Upload
pratik-tambekar
View
165
Download
0
Embed Size (px)
DESCRIPTION
world wide web information in details
Citation preview
Department of Computer Science amp EngineeringYCCE Nagpur
Seminaron
WWW(World Wide Web)
Presented ByMr Pratik R Tambekar
Roll No-19MTech II Sem(CSE)
The World Wide Web (WWW) can be viewed as a huge distributed system with millions of clients and servers for accessing linked documents
Servers maintain collections of documents while clients provide users an easy-to-use interface for presenting and accessing those documents
A document is fetched from a server transferred to a client and presented on the screen To a user there is conceptually no difference between a document stored locally or in another part of the world
2
INTRODUCTION
CONThellip
Now Web has become more than just a simple document based system
With the emergence of Web services it is becoming a system of distributed services rather than just documents offered to any user or machine
What can we get from WWW Read news listen to music and watch videoBuy or sell goods such as books airline ticketsMake reservations on hotel room rental car restaurant etcPay bills and transfer money from one bank account to anotherhellip
3
TRADITIONAL WEB-BASED SYSTEMS
4
Many Web-based systems are still organized as simple client-server architectures
The core of a Web site a process that has access to a local file system storing documents
How to refer to a documentURL (Uniform Resource Locator)Example
httpwwwcseunledu~ylucsce855notesweb- systemppt
A client interacts with Web servers through a special application known as browser
Whatrsquos the key function of a browserResponsible for displaying documents
5
Document Model
A Web document does not only contain text but it can include all kinds of dynamic features such as audio video animations etc
In many cases special helper applications (interpreters) are needed and they are integrated into the browser Eg Windows Media Player and QuickTime Player for playing
streaming content
The variety of document types forces browser to be extensible As a result plug-ins are required to follow a standard interfaces so that they can be easily integrated with the browsers 6
CONThellip
User data comes from an HTML form specifying the program and parameters
Server-side scripting technologies are used to generate dynamic contentMicrosoft Active Server Pages (ASPNET)Sun Java Server Pages (JSP)Netscape JavaScriptFree Software Foundation PHP
7
8
ltHTMLgt lt- Start of HTML document --gtltBODYgt lt- Start of the main body --gtltH1gtHello WorldH1gt lt- Basic text to be displayed --gtltPgt lt- Start of a new paragraph --gtltSCRIPT type = textjavascriptgt lt- identify scripting language --gt documentwriteln (ltH1gtHello WorldltH1gt Write a line of textltSCRIPTgt lt- End of scripting section--gtltPgt lt- End of paragraph section --gtltBODYgt lt- End of main body--gtltHTMLgt lt- End of HTML section--gtbull A simple Web page embedding a script written in JavaScript
Document Model (1)
When a web page is loaded the browser creates a Document Object Model of the pageThe HTML DOM model is constructed as a tree of Objects
9
Document Model (2)
10
(1) ltELEMENT article (title author+journal)gt(2) ltELEMENT title (PCDATA)gt(3) ltELEMENT author (name affiliation)gt(4) ltELEMENT name (PCDATA)gt(5) ltELEMENT affiliation (PCDATA)gt(6) ltELEMENT journal (jname volume number month pages year)gt(7) ltELEMENT jname (PCDATA)gt(8) ltELEMENT volume (PCDATA)gt(9) ltELEMENT number (PCDATA)gt(10) ltELEMENT month (PCDATA)gt(11) ltELEMENT pages (PCDATA)gt(12) ltELEMENT year (PCDATA)gt
bull An XML definition for referring to a journal article
11
(1) ltxml = version 10gt(2) ltDOCTYPE article SYSTEM articledtdgt(3) ltarticlegt(4) lttitlegt Prudent Engineering Practice for Cryptographic Protocolslttitlegt(5) ltauthorgtltnamegtM Abadiltnamegtltauthorgt(6) ltauthorgtltnamegtR Needhamltnamegtltauthorgt(7) ltjournalgt(8) ltjnamegtIEEE Transactions on Software Engineeringltjnamegt(9) ltvolumegt22ltvolumegt(10) ltnumbergt12ltnumbergt(11) ltmonthgtJanuaryltmonthgt(12) ltpagesgt6 ndash 15ltpagesgt(13) ltyeargt1996ltyeargt(14) ltjournalgt(15) ltarticlegt
bull An XML document using the XML definitions from previous slide
Document Types
12
Type Subtype Description
Text Plain Unformatted text
HTML Text including HTML markup commands
XML Text including XML markup commands
Image GIF Still image in GIF format
JPEG Still image in JPEG format
Audio Basic Audio 8-bit PCM sampled at 8000 Hz
Tone A specific audible tone
Video MPEG Movie in MPEG format
Pointer Representation of a pointer device for presentations
Application Octet-stream An uninterrupted byte sequence
Postscript A printable document in Postscript
PDF A printable document in PDF
Multipart Mixed Independent parts in the specified order
Parallel Parts must be viewed simultaneously
bull Six top-level MIME types and some common subtypes
Architectural Overview
13
bull The principle of using server-side CGI programs
14
(1) ltHTMLgt(2) ltBODYgt(3) ltPgtThe current content of ltpregtdatafiletxtltPREgtisltPgt(4) ltPgt(5) ltSERVER type = textjavascript)(6) clientFile = new File(datafiletxt)(7) if(clientFileopen(r))(8) while (clientFileeof())(9) documentwriteln(clientFilereadln())(10) clientFileclose()(11) (12) ltSERVERgt(13) ltPgt(14) ltPgtThank you for visiting this siteltPgt(15) ltBODYgt(16) ltHTMLgt
bull An HTML document containing a JavaScript to be executed by the server
CONThelliphelliphellip
bull Architectural details of a client and server in the Web
CONThelliphelliphellip
HTTPAll communication between clients and servers is based
on HTTP Servers listen on port 80HTTP is a simple protocol a client sends a request to a
server and waits for a responseHTTP is stateless it does not have any concept of open
connection and does not require a server to maintain information on its clients (Can use HTTP cookies to store session information)
HTTP is based on TCP whenever a client issues a request to a server it first sets up a TCP connection and sends the message on that connection The same connection is used for receiving the response
One of the problems with the first versions of HTTP was its inefficient use of TCP connectionsHTTP 10 vs HTTP 11
16
HTTP CONNECTIONS
A Web document is constructed from a collection of different files from the same server
In HTTP version 10 and older each request to a server required setting up a separate connection When server had responded the connection was broken down These connections are referred as nonpersistent
In HTTP version 11 several requests and their responses can be issued without the need for a separate connection These connections are referred as persistent
Furthermore a client can issue several requests in a row without waiting for the response to the first request which is referred as pipelining
17
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
The World Wide Web (WWW) can be viewed as a huge distributed system with millions of clients and servers for accessing linked documents
Servers maintain collections of documents while clients provide users an easy-to-use interface for presenting and accessing those documents
A document is fetched from a server transferred to a client and presented on the screen To a user there is conceptually no difference between a document stored locally or in another part of the world
2
INTRODUCTION
CONThellip
Now Web has become more than just a simple document based system
With the emergence of Web services it is becoming a system of distributed services rather than just documents offered to any user or machine
What can we get from WWW Read news listen to music and watch videoBuy or sell goods such as books airline ticketsMake reservations on hotel room rental car restaurant etcPay bills and transfer money from one bank account to anotherhellip
3
TRADITIONAL WEB-BASED SYSTEMS
4
Many Web-based systems are still organized as simple client-server architectures
The core of a Web site a process that has access to a local file system storing documents
How to refer to a documentURL (Uniform Resource Locator)Example
httpwwwcseunledu~ylucsce855notesweb- systemppt
A client interacts with Web servers through a special application known as browser
Whatrsquos the key function of a browserResponsible for displaying documents
5
Document Model
A Web document does not only contain text but it can include all kinds of dynamic features such as audio video animations etc
In many cases special helper applications (interpreters) are needed and they are integrated into the browser Eg Windows Media Player and QuickTime Player for playing
streaming content
The variety of document types forces browser to be extensible As a result plug-ins are required to follow a standard interfaces so that they can be easily integrated with the browsers 6
CONThellip
User data comes from an HTML form specifying the program and parameters
Server-side scripting technologies are used to generate dynamic contentMicrosoft Active Server Pages (ASPNET)Sun Java Server Pages (JSP)Netscape JavaScriptFree Software Foundation PHP
7
8
ltHTMLgt lt- Start of HTML document --gtltBODYgt lt- Start of the main body --gtltH1gtHello WorldH1gt lt- Basic text to be displayed --gtltPgt lt- Start of a new paragraph --gtltSCRIPT type = textjavascriptgt lt- identify scripting language --gt documentwriteln (ltH1gtHello WorldltH1gt Write a line of textltSCRIPTgt lt- End of scripting section--gtltPgt lt- End of paragraph section --gtltBODYgt lt- End of main body--gtltHTMLgt lt- End of HTML section--gtbull A simple Web page embedding a script written in JavaScript
Document Model (1)
When a web page is loaded the browser creates a Document Object Model of the pageThe HTML DOM model is constructed as a tree of Objects
9
Document Model (2)
10
(1) ltELEMENT article (title author+journal)gt(2) ltELEMENT title (PCDATA)gt(3) ltELEMENT author (name affiliation)gt(4) ltELEMENT name (PCDATA)gt(5) ltELEMENT affiliation (PCDATA)gt(6) ltELEMENT journal (jname volume number month pages year)gt(7) ltELEMENT jname (PCDATA)gt(8) ltELEMENT volume (PCDATA)gt(9) ltELEMENT number (PCDATA)gt(10) ltELEMENT month (PCDATA)gt(11) ltELEMENT pages (PCDATA)gt(12) ltELEMENT year (PCDATA)gt
bull An XML definition for referring to a journal article
11
(1) ltxml = version 10gt(2) ltDOCTYPE article SYSTEM articledtdgt(3) ltarticlegt(4) lttitlegt Prudent Engineering Practice for Cryptographic Protocolslttitlegt(5) ltauthorgtltnamegtM Abadiltnamegtltauthorgt(6) ltauthorgtltnamegtR Needhamltnamegtltauthorgt(7) ltjournalgt(8) ltjnamegtIEEE Transactions on Software Engineeringltjnamegt(9) ltvolumegt22ltvolumegt(10) ltnumbergt12ltnumbergt(11) ltmonthgtJanuaryltmonthgt(12) ltpagesgt6 ndash 15ltpagesgt(13) ltyeargt1996ltyeargt(14) ltjournalgt(15) ltarticlegt
bull An XML document using the XML definitions from previous slide
Document Types
12
Type Subtype Description
Text Plain Unformatted text
HTML Text including HTML markup commands
XML Text including XML markup commands
Image GIF Still image in GIF format
JPEG Still image in JPEG format
Audio Basic Audio 8-bit PCM sampled at 8000 Hz
Tone A specific audible tone
Video MPEG Movie in MPEG format
Pointer Representation of a pointer device for presentations
Application Octet-stream An uninterrupted byte sequence
Postscript A printable document in Postscript
PDF A printable document in PDF
Multipart Mixed Independent parts in the specified order
Parallel Parts must be viewed simultaneously
bull Six top-level MIME types and some common subtypes
Architectural Overview
13
bull The principle of using server-side CGI programs
14
(1) ltHTMLgt(2) ltBODYgt(3) ltPgtThe current content of ltpregtdatafiletxtltPREgtisltPgt(4) ltPgt(5) ltSERVER type = textjavascript)(6) clientFile = new File(datafiletxt)(7) if(clientFileopen(r))(8) while (clientFileeof())(9) documentwriteln(clientFilereadln())(10) clientFileclose()(11) (12) ltSERVERgt(13) ltPgt(14) ltPgtThank you for visiting this siteltPgt(15) ltBODYgt(16) ltHTMLgt
bull An HTML document containing a JavaScript to be executed by the server
CONThelliphelliphellip
bull Architectural details of a client and server in the Web
CONThelliphelliphellip
HTTPAll communication between clients and servers is based
on HTTP Servers listen on port 80HTTP is a simple protocol a client sends a request to a
server and waits for a responseHTTP is stateless it does not have any concept of open
connection and does not require a server to maintain information on its clients (Can use HTTP cookies to store session information)
HTTP is based on TCP whenever a client issues a request to a server it first sets up a TCP connection and sends the message on that connection The same connection is used for receiving the response
One of the problems with the first versions of HTTP was its inefficient use of TCP connectionsHTTP 10 vs HTTP 11
16
HTTP CONNECTIONS
A Web document is constructed from a collection of different files from the same server
In HTTP version 10 and older each request to a server required setting up a separate connection When server had responded the connection was broken down These connections are referred as nonpersistent
In HTTP version 11 several requests and their responses can be issued without the need for a separate connection These connections are referred as persistent
Furthermore a client can issue several requests in a row without waiting for the response to the first request which is referred as pipelining
17
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
CONThellip
Now Web has become more than just a simple document based system
With the emergence of Web services it is becoming a system of distributed services rather than just documents offered to any user or machine
What can we get from WWW Read news listen to music and watch videoBuy or sell goods such as books airline ticketsMake reservations on hotel room rental car restaurant etcPay bills and transfer money from one bank account to anotherhellip
3
TRADITIONAL WEB-BASED SYSTEMS
4
Many Web-based systems are still organized as simple client-server architectures
The core of a Web site a process that has access to a local file system storing documents
How to refer to a documentURL (Uniform Resource Locator)Example
httpwwwcseunledu~ylucsce855notesweb- systemppt
A client interacts with Web servers through a special application known as browser
Whatrsquos the key function of a browserResponsible for displaying documents
5
Document Model
A Web document does not only contain text but it can include all kinds of dynamic features such as audio video animations etc
In many cases special helper applications (interpreters) are needed and they are integrated into the browser Eg Windows Media Player and QuickTime Player for playing
streaming content
The variety of document types forces browser to be extensible As a result plug-ins are required to follow a standard interfaces so that they can be easily integrated with the browsers 6
CONThellip
User data comes from an HTML form specifying the program and parameters
Server-side scripting technologies are used to generate dynamic contentMicrosoft Active Server Pages (ASPNET)Sun Java Server Pages (JSP)Netscape JavaScriptFree Software Foundation PHP
7
8
ltHTMLgt lt- Start of HTML document --gtltBODYgt lt- Start of the main body --gtltH1gtHello WorldH1gt lt- Basic text to be displayed --gtltPgt lt- Start of a new paragraph --gtltSCRIPT type = textjavascriptgt lt- identify scripting language --gt documentwriteln (ltH1gtHello WorldltH1gt Write a line of textltSCRIPTgt lt- End of scripting section--gtltPgt lt- End of paragraph section --gtltBODYgt lt- End of main body--gtltHTMLgt lt- End of HTML section--gtbull A simple Web page embedding a script written in JavaScript
Document Model (1)
When a web page is loaded the browser creates a Document Object Model of the pageThe HTML DOM model is constructed as a tree of Objects
9
Document Model (2)
10
(1) ltELEMENT article (title author+journal)gt(2) ltELEMENT title (PCDATA)gt(3) ltELEMENT author (name affiliation)gt(4) ltELEMENT name (PCDATA)gt(5) ltELEMENT affiliation (PCDATA)gt(6) ltELEMENT journal (jname volume number month pages year)gt(7) ltELEMENT jname (PCDATA)gt(8) ltELEMENT volume (PCDATA)gt(9) ltELEMENT number (PCDATA)gt(10) ltELEMENT month (PCDATA)gt(11) ltELEMENT pages (PCDATA)gt(12) ltELEMENT year (PCDATA)gt
bull An XML definition for referring to a journal article
11
(1) ltxml = version 10gt(2) ltDOCTYPE article SYSTEM articledtdgt(3) ltarticlegt(4) lttitlegt Prudent Engineering Practice for Cryptographic Protocolslttitlegt(5) ltauthorgtltnamegtM Abadiltnamegtltauthorgt(6) ltauthorgtltnamegtR Needhamltnamegtltauthorgt(7) ltjournalgt(8) ltjnamegtIEEE Transactions on Software Engineeringltjnamegt(9) ltvolumegt22ltvolumegt(10) ltnumbergt12ltnumbergt(11) ltmonthgtJanuaryltmonthgt(12) ltpagesgt6 ndash 15ltpagesgt(13) ltyeargt1996ltyeargt(14) ltjournalgt(15) ltarticlegt
bull An XML document using the XML definitions from previous slide
Document Types
12
Type Subtype Description
Text Plain Unformatted text
HTML Text including HTML markup commands
XML Text including XML markup commands
Image GIF Still image in GIF format
JPEG Still image in JPEG format
Audio Basic Audio 8-bit PCM sampled at 8000 Hz
Tone A specific audible tone
Video MPEG Movie in MPEG format
Pointer Representation of a pointer device for presentations
Application Octet-stream An uninterrupted byte sequence
Postscript A printable document in Postscript
PDF A printable document in PDF
Multipart Mixed Independent parts in the specified order
Parallel Parts must be viewed simultaneously
bull Six top-level MIME types and some common subtypes
Architectural Overview
13
bull The principle of using server-side CGI programs
14
(1) ltHTMLgt(2) ltBODYgt(3) ltPgtThe current content of ltpregtdatafiletxtltPREgtisltPgt(4) ltPgt(5) ltSERVER type = textjavascript)(6) clientFile = new File(datafiletxt)(7) if(clientFileopen(r))(8) while (clientFileeof())(9) documentwriteln(clientFilereadln())(10) clientFileclose()(11) (12) ltSERVERgt(13) ltPgt(14) ltPgtThank you for visiting this siteltPgt(15) ltBODYgt(16) ltHTMLgt
bull An HTML document containing a JavaScript to be executed by the server
CONThelliphelliphellip
bull Architectural details of a client and server in the Web
CONThelliphelliphellip
HTTPAll communication between clients and servers is based
on HTTP Servers listen on port 80HTTP is a simple protocol a client sends a request to a
server and waits for a responseHTTP is stateless it does not have any concept of open
connection and does not require a server to maintain information on its clients (Can use HTTP cookies to store session information)
HTTP is based on TCP whenever a client issues a request to a server it first sets up a TCP connection and sends the message on that connection The same connection is used for receiving the response
One of the problems with the first versions of HTTP was its inefficient use of TCP connectionsHTTP 10 vs HTTP 11
16
HTTP CONNECTIONS
A Web document is constructed from a collection of different files from the same server
In HTTP version 10 and older each request to a server required setting up a separate connection When server had responded the connection was broken down These connections are referred as nonpersistent
In HTTP version 11 several requests and their responses can be issued without the need for a separate connection These connections are referred as persistent
Furthermore a client can issue several requests in a row without waiting for the response to the first request which is referred as pipelining
17
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
TRADITIONAL WEB-BASED SYSTEMS
4
Many Web-based systems are still organized as simple client-server architectures
The core of a Web site a process that has access to a local file system storing documents
How to refer to a documentURL (Uniform Resource Locator)Example
httpwwwcseunledu~ylucsce855notesweb- systemppt
A client interacts with Web servers through a special application known as browser
Whatrsquos the key function of a browserResponsible for displaying documents
5
Document Model
A Web document does not only contain text but it can include all kinds of dynamic features such as audio video animations etc
In many cases special helper applications (interpreters) are needed and they are integrated into the browser Eg Windows Media Player and QuickTime Player for playing
streaming content
The variety of document types forces browser to be extensible As a result plug-ins are required to follow a standard interfaces so that they can be easily integrated with the browsers 6
CONThellip
User data comes from an HTML form specifying the program and parameters
Server-side scripting technologies are used to generate dynamic contentMicrosoft Active Server Pages (ASPNET)Sun Java Server Pages (JSP)Netscape JavaScriptFree Software Foundation PHP
7
8
ltHTMLgt lt- Start of HTML document --gtltBODYgt lt- Start of the main body --gtltH1gtHello WorldH1gt lt- Basic text to be displayed --gtltPgt lt- Start of a new paragraph --gtltSCRIPT type = textjavascriptgt lt- identify scripting language --gt documentwriteln (ltH1gtHello WorldltH1gt Write a line of textltSCRIPTgt lt- End of scripting section--gtltPgt lt- End of paragraph section --gtltBODYgt lt- End of main body--gtltHTMLgt lt- End of HTML section--gtbull A simple Web page embedding a script written in JavaScript
Document Model (1)
When a web page is loaded the browser creates a Document Object Model of the pageThe HTML DOM model is constructed as a tree of Objects
9
Document Model (2)
10
(1) ltELEMENT article (title author+journal)gt(2) ltELEMENT title (PCDATA)gt(3) ltELEMENT author (name affiliation)gt(4) ltELEMENT name (PCDATA)gt(5) ltELEMENT affiliation (PCDATA)gt(6) ltELEMENT journal (jname volume number month pages year)gt(7) ltELEMENT jname (PCDATA)gt(8) ltELEMENT volume (PCDATA)gt(9) ltELEMENT number (PCDATA)gt(10) ltELEMENT month (PCDATA)gt(11) ltELEMENT pages (PCDATA)gt(12) ltELEMENT year (PCDATA)gt
bull An XML definition for referring to a journal article
11
(1) ltxml = version 10gt(2) ltDOCTYPE article SYSTEM articledtdgt(3) ltarticlegt(4) lttitlegt Prudent Engineering Practice for Cryptographic Protocolslttitlegt(5) ltauthorgtltnamegtM Abadiltnamegtltauthorgt(6) ltauthorgtltnamegtR Needhamltnamegtltauthorgt(7) ltjournalgt(8) ltjnamegtIEEE Transactions on Software Engineeringltjnamegt(9) ltvolumegt22ltvolumegt(10) ltnumbergt12ltnumbergt(11) ltmonthgtJanuaryltmonthgt(12) ltpagesgt6 ndash 15ltpagesgt(13) ltyeargt1996ltyeargt(14) ltjournalgt(15) ltarticlegt
bull An XML document using the XML definitions from previous slide
Document Types
12
Type Subtype Description
Text Plain Unformatted text
HTML Text including HTML markup commands
XML Text including XML markup commands
Image GIF Still image in GIF format
JPEG Still image in JPEG format
Audio Basic Audio 8-bit PCM sampled at 8000 Hz
Tone A specific audible tone
Video MPEG Movie in MPEG format
Pointer Representation of a pointer device for presentations
Application Octet-stream An uninterrupted byte sequence
Postscript A printable document in Postscript
PDF A printable document in PDF
Multipart Mixed Independent parts in the specified order
Parallel Parts must be viewed simultaneously
bull Six top-level MIME types and some common subtypes
Architectural Overview
13
bull The principle of using server-side CGI programs
14
(1) ltHTMLgt(2) ltBODYgt(3) ltPgtThe current content of ltpregtdatafiletxtltPREgtisltPgt(4) ltPgt(5) ltSERVER type = textjavascript)(6) clientFile = new File(datafiletxt)(7) if(clientFileopen(r))(8) while (clientFileeof())(9) documentwriteln(clientFilereadln())(10) clientFileclose()(11) (12) ltSERVERgt(13) ltPgt(14) ltPgtThank you for visiting this siteltPgt(15) ltBODYgt(16) ltHTMLgt
bull An HTML document containing a JavaScript to be executed by the server
CONThelliphelliphellip
bull Architectural details of a client and server in the Web
CONThelliphelliphellip
HTTPAll communication between clients and servers is based
on HTTP Servers listen on port 80HTTP is a simple protocol a client sends a request to a
server and waits for a responseHTTP is stateless it does not have any concept of open
connection and does not require a server to maintain information on its clients (Can use HTTP cookies to store session information)
HTTP is based on TCP whenever a client issues a request to a server it first sets up a TCP connection and sends the message on that connection The same connection is used for receiving the response
One of the problems with the first versions of HTTP was its inefficient use of TCP connectionsHTTP 10 vs HTTP 11
16
HTTP CONNECTIONS
A Web document is constructed from a collection of different files from the same server
In HTTP version 10 and older each request to a server required setting up a separate connection When server had responded the connection was broken down These connections are referred as nonpersistent
In HTTP version 11 several requests and their responses can be issued without the need for a separate connection These connections are referred as persistent
Furthermore a client can issue several requests in a row without waiting for the response to the first request which is referred as pipelining
17
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
The core of a Web site a process that has access to a local file system storing documents
How to refer to a documentURL (Uniform Resource Locator)Example
httpwwwcseunledu~ylucsce855notesweb- systemppt
A client interacts with Web servers through a special application known as browser
Whatrsquos the key function of a browserResponsible for displaying documents
5
Document Model
A Web document does not only contain text but it can include all kinds of dynamic features such as audio video animations etc
In many cases special helper applications (interpreters) are needed and they are integrated into the browser Eg Windows Media Player and QuickTime Player for playing
streaming content
The variety of document types forces browser to be extensible As a result plug-ins are required to follow a standard interfaces so that they can be easily integrated with the browsers 6
CONThellip
User data comes from an HTML form specifying the program and parameters
Server-side scripting technologies are used to generate dynamic contentMicrosoft Active Server Pages (ASPNET)Sun Java Server Pages (JSP)Netscape JavaScriptFree Software Foundation PHP
7
8
ltHTMLgt lt- Start of HTML document --gtltBODYgt lt- Start of the main body --gtltH1gtHello WorldH1gt lt- Basic text to be displayed --gtltPgt lt- Start of a new paragraph --gtltSCRIPT type = textjavascriptgt lt- identify scripting language --gt documentwriteln (ltH1gtHello WorldltH1gt Write a line of textltSCRIPTgt lt- End of scripting section--gtltPgt lt- End of paragraph section --gtltBODYgt lt- End of main body--gtltHTMLgt lt- End of HTML section--gtbull A simple Web page embedding a script written in JavaScript
Document Model (1)
When a web page is loaded the browser creates a Document Object Model of the pageThe HTML DOM model is constructed as a tree of Objects
9
Document Model (2)
10
(1) ltELEMENT article (title author+journal)gt(2) ltELEMENT title (PCDATA)gt(3) ltELEMENT author (name affiliation)gt(4) ltELEMENT name (PCDATA)gt(5) ltELEMENT affiliation (PCDATA)gt(6) ltELEMENT journal (jname volume number month pages year)gt(7) ltELEMENT jname (PCDATA)gt(8) ltELEMENT volume (PCDATA)gt(9) ltELEMENT number (PCDATA)gt(10) ltELEMENT month (PCDATA)gt(11) ltELEMENT pages (PCDATA)gt(12) ltELEMENT year (PCDATA)gt
bull An XML definition for referring to a journal article
11
(1) ltxml = version 10gt(2) ltDOCTYPE article SYSTEM articledtdgt(3) ltarticlegt(4) lttitlegt Prudent Engineering Practice for Cryptographic Protocolslttitlegt(5) ltauthorgtltnamegtM Abadiltnamegtltauthorgt(6) ltauthorgtltnamegtR Needhamltnamegtltauthorgt(7) ltjournalgt(8) ltjnamegtIEEE Transactions on Software Engineeringltjnamegt(9) ltvolumegt22ltvolumegt(10) ltnumbergt12ltnumbergt(11) ltmonthgtJanuaryltmonthgt(12) ltpagesgt6 ndash 15ltpagesgt(13) ltyeargt1996ltyeargt(14) ltjournalgt(15) ltarticlegt
bull An XML document using the XML definitions from previous slide
Document Types
12
Type Subtype Description
Text Plain Unformatted text
HTML Text including HTML markup commands
XML Text including XML markup commands
Image GIF Still image in GIF format
JPEG Still image in JPEG format
Audio Basic Audio 8-bit PCM sampled at 8000 Hz
Tone A specific audible tone
Video MPEG Movie in MPEG format
Pointer Representation of a pointer device for presentations
Application Octet-stream An uninterrupted byte sequence
Postscript A printable document in Postscript
PDF A printable document in PDF
Multipart Mixed Independent parts in the specified order
Parallel Parts must be viewed simultaneously
bull Six top-level MIME types and some common subtypes
Architectural Overview
13
bull The principle of using server-side CGI programs
14
(1) ltHTMLgt(2) ltBODYgt(3) ltPgtThe current content of ltpregtdatafiletxtltPREgtisltPgt(4) ltPgt(5) ltSERVER type = textjavascript)(6) clientFile = new File(datafiletxt)(7) if(clientFileopen(r))(8) while (clientFileeof())(9) documentwriteln(clientFilereadln())(10) clientFileclose()(11) (12) ltSERVERgt(13) ltPgt(14) ltPgtThank you for visiting this siteltPgt(15) ltBODYgt(16) ltHTMLgt
bull An HTML document containing a JavaScript to be executed by the server
CONThelliphelliphellip
bull Architectural details of a client and server in the Web
CONThelliphelliphellip
HTTPAll communication between clients and servers is based
on HTTP Servers listen on port 80HTTP is a simple protocol a client sends a request to a
server and waits for a responseHTTP is stateless it does not have any concept of open
connection and does not require a server to maintain information on its clients (Can use HTTP cookies to store session information)
HTTP is based on TCP whenever a client issues a request to a server it first sets up a TCP connection and sends the message on that connection The same connection is used for receiving the response
One of the problems with the first versions of HTTP was its inefficient use of TCP connectionsHTTP 10 vs HTTP 11
16
HTTP CONNECTIONS
A Web document is constructed from a collection of different files from the same server
In HTTP version 10 and older each request to a server required setting up a separate connection When server had responded the connection was broken down These connections are referred as nonpersistent
In HTTP version 11 several requests and their responses can be issued without the need for a separate connection These connections are referred as persistent
Furthermore a client can issue several requests in a row without waiting for the response to the first request which is referred as pipelining
17
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
Document Model
A Web document does not only contain text but it can include all kinds of dynamic features such as audio video animations etc
In many cases special helper applications (interpreters) are needed and they are integrated into the browser Eg Windows Media Player and QuickTime Player for playing
streaming content
The variety of document types forces browser to be extensible As a result plug-ins are required to follow a standard interfaces so that they can be easily integrated with the browsers 6
CONThellip
User data comes from an HTML form specifying the program and parameters
Server-side scripting technologies are used to generate dynamic contentMicrosoft Active Server Pages (ASPNET)Sun Java Server Pages (JSP)Netscape JavaScriptFree Software Foundation PHP
7
8
ltHTMLgt lt- Start of HTML document --gtltBODYgt lt- Start of the main body --gtltH1gtHello WorldH1gt lt- Basic text to be displayed --gtltPgt lt- Start of a new paragraph --gtltSCRIPT type = textjavascriptgt lt- identify scripting language --gt documentwriteln (ltH1gtHello WorldltH1gt Write a line of textltSCRIPTgt lt- End of scripting section--gtltPgt lt- End of paragraph section --gtltBODYgt lt- End of main body--gtltHTMLgt lt- End of HTML section--gtbull A simple Web page embedding a script written in JavaScript
Document Model (1)
When a web page is loaded the browser creates a Document Object Model of the pageThe HTML DOM model is constructed as a tree of Objects
9
Document Model (2)
10
(1) ltELEMENT article (title author+journal)gt(2) ltELEMENT title (PCDATA)gt(3) ltELEMENT author (name affiliation)gt(4) ltELEMENT name (PCDATA)gt(5) ltELEMENT affiliation (PCDATA)gt(6) ltELEMENT journal (jname volume number month pages year)gt(7) ltELEMENT jname (PCDATA)gt(8) ltELEMENT volume (PCDATA)gt(9) ltELEMENT number (PCDATA)gt(10) ltELEMENT month (PCDATA)gt(11) ltELEMENT pages (PCDATA)gt(12) ltELEMENT year (PCDATA)gt
bull An XML definition for referring to a journal article
11
(1) ltxml = version 10gt(2) ltDOCTYPE article SYSTEM articledtdgt(3) ltarticlegt(4) lttitlegt Prudent Engineering Practice for Cryptographic Protocolslttitlegt(5) ltauthorgtltnamegtM Abadiltnamegtltauthorgt(6) ltauthorgtltnamegtR Needhamltnamegtltauthorgt(7) ltjournalgt(8) ltjnamegtIEEE Transactions on Software Engineeringltjnamegt(9) ltvolumegt22ltvolumegt(10) ltnumbergt12ltnumbergt(11) ltmonthgtJanuaryltmonthgt(12) ltpagesgt6 ndash 15ltpagesgt(13) ltyeargt1996ltyeargt(14) ltjournalgt(15) ltarticlegt
bull An XML document using the XML definitions from previous slide
Document Types
12
Type Subtype Description
Text Plain Unformatted text
HTML Text including HTML markup commands
XML Text including XML markup commands
Image GIF Still image in GIF format
JPEG Still image in JPEG format
Audio Basic Audio 8-bit PCM sampled at 8000 Hz
Tone A specific audible tone
Video MPEG Movie in MPEG format
Pointer Representation of a pointer device for presentations
Application Octet-stream An uninterrupted byte sequence
Postscript A printable document in Postscript
PDF A printable document in PDF
Multipart Mixed Independent parts in the specified order
Parallel Parts must be viewed simultaneously
bull Six top-level MIME types and some common subtypes
Architectural Overview
13
bull The principle of using server-side CGI programs
14
(1) ltHTMLgt(2) ltBODYgt(3) ltPgtThe current content of ltpregtdatafiletxtltPREgtisltPgt(4) ltPgt(5) ltSERVER type = textjavascript)(6) clientFile = new File(datafiletxt)(7) if(clientFileopen(r))(8) while (clientFileeof())(9) documentwriteln(clientFilereadln())(10) clientFileclose()(11) (12) ltSERVERgt(13) ltPgt(14) ltPgtThank you for visiting this siteltPgt(15) ltBODYgt(16) ltHTMLgt
bull An HTML document containing a JavaScript to be executed by the server
CONThelliphelliphellip
bull Architectural details of a client and server in the Web
CONThelliphelliphellip
HTTPAll communication between clients and servers is based
on HTTP Servers listen on port 80HTTP is a simple protocol a client sends a request to a
server and waits for a responseHTTP is stateless it does not have any concept of open
connection and does not require a server to maintain information on its clients (Can use HTTP cookies to store session information)
HTTP is based on TCP whenever a client issues a request to a server it first sets up a TCP connection and sends the message on that connection The same connection is used for receiving the response
One of the problems with the first versions of HTTP was its inefficient use of TCP connectionsHTTP 10 vs HTTP 11
16
HTTP CONNECTIONS
A Web document is constructed from a collection of different files from the same server
In HTTP version 10 and older each request to a server required setting up a separate connection When server had responded the connection was broken down These connections are referred as nonpersistent
In HTTP version 11 several requests and their responses can be issued without the need for a separate connection These connections are referred as persistent
Furthermore a client can issue several requests in a row without waiting for the response to the first request which is referred as pipelining
17
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
CONThellip
User data comes from an HTML form specifying the program and parameters
Server-side scripting technologies are used to generate dynamic contentMicrosoft Active Server Pages (ASPNET)Sun Java Server Pages (JSP)Netscape JavaScriptFree Software Foundation PHP
7
8
ltHTMLgt lt- Start of HTML document --gtltBODYgt lt- Start of the main body --gtltH1gtHello WorldH1gt lt- Basic text to be displayed --gtltPgt lt- Start of a new paragraph --gtltSCRIPT type = textjavascriptgt lt- identify scripting language --gt documentwriteln (ltH1gtHello WorldltH1gt Write a line of textltSCRIPTgt lt- End of scripting section--gtltPgt lt- End of paragraph section --gtltBODYgt lt- End of main body--gtltHTMLgt lt- End of HTML section--gtbull A simple Web page embedding a script written in JavaScript
Document Model (1)
When a web page is loaded the browser creates a Document Object Model of the pageThe HTML DOM model is constructed as a tree of Objects
9
Document Model (2)
10
(1) ltELEMENT article (title author+journal)gt(2) ltELEMENT title (PCDATA)gt(3) ltELEMENT author (name affiliation)gt(4) ltELEMENT name (PCDATA)gt(5) ltELEMENT affiliation (PCDATA)gt(6) ltELEMENT journal (jname volume number month pages year)gt(7) ltELEMENT jname (PCDATA)gt(8) ltELEMENT volume (PCDATA)gt(9) ltELEMENT number (PCDATA)gt(10) ltELEMENT month (PCDATA)gt(11) ltELEMENT pages (PCDATA)gt(12) ltELEMENT year (PCDATA)gt
bull An XML definition for referring to a journal article
11
(1) ltxml = version 10gt(2) ltDOCTYPE article SYSTEM articledtdgt(3) ltarticlegt(4) lttitlegt Prudent Engineering Practice for Cryptographic Protocolslttitlegt(5) ltauthorgtltnamegtM Abadiltnamegtltauthorgt(6) ltauthorgtltnamegtR Needhamltnamegtltauthorgt(7) ltjournalgt(8) ltjnamegtIEEE Transactions on Software Engineeringltjnamegt(9) ltvolumegt22ltvolumegt(10) ltnumbergt12ltnumbergt(11) ltmonthgtJanuaryltmonthgt(12) ltpagesgt6 ndash 15ltpagesgt(13) ltyeargt1996ltyeargt(14) ltjournalgt(15) ltarticlegt
bull An XML document using the XML definitions from previous slide
Document Types
12
Type Subtype Description
Text Plain Unformatted text
HTML Text including HTML markup commands
XML Text including XML markup commands
Image GIF Still image in GIF format
JPEG Still image in JPEG format
Audio Basic Audio 8-bit PCM sampled at 8000 Hz
Tone A specific audible tone
Video MPEG Movie in MPEG format
Pointer Representation of a pointer device for presentations
Application Octet-stream An uninterrupted byte sequence
Postscript A printable document in Postscript
PDF A printable document in PDF
Multipart Mixed Independent parts in the specified order
Parallel Parts must be viewed simultaneously
bull Six top-level MIME types and some common subtypes
Architectural Overview
13
bull The principle of using server-side CGI programs
14
(1) ltHTMLgt(2) ltBODYgt(3) ltPgtThe current content of ltpregtdatafiletxtltPREgtisltPgt(4) ltPgt(5) ltSERVER type = textjavascript)(6) clientFile = new File(datafiletxt)(7) if(clientFileopen(r))(8) while (clientFileeof())(9) documentwriteln(clientFilereadln())(10) clientFileclose()(11) (12) ltSERVERgt(13) ltPgt(14) ltPgtThank you for visiting this siteltPgt(15) ltBODYgt(16) ltHTMLgt
bull An HTML document containing a JavaScript to be executed by the server
CONThelliphelliphellip
bull Architectural details of a client and server in the Web
CONThelliphelliphellip
HTTPAll communication between clients and servers is based
on HTTP Servers listen on port 80HTTP is a simple protocol a client sends a request to a
server and waits for a responseHTTP is stateless it does not have any concept of open
connection and does not require a server to maintain information on its clients (Can use HTTP cookies to store session information)
HTTP is based on TCP whenever a client issues a request to a server it first sets up a TCP connection and sends the message on that connection The same connection is used for receiving the response
One of the problems with the first versions of HTTP was its inefficient use of TCP connectionsHTTP 10 vs HTTP 11
16
HTTP CONNECTIONS
A Web document is constructed from a collection of different files from the same server
In HTTP version 10 and older each request to a server required setting up a separate connection When server had responded the connection was broken down These connections are referred as nonpersistent
In HTTP version 11 several requests and their responses can be issued without the need for a separate connection These connections are referred as persistent
Furthermore a client can issue several requests in a row without waiting for the response to the first request which is referred as pipelining
17
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
8
ltHTMLgt lt- Start of HTML document --gtltBODYgt lt- Start of the main body --gtltH1gtHello WorldH1gt lt- Basic text to be displayed --gtltPgt lt- Start of a new paragraph --gtltSCRIPT type = textjavascriptgt lt- identify scripting language --gt documentwriteln (ltH1gtHello WorldltH1gt Write a line of textltSCRIPTgt lt- End of scripting section--gtltPgt lt- End of paragraph section --gtltBODYgt lt- End of main body--gtltHTMLgt lt- End of HTML section--gtbull A simple Web page embedding a script written in JavaScript
Document Model (1)
When a web page is loaded the browser creates a Document Object Model of the pageThe HTML DOM model is constructed as a tree of Objects
9
Document Model (2)
10
(1) ltELEMENT article (title author+journal)gt(2) ltELEMENT title (PCDATA)gt(3) ltELEMENT author (name affiliation)gt(4) ltELEMENT name (PCDATA)gt(5) ltELEMENT affiliation (PCDATA)gt(6) ltELEMENT journal (jname volume number month pages year)gt(7) ltELEMENT jname (PCDATA)gt(8) ltELEMENT volume (PCDATA)gt(9) ltELEMENT number (PCDATA)gt(10) ltELEMENT month (PCDATA)gt(11) ltELEMENT pages (PCDATA)gt(12) ltELEMENT year (PCDATA)gt
bull An XML definition for referring to a journal article
11
(1) ltxml = version 10gt(2) ltDOCTYPE article SYSTEM articledtdgt(3) ltarticlegt(4) lttitlegt Prudent Engineering Practice for Cryptographic Protocolslttitlegt(5) ltauthorgtltnamegtM Abadiltnamegtltauthorgt(6) ltauthorgtltnamegtR Needhamltnamegtltauthorgt(7) ltjournalgt(8) ltjnamegtIEEE Transactions on Software Engineeringltjnamegt(9) ltvolumegt22ltvolumegt(10) ltnumbergt12ltnumbergt(11) ltmonthgtJanuaryltmonthgt(12) ltpagesgt6 ndash 15ltpagesgt(13) ltyeargt1996ltyeargt(14) ltjournalgt(15) ltarticlegt
bull An XML document using the XML definitions from previous slide
Document Types
12
Type Subtype Description
Text Plain Unformatted text
HTML Text including HTML markup commands
XML Text including XML markup commands
Image GIF Still image in GIF format
JPEG Still image in JPEG format
Audio Basic Audio 8-bit PCM sampled at 8000 Hz
Tone A specific audible tone
Video MPEG Movie in MPEG format
Pointer Representation of a pointer device for presentations
Application Octet-stream An uninterrupted byte sequence
Postscript A printable document in Postscript
PDF A printable document in PDF
Multipart Mixed Independent parts in the specified order
Parallel Parts must be viewed simultaneously
bull Six top-level MIME types and some common subtypes
Architectural Overview
13
bull The principle of using server-side CGI programs
14
(1) ltHTMLgt(2) ltBODYgt(3) ltPgtThe current content of ltpregtdatafiletxtltPREgtisltPgt(4) ltPgt(5) ltSERVER type = textjavascript)(6) clientFile = new File(datafiletxt)(7) if(clientFileopen(r))(8) while (clientFileeof())(9) documentwriteln(clientFilereadln())(10) clientFileclose()(11) (12) ltSERVERgt(13) ltPgt(14) ltPgtThank you for visiting this siteltPgt(15) ltBODYgt(16) ltHTMLgt
bull An HTML document containing a JavaScript to be executed by the server
CONThelliphelliphellip
bull Architectural details of a client and server in the Web
CONThelliphelliphellip
HTTPAll communication between clients and servers is based
on HTTP Servers listen on port 80HTTP is a simple protocol a client sends a request to a
server and waits for a responseHTTP is stateless it does not have any concept of open
connection and does not require a server to maintain information on its clients (Can use HTTP cookies to store session information)
HTTP is based on TCP whenever a client issues a request to a server it first sets up a TCP connection and sends the message on that connection The same connection is used for receiving the response
One of the problems with the first versions of HTTP was its inefficient use of TCP connectionsHTTP 10 vs HTTP 11
16
HTTP CONNECTIONS
A Web document is constructed from a collection of different files from the same server
In HTTP version 10 and older each request to a server required setting up a separate connection When server had responded the connection was broken down These connections are referred as nonpersistent
In HTTP version 11 several requests and their responses can be issued without the need for a separate connection These connections are referred as persistent
Furthermore a client can issue several requests in a row without waiting for the response to the first request which is referred as pipelining
17
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
When a web page is loaded the browser creates a Document Object Model of the pageThe HTML DOM model is constructed as a tree of Objects
9
Document Model (2)
10
(1) ltELEMENT article (title author+journal)gt(2) ltELEMENT title (PCDATA)gt(3) ltELEMENT author (name affiliation)gt(4) ltELEMENT name (PCDATA)gt(5) ltELEMENT affiliation (PCDATA)gt(6) ltELEMENT journal (jname volume number month pages year)gt(7) ltELEMENT jname (PCDATA)gt(8) ltELEMENT volume (PCDATA)gt(9) ltELEMENT number (PCDATA)gt(10) ltELEMENT month (PCDATA)gt(11) ltELEMENT pages (PCDATA)gt(12) ltELEMENT year (PCDATA)gt
bull An XML definition for referring to a journal article
11
(1) ltxml = version 10gt(2) ltDOCTYPE article SYSTEM articledtdgt(3) ltarticlegt(4) lttitlegt Prudent Engineering Practice for Cryptographic Protocolslttitlegt(5) ltauthorgtltnamegtM Abadiltnamegtltauthorgt(6) ltauthorgtltnamegtR Needhamltnamegtltauthorgt(7) ltjournalgt(8) ltjnamegtIEEE Transactions on Software Engineeringltjnamegt(9) ltvolumegt22ltvolumegt(10) ltnumbergt12ltnumbergt(11) ltmonthgtJanuaryltmonthgt(12) ltpagesgt6 ndash 15ltpagesgt(13) ltyeargt1996ltyeargt(14) ltjournalgt(15) ltarticlegt
bull An XML document using the XML definitions from previous slide
Document Types
12
Type Subtype Description
Text Plain Unformatted text
HTML Text including HTML markup commands
XML Text including XML markup commands
Image GIF Still image in GIF format
JPEG Still image in JPEG format
Audio Basic Audio 8-bit PCM sampled at 8000 Hz
Tone A specific audible tone
Video MPEG Movie in MPEG format
Pointer Representation of a pointer device for presentations
Application Octet-stream An uninterrupted byte sequence
Postscript A printable document in Postscript
PDF A printable document in PDF
Multipart Mixed Independent parts in the specified order
Parallel Parts must be viewed simultaneously
bull Six top-level MIME types and some common subtypes
Architectural Overview
13
bull The principle of using server-side CGI programs
14
(1) ltHTMLgt(2) ltBODYgt(3) ltPgtThe current content of ltpregtdatafiletxtltPREgtisltPgt(4) ltPgt(5) ltSERVER type = textjavascript)(6) clientFile = new File(datafiletxt)(7) if(clientFileopen(r))(8) while (clientFileeof())(9) documentwriteln(clientFilereadln())(10) clientFileclose()(11) (12) ltSERVERgt(13) ltPgt(14) ltPgtThank you for visiting this siteltPgt(15) ltBODYgt(16) ltHTMLgt
bull An HTML document containing a JavaScript to be executed by the server
CONThelliphelliphellip
bull Architectural details of a client and server in the Web
CONThelliphelliphellip
HTTPAll communication between clients and servers is based
on HTTP Servers listen on port 80HTTP is a simple protocol a client sends a request to a
server and waits for a responseHTTP is stateless it does not have any concept of open
connection and does not require a server to maintain information on its clients (Can use HTTP cookies to store session information)
HTTP is based on TCP whenever a client issues a request to a server it first sets up a TCP connection and sends the message on that connection The same connection is used for receiving the response
One of the problems with the first versions of HTTP was its inefficient use of TCP connectionsHTTP 10 vs HTTP 11
16
HTTP CONNECTIONS
A Web document is constructed from a collection of different files from the same server
In HTTP version 10 and older each request to a server required setting up a separate connection When server had responded the connection was broken down These connections are referred as nonpersistent
In HTTP version 11 several requests and their responses can be issued without the need for a separate connection These connections are referred as persistent
Furthermore a client can issue several requests in a row without waiting for the response to the first request which is referred as pipelining
17
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
Document Model (2)
10
(1) ltELEMENT article (title author+journal)gt(2) ltELEMENT title (PCDATA)gt(3) ltELEMENT author (name affiliation)gt(4) ltELEMENT name (PCDATA)gt(5) ltELEMENT affiliation (PCDATA)gt(6) ltELEMENT journal (jname volume number month pages year)gt(7) ltELEMENT jname (PCDATA)gt(8) ltELEMENT volume (PCDATA)gt(9) ltELEMENT number (PCDATA)gt(10) ltELEMENT month (PCDATA)gt(11) ltELEMENT pages (PCDATA)gt(12) ltELEMENT year (PCDATA)gt
bull An XML definition for referring to a journal article
11
(1) ltxml = version 10gt(2) ltDOCTYPE article SYSTEM articledtdgt(3) ltarticlegt(4) lttitlegt Prudent Engineering Practice for Cryptographic Protocolslttitlegt(5) ltauthorgtltnamegtM Abadiltnamegtltauthorgt(6) ltauthorgtltnamegtR Needhamltnamegtltauthorgt(7) ltjournalgt(8) ltjnamegtIEEE Transactions on Software Engineeringltjnamegt(9) ltvolumegt22ltvolumegt(10) ltnumbergt12ltnumbergt(11) ltmonthgtJanuaryltmonthgt(12) ltpagesgt6 ndash 15ltpagesgt(13) ltyeargt1996ltyeargt(14) ltjournalgt(15) ltarticlegt
bull An XML document using the XML definitions from previous slide
Document Types
12
Type Subtype Description
Text Plain Unformatted text
HTML Text including HTML markup commands
XML Text including XML markup commands
Image GIF Still image in GIF format
JPEG Still image in JPEG format
Audio Basic Audio 8-bit PCM sampled at 8000 Hz
Tone A specific audible tone
Video MPEG Movie in MPEG format
Pointer Representation of a pointer device for presentations
Application Octet-stream An uninterrupted byte sequence
Postscript A printable document in Postscript
PDF A printable document in PDF
Multipart Mixed Independent parts in the specified order
Parallel Parts must be viewed simultaneously
bull Six top-level MIME types and some common subtypes
Architectural Overview
13
bull The principle of using server-side CGI programs
14
(1) ltHTMLgt(2) ltBODYgt(3) ltPgtThe current content of ltpregtdatafiletxtltPREgtisltPgt(4) ltPgt(5) ltSERVER type = textjavascript)(6) clientFile = new File(datafiletxt)(7) if(clientFileopen(r))(8) while (clientFileeof())(9) documentwriteln(clientFilereadln())(10) clientFileclose()(11) (12) ltSERVERgt(13) ltPgt(14) ltPgtThank you for visiting this siteltPgt(15) ltBODYgt(16) ltHTMLgt
bull An HTML document containing a JavaScript to be executed by the server
CONThelliphelliphellip
bull Architectural details of a client and server in the Web
CONThelliphelliphellip
HTTPAll communication between clients and servers is based
on HTTP Servers listen on port 80HTTP is a simple protocol a client sends a request to a
server and waits for a responseHTTP is stateless it does not have any concept of open
connection and does not require a server to maintain information on its clients (Can use HTTP cookies to store session information)
HTTP is based on TCP whenever a client issues a request to a server it first sets up a TCP connection and sends the message on that connection The same connection is used for receiving the response
One of the problems with the first versions of HTTP was its inefficient use of TCP connectionsHTTP 10 vs HTTP 11
16
HTTP CONNECTIONS
A Web document is constructed from a collection of different files from the same server
In HTTP version 10 and older each request to a server required setting up a separate connection When server had responded the connection was broken down These connections are referred as nonpersistent
In HTTP version 11 several requests and their responses can be issued without the need for a separate connection These connections are referred as persistent
Furthermore a client can issue several requests in a row without waiting for the response to the first request which is referred as pipelining
17
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
11
(1) ltxml = version 10gt(2) ltDOCTYPE article SYSTEM articledtdgt(3) ltarticlegt(4) lttitlegt Prudent Engineering Practice for Cryptographic Protocolslttitlegt(5) ltauthorgtltnamegtM Abadiltnamegtltauthorgt(6) ltauthorgtltnamegtR Needhamltnamegtltauthorgt(7) ltjournalgt(8) ltjnamegtIEEE Transactions on Software Engineeringltjnamegt(9) ltvolumegt22ltvolumegt(10) ltnumbergt12ltnumbergt(11) ltmonthgtJanuaryltmonthgt(12) ltpagesgt6 ndash 15ltpagesgt(13) ltyeargt1996ltyeargt(14) ltjournalgt(15) ltarticlegt
bull An XML document using the XML definitions from previous slide
Document Types
12
Type Subtype Description
Text Plain Unformatted text
HTML Text including HTML markup commands
XML Text including XML markup commands
Image GIF Still image in GIF format
JPEG Still image in JPEG format
Audio Basic Audio 8-bit PCM sampled at 8000 Hz
Tone A specific audible tone
Video MPEG Movie in MPEG format
Pointer Representation of a pointer device for presentations
Application Octet-stream An uninterrupted byte sequence
Postscript A printable document in Postscript
PDF A printable document in PDF
Multipart Mixed Independent parts in the specified order
Parallel Parts must be viewed simultaneously
bull Six top-level MIME types and some common subtypes
Architectural Overview
13
bull The principle of using server-side CGI programs
14
(1) ltHTMLgt(2) ltBODYgt(3) ltPgtThe current content of ltpregtdatafiletxtltPREgtisltPgt(4) ltPgt(5) ltSERVER type = textjavascript)(6) clientFile = new File(datafiletxt)(7) if(clientFileopen(r))(8) while (clientFileeof())(9) documentwriteln(clientFilereadln())(10) clientFileclose()(11) (12) ltSERVERgt(13) ltPgt(14) ltPgtThank you for visiting this siteltPgt(15) ltBODYgt(16) ltHTMLgt
bull An HTML document containing a JavaScript to be executed by the server
CONThelliphelliphellip
bull Architectural details of a client and server in the Web
CONThelliphelliphellip
HTTPAll communication between clients and servers is based
on HTTP Servers listen on port 80HTTP is a simple protocol a client sends a request to a
server and waits for a responseHTTP is stateless it does not have any concept of open
connection and does not require a server to maintain information on its clients (Can use HTTP cookies to store session information)
HTTP is based on TCP whenever a client issues a request to a server it first sets up a TCP connection and sends the message on that connection The same connection is used for receiving the response
One of the problems with the first versions of HTTP was its inefficient use of TCP connectionsHTTP 10 vs HTTP 11
16
HTTP CONNECTIONS
A Web document is constructed from a collection of different files from the same server
In HTTP version 10 and older each request to a server required setting up a separate connection When server had responded the connection was broken down These connections are referred as nonpersistent
In HTTP version 11 several requests and their responses can be issued without the need for a separate connection These connections are referred as persistent
Furthermore a client can issue several requests in a row without waiting for the response to the first request which is referred as pipelining
17
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
Document Types
12
Type Subtype Description
Text Plain Unformatted text
HTML Text including HTML markup commands
XML Text including XML markup commands
Image GIF Still image in GIF format
JPEG Still image in JPEG format
Audio Basic Audio 8-bit PCM sampled at 8000 Hz
Tone A specific audible tone
Video MPEG Movie in MPEG format
Pointer Representation of a pointer device for presentations
Application Octet-stream An uninterrupted byte sequence
Postscript A printable document in Postscript
PDF A printable document in PDF
Multipart Mixed Independent parts in the specified order
Parallel Parts must be viewed simultaneously
bull Six top-level MIME types and some common subtypes
Architectural Overview
13
bull The principle of using server-side CGI programs
14
(1) ltHTMLgt(2) ltBODYgt(3) ltPgtThe current content of ltpregtdatafiletxtltPREgtisltPgt(4) ltPgt(5) ltSERVER type = textjavascript)(6) clientFile = new File(datafiletxt)(7) if(clientFileopen(r))(8) while (clientFileeof())(9) documentwriteln(clientFilereadln())(10) clientFileclose()(11) (12) ltSERVERgt(13) ltPgt(14) ltPgtThank you for visiting this siteltPgt(15) ltBODYgt(16) ltHTMLgt
bull An HTML document containing a JavaScript to be executed by the server
CONThelliphelliphellip
bull Architectural details of a client and server in the Web
CONThelliphelliphellip
HTTPAll communication between clients and servers is based
on HTTP Servers listen on port 80HTTP is a simple protocol a client sends a request to a
server and waits for a responseHTTP is stateless it does not have any concept of open
connection and does not require a server to maintain information on its clients (Can use HTTP cookies to store session information)
HTTP is based on TCP whenever a client issues a request to a server it first sets up a TCP connection and sends the message on that connection The same connection is used for receiving the response
One of the problems with the first versions of HTTP was its inefficient use of TCP connectionsHTTP 10 vs HTTP 11
16
HTTP CONNECTIONS
A Web document is constructed from a collection of different files from the same server
In HTTP version 10 and older each request to a server required setting up a separate connection When server had responded the connection was broken down These connections are referred as nonpersistent
In HTTP version 11 several requests and their responses can be issued without the need for a separate connection These connections are referred as persistent
Furthermore a client can issue several requests in a row without waiting for the response to the first request which is referred as pipelining
17
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
Architectural Overview
13
bull The principle of using server-side CGI programs
14
(1) ltHTMLgt(2) ltBODYgt(3) ltPgtThe current content of ltpregtdatafiletxtltPREgtisltPgt(4) ltPgt(5) ltSERVER type = textjavascript)(6) clientFile = new File(datafiletxt)(7) if(clientFileopen(r))(8) while (clientFileeof())(9) documentwriteln(clientFilereadln())(10) clientFileclose()(11) (12) ltSERVERgt(13) ltPgt(14) ltPgtThank you for visiting this siteltPgt(15) ltBODYgt(16) ltHTMLgt
bull An HTML document containing a JavaScript to be executed by the server
CONThelliphelliphellip
bull Architectural details of a client and server in the Web
CONThelliphelliphellip
HTTPAll communication between clients and servers is based
on HTTP Servers listen on port 80HTTP is a simple protocol a client sends a request to a
server and waits for a responseHTTP is stateless it does not have any concept of open
connection and does not require a server to maintain information on its clients (Can use HTTP cookies to store session information)
HTTP is based on TCP whenever a client issues a request to a server it first sets up a TCP connection and sends the message on that connection The same connection is used for receiving the response
One of the problems with the first versions of HTTP was its inefficient use of TCP connectionsHTTP 10 vs HTTP 11
16
HTTP CONNECTIONS
A Web document is constructed from a collection of different files from the same server
In HTTP version 10 and older each request to a server required setting up a separate connection When server had responded the connection was broken down These connections are referred as nonpersistent
In HTTP version 11 several requests and their responses can be issued without the need for a separate connection These connections are referred as persistent
Furthermore a client can issue several requests in a row without waiting for the response to the first request which is referred as pipelining
17
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
14
(1) ltHTMLgt(2) ltBODYgt(3) ltPgtThe current content of ltpregtdatafiletxtltPREgtisltPgt(4) ltPgt(5) ltSERVER type = textjavascript)(6) clientFile = new File(datafiletxt)(7) if(clientFileopen(r))(8) while (clientFileeof())(9) documentwriteln(clientFilereadln())(10) clientFileclose()(11) (12) ltSERVERgt(13) ltPgt(14) ltPgtThank you for visiting this siteltPgt(15) ltBODYgt(16) ltHTMLgt
bull An HTML document containing a JavaScript to be executed by the server
CONThelliphelliphellip
bull Architectural details of a client and server in the Web
CONThelliphelliphellip
HTTPAll communication between clients and servers is based
on HTTP Servers listen on port 80HTTP is a simple protocol a client sends a request to a
server and waits for a responseHTTP is stateless it does not have any concept of open
connection and does not require a server to maintain information on its clients (Can use HTTP cookies to store session information)
HTTP is based on TCP whenever a client issues a request to a server it first sets up a TCP connection and sends the message on that connection The same connection is used for receiving the response
One of the problems with the first versions of HTTP was its inefficient use of TCP connectionsHTTP 10 vs HTTP 11
16
HTTP CONNECTIONS
A Web document is constructed from a collection of different files from the same server
In HTTP version 10 and older each request to a server required setting up a separate connection When server had responded the connection was broken down These connections are referred as nonpersistent
In HTTP version 11 several requests and their responses can be issued without the need for a separate connection These connections are referred as persistent
Furthermore a client can issue several requests in a row without waiting for the response to the first request which is referred as pipelining
17
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
bull Architectural details of a client and server in the Web
CONThelliphelliphellip
HTTPAll communication between clients and servers is based
on HTTP Servers listen on port 80HTTP is a simple protocol a client sends a request to a
server and waits for a responseHTTP is stateless it does not have any concept of open
connection and does not require a server to maintain information on its clients (Can use HTTP cookies to store session information)
HTTP is based on TCP whenever a client issues a request to a server it first sets up a TCP connection and sends the message on that connection The same connection is used for receiving the response
One of the problems with the first versions of HTTP was its inefficient use of TCP connectionsHTTP 10 vs HTTP 11
16
HTTP CONNECTIONS
A Web document is constructed from a collection of different files from the same server
In HTTP version 10 and older each request to a server required setting up a separate connection When server had responded the connection was broken down These connections are referred as nonpersistent
In HTTP version 11 several requests and their responses can be issued without the need for a separate connection These connections are referred as persistent
Furthermore a client can issue several requests in a row without waiting for the response to the first request which is referred as pipelining
17
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
HTTPAll communication between clients and servers is based
on HTTP Servers listen on port 80HTTP is a simple protocol a client sends a request to a
server and waits for a responseHTTP is stateless it does not have any concept of open
connection and does not require a server to maintain information on its clients (Can use HTTP cookies to store session information)
HTTP is based on TCP whenever a client issues a request to a server it first sets up a TCP connection and sends the message on that connection The same connection is used for receiving the response
One of the problems with the first versions of HTTP was its inefficient use of TCP connectionsHTTP 10 vs HTTP 11
16
HTTP CONNECTIONS
A Web document is constructed from a collection of different files from the same server
In HTTP version 10 and older each request to a server required setting up a separate connection When server had responded the connection was broken down These connections are referred as nonpersistent
In HTTP version 11 several requests and their responses can be issued without the need for a separate connection These connections are referred as persistent
Furthermore a client can issue several requests in a row without waiting for the response to the first request which is referred as pipelining
17
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
HTTP CONNECTIONS
A Web document is constructed from a collection of different files from the same server
In HTTP version 10 and older each request to a server required setting up a separate connection When server had responded the connection was broken down These connections are referred as nonpersistent
In HTTP version 11 several requests and their responses can be issued without the need for a separate connection These connections are referred as persistent
Furthermore a client can issue several requests in a row without waiting for the response to the first request which is referred as pipelining
17
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
CONThelliphelliphellip
18(a) Using non-persistent connections (b) Using persistent connections
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
HTTP Methods
19
Operation Description
Head Request to return the header of a document
Get Request to return a document to the client
Put Request to store a document
Post Provide data that is to be added to a document (collection)
Delete Request to delete a document
bull Operations supported by HTTP
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
HTTP Messages
20bull HTTP request message
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
21bull HTTP response message
CONThelliphelliphellip
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
22
Header Source Contents
Accept Client The type of documents the client can handle
Accept-Charset Client The character sets are acceptable for the client
Accept-Encoding Client The document encodings the client can handle
Accept-Language Client The natural language the client can handle
Authorization Client A list of the clients credentials
WWW-Authenticate Server Security challenge the client should respond to
Date Both Date and time the message was sent
ETag Server The tags associated with the returned document
Expires Server The time how long the response remains valid
From Client The clients e-mail address
Host Client The TCP address of the documents server
If-Match Client The tags the document should have
If-None-Match Client The tags the document should not have
If-Modified-Since ClientTells the server to return a document only if it has been modified since the specified time
If-Unmodified-Since ClientTells the server to return a document only if it has not been modified since the specified time
Last-Modified Server The time the returned document was last modified
Location ServerA document reference to which the client should redirect its request
Referer Client Refers to clients most recently requested document
Upgrade Both The application protocol the sender wants to switch to
Warning Both Information about the status of the data in the message
bull Some HTTP message headers
CONThelliphelliphellip
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
Processes
A plug-in is a small program that can be dynamically loaded into a browser for handling a specific document type
When a browser encounters a document type for which it needs a plug-in it loads the plug-in locally and creates an instance
The plug-in is removed from the browser when it isno longer needed
23
1Clients
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
24bull Using a plug-in in a Web browser
CONThelliphelliphellip
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
CONThelliphellip
25
bull Using a Web proxy when the browser does not speak FTP
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
Important The majority of Web servers is a configured Apache server which breaks down each HTTP request handling into eight phases This approach allows flexible configuration of servers
26
2Servers
bull General organization of the Apache Web server
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
In order to invoke the appropriate handler at the right time processing HTTP requests is broken down into sevral phases
A module can register a handler for a specific phase Whenever a phase is reached the core module inspects which handlers have been registered for that phase and invoke one of them
27
1 Resolving document reference to local file name2 Client authentication3 Client access control4 Request access control5 MIME type determination of the response6 General phase for handling leftovers7 Transmission of the response8 Logging data on the processing of the request
CONThelliphellip
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
28
bull Essence To improve performance and availability WWW servers are often clustered in a way that is transparent to clients
Server Clusters
bull The principle of using a cluster of workstations to implement a Web service
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
bull Problem The front end may easily get overloaded so that special measures need to be taken
bull Transport-layer switching Front end simply passes the TCP request to one of the servers taking some performance metric into account
bull Content-aware distribution Front end reads the content of the HTTP request and then selects the best server
bull A crucial aspect of this organization is the the design of the front end as it can easily become a serious performance bottleneck 29
CONThelliphellip
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
30
CONThelliphellip
(a) The principle of TCP handoff
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
CONThelliphellip
31(b) A scalable content-aware cluster of Web servers
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
1URL(Uniform Resource Locators)
Uniform Resource Locator tells how and where to access a resource
32
Naming
bull Often-used structures for URLsa) Using only a DNS nameb) Combining a DNS name with a port numberc) combining an IP address with a port number
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
33
CONThelliphellip
Name Used for Example
http HTTP httpwwwcsvunl80globe
ftp FTP ftpftpcsvunlpupminxREADME
file Local file fileedubookworkchp1111
data Inline data datatextplaincharset=iso-8859-7e1e2e3
telnet Remote login telnetflitscsvunl
tel Telephone tel+31201234567
modem Modem modem+31201234567type=v32
Examples of URLs
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
2URN(Uniform Resource Names)
URNs are location-independent references to documents
34
The general structure of a URN
bull A typical example of a URN is the one used for identifying books by means of their ISBN such as urnisbn0-13-349945-6
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
Synchronization WebDAV
bull Problem There is a growing need for collaborative auditing of Web documents but bare-bones HTTP canrsquot help here
bull Solution Web Distributed Authoring and Versioning
bull Supports exclusive and shared write locks which operate on entire documents
bull A lock is passed by means of a lock token the server registers the client(s) holding the lock
bull Clients modify the document locally and post it back to the server along with the lock token
bull Note There is no specific support for crashed clients holding a lock
35
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
Caching and Replication
bull Basic idea Sites install a separate proxy server that handles all outgoing requests Proxies subsequently cache incoming documents Cache-consistency protocolsbull Always verify validity by contacting serverbull Age-based consistency
Texpire = α(Tcached ndash Tlast_modified) + Tcached
bull Cooperative caching by which you first check your neighbors on a cache miss
36
Web Proxy Caching
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
CONThelliphelliphellip
37The principle of cooperative caching
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
bull A nontransparent form of replication that is widely deployed is to make an entire copy of a web site available at a different server This approach is also called Mirroring
bull Content Delivery Network CDNs act as Web hosting services to replicate documents across the Internet providing their customers guarantees on high availability and performance (example Akamai)
38
Server Replication
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
CONThellip
39The principle working of the Akami CDN
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
bull Transport Layer Security Modern version of the the Secure Socket Layer (SSL) which ldquositsrdquo between transport layer and application protocols Relatively simple protocol that can support mutual authentication using certificates
40
Security
The position of TLS in the Internet protocol stack
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
Conthelliphellip
41TLS with mutual authentication
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
CONThelliphellip
1first The client informs the server of the cryptographic algorithms it can handle as well as any compression methods it supports
2In the second phase authentication takes place The server is always required to authenticate itself for which reason it passes the client a certificate containing its public key signed by a certification authority CA
3If server requires that the client be authenticated the client will have to send a certificate to the server
4The client generates a random number that will be used by both sides for constructing a session key and sends this number to the server encrypted with the serverrsquos public key
5If client authenticated is required the client signs the number with its private key
42
Thank You
43
Thank You
43