other
    than keyboards (e.g. voice, keypad).

27
WML
  • WAP Mark-up Language
  • WML is an XML application.
  • Also uses WMLScript, which is similar to
    JavaScript.
  • Optimized for use with handheld devices.
  • Minimal use of CPU and memory.

28
Internet and Network Security
  • Types of Attacks on Internet
  • Break-ins Unauthorized attempts to gain access
    to a secure system
  • Denial of service A legitimate user is denied
    access to a service (e.g. Flooding a WWW server
    with requests)
  • Bombs Large email messages or other large data
    intended to overwhelm and possibly weaken a
    system.
  • Eavesdropping - Listening in on an electronic
    conversation. Perhaps with intent to gather
    information for a future break-in.
  • Viruses.

29
Firewall
  • Monitors and controls all the traffic into and
    out of an intranet.
  • Firewall security policy
  • Service control determine which services are
    available for external access and reject all
    other requests
  • Levels of filtering IP, TCP.
  • Example reject HTTP request unless they are
    directed to the official website.
  • Behavioral control prevent behavior that
    infringes organization policies
  • Levels of filtering IP, TCP, application
  • Example filtering of spam e-mail.
  • User control discriminate between users
    privileges
  • Example management of dial-up provided for
    off-site users.

30
Filtering levels
  • IP packet filtering
  • Decisions made based on the destination and the
    source IP addresses, the service type field in
    the IP header, port numbers in TCP/UDP headers.
  • Example prohibition of external access to NFS
    servers.
  • Performed by a process within the operating
    system kernel of a router.
  • TCP Gateway
  • A TCP Gateway process checks TCP connection
    requests and segment transmission for
    correctness.
  • Example Denial-of-service attack prevention.

31
Filtering levels (contd)
  • Application-level gateway
  • An application-level gateway process acts as a
    proxy for an application process.
  • Example a Telnet proxy. All telnet requests are
    routed through the proxy process for approval.
  • A firewall is a combination of several processes
    working at different protocol levels running on
    more than one machine (for fault-tolerance).
  • Two overall (mutually exclusive) policies
  • Anything not explicitly denied is allowed.
  • Anything not explicitly allowed is denied.

32
Virtual Private Networks
  • Suppose a company wants to connect the intranets
    of its 5 offices.
  • One option is to lease a private line.
  • Another is to connect through the internet.
  • But then everything is open.
  • The solution is to use encryption schemes to
    establish secure tunnels through the internet.
  • Such a set-up is called a virtual private network.

33
Directory and Discovery Services
  • Directory service A service that stores
    collections of bindings between names and
    attributes and that looks up entries that match
    attribute-based specifications.
  • Example MS Active Directory Service, UNIX X.500,
    etc.
  • Discovery service a directory service that
    registers the services in a spontaneous
    networking environment.
  • Provides an interface for automatically
    registering and de-registering services (fax
    machines, printers, etc.).
  • Provides a lookup interface for mobile devices
  • Example Jini

34
Jini
  • A system designed for spontaneous networking.
  • Java-based assumes that JVMs run on all of the
    computers, allowing them to communicate through
    RMI (remote method invocation, a flavor of
    interprocess communication in an object-oriented
    environment).
  • Provides facilities for service discovery,
    transactions and shared data spaces called
    JavaSpaces.

35
What is a Database
  • A system that stores data
  • persistent Exists beyond the immediate use
  • Centralized storage
  • Single or multiple users

36
Advantages
  • Reduces redundancy
  • Reduces inconsistency
  • Shared
  • Data representation standards can be enforced
  • Enables security restrictions
  • Integrity maintained
  • Valid cross references between records
  • Allows data-independent applications
  • Applications ignorant of how data is stored

37
Categories of Data Models
  • High-level or conceptual
  • entities, attributes, relationships
  • Representational or implementation or logical
  • relational, network hierarchical,
    object-oriented, object-relational
  • Physical or low-level
  • data storage

38
3-schema Architecture
  • Physical level description of a database
  • how things are stored on disk
  • files, record structures,
  • indices,
  • data structures for disk blocks,
  • methodology for dealing with too long records,
    etc.
  • Conceptual level description of a database
  • The description of application data (its schema)
    using one of the traditional data models.

39
3-Schema Architecture (cont'd)
  • View-level description of a database
  • What users of a particular application see
  • their own customized schema, e.g., for payroll,
    for the ticket agent, for a simulation program.
  • Multiple levels
  • helps with data independence
  • helps with maintenance.
  • Many views, single logical and physical schema.
  • Levels of abstraction give data independence.

40
The Entity-Relational Model
  • Entity a distinguishable object.
  • Entity set a set of entities all of the same
    type.
  • Attribute a single property of an entity
  • simple vs composite
  • single-valued vs multi-valued
  • stored vs derived
  • null values.
  • Domain set of values permitted for that
    attribute.

41
The E-R Model (contd)
  • Relationship an association between two or more
    entities.
  • Relationship set a set of relationships all of
    the same type
  • There is no correct schema for a batch of data.
    Which schema is best depends on the application.
  • Many basic data modelling choices depend on an
    understanding of the application.

42
Data Model
  • Data model notation for describing data, plus a
    set of operations used to manipulate that data.
  • a set of primitives for defining the structure of
    a DB
  • a set of operations for specifying the retrievals
    and updates on a DB
  • relational, hierarchical, network,
    object-oriented.

43
The Relational Model (Codd 1970)
  • The relational data model is the most important
    data model currently existing.
  • Value-oriented, i.e., allows operations on
    relations whose results are relations, thus
    enables to combine operations.
  • As opposed to object-oriented models, in which
  • Operations cannot be applied to the result of
    other operations
  • The result of an operation may be a new data
    type, and operations may not be available for
    this type.

44
Domain and Relation
  • A domain is a set of atomic values.
  • A relation is a finite subset of the Cartesian
    product of a finite list of domains
  • relation is a set of tuples
  • order of tuples is irrelevant and
  • no relation has 2 identical tuples
  • each tuple value is atomic
  • no composite attributes
  • no multi-valued attributes.

45
How a user interacts with a Web Database
  • In a Web browser, a user submits a request to the
    Web server.
  • The Web server passes it onto the middleware
  • The middleware writes the request in SQL queries
    and sends it to a back-end database.
  • The data retrieved are handed back to the
    middleware
  • The middleware generates a Web page for the data
  • The Web server sends the Web page to the browser
  • The browser displays the Web page in front of the
    user

46
Decision support systems for EC
  • DSS help the knowledge worker (executive,
    manager, analyst) make faster and better
    decisions
  • Data Warehousing enables On-line analytical
    processing (OLAP)
  • OLAP is a component of decision support system
  • Data mining
  • Extraction of interesting knowledge (rules,
    regularities, patterns, constraints) from data
    in large databases.
  • Data mining is a powerful, high-performance data
    analysis tool for decision support.

47
Potential Applications of Data Warehousing and
Mining in EC
  • Analysis of user access patterns and buying
    patterns
  • Customer segmentation and target marketing
  • Improved Web advertisement
  • Personalization
  • Association (link) analysis
  • Customer classification and prediction
  • Time-series analysis
  • Typical event sequence and user behavior pattern
    analysis
  • Transition and trend analysis

48
Multidimensional Data
  • Sales volume as a function of product, time, and
    geography

49
OLAP Servers
  • Relational OLAP (ROLAP)
  • Extended relational DBMS that maps operations on
    multidimensional data to standard relations
    operations
  • Multidimensional OLAP (MOLAP)
  • Special purpose server that directly implements
    multidimensional data and operations
  • Hybrid OLAP (HOLAP)
  • give users/system administrators freedom to
    select different partitions.

50
OLAP Operations
  • roll-up
  • aggregating on a specific dimension, I.e.,
    summarize data
  • total sales volume last year by product category
    by region
  • drill-down
  • also called roll down, drill through
  • inverse of roll-up, go from higher level summary
    to lower level summary or detailed data
  • For a particular product category, find the
    detailed sales data for each salesperson by date

51
OLAP Operations (contd)
  • slicing
  • projecting data along a subset of dimensions with
    an equality selection of other dimensions
  • Sales of beverages in the West for Jan 98
  • dicing
  • similar to slicing except that instead of
    equality selection of other dimensions, a range
    selection is used
  • Sales of beverages in the West over the last 6
    months
  • Pivot
  • reorient cube

52
Working definition of an agent
  • Agents are active, persistent (software)
    components that perceive, reason, act, and
    communicate
  • Huhns and Singh, 1998
  • An agent is an entity whose state is viewed as
    consisting of mental components such as beliefs,
    capabilities, choices, and commitments. sic In
    this view, therefore, agenthood is in the mind of
    the programmer.
  • Shoham, 1993

53
Agent Program
  • Inputs observations
  • Observations states of the agents domain or
    environment
  • Outputs actions
  • Actions Speak, Search, Move, Bid

( o1, o2, )
( a1, a2, )
Agent
54
Basic Characteristics
  • Delegation abilities The owner or user of an
    agent delegates a task to the agent and the agent
    autonomously performs the task on behalf of the
    user.
  • An agent can decompose and/or delegate the task
    to other agents
  • Once the task is complete the agent may need to
    report to the user/agent issuing the task.

55
Basic Characteristics (contd)
  • Agent communication languages and protocols
    information exchange with other agents
    establishes a need for expressive communication
    and negotiation language.
  • KQML (Knowledge Query and Manipulation Language)
  • Used to allow information agents to assert
    interests in information services, advertise
    their own services, and explicitly delegate tasks
    and requests for assistance from other agents.
  • Can be used for developing a variety of
    inter-agent communication protocols that enable
    information agents to collectively cooperate.

56
Basic Characteristics (contd)
  • Self-representation abilities the ability to
    express business and system aspects of its
    functionality, combine them into an application
    or implementation.
  • Self-describing, dynamic reconfigurable agents
  • Facilitate composition (specification and
    implementation) of large-scale (distributed)
    applications.
Write a Comment
User Comments (0)
About PowerShow.com