Welcome and outline of the day

8:00am - 8:05am

Introduction to the Web

• Brief History
• Architecture of the Web

Brief History of the Web

March 1989

First project proposal circulated at CERN.

November 1990

Initial WorldWideWeb prototype developed on the NeXT

March 1991

Line mode browser (www) released to limited audience

December 1991

CERN computer newsletter announces W3 to the HEP world.

September 1992

Plenary session demonstration to the HEP community.

February 1993

NCSA release first alpha version of "Mosaic for X".

March 1994

NCSA employees form "Mosaic Communications Corp" (now Netscape).

May 1994

First International WWW Conference, CERN, Geneva (400 spaces, 800 requests)

July 1994

MIT/CERN agreement to start W3 Organisation is announced

October 1994

Second International WWW Conference, Chicago (1000 spaces, 2000 requests)

December 1994

First W3 Consortium Meeting at M.I.T. in Cambridge (USA).

August 1995

W3C initiates PICS project for parental control on the Internet.

December 1995

Fourth International WWW Conference, Boston (2400 attendees)

January 1996

W3C initiates joint electronic payment initiative with CommerceNet.

Architecture of the Web

1. Clients
2. Servers
3. URLs
4. HTML
5. HTTP

Web Client

• Current generation are "Browsers"
• Understand multiple protocols (FTP, gopher, news, HTTP, ...)
• Understand multiple document formats (text, HTML, custom)
• Launch external viewers
• Future: HTML "widget" independent of browser logic
• Future: Integration with external objects, applications

Web (HTTP) Server

• Stateless, sessionless protocol
• Initially served files from file system
• Remap URL names to file names
• Security policy
• CGI Scripting for more complex applications
• Future: data base + file system interfaces

URL (Uniform Resource Locator)

• A "network-wide pointer"
• Scheme (protocol) for retrieval of information
• Host name (or equivalent)
• Location within host (hierarchical, separated by "/")
• Optional query with parameters
• Optional anchor name

HTML (Hyper Text Markup Language)

• Based on SGML
• Header + Body
• Anchors to mark internal sections or point to others
• Headers, lists, emphasis, interactive forms
• New features: tables, figures, embedded objects

HTTP (Hyper Text Transfer Protocol)

• Like email messages (headers + text)
• Simple actions (methods): GET, PUT, POST, HEAD, OPTIONS
• Numeric response codes with return data type, optional headers, and optional data

Java, Security, Commerce, and PICS

Java: Sun's New Programming Language

• "Clean" C++
• No pointer arithmetic
• Garbage collection
• Byte code for machine independence
• Controlled interfaces for "security"
• Abstract window toolkit, threads, events

PEP (Protocol Extension Protocol)

HTTP is extensible by adding new headers but

• No current agreement or registry for extensions
• No way of "bundling" headers into more meaningful protocols
• No way of advertising available extensions
• No way of querying for available extensions
• Proxy behavior undefined for added headers

Pieces of the Solution

• Two new HTTP header fields:
  • Accept-Protocol -- "I can do this, would you please?"
  • Protocol -- "I'm using this extension"
• Naming an extension protocol: URL
• Who can/should/must understand the protocol?
  • Far end only (origin)
  • Next hop (connection)
  • Everyone between sender and receiver (route)
• How should multiple protocols in one message be processed?

Negotiation

• Every HTTP message can ask that the next:
  • must use a specified protocol (required)
  • may use a specified protocol (optional)
  • may not use a specified protocol (refused)
• Protocols may have parameters which are agreed upon in the negotiation process
• Actual names of header fields may be negotiated to differ from those specified in the protocol description

W3C Role in Security

• Exploring modular approach to security
• Currently refining PEP and security-related PEP modules
  • Digital Signature
  • Key Management
  • Encryption
  • Authentication

W3C Role in EPayment

• Identified missing work item: negotiation
• Project approach seems most effective
• Key players identified and committed

Joint Electronic Payment Initiative (JEPI) Project

• Project team of 12
• Time limit of 6 months
• Scope
  • begins when choice of goods is complete
  • ends when payment module is called
  • negotiate choice of payment instrument, protocol, and transport
• Demonstration may require additional out-of-scope work
• W3C retains protocol specification and its own implementation

PICS (Platform for Internet Content Selection)

• The Internet, and particularly the Web, is in wide public use.
• In the U.S. there is concern over children's access to indecent material.
• Allowing third-parties to classify information is a generally powerful tool that can be used to address this problem directly.
• Provide the ability to control the information that can be received without censoring the network itself.

PICS System Overview

• There are any number of rating services who provide labels for information.
• Each rating service uses a rating system (of its choice) consisting of one or more scales (or dimensions) to label information.
• A rating service can label anything that has a URL.
• Labels can be sent with a document or retrieved separately.
• Labels can be created by the author of a document, the publisher of a document, or an independent third party.
• End-users choose the rating service(s) whose labels they wish to use, as well as the particular values along the scales that they consider acceptable (or unacceptable).

PICS Rating Services

• Unique name (a URL)
• Human-readable description of the service
• Machine-readable description of the service
• Rating system, consisting of
  • Named scales (violence, language, nudity/sex)
  • Restrictions on values within a scale (integer, named, multi-valued)

What's in a Label

• The unique name (URL) of the rating service
• Optional information (date when label was created, date of document when labelled, signature on label, MIC of labelled document, expiration date of label, etc.)
• Rating of document as list of scale/value pairs

Transmitting PICS Labels

• In RFC-822 headers (includes HTTP headers) along with the document.
  • PEP is used to specify which labels to transmit in the HTTP response header.
• In a META tag within the HTML header of a document.
• Via HTTP from a label bureau using an HTTP query.

Organization of the enterprise: Standards, IETF, W3

• Standards Organizations
• World Wide Web Consortium
• Other Consortia

Standards Organizations

IETF

Internet Engineering Task Force. Standards are named "RFCs" No formal membership requirements, primary work by electronic mail and quarterly meetings. No formal recognition as a standards body, but de facto body for Internet protocols. "Rough consensus and working code." Standard status requires at least two independently developed interoperable implementations.

ISO

International Standards Organization. DeJure in many countries (not U.S.) Formal membership required; technically by country standards organization. Late-comer to Internet protocol area, but responsible for SGML standard on which HTML is based.

ANSI

American National Standards Institute. U.S. standards obdy, member of ISO. Opening work items for electronic commerce, including merged VISA/MasterCard proposal (SET, Secure Electronic Transactions).

World Wide Web Consortium

• Located at MIT (Lab for Computer Science) and INRIA (French national C.S. research lab)
• Corporate memberships (over 100, 50% US, 50% European, starting Asian)
• "Enable the Web to reach its maximum potential"
• Produces specifications (not standards) and reference code
• All products available to the public after member review
• Technical core staff
• Fast response to member issues (HTML, PICS, JEPI)

Other Consortia

X/Open

Initially, a Unix-oriented consortium. Just announced merger with OSF (Open Software Foundation). Conformance testing and branding. Project-based work, with technical expertise from members, not consortium staff.

OMG

Object Management Group. Largest software consortium. Protocols for object-oriented systems (CORBA is best-known). Technical staff, primarily working on defining specifications.

FSTC

Financial Services Technical Consortium. Primary members are banks or other financial institutions. Working on electronic commerce projects. Staff is from "bank back office," drawing on technical expertise from member companies through organized projects.

CommerceNet

Projects and specifications related to electronic commerce, particularly over the Internet. Non-technical staff. JEPI project draws technical talent from W3C and member companies.