The Wonderful World of

HTTPPresented by:Richard ChanAshlee ClairSky McBean

Robert Wolfer

Overview of Presentation

What is HTTPHow Does It WorkUse of HTTP in Business TodayControls for HTTPFuture trends

Definition of HTTP

HyperText Transfer Protocol (HTTP) is how the world wide web transfers or conveys information. Originally designed to provide a way to publish and receive HTML pages. HTML is the language in which one publishes hypertext on

the World Wide Web. From www.w3.org

Picture provided by The Web Designer’s HTTP Primer: http://www.dmc.dit.ie/maim2002/mairead/practice/projects/MP4/What/index.html

About HTTP

HTTP is not a protocol for transferring hypertext; rather it is a protocol for transmitting information with the efficiency necessary for making hypertext jumps. The information transferred using HTTP can be plain text, hypertext, audio, images, basically any Internet accessible information.

From- The Web Designer’s HTTP Primer: http://www.dmc.dit.ie/maim2002/mairead/practice/projects/MP4/What/index.html

Clarification

Analogy:

HTTP is to Hypertext as Latin is to Science

Who Created HTTP

Hypertext Transfer Protocol Created by WWW

Consortium also known as W3C

Authors of HTTP Tim Berners-Lee Henrik Frystyk

Nielsen Roy T. Fielding

Next 3 Slides from www.w3c.com

Tim Berners-Lee: Director of W3C and Inventor of the World Wide Web

About W3C

The World Wide Web Consortium (W3C) is an international consortium where Member organizations, a full-time staff, and the public work together to develop Web standards.

Mission Statement: To lead the World Wide Web to its full potential by developing protocols and guidelines that ensure long-term growth for the Web.

More About W3C

W3C primarily pursues its mission through the creation of Web standards and guidelines. Since 1994, W3C has published more than ninety such standards, called W3C Recommendations.

History

HTTP 0.9 Never widely used Only supports requests for representations of the specified

resources. HTTP 1.0 was created and put into use in May 1996

Still in wide use Does not use proxy servers very well

HTTP 1.1 was put into use in June 1999 This is the current form being used today Persistent connections and works well with proxies Allows multiple requests to be sent at one time

From: www.wikapedia.com

Process

HTTP is a request/response protocol between clients and servers.A web browser, client, sends a request by

connecting to a port or remote host by a transmission control protocol (TCP).

Then a server takes the request string, such as “GET / HTTP/www.bus.orst.edu” and that will show that default home page.

From: www.wikapedia.com

Basic Structure of a URL

• Protocol - set of standards that govern the communication of data (i.e. HTTP)

• Domain name - the address of the Website • Path - a certain directory/subdirectory at the Website• HTML - Hypertext markup language

McLeod Jr., Raymond, George P. Schell. Management Information Systems, 9th ed. Upper Saddle River, N.J.: Prentice Hall.

HTTP Process

Process Example

Client Request GET /index.html HTTP/1.1 Host:

www.example.com Server Response

HTTP/1.1 200 OK Date: Mon, 23 May 2005 22:38:34 GMT Server: Apache/1.3.27 (Unix) (Red-Hat/Linux) Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT Etag: "3f80f-1b6-3e1cb03b" Accept-Ranges: bytes Content-Length: 438 Connection: close Content-Type: text/html; charset=UTF-8

Next 2 Slides from: www.wikapedia.com

Eight Request Methods

GET – Requests a representation of the specified resource. By far the most common method used on the Web today.

HEAD – Asks for the response identical to the one that would correspond to a GET request, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content.

POST – Submits user data (e.g. from a HTML form) to the identified resource. The data is included in the body of the request.

PUT – Uploads a representation of the specified resource. DELETE – Deletes the specified resource (rarely implemented). TRACE – Echoes back the received request, so that a client can see

what intermediate servers are adding or changing in the request. OPTIONS – Returns the HTTP methods that the server supports. This

can be used to check the functionality of a web server. CONNECT – For use with a proxy that can change to being an SSL

tunnel.

Why HTTP

FlexibiilityHTTP makes use of TCP (Transfer Control Protocol) to establish a reliable connection between the client and the server. However it is a 'stateless' protocol, which means that a new connection between the client and a server is established for each transaction, the transaction occurs and then the connection is terminated. Each specific HTTP client server transaction is executed independently, creating a new TCP connection for each HTTP transaction.

It is this stateless nature of HTTP which makes it particularly suited to the web. If you think about how a user browses the web, typically they will jump from website to website. Their browser makes a rapid sequence of requests from a number of distributed servers. The flexible stateless nature of HTTP facilitates this kind of communication.

Next 2 From- The Web Designer’s HTTP Primer: http://www.dmc.dit.ie/maim2002/mairead/practice/projects/MP4/What/index.html

Why HTTP

Versatility Another important feature of HTTP is its versatility. It can handle a range of file formats. When a client issues a request to a server it may include a prioritized list of formats it can handle. The server then responds with the appropriate format. This arrangement prevents the transmission of unnecessary information, making more effeicient use of the connection.

Business use of HTTP

E-Commerce E-Business

Next 3 slides from Kinicki, Angelo and Robert Kreitner. Organizational Behavior. New York City: McGraw-Hill, 2006.

E-commerce

Selling products over the internetOnline forms send information to

company’s database

JR Cigars

http://www.jrcigars.com

E-business

Using the internet to facilitate every aspect of the business Communication: Memos, instructions… Discussion forums E-learning, research Online forms for regulatory agencies

IBM for E-business

http://www.ibm.com/e-business

IT controls for HTTP

Because HTTP is a transfer protocol used to spread information through the WWW, companies must have a strategy in place to limit the number of threats that can be transmitted through HTTP.

A strategy is particularly important because these threats can attack the firm’s information resources.

One strategy that has become popular among companies is the implementation of a Risk Management strategy

Next 7 slides from: McLeod Jr., Raymond, George P. Schell. Management Information Systems, 9th ed. Upper Saddle River, N.J.: Prentice Hall.

Risk Management Strategy

The risk management strategy bases the security of the firm’s information resources on the risks that these resources face

Similarity between Risk Management Strategy and the components of an Internal Control System

Riskassessment

Control

Activities

Information and Communication

Control

Environment

Monitoring

Identify the Threats

1. Viruses

2. Worms

3. Hackers

4. Malware - invades a system and performs functions not intended by the system owners

5. Trojan Horses - produce unwanted changes in the system’s functionality

Define the Risks

1. Unauthorized Disclosure and Theft - industrial spies gaining valuable competitive information and computer criminals embezzling the firm’s funds

2. Unauthorized Use of the Firm’s Information Resources (i.e. the database)

3. Unauthorized Destruction and Denial of Service - which can cause a shutdown in the firm’s computer operations

4. Unauthorized Modification - changes made to the firm’s data

Establish the Policy Phase 1 - Policy Development Phase 2 - Consultation and

Approval Phase 3 - Awareness and

Education: once the policy has been approved training awareness and policy education programs are conducted

Phase 4 - Policy Dissemination: the security policies are disseminated throughout the organizational units where the policies apply (i.e. promote a good control environment)

Implement the Controls

Intrusion Detection Systems - virus protection software (Norton Antivirus)

Firewalls - acts as a filter and barrier that restricts the flow of data to and from the firm from the internet

Cryptography - data and information can be encrypted as it resides in storage and as it is transmitted over the networks

New In HTTP

HTTP/1.1

The basic operation of HTTP/1.1 remains the same as for HTTP/1.0, and the protocol ensures that browsers and servers of different versions can all interoperate correctly. If the browser understands version 1.1, it uses HTTP/1.1 on the request line instead of HTTP/1.0. When the server sees this is knows it can make use of new 1.1 features (if a 1.1 server sees a lower version, it must adjust its response to use that protocol instead).

HTTP/1.1 contains a lot of new facilities, the main ones are: hostname identification, content negotiation, persistent connections, chunked transfers, byte ranges and support for proxies and caches.

Next 2 slides from Apache Week: http://www.apacheweek.com/features/http11

How This Affects Browsers and Servers

Non-IP virtual HostsVirtual hosts can be used without needing additional IP addresses.

Content Negotiation means more content types and better selectionUsing content negotiation means that resources can be stored in various formats, and the browser automatically gets the 'best' one (e.g. the correct language). If a best match cannot be determined, the browser or server can offer a list of choices to the user.

Faster ResponsePersistent connections will mean that accessing pages with inline or embedded documents should be quicker.

Better handling of interrupted downloadsThe ability to request byte ranges will let browsers continue interrupted downloads.

Better Behavior and Performance from CachesCaches will be able to use persistent connections to increase performance both when talking to browsers and servers. Use of conditionals and content negotiation will mean caches can identify responses quicker.