Part I D MA TE RI AL Overview of Commerce TE In This Part CO PY RI GH Chapter 1: Internet Era: E-Commerce Chapter 2: Mobile Commerce Chapter 3: The Important “-ilities”
Chapter 1 Internet Era: E-Commerce This chapter does not intend to bore you with history and old-age content. Quite the contrary; we want to fast forward to new-age technology and e-commerce core concepts. However, it is essential to understand the basic yet prominent building blocks of the field of commerce before we dig into the new era.
Part I n Overview of Commerce With the recent popularity of digital social networking, the first definition of commerce is gaining more relevance; however, it is the second meaning that is our primary focus in this book1. We would also like to add the term “services” to “ideas” and “opinions” in the preceding definition so that the term becomes more relevant for our purposes. Not only is commerce a fundamentally social phenomenon, it is also a very human-specific act.
Chapter 1 n Internet Era: E-Commerce The concept of tangible vs. intangible goods is not specific to e-commerce; it has existed for almost as long as commerce has. Unlike most humans, computers work with binary values, zeros and ones, and digital entities. With the introduction of e-commerce, we have had to create yet another dichotomy to delineate what can be transported in computer-understandable format and what cannot. This is where the distinction between digital and hard goods is made.
Part I n Overview of Commerce became apparent. Introduction of money into commerce was a major leap toward making commerce scalable and to enable it to expand across the world. In this section, we discuss the foundation of payment, its main component (money), and the mechanics of money movement in modern systems. Money Early barter systems did not include a notion of money as it was a more advanced economic (and of course, social) construct that came in later.
Chapter 1 n Internet Era: E-Commerce for the digital age. The notion of credit as we use it in today’s commerce evolved in the late 1960s. However, using a card to represent credit is a bit older. The concept of using a card for purchases was described in 1887 by Edward Bellamy in his utopian novel Looking Backward (Signet Classics, 2000). Bellamy used the term “credit card” 11 times in this novel. The modern credit card was the successor of a variety of merchant credit schemes.
Part I n Overview of Commerce Insurance Securities Auto Loans HELOCs Mortgages Loans Credit Cards CDs Retail or Consumer Banking Checking Deposits Equipment Leasing/Fin. Investment Banking Commercial Lending LOC ForeX Wire Transfer Cash Management Wholesale or Commercial Banking Commercial Checking Banking Savings 8 Figure 1-1: Financial services overview At a very high level, a financial transaction takes place when a consumer (buyer) exchanges value with a merchant (seller).
Chapter 1 n Internet Era: E-Commerce Financial Instrument Network Examples Wire transfer Domestic wires GSIT, CHAPS, Federal Reserve Financial Services International wires SWIFT International Private label credit Private networks Cetelem, GE, CitiBank Prepaid cards Private networks Apple iTunes, AT&T, Starbucks, and so on In Table 1-1, the two main networks, namely bank and credit card networks, deserve a little more attention as your e-commerce system will very likely deal with them very f
Part I n Overview of Commerce ODFI Clearing House Routing # (9 digits) Account # RDFI Check # Originator Receiver TRANSIT SYMBOL ON US SYMBOL Figure 1-2: ACH process Card Processing ACH deals with the movement of money from one bank account to another. The ACH model, although specific to the United States, more or less has a similar foundation to most banking systems in other countries.
Chapter 1 n Internet Era: E-Commerce In the closed-loop model, a single entity issues cards, handles merchants, sets transaction rules, provides switching services, and manages the network brand. The closed-loop model was originally created by American Express and is the operation model for Discover and JCB networks. Other closed-loop schemes include private-label credit cards and stored-value, and prepaid cards.
Part I n Overview of Commerce Credit card schemes operate based on a financial structure called the interchange rate. In layman’s terms, the interchange rate is the cost of transferring money between the acquirer and the issuer. Interchange was originally intended to reimburse the issuers for some of their operational costs, and therefore is explicit revenue for the card issuers. As such, the interchange rate, although set by the card schemes, is not a revenue source for them.
Chapter 1 n Internet Era: E-Commerce In the European Union, the Single Euro Payment Area (SEPA) delivers a single payment market that is used for all EU payments, both domestically and cross-border. Although SEPA offers a single currency, the payment models are fragmented when it comes to bank transfers and direct debits. Some countries in Europe are not even members of SEPA but rely heavily on commercial and financial interactions with SEPA members.
Part I n Overview of Commerce (hard-currency) payments and toward electronic payment to increase tax revenues and reduce the financial risks imposed by black markets. Figure 1-6 illustrates the characteristic financial behaviors of some main APAC countries. CN: Highly regulated marketplace, currency restrictions, huge centralized card market, fragmented banks transfer and direct debit market. No central clearing house.
Chapter 1 n Internet Era: E-Commerce and M-Commerce (mobile payment and commerce respectively). In short, mobile payment uses the mobile phone (or other mobile device) as a conduit to access an account (the purchasing account).
Part I n Overview of Commerce As you noticed, we don’t classify initiating a payment (such as a bank transfer while within the mobile banking provided by banks) as a mobile payment: It is simply a feature of mobile banking.4 In addition to mobile payment options, other payment solutions are gaining traction in the financial industry. A very active solution is iTunes by Apple, Inc., which is categorized as a micropayment aggregation mechanism.
Chapter 1 n Internet Era: E-Commerce online commerce. Let’s start with the client/server model and make our way up to the more advanced cloud computing paradigm because that is how scalable e-commerce sites have started and ended up. This section is more technical in nature so fasten your technical seatbelts as the fun is about to start. Client/Server In the first chapter, we covered the basics of computing and noted its primary model: standalone computing in a single system.
Part I ■■ ■■ n Overview of Commerce Scalability: Client/server systems can be scaled horizontally or vertically. Horizontal scaling means adding or removing client workstations with only a slight performance impact. Vertical scaling means migrating to a larger and faster server machine or multi-servers. Integrity: The server code and server data is centrally maintained, which results in cheaper maintenance and guarding of shared data integrity.
Chapter 1 n Internet Era: E-Commerce consistent, pervasive, and inexpensive access to high-end computational capabilities.” Over the years, even Foster’s definition of a computational grid has evolved, by his own admission.
Part I n Overview of Commerce Disparate Systems Sharing Distributed Computing P2P (peer-to-peer) Homogeneous High Performance Computing Results in high performance Clusters Resource sharing Mainly for file sharing Close to each other Geographically sparse No existing framework Grids Disparate systems Resource sharing Geographically sparse Within a framework Clouds Web Services Heterogeneous application interaction Figure 1-8: Evolution of Grid Computing Cloud Computing Cloud computing is
Chapter 1 n Internet Era: E-Commerce computing deconstructs the datacenter by distributing its functionalities across the Internet and making those functionalities accessible as services. Following the same evolution, the datacenter functionalities in question are evolving from custom built and special purpose, to become services that are shared among various users, potentially external to the legacy environment.
Part I n Overview of Commerce accounting and monitoring, user interface, service backend, and so on. These components are collectively layered on top of infrastructure management functions and access them through a service layer. ■■ ■■ ■■ ■■ Infrastructure management services: This is a service layer that exposes the functions of the infrastructure management.
Chapter 1 ■■ ■■ n Internet Era: E-Commerce The capability to match resource requests to available resources in accordance to policies and business objectives The ability to reject resource requests in a graceful manner based on policy exceptions ■■ The capability to predict and plan resource utilization ■■ Policies to drive the resource sharing behavior ■■ Optimization of resource allocation based on usage and Service Level Agreements (SLA) Physical Abstraction There should be no dependencies bet
Part I ■■ ■■ n Overview of Commerce Defining pre-approved requests. This is an operational step that will enable the operations that are performed within a pre-defined framework to bypass most approval levels. The definition of a service catalog that exposes a self-service interface to the cloud users. SLA-Driven Management The management of IT services based on service level agreements (SLA) provides a way to describe contracts between the provider and the users.
Chapter 1 n Internet Era: E-Commerce Service Orientation Service orientation means to accomplish loose-coupling between application components to enable composition and facilitate rewiring of application components dynamically. Service orientation also enables quality of service (QoS) mechanisms that are implemented by the infrastructure (such as rate limitation), which in turn facilitate the resource management at the datacenter level.
Part I n Overview of Commerce Information security aspects of any shared infrastructure are concerned with secure communication, authentication, and single sign-on (SSO) and delegation. Secure communication issues include those security concerns that arise during the communication between two entities. These include confidentiality and integrity issues. All data sent by users should be accessible to only legitimate receivers: This is referred to as confidentiality.
Chapter 1 n Internet Era: E-Commerce of a single sign-on (SSO) functionality that is integrated with these tools provides the best way to avoid proliferation of passwords and login methods both for system administrators as well as automation tools.
Part I n Overview of Commerce or not possible for a fully automated model.
Chapter 1 n Internet Era: E-Commerce to delegate his rights further. Determining trust relations between participant entities in the presence of delegation is important, and delegation mechanisms must rely upon stringent trust requirements. Freshness Freshness is related to authentication and authorization and is important in many management applications, or more generally, shared services.
Part I n Overview of Commerce that even if the job is malicious, it remains confined to the isolated environment. This type of isolation can be achieved through several mechanisms: ■■ ■■ ■■ ■■ Application-level sandboxing: This mechanism, also known as Proof Carrying Code (PCC), enables the code provider to generate proofs of the safeness of the code and embed it inside the compiled code.
Chapter 1 n Internet Era: E-Commerce Authorization Another important security mechanism that must be implemented in a scalable way in cloud computing is authorization infrastructure. Similar to any other resource sharing systems, cloud computing requires resource-specific and system-specific authorizations. It is particularly important for systems where the resources are shared between multiple participants, and participant-wide resource usage patterns are predefined.
Part I n Overview of Commerce for the credentials sent by the user. There are two types of overheads associated with such systems. There is an overhead of generating the CRLs to send to the access controller. However, the more significant overhead is that each time the access controller performs an access check it needs to see whether there is a CRL associated with each user credential. This may lead to a loss of scalability, especially if there are a huge number of users.
Chapter 1 n Internet Era: E-Commerce solutions try to prevent the attack from taking place by taking precautionary measures. Reactive solutions, on the other hand, react to a DoS attack and are generally used to trace the source of the attack. Some examples of preventive solutions are filtering, throttling, location hiding, and intrusion detection. Examples of reactive solutions include logging, packet marking, and link testing.
Part I n Overview of Commerce In the context of cloud computing, for the applications whose intent is not to be malicious the, top threats appear to be the following. The list of attack vectors is not ranked in any specific order: ■■ ■■ ■■ ■■ ■■ ■■ XSS (Cross Site Scripting): Starting point for many of the attacks listed here. XSS vulnerabilities can be exploited to inject whatever code is desired. Proper input validation would prevent this.
Chapter 1 n Internet Era: E-Commerce Operational Aspects The operations aspect of cloud computing security should address its nodes (hosts) and its communication network. Host-Level Security Host-level security issues are those that make a host apprehensive about affiliating itself to the cloud computing system. The main issue here is data protection. Whenever a host is affiliated to the infrastructure, one of the chief concerns is the protection of an already-existing data in the host.
Part I n Overview of Commerce passwords for message exchange, which do not counter the advanced attacks such as source misbehavior. Inconsistency detection is an attractive technique that is available today and can be deployed. ■■ Vetting: Vetting in the context of cloud computing applies to the following categories: ■■ ■■ ■■ ■■ Vendors: This item applies only if a third-party entity acts as the provider of infrastructure.
Chapter 1 n Internet Era: E-Commerce store and manage the credentials for a variety of systems and users who can access them according to their needs. This mandates specific requirements for the credential governance systems. For typical distributed management credential governance systems, mechanisms should be provided to obtain the initial credentials. This is called the initiation requirement. Similarly, secure and safe storage of credentials is equally important.
Part I n Overview of Commerce well-defined mechanisms to understand and manage the trust levels of systems and new hosts that join the infrastructure. The trust life cycle is mainly composed of three different phases: trust establishment, trust negotiation, and trust management: ■■ ■■ ■■ Trust establishment: The trust establishment phase is generally done before any trusted group is formed, and it includes mechanisms to develop trust functions and trust policies.
Chapter 1 n Internet Era: E-Commerce Furthermore, there should be a configurable infrastructure level MLT to ensure the health of the system as a whole. Infrastructure level monitoring systems are much more flexible than other monitoring systems and can be deployed on top of other monitoring systems. Many of the infrastructure level monitoring systems provide standards-based interfaces for interacting, querying, and displaying information in standard formats.
Part I n Overview of Commerce 6. Chakrabarti, A. Grid Computing Security, Springer 2007. 7. www.yousendit.com 8. Stoica, I., et al.,“A Scalable Peer-to-peer Lookup Service for Internet Applications,” in Proc. ACM SIGCOMM, San Diego, 2001. 9. Ratnasamy, S., A Scalable Content Addressable network, Ph.D. Thesis, University of California, Berkeley, 2002. 10. http://csrc.nist.gov/rbac/ 11. http://docs.oasis-open.org/xacml/2.0/access_ control-xacml-2.0-core-spec-os.pdf 12.