Wireless Application Protocol (WAP)

1

WAPWAP

Wireless Application ProtocolZeb Bhatti

©2001-2009, Aurangzeb Bhatti, Digital Learning Institute 2

About the Author

- Aurangzeb “Zeb” Bhatti launched Computerland LAX in 1985 and through acquisitions of PACTEL InfoSystems and NYNEX Computer Systems grew the company to a US$ 250 million+ and 400 employees. The new company called NovaQuest InfoSystems was sold to SARCOM, Inc. in 1998.

In 1999, Zeb launched WebVision Inc, and acquired eNom Inc. in 1999. eNom is the largest wholesaler of Internet domains in the world, providing domain name registration and other online services to small and home-based businesses, individuals, traffic aggregators and resellers(http://www.enom.com).

In 2004, Zeb launched an On-Line university (McKinley University) and authored the Virtual University System (VUS) product.

EXPERTISE:

Network, Systems and Telecommunications ( Architected and Build a Fiber-Optics Network and a series of Data Centers connecting five major cities in he US. The high-speed network was one of the first to implement EMC Storage Area Network technology for real-time mirroring and redundancy)

Information Security – Chief Information Security Officer

- Zeb has United States Patents on the Virtual University Appliance (“VU Appliance”) -used by educational institutions to E-Learning environments easily. Software has features for creating/aggregating content for courses, Courseware Repository, Learning Management and Registration System (LMS), Online Quiz and Exams Server, Online Evaluations by Students and Instructors, Collaboration, Discussion, Online Marketing for courses and recruiting Instructor/Mentors

- CO-Author of Curum Gold VIP (Visual Iconic Programming Language)


Timeline of Wireless Mobile Internet

PDANewton

Palm, Handspringshare with my desk

Handheld ComputerGrid, Slate, Go

It’s a phone!

Mobile Desktop Winpad, Wince, PocketPC

wirelessknowledge Windows Everywhere! (not)

Mobile Devices Norand, Telxon, Symbol, Psion

The trucks of the industry

Handheld CommunicatorICRAS (General Magic)Mix’n’match peripherals

It’s a computer!It’s both

data

voice

voice & data

Digital Cell PhoneNokia, Ericsson, Sprint, BellSouth …

Java phoneCompany X

Smart Radio

Teleputer

1990 2000 2010

Voice interfaces

Broadband optical

Transcoded media

PagersMotorola, Ericsson, etc.


Wireless Carrier Standards

3G


Connected LAN vs Wireless WAN

LAN Wireless 802.11 Ethernet – solid connect2.4M – proximity requirements; custom

Education, Gov’t, Large Corp. Canvases

Vertical industries: Warehouse SCM, Transport

Pro

fess

iona

lC

onsu

mer

WAN Wireless – Unpredictable Connections300 bits (SMS)

9.2 (CDPD), GSM – 9.6K Dial up

33.6 – 128K (Metricom, now under Chapter 11)

2.4Mb/sec vs 9K bits per second



This standard is a product of the IEEE 802.11 Working Group

Utilizes the 2.4 GHz Band (Industrial, Scientific and Medical Band – or ISM Band)

Allows for 2mb/sec & 11mb/sec data rates at distances of up to 3.5 miles

More improvements are made to the QoS, Security and data rate aspects of this standard.

Can expect data rates of upto 20mb/sec within a couple of years

Pro

fess

iona

l

Wireless Ethernet (802.11x)



The 802.11 standard allows for two different Air Interfaces (Radio Interfaces)

DSSS: Direct Sequence Spread Spectrum

FHSS: Frequency Hopping Spread SpectrumPro

fess

iona

l

Wireless Ethernet (802.11x)


Wireless Carrier Network Limitations

Hostile network environment

Lack of IP addressability

Low bandwidth

Reliability

The limited characteristics of devices

Connection library availability

Limited CPU, memory, and networking resources


Wireless Carrier Messaging

Standards & Convergence

3G W

irele

ss


& Wireless Carrier Messaging

SMS - Short Messaging Service

USSD – Unstructured Supplementary Services Data

CSD – Circuit Switched Data

Optimal WAP Bearer


SMS - Short Messaging Service

Given its limited length of 160 characters per short message, SMS may not be an adequate bearer for WAP because of the weight protocol of the protocol.

The overhead of the WAP protocol that would be required to be transmitted in an SMS message would mean that even for the simplest of transactions several SMS messages may in fact have to be sent.

This means that using SMS as a bearer can be a time consuming and expensive exercise. Only one network operator- SBC of the US- is known to be developing WAP services based on SMS.


CSD - CIRCUIT SWITCHED DATA

Most of the trial WAP based services use CSD as the underlying bearer. Since CSD has relatively few users currently, WAP could kickstart usage of and traffic generated by this bearer.

However, CSD lacks immediacy- a dial up connection taking about 10 seconds is required to connect the WAP client to the WAP Gateway, and this is the best case scenario when there is an complete end to end digital call-in the case of the need for analog modem handshaking (because the WAP phone does not support V.110 the digital protocol, or the WAP Gateway does not have a digital direct connection such as ISDN into the mobile network), the connect time is increased to about 30 seconds.


UNSTRUCTURED SUPPLEMENTARY SERVICES DATA

Unstructured Supplementary Services Data (USSD) is a means of transmitting information or instructions over a GSM network.

USSD has some similarities with SMS since both use the GSM network's signaling path.

Unlike SMS, USSD is not a store and forward service and is session-oriented such that when a user accesses a USSD service, a session is established and the radio connection stays open until the user, application, or time out releases it.

This has more in common with Circuit Switched Data than SMS. USSD text messages can be up to 182 characters in length.



USSD has some advantages and disadvantages as a tool for deploying services on mobile networks:

Turnaround response times for interactive applications are shorter for USSD than SMS because of the session-based feature of USSD, and because it is NOT a store and forward service. According to Nokia, USSD can be up to seven times faster than SMS to carry out the same two-way transaction.

Users do not need to access any particular phone menu to access services with USSD- they can enter the Unstructured Supplementary Services Data (USSD) command direct from the initial mobile phone screen.

Because USSD commands are routed back to the home mobile network's



Home Location Register (HLR), services based on USSD work just as well and in exactly the same way when users are roaming.

Unstructured Supplementary Services Data (USSD) works on all existing GSM mobile phones.

Both SIM Application Toolkit and the Wireless Application Protocol support USSD.

USSD Stage 2 has been incorporated into the GSM standard. Whereas



USSD was previously a one way bearer useful for administrative purposes such as service access, Stage 2 is more advanced and interactive. By sending in a USSD2 command, the user can receive an information services menu. As such, USSD Stage 2 provides WAP-like features on EXISTING phones.

USSD strings are typically complicated for the user to remember, involving the use of the "*" and "#" characters to denote the start and finish of the USSD string. However, USSD) strings for regularly used services can be stored in the phonebook, reducing the need to remember and reenter them.

As such, USSD could be an ideal bearer for WAP on GSM networks.


General Packet Radio Service (GPRS)

The General Packet Radio Service (GPRS) is a new packet-based bearer that is being introduced on many GSM and TDMA mobile networks from the year 2000 onwards. It is an exciting new bearer because it is immediate (there is no dial up connection), relatively fast (up to 177.2 kbps in the very best theoretical extreme) and supports virtual connectivity, allowing relevant information to be sent from the network as and when it is generated.

At the time of writing , there has been no confirmation from any handset vendors that mobile terminated GPRS traffic (i.e. direct receipt of GPRS packets on the mobile phone) will be supported by the initial GPRS terminals. Availability or not of GPRS MT is a central question with critical impact on the GPRS business case such as application migration from other nonvoice bearers.



There are two efficient means of delivering proactively sending ("pushing") content to a mobile phone: by the Short Message Service which is of course one of WAP bearers or by the user maintaining more or less a permanent GPRS (mobile originated) session with the content server. However, mobile terminated IP traffic might allow unsolicited information to reach the terminal. Internet sources originating such unsolicited content may not bechargeable. A possible worse case scenario would be that mobile users would have to pay for receiving unsolicited junk content. This is a potential reason for a mobile vendor NOT to support GPRS Mobile Terminate in their GPRS terminals. However, by originating the session themselves from their handset, users confirm their agreement to pay for the delivery of content from that service. Users could make their requests via a WAP session, which would not therefore need to be blocked. As such, a WAP session initiated from the WAP microbrowser could well be the only way that GPRS users can receive information onto their mobile terminals.



Since all but the early WAP enabled phones will also support theGeneral Packet Radio Service, WAP and GPRS could well be synergistic and be used widely together. For the kinds of interactive, menu based information exchanges that WAP anticipates, Circuit Switched Data is not immediate enough because of the need to set up a call. Early prototypes of WAP services based on Circuit Switched Data were therefore close to unusable. SMS on the other hand is immediate but is ALWAYS store and forward, such that even when a subscriber has just requested information from their microbrowser, the SMS Center resources are used in the information transfer. As such, GPRS and WAP are ideal bearers for each other.

Additionally, WAP incorporates two different connection modes-WSP connection mode or WSP connectionless protocol. This is verysimilar to the two GPRS Point to Point services- connection oriented and connection less.



The predominant bearer for WAP-based services will depend on delays in availability of WAP handsets and delays in the availability of GPRS terminals. If WAP terminals are delayed until the year 2000, most WAP terminals will support GPRS as well. If the firstWAP terminals support SMS and Circuit Switched Data, but not GPRS, then SMS could become the predominant initial WAP bearer.

WAP certainly will be important for the development of GPRS-based applications. Because the bearer level is separated from the application layer in the WAP protocol stack, WAP provides the ideal and defined and standardized means to port the same application to different bearers. As such, many application developers will use WAP to facilitate the migration of their applications across bearers once GPRS based WAP protocols are supported.


An Internet Primer

The Internet is like a spider’s web because it is physically made up of millions of interconnected computers.

It is a network of networks—including thousands of corporate, government, and university networks, as well as commercial online services such as America Online and Prodigy.

They are all connected by phone lines and other types of media, which we’ll discuss later.

The Internet is also like a cloud because it’s huge and formless.

No one owns the Internet, no one governs or controls it, and no one even knows exactly how big it is. Yet anyone can use it.

Most experts agree that it is used by at least 150 million people around the world.


An Internet Primer

The network itself is simply a medium over which messages travel.

To enable messages to travel safely and reliably between different types of networking media, certain standards must be enforced.

For example, the Internet consists of many different types of computers connected by a wide range of physical media.

However, all computers connected to the Internet share one common communications language: Transmission Control Protocol/Internet Protocol (TCP/IP), which enables them to communicate with one another.


An Internet Primer

The Internet is rapidly establishing standards on numerous fronts to make it easier to use and to assure seamless communication.

For example, many different types of e-mail systems are used on the Internet.

To enable e-mail messages to be sent and received among these varying systems, Simple Mail Transfer Protocol (SMTP) was developed.

SMTP allows the exchange of electronic mail between any user and any host on the Internet.

The Internet also employs standards that simplify the publication of content onto World Wide Web pages so that users can interact with it.

HyperText Transfer Protocol (HTTP) is the key to enabling usersto access documents and software on the Web.


An Internet Primer

Web documents themselves are created using another standard: hypertext markup language (HTML).

The HTML language was designed to make it easy for developers to include graphics in their documents and to facilitate linking one document to another.

By simply clicking on a hypertext link, users are taken to the area of interest automatically.

Documents are published on the Internet as “Web pages.”

In order for users to access a particular Web page, each Web site is assigned an address called a Uniform Resource Locator (URL).

The URL is presented as a string of characters such as http://www.cisco.com.


An Internet Addressing Primer

All computers on the Internet use a common ‘addressing’ scheme to identify and reach each other.

This is a ‘32-bit IP address’ scheme known as IPv4 Addresses.

Just not enough numbers for everyone to have one. 2^32 = 4,294,967,296

Classless Internet Domain Routing (CIDR) was the fi rst accepted answer

Dynamic IP was the next answer

Still not good enough. Enter Network Address Trans lation (NAT) gateways

(IPv6 is a number of years away)


Network Address Translation (NAT) Today

Everyone on a private network, sharing one IP

The private network’s router maintains who’s who

Ramifications:No unique IP address means I cannot be a server to others

Less vulnerable to attacks

Many, many devices will live in private networks


NAT Ramifications

I no longer have a unique IP address for my device (PC, Phone, etc). I can’t by default be a publicly accessible server �.

But, the peers inside the private network are much less vulnerable to attacks

It is very likely that many devices will live in private networks

Check out http://me.enhydra.org/ for technologies to overcome NAT limitations

Locumi and kHTTP for J2ME devices


Summary: Wireless Realities

Measure in bits and cents

Infrastructure is huge and moves slowly: 2-3 year lag times from standard.

Base station territories rule!

Incompatibility everywhere - Handsets must match towers, bill plan, roaming agreements. Worse internationally. Even with dual-band, tri-mode phones the fine print reads:This is a network and subscription dependent feature--not available in all areas.

Preservation of voice market slows advance (TDMA/GSM)

The primary users of the phone network are computers, not people – but is was engineered for people.


How Technology will Influence WAP


Development of Radio Technology


What is WAP?


What is WAP?

What is WAP?What services are possible

How does it work

What is the WAP forum?

What is WML?

What are wireless devices?How is content displayed on a wireless device

Pros and cons of using WAP

Issues for content creators


What is WAP?

WAP stands for ‘Wireless Application Protocol’

Very different to SMS (Short Message Service) that many of us use every day via our mobile phones

Fast becoming the defacto global standard for providing internet content and services to mobile device users

Uniform technology platform i.e. same technology is provided to all vendors regardless of the network they use

Aims to get manufacturers, application developers & content providers focused on developing compatible products

‘the Internet on your phone’


What is WAP?

Designed to work with most wireless networks e.g. CDPD, CDMA, GSM

Compatible with most operating systems e.g. PalmOS, Windows, OS/9

Currently over 50 million WAP-enabled handsets in circulation

By 2004 est. WAP users in Western Europe alone predicted at 200 million

WAP standard is created by wireless and Internet companies around the world in order to to make accessing the Internet as

easy and convenient as using a cellular phone


WAP Principles

A complete Wireless Internet Solution that:

Uses existing standards

Optimized for Wireless

Promotes new and open standards

Provides Air Interface Independence

Provides Device Independence

Provides Network-independent

Works on packet, circuit, SMS, or a combination

Strong industry consensus - over 300 members


WAP Server Suite

HTMLHTTPTCP/IP

Web Servers

Email Servers

SMTPTCP/IP

The WAP Model

Intranet /Internet

MSC

MessageCenter

Micro Browser

WirelessNetwork


WAP Infrastructure


WAP Infrastructure

WirelessNetwork

MicroBrowser

WAPProxy

Binary WML

WML

Web Server

WML

HTML/

WMLServer

Filter

WML WML

WTAServer

Binary WML


Protocol Translation

URL

HTTP(s)

TCP

IP

SSL/TLSService

Request

Browser

InternetWireless

Network

URL

WSP

WTP

WTLS

WDP

Web Server

URL

HTTP(s)

TCP

IP

SSL/TLS

Gateway

URL

WSP

WTP

WTLS

WDP

A

G

E

N

T

Service

Response

HTML/WML

HTTP(s)

TCP

IP

SSL/TLS

WMLc

WSP

WTP

WTLS

WDP

A

G

E

N

T

HTTP(s)

TCP

IP

SSL/TLS

HTML/WML

WMLc

WSP

WTP

WTLS

WDP


How does WAP work?

WAP

Gateway

Server

WTPWTP HTTPHTTP

Web

Server

Web

Server

CSD

SMS

GPRS

UMTS

Content

Store

“WAP will let me surf the web”


How does WAP work?


What services are possible with WAP?

customer care and provisioning

message notification and call management

e-mail

telephony value-added services and unified messaging mapping and locater services

weather and traffic alerts

news, sports and information services

e-commerce transactions and banking services

online address books & directory services

corporate intranet applications


Example: One Person’s Day

Company telephone list

Personal contact list

e-mail addresses

Diary/Schedule

Weather forecast

Bank Transactions

Train timetable

Traffic reports

Airlines Schedule

Product Help Guides

Job reporting

Component stock and ordering

Expenses and mileage

Sandwiches to Order

Now Future


Vertical Applications

High UTILITIES REALTECH & CABLE LEGAL MEDICAL ESTATE

TRANS-DISPATCH COURIER PORTATION

OFFICE FOOD & CONSTRUC- FURNITURE &SUPPLIES BEVERAGE TION APPLIANCES

DISPATCH

SERVICE

DELIVERY

Acknowledgement: Unwired Planet


A General Purpose Platform

For All Applications

I

IntranetIntranet

HLRSCP

SS7

MSC

InfranetInfranet InternetInternet

CustCare

Acknowledgement: Unwired Planet


What are wireless devices?

HandheldsDescendants of the Palm Pilot

Now powerful computers that run many applications a nd increasingly connect to the Internet

Net-enabled phonesWireless and wired phones that connect to the Inter net


What are wireless devices?

Net appliancesSmall counter-top devices providing fast, easy Inte rnet connections

TV/Set-top boxesProvide Internet connectivity through your TV

Two-way pagersNet-enabled paging devices supporting mainly email

Other appliancesNet-enabled household appliances

55

What are Wireless Devices

Today?


Two-way Paging / Messaging

1. Tap mail function

2. Scroll to message

3. Read message

J2ME capable pager devices from Motorola Now


Palm / Symbol / Handspring / pdQ

Consumer & some business

Dockable PIM device

Optional card slots

APIs

SDK 3.5, Program in C, ROMS, simulator.

J2ME MIDp & PDAp [late 2001]

Presentation Technologies:

Web clipping – PQA, Palm Query Application

WML browsers

J2ME / MIDp

Samsung, Kyocera, etc

Esmertec & others for JVMs/KVMs


PocketPC - Microsoft

‘Windows Everywhere”

APIs for persistent applications3rd generation Windows CE: C++, CE Basic, Java 1.1.8

Presentation for dynamic applications

But, the desktop does not work well in the hand.

Network communications architecturesGood LAN

Weak WAN

iPQA overcame PALM in Q2/2001

59

WAP enabled Devices?


New wireless devices?


WAP content on WAP Phones


Pros of using WAP

Portability of mobile devices favors wireless over wired technologies

Many, many more people have mobile phones than PCs

Immediacy of available information – don’t have to be near a landline or computer

Personalization of information

Location awareness


Challenges of using WAP

Mobile, handheld devices have:Less powerful CPUs

Less memory

Restricted power consumption (battery life)

Smaller displays and different display sizes and shapes

Different input devices e.g. keypad, touch screen, voice input, handwriting recognition


Challenges of using WAP

Wireless networksLess bandwidth

Less connection stability

Less predictable availability

CostCurrently in Australia, users must dial up to acces s the WAP server i.e. every item of content costs


Alternatives to WAP

WAP isn’t the only protocol being used or suggested

Other industry groups are also working on other suggestions e.g. i-Mode, LEAP

Some people and orgs have serious concerns about WAP

see e.g. http://www.freeprotocols.org/LEAP/Manifesto/article /TheWAPTrap/split/main.html


Examples of WAP content - PDA


Optimizing content for handhelds

Provide only the most essential information

Avoid scrolling

Use simple, easy to understand symbols

Offer content in neat, tabular arrangements



Provide drill-down navigation via hypertext links

Use a navigation system that is easy to move forwar d and back

Use a deep hierarchy rather than long scrolling pag es

Set up links to each page via anchor links (acting like a table of contents)

Test that your content works across different scree n sizes e.g. 160 X 160 pixels; 240 X 320 pixels



Notice how this content layout works on two different sized screens


What is the WAP Forum™?

The organization established to create and constantly improve the WAP specification

Industry-wide association

Responsible for drafting the global WAP specificati ons (now up to version 2.0)

Founded by Nokia, Ericsson, Motorola and Wired Plan et in 1998

Over 450 current members comprised ofManufacturers representing over 95% of the world’s handsets

Carriers representing over 200 million subscribers

Leading Internet and wireless infrastructure provid ers

PC software companies

Other companies delivering solutions to the wireles s industry.


What is the WAP Forum™?

The Wireless Industry has chosen the WAP Standard because it is:

An open industry-established world standard

Based on Internet standards including XML and IP

Committed to by handset manufacturers representing over 90% of the world market across all technologies

Supported by network operators representing 100 Mil lion subscribers


WAP Wireless Operators


WAP Device ManufacturersWAP Device Manufacturers


CCL

SOFTLINE

WAP Software CompaniesWAP Software Companies


WAP Infrastructure CompaniesWAP Infrastructure Companies


Objectives of the WAP Forum

Bring Internet content and advanced services to wireless handsets and other wireless terminals

Create a global wireless protocol specification to work across differing wireless network technologies

Submit specifications for adoption by appropriate industry and standards bodies

Enable applications to scale across a variety of transport options and device types


The Goals of The WAP Forum™

Ensure interoperability

Foster growth of the wireless market.

Make accessing the Internet portable and convenient


Benefit the carrier by creating multiple suppliers of interoperable components

and valuable applications

Open Standards

Assure interoperability

Encourage innovation

Foster competition


Bearer Independence

Allows Applications developed once to work across all networks -- today and tomorrow

Protects the Carrier’s investment in wireless data as networks evolve

Enables Handset Manufacturers to use common code across product lines


Device Independence

Allows Applications developed once to work across many devices from small handsets to powerful PDA’s

Promotes consistent user experience across all of a carrier’s handset offerings

Encourages wealth of applications for handset manufacturers that implement the standard


Challenge: Bandwidth is limited

Power and spectrum limitations mean low bandwidth relative to wireline.

Higher bandwidth comes at economic expense

Trend towards packet means shared channels

Latency is an issueTransactions very small, so users perceive latency

Reliability varies widely, and fails differently fr om the Internet.

I.e, Out-of-coverage is a common occurrence.


WAP is working with W3C to merge into HTTP-NG (Next Generation)

Wired Internet

HTMLJavaScript

HTTP

TLS - SSL

TCP

Wireless Session Protocol (WSP)


Wireless Transport Layer Security (WTLS)Wireless Transport

Layer Security (WTLS)

SMS USSD CSD IS-136 CDMA CDPD PDC-P Etc..

Wireless Bearers:

Wireless Network

Internet and WAP Protocols

WML (XML Language)WML Script


IP

Physical

Wireless Transaction Protocol (WTP)


iDEN

UDP / IPUDP / IP WDPWDP

Dynamic Protocol

Translation

WAP Solution:

Wireless-optimized Protocols

WAP runs only on the wireless portion

WAP Protocol stack is optimized for wireless

WAP runs on all networks, including IP networks

WAP even works over SMS


Wired Internet

HTMLJavaScript

HTTP

TLS - SSL

TCP



Wireless Transport Layer Security (WTLS)

Wireless Transport Layer Security (WTLS)


Wireless Bearers:

Wireless Network

Internet and WAP Protocols



IP

Physical



iDEN

UDP / IPUDP / IP WDPWDP

DynamicProtocol

Translation

WAP Solution:

Wireless-optimized Protocols


Implications:Implications:•• Screen size and input mechanisms will always be lim ited.Screen size and input mechanisms will always be lim ited.•• Consumer desire for longer battery life will always limit Consumer desire for longer battery life will always limit

available bandwidth, CPU, memory and display.available bandwidth, CPU, memory and display.•• ConsumerConsumer --class applications must be handsetclass applications must be handset --aware.aware.

Challenge: The Devices are smaller

Form -factor limited to comfort in the human hand

Device has extremely limited CPU power, memory (RAM & ROM) space, and display size

Consumers demand long battery life, and therefore low power consumption

Increasing bandwidth requires more power


WAP Solution: Microbrowser optimized for

the consumer handset

Requires minimal RAM, ROM, Display, CPU and keys

Provides carrier with consistent service UI across devices

Provides Internet compatibility

Enables wide array of available content and applications


What is a WAP Microbrowser?

WAP Microbrowsers in Every Phonedisplays WAP “decks”

Equivalent to Primitive Web Browsers

Allows:� Text

� Images (b&w bitmaps)

� Hyperlinks

� Text entry


WAP & 3G

Spectrum is a finite resource

The wireless industry has never seen a piece of spectrum it didn’t like (we always need more)

WAP is superb at managing spectrum and delivering content using less bandwidth

WAP is already working on color, graphics, multimedia and more to capitalize on 3G


WAP and Interoperability

Meeting the Challenge to

Make All WAP-compliant

devices and software

interoperable

90

WAPWAP

Architecture Architecture


Web Server

Content

CGIScripts

etc.

WM

L D

ecks

with

WM

L-S

crip

t

WAP Gateway

WML Encoder

WMLScriptCompiler

Protocol Adapters

Client

WML

WML-Script

WTAI

Etc.

HTTPWSP/WTP

The WAP Architecture


How does WAP work?

YELLOW

WAP Gateway

WebServer

WAP content

web content

Host

a. User requests URL; phone connects to towerb. Tower passes request to WAP gateway (WTP)c. Gateway decodes, passes request to server @ URL (HTTP)d. Server acts on request, returns data to gateway (HTTP)e. Gateway encodes, passes data to phone (WTP)f. Phone decodes, displays WAP deck to user.


Comparison between Internet and WAP Technologies

Wireless Application Protocol

Internet HTML

JavaScript

HTTP

TLS - SSL

TCP/IPUDP/IP

Wireless ApplicationEnvironment (WAE)

Session Layer (WSP)

Security Layer (WTLS)

Transport Layer (WDP)

Other Services andApplications

Transaction Layer (WTP)


Bearers:


WAP v1.0 specifies…

Wireless Application EnvironmentWML MicrobrowserWMLScript Virtual MachineWMLScript Standard LibraryWireless Telephony Application InterfaceWAP Content Types

Wireless ProtocolsWireless Session Protocol (WSP)Wireless Transport Layer Security (WTLS)Wireless Transaction Protocol (WTP)Wireless Datagram Protocol (WDP)Wireless network interface definitions


WHY WAP ?

Wireless networks and phones have specific needs and requirements

not addressed by existing Internet technologies.

Only be met by participation from entire industry.

WAP enables any data transport TCP/IP, UDP/IP, GUTS (IS-135/6), SMS, or USSD.

The WAP architecture several modular entities

together form a fully compliant Internet entity

all WML content is accessed via HTTP 1.1 requests.


Converging With An XML World

WAP is already prepared for convergence

Understanding the “module” effectContent availability increases because less code is needed to render sites properly instead of re-writing whole s ites

WAP complies with W3C’s recently approved XHTML standard

WAP is Based on Internet standards includingXML and IP

WAP utilizes standard Internet markup language technology (XML)


WHY WAP ?

Optimizing the content and airlink protocols

The WML UI components map well onto existing mobile phone user interfaces

no re-education of the end-users

leveraging market penetration of mobile devices

WAP utilizes plain Web HTTP 1.1 serversleveraging existing development methodologies

CGI, ASP, NSAPI, JAVA, Servlets, etc.


Why is HTTP/HTML not enough?

Big pipe - small pipe syndrome

Wireless network<HTML><HEAD><TITLE>NNN Interactive</TITLE><META HTTP-EQUIV="Refresh" CONTENT="1800, URL=/index.html"></HEAD><BODY BGCOLOR="#FFFFFF" BACKGROUND="/images/9607/bgbar5.gif" LINK="#0A3990" ALINK="#FF0000" VLINK="#FF0000" TEXT="000000" ONLOAD="if(parent.frames.length!=0)top.location='ht tp://nnn.com';"> <A NAME="#top"></A><TABLE WIDTH=599 BORDER="0"><TR ALIGN=LEFT><TD WIDTH=117 VALIGN=TOP ALIGN=LEFT>

<HTML><HEAD><TITLE>NNN Interactive</TITLE><META HTTP-EQUIV="Refresh" CONTENT="1800, URL=/index.html">

Internet<WML><CARD><DO TYPE="ACCEPT"><GO URL="/submit?Name=$N"/></DO>Enter name:<INPUT TYPE="TEXT" KEY="N"/></CARD></WML>

010011010011110110010011011011011101010010011010

Content encoding

HTTP/HTML WAP

100

Wireless Session Protocol

Wireless Transaction Protocol

Wireless Datagram Protocol

Wireless Transport ProtocolsWireless Transport Protocols


Wireless Transaction Service Access Point

Transport Service Access Point (TSAP)

Wireless Transaction Protocol

Wireless Session Protocol

Wireless Session Service Access Point

Wireless Datagram Protocol

BearerService

D

BearerService

CBearerService

BBearerService

A

Physical Layer Air Link Technology

WCMP

Protocol Layers in WPG


WAP Transport Services

WSP is the Session Layer Protocol

WTP is the Transaction-Oriented protocol

WDP is the Datagram protocol


WSP Overview

Provides shared state between client and server used to optimize content transfer

Provides semantics and mechanisms based on HTTP 1.1

Enhancements for WAE, wireless networks and “low-end” devices

Compact encoding

Push

Efficient negotiation


HTTP 1.1 Basis

Extensible request/reply methods

Extensible request/reply headers

Content typing

Composite objects

Asynchronous requests


Enhancements Beyond HTTP

Binary header encoding

Session headers

Confirmed and non-confirmed data push

Capability negotiation

Suspend and resume

Fully asynchronous requests

Connectionless service


Why Not HTTP?

Encoding not compact enough

No push facility

Inefficient capability negotiation


Header Encoding

Defined compact binary encoding of headers, content type identifiers and other well-known textual or structured values

Reduces the data actually sent over the network


Capabilities

Capabilities are defined for:Message Size, client and server

Protocol Options: Confirmed Push Facility, Push Fac ility, Session Suspend Facility, Acknowledgement headers

Maximum Outstanding Requests

Extended Methods

Header Code Pages


Suspend and Resume

Server knows when client can accept a push

Multi-bearer devices

Dynamic addressing

Allows the release of underlying bearer resources


Session Context and Push

Push can take advantage of session headers

Server knows when client can accept a push


Push

Push is under development

Network-push of contentAlerts or service indications

Pre-caching of data

Goals:Extensibility and simplicity

Build upon WAP 1.0

End-to-end solution

Security

User friendly


Connection And Connectionless Modes

Connection-modeLong-lived communication

Benefits of the session state

Reliability

ConnectionlessStateless applications

No session creation overhead

No reliability overhead


WSP Work-in-Progress

Support for Quality of Service parameters

Multicast data

Ordered pipelining

WSP Management entities

Support for isochronous multimedia objects



Purpose:Provide efficient request/reply based transport mec hanism suitable for devices with limited resources over ne tworks with low to medium bandwidth.

Advantages:Operator Perspective - Load more subscribers on the same network due to reduced bandwidth utilization.

Individual User - Performance is improved and cost i s reduced.


WTP Services and Protocols

WTP (Transaction)

provides reliable data transfer based on request/re ply paradigmno explicit connection setup or tear down

data carried in first packet of protocol exchange

seeks to reduce 3-way handshake on initial request

supports

• retransmission of lost packets

• selective-retransmission

• segmentation / re-assembly

• port number addressing (UDP ports numbers)

• flow control

message oriented (not stream)

supports an Abort function for outstanding requests

supports concatenation of PDUs


ClientClient ServerServer

Invoke

Ack

Result

Ack

T-TRInvoke.req

T-TRResult.ind

T-TRInvoke.cnf

T-TRResult.res

(PDUs)

T-TRInvoke.ind

T-TRResult.req

T-TRInvoke.res

T-TRResult.cnf

WTP Services and Protocols

WTP uses the service primitivesT-TRInvoke.req .cnf. .ind .res

T-TRResult.req .cnf .ind .res

T-Abort.req .ind

an example of a WTP protocol exchange


Wireless Datagram Protocol (WDP)

Provide consistent interface to a fundamental trans port service across all wireless bearer networks.

Provides a connectionless, unreliable datagram serv ice.

WDP is adapted to each particular wireless network to provide the generic datagram transport.

The basic datagram service is fundamental to all wi reless networks and makes it possible to utilize WAP every where.


WDP Services and Protocols

WDP (Datagram Protocol)provides a connection-less, unreliable datagram ser vice

WDP is replaced by UDP when used over an IP network layer.

WDP over IP is UDP/IP

uses the Service Primitive

T-UnitData.req .ind

Supports port number addressing

Example: WDP is UDP when used over an IP network layer.


WDP Services and Protocols

Instead of a typical 64-Byte TCP packetcontaining 15-Bytes of payload, the WDP packet is compressed and will require approx. 20-Bytesof data in total to be transported to the mobile handset.


Connection And Connectionless Modes

Connection-modeLong-lived communication

Benefits of the session state

Reliability

ConnectionlessStateless applications

No session creation overhead

No reliability overhead


• GSM SMS, USSD, C-S Data, GPRS• IS-136 R-Data, C-S Data, Packet• CDMA SMS, C-S Data• PDC C-S Data, Packet • PHS C-S Data• CDPD• iDEN SMS, C-S Data, Packet• FLEX and ReFLEX• DataTAC

Bearers Supported

Bearers currently supported by WAP


WAP Over GSM Circuit-Switched Data

RAS - Remote Access ServerIWF - InterWorking Function

WSP

WAE

Subnetwork

IP

WSP

WAE Apps onOther Servers

WAP Proxy/Server

CSD-RF

PPP

IP

Mobile

IWF

PSTNCircuit

CSD-RF

ISP/RAS

SubnetworkPSTNCircuit

PPP

IP

WTP

UDP

WTP

UDP

Service, Protocol, and Bearer Example


WAP Over GSM Short Message Service (SMS)

SMS

WDP

WTP

WSP

WAE

SMS

Subnetwork

WDP

WDP Tunnel Protocol

Subnetwork

WDP TunnelProtocol

WTP

WSP

WAE Apps onother servers

SMSC

WAP Proxy/ServerMobile

under development

Service, Protocol, and Bearer Example


WDP Work-in-Progress

Definition of Wireless TCP via liaison with IETF PILC Working Group

Over The Air Provisioning

Cell Broadcast

SMS-C standardized interface (WDP tunneling protocol)

UDP Port number assignment from IANA

125

WAP Application EnvironmentWAP Application Environment

(WAE)(WAE)


WML and WMLScript

Wireless Telephony Architecture

Content Formats

Push

User Agent Profile

WAP Application EnvironmentWAP Application Environment


WAE Goals

Network-neutral application environment;

For narrowband wireless devices;

With an Internet/WWW programming model;

And a high degree of interoperability.


WAE Requirements

Leverage WSP and WTP

Leverage Internet standard technology

Device Independent

Network Independent

International Support


Requirements

Vendor-controlled MMI

Initial focus on phonesSlow bearers

Small memory

Limited CPU

Small screen

Limited input model


WAE First Generation

ArchitectureApplication model

Browser, Gateway, Content Server

WMLDisplay language

WMLScriptScripting language

WTATelephony services API and architecture

Content FormatsData exchange


WML Second Generation

Extensions and enhancementsCurrently under development

User Agent ProfilingContent customized for device

Push ModelNetwork-initiated content delivery

Performance EnhancementsCaching, etc.


GatewayClientNetwork

Application

WSP/HTTP Request {URL}

WSP/HTTP Reply {Content}

WAE Abstract Network Architecture


Web Server

Content

CGIScripts

etc.

WM

L D

ecks

with

WM

L-S

crip

t

WAP Gateway

WML Encoder

WMLScriptCompiler

Protocol Adapters

Client

WML

WML-Script

WTAI

Etc.

HTTPWSP/WTP

Network Example #1:

WAP Gateway


WAP Application Server

Content

ApplicationLogic

WM

L D

ecks

with

WM

L-S

crip

t

WML Encoder

WMLScriptCompiler

Protocol Adapters

Client

WML

WML-Script

WTAI

Etc.

WSP/WTP

Network Example #2:

WAP Application Server


What is WML?

WML stands for Wireless Markup Language

Equivalent of HTML on wireless devices

Requires very little bandwidth and processing power for data transfer

Code interpreted by a browser built into a WAP devi ce (micro browser)

Content is accessed over the Internet using the sam e servers as web content

Micro browsers have much more limited capabilities than browsers on PCs


WML

Tag-based browsing language:Screen management (text, images)

Data input (text, selection lists, etc.)

Hyperlinks & navigation support

W3C XML-based language

Inherits technology from HDML and HTML

WML is XML (Subset of XML)


WML

Card metaphorUser interactions are split into cards

Navigation occurs between cards

Explicit inter-card navigation modelHyperlinks

UI Event handling

History

State management and variablesReduce network traffic

Results in better caching


All decks must contain...

Document prologueXML & document type declaration

<WML> elementMust contain one or more cards

<?xml version="1.0"?><!DOCTYPE WML PUBLIC "-//WAPFORUM//DTD WML 1.0//EN"

"http://www.wapforum.org/DTD/wml.xml">

<WML>...

</WML>


InputElements

WML Example

Deck

CardNavigation

Variables

<WML><CARD>

<DO TYPE=“ACCEPT”><GO URL=“#eCard”/>

</DOWelcome!

</CARD><CARD NAME=“eCard”>

<DO TYPE=“ACCEPT”><GO URL=“/submit?N=$(N)&S=$(S)”/>

</DO>Enter name: <INPUT KEY=“N”/>Choose speed:<SELECT KEY=“S”>

<OPTION VALUE=“0”>Fast</OPTION><OPTION VALUE=“1”>Slow</OPTION>

<SELECT></CARD>

</WML>


<WML><CARD>

<DO TYPE="ACCEPT" LABEL="Next"><GO URL="#card2"/>

</DO>Acme Inc.<BR/>Directory

</CARD>

<CARD NAME="card2"><DO TYPE="ACCEPT">

<GO URL="?send=$type"/></DO>Services<SELECT KEY="type">

<OPTION VALUE="em">Email</OPTION><OPTION VALUE="ph">Phone</OPTION><OPTION VALUE="fx">Fax</OPTION>

</SELECT></CARD>

</WML>

A Deck of Cards

Acme Inc.Directory_____________Next

Services1>Email2 Phone____________OK


Accept

Prev

QueryDeck

Back

First Name:

Jane_____________Next

Last Name:

Doe_____________Done

Example: Input Activity


Defining the Navigation Path

<CARD><DO TYPE="ACCEPT" LABEL="Next">

<GO URL="#card2"/></DO>First name:<INPUT KEY="fname"/>

</CARD>

<CARD NAME="card2" ><DO TYPE="ACCEPT" LABEL="Done">

<GO URL="?get=person" METHOD="POST" POSTDATA="first=$fname&last=$lname"/>

</DO>Last name: <INPUT KEY="lname"/>

</CARD>


<DO TYPE="ACCEPT" LABEL="Next"><GO URL="http://www.mysite.com/myapp.wml"/>

</DO>

The DO Element

Binds a task to a user actionAction type: ACCEPT, OPTIONS, HELP

PREV, DELETE, RESET

Label: Text string or image (optional)

Task: GOPREV, REFRESH, NOOP

Destination: URL

Post data: if METHOD=POST


Anchored Links

Bind a task to the ACCEPT action, when cursor points to a link

TITLE= sets the label string (default = “Link”)

Links are not allowed in select list options

<CARD>Please visit our

<A TITLE="Visit"><GO URL="home.wml"/> home page </A>

for details.</CARD>

Please visitour home

page for____________Visit


Task Binding Rules

User actions are scoped at three levels• Deck • Card

• Anchored links & select list options (ACCEPT)

When tasks are bound to an action at different leve ls,the action with narrower scope takes precedence

Default task bindingsUser Action TaskACCEPT, PREV PREVOthers NOOP


<WML><TEMPLATE>

<DO TYPE="OPTIONS" LABEL="Main"><GO URL="main_menu.wml"/>

</DO></TEMPLATE><CARD NAME="msg1">

<DO TYPE="ACCEPT" LABEL="Next"><GO URL="#msg2"/>

</DO>First story

</CARD><CARD NAME="msg2">

Second story</CARD>

</WML>

The TEMPLATE Element

Defines actions & events for all cards in a deck

First story…

_____________Next Main

Second story...

_____________OK Main


Handling User Input

Select listsChoose from a list of options

Input fieldsEnter a string of text or numbers

KEY variablesSet by SELECT and INPUT elements

How user input is passed to other cards and the app lication server


<CARD><DO TYPE="ACCEPT" LABEL="View">

<GO URL="getcity.cgi?location=$city"/></DO>Forecast<SELECT KEY="city">

<OPTION VALUE="ber">Berlin</OPTION><OPTION VALUE="rom">Rome</OPTION><OPTION TITLE="Find" ONCLICK="find.cgi">New City</O PTION>

</SELECT></CARD>

Forecast1 Berlin2 Rome3>New City____________Find

The SELECT Element

Display a list of optionsEach option may set the KEY variable and/or bind a task to the ACCEPT key

TITLE= dynamically sets the label string


Other SELECT Attributes

MULTIPLE="TRUE"Allows user to pick multiple items

UP.Browser reserves soft key for item -picker

Key value is a semicolon-separated list

DEFAULT=key_valueDefault KEY value, if one is not chosen

Sets cursor to the default choice entry, if a corresponding OPTION / VALUE exists


A Long Select List

<CARD><DO TYPE="ACCEPT">

<GO URL="get_addr.cgi?id=$recid"/></DO>Addr [1..9]<SELECT KEY="recid" MULTIPLE="TRUE" DEFAULT="1;3;5">

<OPTION VALUE="1">Neil</OPTION><OPTION VALUE="2">Kurt</OPTION><OPTION VALUE="3">Jim</OPTION><OPTION VALUE="4">Natasha</OPTION><OPTION VALUE="5">Liz</OPTION><OPTION VALUE="6">Aneesh</OPTION><OPTION VALUE="7">Jennifer</OPTION><OPTION VALUE="8">Jesse</OPTION><OPTION VALUE="9">Dawnell</OPTION><OPTION ONCLICK="#card2">More...</OPTION>

</SELECT></CARD>



<GO URL="?get=person"METHOD="POST" POSTDATA="userid=$ssn"/>

</DO>Soc Security:<INPUT KEY="ssn" FORMAT="NNN\-NN\-NNNN"/>

</CARD>

Soc. Security:

287-33- _____________

NUM

Soc. Security:

287-33- 7629____________OK

The INPUT Element

Prompts user to enter a string of textUse FORMAT= to constrain input

UP.Browser reserves soft key fortext entry mode, if necessary


Other INPUT Attributes

DEFAULT=key_value

Default KEY variable (displayed to user)

FORMAT=format_specifier

If omitted, free-form entry is allowed

EMPTYOK="TRUE"

Browser will accept null input, even with format

TYPE="PASSWORD"

Special entry mode handled by the browser

MAXLENGTH=number

Maximum number of allowed characters


FORMAT Control Characters

N Numeric character

A, a Alphabetic character

X, x Numeric or alphabetic character

M, m Any character

Leading backslash specifies forced charactersForced characters included in KEY variable value

Leading * specifies 0 or more charactersPassword: FORMAT=“mmmm*m”

Leading number specifies 0..N charactersZipcode: FORMAT=“NNNNN\-4N”



<GO URL="#c2"/></DO> Continue <IMG LOCALSRC="righthand"

ALT="forward..."/></CARD>

<CARD NAME="c2"> <IMG SRC="../images/logo.bmp"

ALT="Unwired Planet"/><BR/>Welcome!

</CARD>

Displaying Images

Insert app images or local icons within display text

1-bit BMP format

Images are ignored by non-bitmapped devices

Check HTTP_ACCEPT for “image/bmp”


Special WML Characters

Use character entities in display text" "& &' '< <> > Blank space Soft hyphen (discretionary line break)

Replace the “&” character in URL stringsURL="query.cgi?first=$fname&last=$lname"

Use “$$” to display a single “$” character


Doing more with WML

Setting card styles to create forms

Using variables to cache user data

Using card intrinsic events to trigger transparent tasks

Using timers

Securing WML decks

Bookmarking decks


WMLScript

Scripting language:Procedural logic, loops, conditionals, etc.

Optimized for small-memory, small-cpu devices

Derived from JavaScript™

Integrated with WMLPowerful extension mechanism

Reduces overall network traffic


WMLScript

Bytecode-based virtual machineStack-oriented design

ROM-able

Designed for simple, low-impact implementation

Compiler in networkBetter network bandwidth use

Better use of terminal memory/cpu.


WMLScript Standard Libraries

Lang - VM constants, general-purpose math functionality, etc.

String - string processing functions

URL - URL processing

Browser - WML browser interface

Dialog - simple user interface

Float - floating point functions


WMLScript Example Uses

Reduce network round-trips and enhance functionality.

Field validationCheck for formatting, input ranges, etc.

Device extensionsAccess device or vendor-specific API

Conditional logicDownload intelligence into the device


Functions

WMLScript Example

WMLScript is very similar to JavaScript

ProgrammingConstructs

Variables

function currencyConvertor(currency, exchRate) {return currency*exchangeRate;

}

function myDay(sunShines) {var myDay;if (sunShines) {

myDay = “Good”;} else {

myDay = “Not so good”;};return myDay;

}


WTA

Tools for building telephony applications

Designed primarily for:Network Operators / Carriers

Equipment Vendors

Network security and reliability a major consideration


WTA

WTA BrowserExtensions added to standard WML/WMLScript browser

Exposes additional API (WTAI)

WTAI includes:Call control

Network text messaging

Phone book interface

Indicator control

Event processing


WTA

Network model for client/server interactionEvent signaling

Client requests to server

Security model: segregationSeparate WTA browser

Separate WTA port

WTAI available in WML & WMLScript


Placing an outgoing call with WTAI:

Input Element

WTAI Call

<WML><CARD>

<DO TYPE=“ACCEPT”><GO URL=“wtai:cc/mc;$(N)”/>

</DO>Enter phone number:<INPUT TYPE=“TEXT” KEY=“N”/>

</CARD></WML>

WTA Example



WTAI Call

function checkNumber(N) {if (Lang.isInt(N))

WTAI.makeCall(N);else

Dialog.alert(“Bad phone number”);}

WTA Example


Content Formats

Common interchange formats

Promoting interoperability

Formats:Business cards: IMC vCard standard

Calendar: IMC vCalendar standard

Images: WBMP (Wireless BitMaP)

Compiled WML, WMLScript


New WAP Content Formats

Newly defined formats:WML text and tokenized format

WMLScript text and bytecode format

WBMP image format

Binary format for size reductionBytecodes/tokens for common values and operators

Compressed headers

Data compression (e.g. images)

General-purpose transport compression can still be applied


Content Format Example

Image Element

<WML><CARD>

Hello World!<BR/><IMG SRC=“/world.wbmp”

ALT=“[Globe]” /></CARD></WML>

Example Use of an Image:


Push

Push is under development

Network-push of contentAlerts or service indications

Pre-caching of data

Goals:Extensibility and simplicity

Build upon WAP 1.0

End-to-end solution

Security

User friendly


User Agent Profiles (UAProf)

UAProf is under development

Goal: content personalization, based upon:Device characteristics, user preferences

Other profile information

Working with W3C on CC/PPRDF-based content format

Describes “capability and profile” info

Efficient transport over wireless links, caching, etc.


WMLScript Example Uses

Reduce network round-trips and enhance functionality.

Field validationCheck for formatting, input ranges, etc.

Device extensionsAccess device or vendor-specific API

Conditional logicDownload intelligence into the device


WTA (WAP Telephony API)

Tools for building telephony applications

Designed primarily for:Network Operators / Carriers

Equipment Vendors

Network security and reliability a major consideration


WTA

WTA BrowserExtensions added to standard WML/WMLScript browser

Exposes additional API (WTAI)

WTAI includes:Call control

Network text messaging

Phone book interface

Indicator control

Event processing


WTA

Network model for client/server interactionEvent signaling

Client requests to server

Security model: segregationSeparate WTA browser

Separate WTA port

WTAI available in WML & WMLScript



Input Element

WTAI Call

<WML><CARD>

<DO TYPE=“ACCEPT”><GO URL=“wtai:cc/mc;$(N)”/>

</DO>Enter phone number:<INPUT TYPE=“TEXT” KEY=“N”/>

</CARD></WML>

WTA Example



WTAI Call

function checkNumber(N) {if (Lang.isInt(N))

WTAI.makeCall(N);else

Dialog.alert(“Bad phone number”);}

WTA Example


Content Formats

Common interchange formats

Promoting interoperability

Formats:Business cards: IMC vCard standard

Calendar: IMC vCalendar standard

Images: WBMP (Wireless BitMaP)

Compiled WML, WMLScript


New WAP Content Formats

Newly defined formats:WML text and tokenized format

WMLScript text and bytecode format

WBMP image format

Binary format for size reductionBytecodes/tokens for common values and operators

Compressed headers

Data compression (e.g. images)

General-purpose transport compression can still be applied


Content Format Example

Image Element

<WML><CARD>

Hello World!<BR/><IMG SRC=“/world.wbmp”

ALT=“[Globe]” /></CARD></WML>

Example Use of an Image:

181

WAP Development for Handheld Devices

WAP Development for Handheld Devices


WAP - Advantages

Universal middleware (networks rolling out worldwide, with initial takeup in corporate accounts)

Common communications protocol and applications interface -- can be used across a variety of wireless networks, operating systems, and handheld devices

Accelerator for mobile data -- greater variety of System Integrators (SI’s) and VARs now entering marketplace


WAP - Disadvantages

Limited functionality in 1.1 (particularly personalisation and localisation)

Proprietary browsers (Nokia, Ericsson, other)

Poor graphics capability (WBMP)

Little processing capabilities (WMLScript is subset of Java Script)

No end-to-end security (gateway must be trusted)


WAP Limitations

WAP runs across phones, PDAs, PCs, etc

Info. often limited to few lines of text plus cascading menus

Cannot offer end to end security

Ideal for simple look up applications on 1/4 VGA devices and below


Key Corporate Considerations

Synchronisation - identical versions of applications & data maintained on multiple devices

Connection to data sources - shop, customer information, pricing (including legacy systems)

User interface on device - WAP enabled ‘Smartphones’and handheld devices may lower training requirements

Performance - call set up, speed of access, coverage, recovery from lost connections

Support for management of databases

Level of security required - needs to be end to end for financial transactions


Why Develop WAP Games?

Better environment than SMSLinks & Lists make for better UI

Not limited to 160 characters

Can rely on image-display capability

Latency issues not as brutal

Main Format for Games in North Americaand acceptable in Europe

Functional business model


Game Session Should Take

< 10 Minutes

If They’ve Got More Time, They’ll Find a Real Game Machine

Can Mean:� Short Game

� Saved Gamestate

� Playable in 5 Minute Chunks


Think COLS, not Internet

Entering URLs is a Pain in the AssPeople stick with the carrier’s navigational hierar chy

People Pay—the Carriers, Not You

Like the old Commercial Online Services� Need a deal to gain access to customers…

� Customers funnelled to you

� Share revenue with the carrier


WAP Is Inconsistently Implemented

Inconsistent Browser BehaviorTest for Nokia, Ericsson, OpenWave

Use URL Links, not Select Lists

Avoid Soft Buttons & Tables

Cookies Not Always AvailableUse URL Encoding

User Timers, Not Push

Forget about WTAI & WMLScript


Latency of 1-2 Seconds

Unlike SMS (can be 1 min +)

Multiple Interactions Within a Session� Each can be of modest importance

Forget Twitch Games


Network Not Reliable

Handle Drops GracefullyDesign so Player Disappearance Doesn’t Matter

AI Take-Over

Allow Player Re-Entry

Stand-bys?

Allow Reentry Without Data InconsistencyTime-Outs on Decks


Decks Must be < 1.4k

Unlike HTTP, Text & Images Sent as a

Single Request

Well, it’s better than SMS

HTTP > WTP Encoding Includes Compression


Dealing with 1.4k Limit

Write Tersely

Use Graphics Sparely

Make Animations Separate Deckwith timer to autoload next deck

Can Make Long Documents Multiple Decks

Consider “Terse” Mode for Experienced Players


Evolution of WAP

Near-Term:WMLScriptWTAI (Wireless Telephony Application Interface)

WAP 2.0:Supports HTTP & TCP/IPXHTML (Mobile Profile)Cascading StylesheetsLocal persistent storageMMS Integration

WAP likely to no longer be the main event


A Web Browser for Mobile Phones?

Shared Web Featuresinformation sources addressed by the URL

information can be anywhere in hyperspace

information source appears similar to hypertext

dynamically generated information is available


What do WAP Applications Use

WAP Transport Layer

WAP Mark-Up Language

WAP Script


WAP Limits

Very slow data communications

Screensmall

black and white only

text and icons only


WAP Vision

Access to public information

Multi layer indexes controlled by network operator

Visit other addresses by keying in URL

Service provider interprets and converts web information for WAP use


Application Features

The application mustbe stored in the SIM

transfer to RAM to run

be written in WAP Script

provide the user interface

include security

include validation

accept personalisation


Storing WML and WAP Script

All applications are pages of mark-up language or script

Need to be able totemporarily store

test

edit

permanently store on SIM


Progress

Achieved a recommendation that all terminals should have ade quate RAM

Yet to be achievedterminals with a development software interface

terminals with program storage

202

WAP, i-mode & J2ME

Wireless Internet WANs


Wireless Internet WAN

WAP (GSM)

HDML & WMLHandheld Dynamic Markup Language

WMLWireless Markup Language

i-mode (PDC-P)

cHTMLCompact Hypertext Markup

Language

CDPD, Mobitex, DataTAC, GSM

USAEurope Japan

PROTOCOLPROTOCOLPROTOCOL

PRESENTATIONPRESENTATIONPRESENTATION J2MEMIDlet GUIComponents

Any Network


The Wireless World Today

i-mode: 60% of the world's wireless internet users

WAP: 39% of the world's wireless internet users

Palm: 1% of the world's wireless internet users


WAP

WAP Forum alliance of carriers & handset manufacturers, promising uniformity of deployment

WML Derived from Phone.com’s HDML

WML is an XML language

WAP incorporates its own scripting language and security stack

Optimized for network constraints

WAP in USA & Europe is far more limited than WAP in Japan


i-mode

A presentation language, a protocol, and a carrier all in one

NTT has a near monopoly

Packet Network – 9.6kbs [64-384kbs begin 10/01], always on

Devices are RIGIDLY enforced to i-mode specsNTT sets the standards, the handset manufacturers c omply

Guaranteed 16 chars [8 double-byte chars] by 6 line s

Phones have an IP stack, and most offer SSL / TLS support


J2ME � J2SE � J2EE

The smallest of the Java continuum

Targeting mobile devices, runtime of equivalent size to WAP 2.0 / imode 3.0 browser stacks

MIDlets installed via a Palm-like synchronizationOver the air install in October - Nextel

MIDlets offer persistence, offline use

Licensing of J2ME requires passing compatibility test suite (Motorola, Nokia, RIM, etc.)

Watch Nextel, Cingular, and Sprint


WAP Pros

2nd largest global penetration to end users, ubiquity in Europe, not USA

Carrier and handset independent500 members in WAPforum

Provides light-weight scripting language

Committed to move toward XHTML-basic in v. 2.0


WAP Cons

Geoworks Patent – all providers must currently pay r oyalties

Gateway required

transcoding occurs, unpredictably between vendors

Difficult debugging, browser & server implementatio ns vary

Security hole between WAP and Web [fixed in WAP 2.0 in Q3/01]

1k page size, nominal graphics, no color [except Ja pan!]

Language not open

No W3C spec

Language not consistently implemented – especially U SA

Existing HTML sites must be rewritten, code optimiz ed per device


i-mode: Pros

Real Business Model for 3rd Party Application Providers

Packet Network means push and pull, today

Moving to XHTML-Basic in i-mode 3.0, Q2/01

Large 5k per page capability (<2K recommended)

Color support, animated GIF support on 502i color m odels

Gateway / Security / VPN– network gateway required, https supported

I-Appli supports MIDlets, full HTTPS support, 5M!!!!– Strongest WW penetration – 25.9 million subscribers, 30,000+ sites

– Location-aware today [i-area]

– Language is scaleable: HTML/cHTML use existing web-based tools.


i-mode: Cons

Controlled by a single corporation

i-mode is only by NTT DoCoMo

roaming now in Africa/EC/ AT&T,etc.

No scripting language like WMLScript

i-mode email limited to 500 bytes

cHTML is a proposed W3C standard, but really controlled by i-mode


J2ME Pros:

Security Supports HTTPS protocol for e2e security – Nextel/Do CoMo

No gateways Lower costs, simpler testing and more…

MIDlet GUI offers uniform behavior across devices

Adopted by handset manufacturers and carriers globally

MIDlet GUI components familiar to Swing developers


J2ME Cons:

Nominal penetration: 5M devices released since 02/01

Existing HTML sites/solutions must be re-written [same as WAP]

Extremely limited GUI components [2 elements: text and graphics]

Installation overheadOver the air in future, available in Japan, USA and Europe today(as a pilot)

Requires different UI designer; HTML designers add little value in developing presentations

Technology is early, many misstepsSony, NEC & crew have recalled > 1M


Comparing and Contrasting the APIs

One Sample app

4 presentations [HTML, cHTML, WAP, J2ME]

Server side code handles the database access

Easily extensible to your own types of query based applications


Simple Tutorial – An Address Book

Easily extensible for other needs Local restaurants [query by city & type]

Local movies [query by city & time]

Your UPS package [query by name & ID]

Sample ApplicationPhone Book – retrieve contact information

Supports 4 client typesHTML – web browser

WML – WAP phone

cHTML – i-mode phone

XML – J2ME client application

Demonstrates how device independence is implemented

Assumes you’re adding a J2ME client to an existing application


High Level Address Book Architecture

Enhydra Application Server

A Servlet with Presentation/Business/Data layers

HP-UX, NT, Linux, e3000

J2ME DeviceWeb PC

InstantDB

XMLUser Interface: HTML

Resident Software: Browser

User Interface: J2ME GUI components

Resident Software: KVM, MIDlet (which embeds kXML)

JDBC

cHTML WML

HTML Gateway


Enhydra XMLC™ - What is it?

An Open Source development tool

A member of the Enhydra Open Source family of technologies

A methodology for…generating content (e.g., HTML, WML, J2ME) dynamica lly from Java

leveraging XML to build easy to maintain Web applic ation presentations.

building device-independent application presentatio ns

Building presentations that can be reworked without modifications to Java code

A portable presentation technology (e.g., Enhydra, BEA)


About XMLC

Open Source alternative to JSP

A push strategy: dynamic content is pushed into a DOM, rather than pulled in by a JSP tag

http://xmlc.enhydra.org

Book: Enhydra XMLC for Java Presentations


Enhydra XMLC Key Elements

XML – more than just data transportDefined by W3C

Foundation for evolving standards, e.g. VoiceXML, W ML, XHTML, CML)

DOM – Document Object ModelDefined by W3C

How a program represents an XML/HTML document in memory

A hierarchical representation of an XML/HTML docume nt as represented in a software programming language, e.g . Java

Library for traversing, pruning, accessing portions of the DOM “tree”


Enhydra XMLC Key Elements

XML Parser (from Apache Xerces Project)Parses an XML text file, turning the results into a Java DOM tree in memory.

CSS ID attributesUsed to “tag” elements targeted for dynamic content.

And for eliminating need to write lots of tree trav ersal logic


Sample Application Structure

Unlike HTML & WML clients, J2ME clients receive XML data streams from the application server. The XML is parsed by kXML, and displayed using the MIDP GUI components


Presentation Tier

Detects incoming client type

Requires the developer to create unique presentations for each presentation technology

WML

cHTML

HTML

J2ME/MIDP

PoBoDo


Business Tier

Focus on business logic at this levelDecision making processes happen here.

Main workflow is clear in this layer.

The ‘meat’ of the application

Resist temptation to put any presentation or data specific code into this layer.

PoBo Do


Four Aspects For Device Independence

1. Device specific templates.

2. Common XMLC API.

3. Template selection mechanism.

4. Generic DOM template manipulation.


XMLC Key Elements

XML – more than just portable dataDefined by W3C

Foundation for evolving standards, e.g. XHTML, VXML , WML, CML)

DOM – Document Object ModelDefined by W3C

How a program stores an XML/HTML document in memory

A hierarchical representation of an XML/HTML docume nt as represented in a software programming language, e.g . Java

Library for traversing, pruning, accessing portions of the DOM “tree”

XML Parser (from Apache Xerces Project)Translating an XML text file into a Java DOM tree i n memory.


kXML.enhydra.org

HttpConnection conn =(HttpConnection) Connector.open (URL);

XmlReader parser = new XmlReader ( new InputStreamReader(conn.openInputStraem()));

…while (parser.skip() != Xml.END_TAG) {

parser.require(Xml.START_TAG, null, null);String name = parser.getName();parser.next();

String text = parser.readText();

if (name.equals(“title”))title = text;

parser.require (Xml.END_TAG, null, name);}


HTML & WAP Device Specific Templates

<p id="person">

<b><span id="name"> John Doe</span></b><br>

<b>Position: </b><span id="position"> President</span><br>

<b>Phone: </b><span id="phone"> 111.2222</span><br>

<b>Fax: </b><span id="fax"> 222.3333</span><br>

</p>

<card id="indexTemplate" title="Details">

<p id="person">

<b><em id="name"> John Doe</em></b><br />

<b>Position: </b><em id="position"> President</em><br />

<b>Phone: </b><em id="phone"> 111.2222</em><br />

<b>Fax: </b><em id="fax"> 222.3333</em><br />

</p>

</card>

HT

ML

HT

ML

WM

LW

ML


J2ME Device Specific Template

XML - Details.xml

...

<Person id="person">

<Name id='name'> John Doe</Name>

<Phone id='phone' >111.2222</Phone>

<Position id='position' >President</Position>

<Fax id='fax'> 222.3333</Fax>

</Person>

sample.dtd...

<!ELEMENT Person (Name, Phone, Position, Fax)>

<!ATTLIST Person id ID #IMPLIED>

<!ELEMENT Name (#PCDATA)>

<!ATTLIST Name id ID #IMPLIED>

<!ELEMENT Phone (#PCDATA)>

<!ATTLIST Phone id ID #IMPLIED>

<!ELEMENT Position (#PCDATA)>

<!ATTLIST Position id ID #IMPLIED>

<!ELEMENT Fax (#PCDATA)>

<!ATTLIST Fax id ID #IMPLIED>


J2ME HTTPConnection

/**

* Retrieves the contact information for a particula r person

*/

public Person getDetails(String oid)

throws IOException

{

HttpConnection con = null;

InputStream in = null;

Document document = null;

try {

StringBuffer detailsURL = new StringBuffer(DETAILS_ SERVICE);

detailsURL.append("?id=");

detailsURL.append(oid);

con = (HttpConnection) Connector.open(detailsURL.to String(),

Connector.READ, true);

con.setRequestMethod(HttpConnection.GET);

con.setRequestProperty("Accept", "text/xml");

con.setRequestProperty("Content-Language", "en-US") ;

in = con.openInputStream();


J2ME GUI for Details.java

/**

* Builds the screen with the information of a parti cular Person.

*/

private void buildPersonInfo(Object person) {

if (size() != 0) {

clearScreen();

}

Person p = (Person) person;

setTitle(p.getName());

append("Phone: " + p.getPhone(), null);

append("Position: " + p.getPosition(), null);

append("Fax: " + p.getFax(), null);

}

232

WTLS Services & Characteristics

WAP Security WAP Security


WSG Work Area

Provide mechanisms for secure transfer of content, to allow for applications needing privacy, identification, verified message integrity and non-repudiation

Transport level security is WTLS, based on SSL and TLS from the Internet community

Working on various mechanisms for improved end-to-end security and application-level security


WTLS Services and Characteristics

Specifies a framework for secure connections, using protocol elements from common Internet security protocols like SSL and TLS.

Provides security facilities for encryption, strong authentication, integrity, and key management

Compliance with regulations on the use of cryptographic algorithms and key lengths in different countries

Provides end-to-end security between protocol end points


WTLS Services and Characteristics

Provides connection security for two communicating applications

privacy (encryption)

data integrity (MACs)

authentication (public-key and symmetric)

Lightweight and efficient protocol with respect to bandwidth, memory and processing power

Employs special adapted mechanisms for wireless usa ge

Long lived secure sessions

Optimised handshake procedures

Provides simple data reliability for operation over datagram bearers


Goals and Requirements for WTLS

Interoperable protocols

Scalability to allow large scale application deployment

First class security level

Support for public-key certificates

Support for WAP transport protocols


Record Protocol

Handshake Protocol

Alert Protocol

Application Protocol

Change Cipher Spec Protocol

Transaction Protocol (WTP)

Datagram Protocol (WDP/UDP)

Bearer networks

WTLS

Record protocol

WTLS Internal Architecture


Current Work Items

Improved support for end-to-end securityVarious mechanisms under consideration for extendin g WTLS protocol endpoint beyond WAP Gateway

Introduction of application level mechanisms for en cryption and signing, which will be interoperable between WA P and the Internet world

Integrating Smart Cards for security functionsWireless Identity Module specification will integra te Smart Cards into the security framework of WAP

Uses Smart Card for storage of security parameters, as well as performing security functions


Current Work Items

Providing a scalable framework for Client Identification

Public Key Infrastructure for provisioning and mana gement of certificates

Simpler mechanisms for clients that do not support certificates


Services and Protocols

Provide reliable data transfer based on request/reply paradigmNo explicit connection setup or tear downData carried in first packet of protocol exchangeSeeks to reduce 3-way handshake on initial requestSupports port number addressingMessage oriented (not stream)Supports an Abort function for outstanding requestsSupports concatenation of PDUsUser acknowledgement or Stack acknowledgement option

acks may be forced from the WTP user (upper layer)default is stack ack


Classes of Operation

WTP Classes of Service

Class 0 Unconfirmed Invoke message with no Result message

a datagram that can be sent within the context of a n existing WSP (Session) connection

Class 1 Confirmed Invoke message with no Result message

used for data push, where no response from the dest ination is expected

Class 2 Confirmed Invoke message with one confirmed Result message

a single request produces a single reply


WTP Ongoing Work Items

Define a connection oriented protocol (IETF)Bearer selection/switching

Management entity definition (functions and interfa ce)

Protocol verification (reference implementation)

Quality of service definitions

243

the problems and the solutions

WAP

End-to-end security


� Privacy – encryption

� Integrity – hashing (cryptographic check-sums)

� Authentication – client and server certificates (WTLS class 2 and 3)

Wireless terminal WAP server

End-to-End Security with WAP


Security – Threat Models

� Eavesdropping

� Passive recording of data

� Impersonation, ”Trojan horse”

� Attacker creates a ”ghost” WAP-

application to record sensitive information

� Man-in-the-middle

� Intercepts and replaces information

� Flooding

� Destructive attacks resulting in denial-of-

service


What is true endWhat is true end--toto--end securityend security –

WAP Gateway scenarios

� no way for the web server to require that the phone use the security protocol WTLS

� anyone with access to the Internet can make requests to the web server

� all data is always decrypted at the gateway

� ”blind” trust in third party operator for both ends

1. Operator hosted WAP gateway

The classic configuration with a WAP gateway located at the operator’s site. There are several obvious security problems with this solution:



� slightly increases server side security

� communication security between gateway and web server still has to be trusted in ”blind” by client

� considerably easier for those with physical access to the WAP gateway or the computer network to monitor or modify WAP traffic

� requires additional configuration and support

2. Corporate operated WAP gateway

To host the WAP gateway at the corporate premises is the naturalnext step to try to increase the security.



� proprietary solutions (e.g. Nokia)

� require additional training to handle configuration, support and application development

� often used as gateways connecting real web servers -> non-secure

3a. Proprietary WAP server

A WAP server communicates directly with the WAP phone without a gateway. A WAP server may be used to achieve end-to-end security.



� maximum ease of use and minimal administration

� support and application base of an industry strength web server

� end-to-end security of a WAP server

� WAP Security Connector

3b. WAP server based on existing web server

The WAP-stack is built into or integrated with an existing web-server, e.g. Microsoft IIS or Netscape I-Planet. This solution combines the best of two worlds.


When is security important and what

information needs to be protected?

This a question that can only be answered by each organization

WAP with WTLS Class 3

GSM

UMTS

GPRS

Internet Corporate network

ISP

Mail

Databases

ERP

Intranet

WAP Security Connector

Firewall


Examining Consumer vs. Corporate security

INTERNET LAN

PUBLIC NETWORKS

Corporate services:

� Mail, calendar, contacts

� Surveillance

� ERP systems

� Decision support

� File systems

Public services:

� Banking

� Stock trading

� Gambling

� Purchasing

� Reservations, bookings

Consumer•Transactions, eBusiness

•Integrity

•No control of device

Corporate•Access to corporate data

•Device can be standardized


Can WTLS take the weight

� WAP Forum has specified implementation of WTLS in different classes

� Class 1

� Encryption

� Class 2

� Encryption + server certificate

� Class 3

� Encryption + client/server certificates

WTLS can take the weight especially when creating corporate security


WAP Security – Certificates

� A certificate holds someones identity

� Root (CA) certificates

� Downloaded to WAP device (or pre-installed)

� Represents a trusted third-party

� Same in web world

� Server- and client certificates

� A trusted third-party (CA) validates and signs the

certificate

� Examples of CA companies: VeriSign, Entrust and

Baltimore


Conclusion

The Wireless Industry has chosen the WAP Standard because it is:

An open industry-established world standard

Based on Internet standards including XML and IP

Committed to by handset manufacturers representing over 90% of the world market across all technologies

Supported by network operators representing 100 Mil lion subscribers


Conclusion

WAP is not a “Product” nor a “Service”

WAP is an “enabling technology” that overcomes current constraints in the delivery of Time-Critical Information to mobile users

WAP is an innovative and exciting technology

WAP is a market opportunity !


WAP URLs

WAP Forum: www.wapforum.org

OpenWave SDK (includes emulator): http://developer.openwave.com/download/

Nokia WAP emulator: http://www.forum.nokia.com/wapforum/nokiasim_new.html

Ericsson WAP emulator: http://www.ericsson.com/mobilityworld/sub/open/technologies/wap/tools.html

Questions & AnswersQuestions & Answers

Wireless Application Protocol (WAP)

Documents

Transcript of Wireless Application Protocol (WAP)