1 / 33

Chapter Nine

Chapter Nine. ACG 5458 Internet Standards, Protocols, and Languages. Internet Standards, Protocols, and Languages. The Role of Standards The Global Environment and Standard Setting Standard-Setting Issues, Committees, Structures and Interfaces Internet Protocols and Languages

aletta
Download Presentation

Chapter Nine

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter Nine ACG 5458 Internet Standards, Protocols, and Languages

  2. Internet Standards, Protocols, and Languages • The Role of Standards • The Global Environment and Standard Setting • Standard-Setting Issues, Committees, Structures and Interfaces • Internet Protocols and Languages • Implications for the Accounting Profession

  3. Interesting Aspects of the Internet • Tremendous size and use • High growth rate • Interconnection of different hardware, software, telecommunications, multiple cultures and languages • Lack of designated ownership How is this possible? Because of common, agreed-upon standards for development and operation

  4. ANSI ANSI’s IETF & Nat’l Bureau WWW NII/GII founded ASC X12 IRTF of Standards functioning founded founded founded (renamed NIST) ISOC founded OBI ISO IAB UN/EDIFACT WWW WWWC founded founded founded standard prototyped founded CEFACT approved migration started 1918 1979 1986 1989 1991 1995 1997 1947 1983 1987 1990 1994 1996 Figure 9-1 Time line of major standard setting bodies and internet societies You will only need to know a couple of these - See subsequent slides

  5. Internet Standards - ANSI ANSI - American National Standards Institute • Private nonprofit organization • Voluntary consensus standard setting process • ASC – Accredited Standards Committee • 1979 X12 uniform data standards for interindustry EDI • Has developed over 275 standard transaction sets

  6. Internet Standards - UN/EDIFACT United Nations / Electronic Data Interchange for Administration, Commerce, and Transport • Challenges the US ASC X12 data standard • Is used throughout the world • ASCX12 is migrating towards UN/EDIFACT • XML and XBRL are encouraging possibilities for new common standards

  7. US and International Standard Setting Bodies • UN ECE – United Nations Economic Commission for Europe • CEFACT – Centre for Facilitation of Procedures and Practices for Administration, Commerce, and Transport • ISO – International Organization for Standardization – over 120 member countries • NIST – National Institute of Standards and Technology I will not have these on an exam

  8. Internet Specific Committees ISOC – Internet Society Nongovernmental, international nonprofit with voluntary, consensus standard setting processes • IAB – Internet Architecture Board • IETF – Internet Engineering Task Force • IESG – Internet Engineering Steering Group • IRTF – Internet Research Task Force • RFC - Requests for Comments on new protocols • ICANN – Internet Corporation for Assigned Names and Numbers (Only this one on an exam) • Responsible for domain registration functions • Passed new extensions in November, 2000: .biz, .info, .name, .pro, .museum, .aero, and .coop

  9. World Wide Web Specific Committees • W3C – World Wide Web Consortium • Seed funded by DARPA, CERN, UN/ECE • Goal: to lead the advancement of the Internet through common protocols to ensure its interoperability (Only this one on Exam) • OBI – Open Buying on the Internet • Group of Fortune 500 companies • To encourage B2B marketplace on the Web • GIIC - Global Information Infrastructure Commission • Communication link between organizations and committees • Strong ties with the World Bank and industry leaders • Reducing the Digital Divide is one of lead projects

  10. Region GNP/Capita Net Hosts per 10k PCs per 1,000 Mobile Phones Per 1,000 Phone Lines Per 1,000 Sub-Sahar. Africa $1,440 2.0 8 5 14 South Asia $1,940 0.2 3 1 19 East Asia and the Pacific $3,280 2.0 14 25 70 Middle East and North Africa $4,630 0.4 10 8 81 Europe and Central Asia $5,510 15.0 34 23 200 Latin America and Caribbean $6,340 15.0 34 45 123 United States $20,314 1509.0 459 256 661 European Union $20,440 608.0 311 230 514 Figure 9-4 Levels of access to technology by region Source: GIIC, 2000

  11. Internet Security Committees and Organizations • SEI – Software Engineering Institute - Carnegie Mellon University • CERT – Computer Emergency Response Team (Only this one on exam) • FIRST - Forum of Incident Response & Security Teams • ICSA – International Computer Security Association • US Government Agencies • NIST’s CSRC – Computer Security Resource Clearinghouse • CSTC – Computer Security Technology Center • CIAC – Computer Incident Advisory Capability • FedCIRC – Federal Computer Incident Response Capability • Advanced Security Projects • Secure Systems Services

  12. The Difference Betweena Protocol and a Computer Language • Protocols are agreed-upon methods of communicating and transmitting data between telecommunication devices. • Computer languagesfocus on communicating with the computer and its operating system.

  13. Internet Security Protocols and Languages • Interoperability: the capability for applications running on different computers to exchange information and operate cooperatively. • OSI – Open Systems Interconnections • 1984 model for the standardization of data communication procedures that support interoperability

  14. Figure 9-5 OSI model APPLICATION LAYER PRESENTATION LAYER UPPER LAYERS SESSION LAYER TRANSPORT LAYER NETWORK LAYER DATA LINK LAYER PHYSICAL LAYER LOWER LAYERS

  15. TCP/IP STACK OSI MODEL APPLICATION APPLICATION PRESENTATION SESSION TRANSPORT TRANSPORT INTERNET (IP) NETWORK DATA LINK NETWORK INTERFACE PHYSICAL Comparison of Models

  16. OSI Model Layers • Application layer: connects operating system to system and user applications • Presentation layer: controls the syntax (format) of the data transferred – HTML • Session layer: Establishes and maintains connections, checks on packets integrity • Transport layer: TCP controls the packet routing on the Internet • Network layer: IP addresses determine ultimate end node of the Internet • Data link layer: controls data transmission from one computer to the next- can be connection or connectionless • Physical layer: controls the transfer of bits from the computer to the telecommunications medium

  17. The TCP/IP Protocol • Works in the network and session layers • Guarantees delivery of all data packets • Is built into the UNIX operating system • Microsoft Windows interface: Winsock • IP address must be present for sender and receiver for TCP/IP to work • IPv4 is 32 bits, has 4-byte sections 3 classes for large, medium and small networks 2 classes for special and experimental purposes • IPv6 has 128 bits to accommodate more hosts • Domain names (Universal Resource Locators) help transform these streams of numbers into meaningful code: Disney.com

  18. Order of Bits 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 0 Network Identifier 7 bits CLASS A Host Identifier 24 bits: 224 = 16,777,216 possible hosts 10 Host Identifier 16 bits: 216 = 65,536 possible hosts Network Identifier 14 bits CLASS B Host Identifier 8 bits: 28 = 256 possible hosts 110 Network Identifier 21 bits CLASS C Figure 9-6 The IPv4 protocol

  19. Common Top Level Domain Name Extensions Top level domain names (managed by ICANN): • .edu = higher education organizations • .com = commercial organizations • .net = Network providers • .org = Nonprofit organizations • .es, .uk, .ca, .de = countries (Spain, United Kingdom, Canada, Germany) • .gov = government agency New Global Top Level Domain Names: Generic Top Level Domain Memorandum of Understanding (gTLD): .biz, .info, .name, .pro, .museum, .aero, .coop

  20. Telnet and FTP • Both run on top of TCP/IP in Session layer • Both allow remote access and activity Usually use a combination of user-id and password to enter the network • Telnet - allows remote terminal emulations and logins • File Transfer Protocol (FTP) file transfers to a server: for file uploads and downloads

  21. NTTP, HTTP and HTTP 1.1 • NTTP – Network News Transfer Protocol for the News Industry to transfer and search for articles on the Internet • Hypertext Transfer Protocol - (HTTP) • Basic WWW protocol: request/response • Runs on top of the TCP protocol in Presentation layer • Defines message formats and transmissions • Defines web server and browser commands • PEP Protocol Extension Protocol allows dynamic interactions for transaction-based applications • HTTP- 1.1 the next generation! RFC 2774 • S-HTTP (EIT) – secures message (lock at bottom of your browser screen) produces a digital signature

  22. SGML and HTML • SGML – standard generalized markup language • Independent of Hardware and Software • Data encoding system that promotes data sharing by tagging data with: Data – structure – format (look) • DTD: document type definition are the rules for SGML • HTML – hypertext markup language • Encodes and recognizes documents <start> </finish> • Not as flexible as SGML

  23. XML XML – eXtensible Markup Language (WWW3) • Allows customized tags: More flexible than HTML • License-free, platform independent, well-supported. • Supports Web/EDI solutions • Method for putting structured data into a text file that is not meant to be read as is: • Uses the tags to delimit the data, leaving the interpretation of the data to the application that reads it • Is a family of technologies: XLink, XFragments, Xpointer • Requires more bits than comparable binary formats

  24. Java Object-oriented programming language, not a protocol • Developed by SUN Microsystems in 1995 • Platform neutral • Benefit: runs anywhere • Costs: less efficient in processing due to the additional processing layer and the need for a JAVA interpreter (termed the virtual machine), • Portable: Write Once, Run Anywhere • Supports GUIs and client/server applications • Similar to C++ • Hot Java – first Java- enabled web browser with “applets” • MID: Sun’s wireless JAVA profile for PDAs and cell phones

  25. Messaging (e-mail) Protocols Basic Mail Protocols: • SMTP: Protocol to pass e-mails from server to server on the Internet • POP2: SMTP server to desktop “store + forward”: messages are downloaded periodically • POP3: Newer version of POP2 without the need to have an SMTP server. E-mails are downloaded, read, and discarded • IMAP4: Remote file server: read the files from the server – no downloading • ACAP: IMAP capabilities plus user preferences are stored on the server: great for traveling workers.

  26. Security-Enhanced Mail Protocols • X400 – Protocol that requires e-mail messages to pass through known, trusted carriers such as AT&T or MCI • PEM – Privacy Enhanced Mail Protocol • Origin authentication and Nonrepudiation, • Message integrity and Confidentiality • MIME – Multipurpose Internet Mail Extension protocol – allows multimedia • MOSS – MIME Object Security Services • Adds some security to MIME • Allows ASCII and non-ASCII message formats

  27. Security-Enhanced Mail Protocols • S/MIME – alternative to MIME/MOSS • Developed by RSA Data Security based on public keys • Adds digital signatures and encryption; • MSP – mail protocol of the US Government • PGP- Pretty Good Privacy • Developed by Phillip Zimmerman • Uses public key encryption technology • For individuals there is a free download available go to MIT’s web site for the PGPv6.5

  28. S-HTTP and SSL • S-HTTP is a method of secure transmission • Developed by a private organization, Enterprise Integration Technologies (EIT) • Uses encryption and produces a digital signature • SSL - Secure Sockets Layer, creates a secure session with a web server - Developed by Netscape - Uses public and private key encryption - Does not produce a digital signature - Can be used with S-HTTP for enhanced security

  29. SET • SET: Secure Electronic Transmission • Uses public and private key encryption (DES and RSA) • Ensures confidentiality and integrity • Authenticates both merchants and cardholders • Is interoperable with other protocols • 13 European and 5 Asian countries have adopted SET • US companies use the SSL/S-HTTP combination

  30. Figure 9-12 The role of SET in the electronic shopping experience Cardholder browses Cardholder fills Cardholder selects through merchandise order form after items to be via some form of possible price purchased catalog negotiation Cardholder gives order and payment instructions and digitally signs them Merchant requests Cardholder selects payment authorization payment mechanism from cardholder’s financial institution Merchant requests Confirmation sent by Merchant ships goods payment from merchant to to cardholder cardholder’s financial cardholder institution Source: SET Specification, 1997

  31. Comparison of Features SSL SET Encryption of data during transmission? Yes Yes Confirmation of message integrity? Yes Yes Authentication of merchant? Yes Yes Authentication of consumer? * can be used in SSLv3 No* Yes Transmission of specific data only on a “need to know” basis? No Yes Inclusion of bank or trusted third party in transactions? No Yes No need for merchant to secure credit card data internally? No Yes

  32. Mobile Protocols Mobile devices include digital phones, pagers, and personal digital assistants Mobile Internet access is used for email, electronic payments and vending machine use. WAP: Wireless Application Protocol • Developed by Ericsson, Motorola, Nokia, and Unwired Planet • Challenges include: • Smaller display, limited memory, and slow processing • HTML tags do not all translate well to the small screens • Transmission security is a huge concern • WML:Wireless Markup Language has been developed to overcome some of these challenges • WTLS:Wireless Transport Layer Security Specification adds security through encryption and authentication

  33. Implications for theAccounting Profession Accountants need to understand Internet protocols to be able to evaluate a client’s information system reliability and security. Accountants need to become more active in Internet standard-setting processes.

More Related