Wireless Application Protocol and Microsoft Mobile Information 2001 Server put the Web on wheels
For mobile users who heavily rely on portable devices to contact others, to have others reach them, and to organize their calendars and address books, carrying a cellular phone, pager, and Personal Digital Assistant (PDA) is as common nowadays as wearing a watch and carrying keys and a wallet. Advanced versions of these wireless devices, or handsets, also let mobile users receive and send email messages, read news and stock quotes, and access Web servers anytime, anywhere.
An important mainstream technology that enables advanced features for mobile users is Wireless Application Protocol (WAP), a standard for implementing wireless client/server communication and applications. According to International Data Corporation (IDC), the number of WAP-enabled handsets worldwide will grow from 99 million at the end of 2000 to 1.3 billion by 2004.
In addition to handset vendors, many other vendors are incorporating WAP into their development strategies and new products to support mobile commerce and enable WAP clients to ride the Internet wave. Microsoft will deliver a WAP application platform called Mobile Information 2001 Server and let WAP clients access Microsoft Exchange Server this year. If you have mobile users, you might be interested in an introduction to the WAP protocol, architecture, and deployment models and a discussion of how Mobile Information Server fits into a WAP deployment.
WAP Basics
In June 1997, four forward-thinking companies—Ericsson, Motorola, Nokia, and Openwave Systems (formerly Phone.com and Unwired Planet)—joined together to create a new technology called WAP for delivering Internet content to wireless and mobile devices. In December 1997, the four companies formed the WAP Forum to develop WAP as a standard protocol and open the door for other companies to participate in developing and managing the standard. About 400 companies have joined the WAP Forum.
Since WAP's first release in April 1998, the WAP Forum has issued two additional releases. The current version is WAP 1.2, dated November 1999. The WAP Forum is developing another major release with the working name WAP June 2000 Conformance Release.
WAP lets you use a WAP-enabled wireless device to exchange data with wired Internet-content servers. When compared with their wired counterparts, wireless devices generally have smaller screens, less processing power, less memory, limited input capabilities, and slower network connections (typically from 9.6Kbps to 19.2Kbps). Figure 1 shows a basic model of WAP communication. To request Internet content, a user enters a URL (e.g., http://www.acme.com) at a WAP device, which uses WAP to send the URL to a WAP gateway. When the WAP gateway receives the request, it converts the request to a valid HTTP-based URL request. After the WAP gateway checks the DNS server for the IP address associated with the URL, the gateway forwards the HTTP URL request to the Web content server (the origin server, in WAP parlance) over the Internet or over an IP network.
The origin server treats the received request from the gateway as a regular HTTP request and uses HTTP to return the requested information or content, such as a stock quote, in the HTML format to the gateway. HTML has too much overhead for efficient transmission over the current generation of low-bandwidth wireless connections and less powerful wireless devices. WAP uses a much simpler and more efficient markup language called Wireless Markup Language (WML). When the gateway receives the HTTP-based information, the gateway converts the HTML content into WML content that the WAP device can understand. The gateway can even encode the WML content into a compact binary format to reduce the packet size. The gateway then uses WAP to forward the content to the mobile device, which in turn decodes and interprets the content and displays it in the device's microbrowser.
The WAP gateway plays three important roles in fulfilling the WAP client's request for Web content. First, it performs the protocol translation between the WAP client and the HTTP server. Second, it converts the content format from HTML to WML, called format transcoding. And third, it provides a secure tunnel for data traveling between the WAP client and the Web server. Some vendors call the WAP gateway a proxy server because it links the WAP and Web traffic.
WAP Architecture
WAP is a set of wireless communication protocols with a layered architecture similar to the International Organization for Standardization (ISO) Open System Interconnection (OSI) network model. The ISO OSI model has seven layers; WAP has six, as Figure 2 shows. Each layer performs a function and interacts with the layer above and the layer below to complete a WAP transaction. For example, when a WAP client submits a URL request on a WAP device, the device processes the request starting at the application layer and moving through all the layers until it sends the request to a WAP gateway over the network layer.
Let's take a look at each layer in WAP. Wireless Application Environment (WAE) at the application layer consists of six key components: the microbrowser, WML, WMLScript, Wireless Telephony Application (WTA), Push Over the Air (OTA) protocol, and Push Access Protocol (PAP). Like a regular browser, a microbrowser submits requests for information, receives results, interprets the results, and presents them on the screen of a device—in this case, a WAP device. A microbrowser has both WML and WMLScript interpreters. Like HTML, WML defines how to format and display data, but WML is heavily derived from XML. Similar to JavaScript, WMLScript provides programming logic for applications.
In addition to WML, some microbrowsers support HTML and Handheld Device Markup Language (HDML). HDML is a modification of HTML developed by Openwave and was most widely used in cellular phones before WML. For example, the Microsoft Mobile Explorer microbrowser supports HTML, and Openwave's UP.Browser supports HDML.
WTA adds telephony features to WAP so that you can receive calls while browsing and search contact information when receiving a call. Push OTA and PAP let WAP-enabled origin servers push information to WAP clients through WAP gateways.
At WAP's session layer, Wireless Session Protocol (WSP) provides a session service for data exchange between a WAP client and a WAP gateway or a WAP client and an origin server that supports WSP. WSP provides both connection-oriented and connectionless session services. The connection-oriented session service runs over Wireless Transaction Protocol (WTP) layered on top of Wireless Datagram Protocol (WDP). The connectionless session service doesn't require WTP and runs over just WDP. Wireless Transport Layer Security (WTLS) provides optional authentication and encryption services for both types of sessions.
WTP provides transaction services and can use acknowledgment and retransmission to ensure the success of a transaction. WTP supports three classes of transactions: unreliable one-way request (class 0), reliable one-way request (class 1), and reliable two-way request (class 2). In a class 0 transaction, when an initiator sends a message to a responder, the responder doesn't acknowledge the message and the initiator doesn't wait for acknowledgment. You could use class 0 transactions in a typical paging network that doesn't guarantee that pagers receive all sent messages.
In a class 1 transaction, the responder acknowledges the initiator when it receives a message. The initiator can retransmit the message if it doesn't receive an acknowledgment in a specified interval. You could use class 1 transactions in a better paging network that ensures its pagers receive all sent messages.
In a class 2 transaction, the responder answers the initiator's message or request with a result. When the initiator receives the result, it must acknowledge the responder. If the initiator doesn't receive the result or an acknowledgment that asks it to wait for the result, the initiator retransmits the request. If the responder doesn't receive an acknowledgment after sending a result, it retransmits the result. You could use the class 2 transaction in a wireless trading network that requires high reliability.
Wireless networks use radio waves to transmit data. Wireless networks are much easier to hack than wired networks and need plenty of protection. WAP offers WTLS as an option for guaranteeing data privacy and integrity and client/server authentication between WAP clients and gateways. WTLS is derived from the IP protocol Transport Layer Security (TLS), which is also called Secure Sockets Layer (SSL), but WTLS is simpler and more efficient than TLS or SSL. WTLS uses public key infrastructure (PKI) certificates to let WAP gateways and clients authenticate each other and encrypt and digitally sign exchanged data. WTLS certificates can be X.509 certificates or minicertificates, which are smaller and simpler than X.509s.
The WAP Forum designed WAP to run on any wireless network (bearer, in wireless terminology), such as Global System for Mobile Communication (GSM), Code Division Multiple Access (CDMA), and Cellular Digital Packet Data (CDPD). WAP achieves this flexibility through WDP, which provides a consistent interface to the higher layers and lets WAE, WSP, WTP, and WTLS be independent of bearers. Wireless application developers can develop one application and run it on any WAP system. WDP also performs packet segmentation and reassembly and data error detection and correction.
WAP Deployment
WAP has received great support from the industry. Handset vendors such as Ericsson, Mitsubishi, Motorola, NeoPoint, and Nokia have delivered or will deliver WAP-enabled phones. Wireless-product vendors such as Ericsson, IBM, Nokia, and Openwave sell WAP gateways. Wireless carriers and service providers such as AT&T Wireless and BT Cellnet provide WAP services to enterprises and consumers. Some major news and search engine sites, such as BBC News and Yahoo!, support WAP content by using WML. Consumers with WAP-enabled cellular phones access these sites through their service providers. OS and application vendors such as Microsoft and Sun Microsystems are developing WAP application platforms to help enterprises and WAP service providers build better WAP communication environments.
Many IT departments will surely need to implement WAP services for their mobile users soon. The four major WAP deployment models are two tier, three tier, four tier, and five tier. The two-tier deployment model, which Figure 3, page 35, shows, consists only of WAP clients and an all-purpose server that delivers content according to both Internet and WAP standards. The WAP client and server could use WTLS to establish an end-to-end secure tunnel for data exchange. However, easy-to-use commercial products for designing and maintaining HTML and WML content in parallel on the same server don't currently exist.
In contrast with the two-tier scenario, the three-tier deployment model, which Figure 4 shows, leaves the existing origin server intact and adds a WAP gateway between the WAP client and origin server. The WAP service provider's WAP gateway performs format transcoding, protocol conversion, and security processing; the enterprise simply subscribes to the WAP service from the WAP service provider. The disadvantage of this model is a security vulnerability. The three-tier model uses WTLS to secure communication between the WAP client and gateway and TLS to secure communication between the WAP gateway and origin server. The WAP gateway must decrypt content from one security protocol and encrypt it for another security protocol when transferring the content from a wireless to a wired network. Be very sure that a WAP service provider has tight security controls in place before you entrust your enterprise's data to it.
Previous
