You are previewing Designing Systems for Internet Commerce, Second Edition.
O'Reilly logo
Designing Systems for Internet Commerce, Second Edition

Book Description

Thanks to advances in Internet commerce, every enterprise—even the smallest home-based business—now has the power to create a global presence. Each day, more businesses are drawn to the promise of increased access to customers, combined with dramatic cost reductions. However, consumer expectations and demands seem to increase daily. The major challenge in building successful Internet commerce sites continues to be how to use Internet technology most effectively to deliver added value to customers.

Written by two of the leading authorities in the field of Internet commerce, Designing Systems for Internet Commerce, Second Edition, explores the core issues surrounding the construction of successful Internet commerce systems. It provides a solid foundation, focusing on best practices and approaches for Internet architecture and design. This significant new edition reflects lessons learned since the late 1990s, explaining how and why essential technologies and commerce issues have evolved and how those changes have resulted in a new era for commerce systems. Topics covered include:

  • Extensible markup language (XML)

  • The evolution of shopping carts and order management

  • Integration with enterprise applications

  • Development of reliable and scalable systems

  • Mobile and wireless systems and technologies

  • Designing Systems for Internet Commerce is your key to building a commerce site that will meet your business needs and satisfy demanding customers.

    With a focus on problem solving, the authors share their mastery with you as they explore the major challenges and obstacles related to Internet commerce architecture and strategy. This comprehensive coverage includes:

  • Core Internet business strategy

  • Retail and B2B systems

  • Information commerce business models with case studies

  • Functional architecture

  • Implementation strategies, such as outsourcing, custom development, packaged applications, project management, 7x24 operation, and multiorganization operation

  • The building blocks of Internet commerce, including media and application integration, sessions and cookies, object technology, and application servers

  • Proven strategies for system design

  • Creating and managing content

  • Essential considerations in cryptography and system security

  • Payment systems and transaction processing



  • 0201760355B08262002

  • Table of Contents

    1. Copyright
      1. Dedication
    2. Preface
      1. Changes in the Second Edition
      2. Acknowledgments
    3. 1. Introduction
      1. Why the Internet and Why Now?
        1. Access to a Global Market
        2. Dramatic Reduction in Distribution Costs
      2. Strategic Issues
        1. Concentration Versus Empowerment
        2. New Competitive Challenges
      3. What Do We Mean by “Internet Commerce”?
        1. Other Types of Electronic Commerce
      4. Business Issues in Internet Commerce
      5. Technology Issues in Internet Commerce
      6. Who Owns Internet Commerce in an Organization?
      7. Structure of the Book
        1. Part One: The Business of Internet Commerce
        2. Part Two: The Technology of Internet Commerce
        3. Part Three: Systems for Internet Commerce
    4. One. The Business of Internet Commerce
      1. 2. The Commerce Value Chain
        1. Introducing the Commerce Value Chain
        2. Components of the Commerce Value Chain
          1. Attract Customers
          2. Interact with Customers
          3. Act on Customer Instructions
            1. Order Processing
            2. Payment
            3. Fulfillment
          4. React to Customer Inquiries
        3. Who Is the Customer?
          1. Developing Customer Relationships with Internet Commerce
        4. Marketing on the Internet
          1. The Internet Is Different from Other Media
          2. The Internet Is the Same as Other Media
          3. Understanding the Demographics
          4. One-to-One Marketing
          5. Advertising
        5. Doing Business Internationally
          1. International Software
          2. International Content
          3. Privacy
        6. The Legal Environment
          1. Taxation
          2. Digital Signatures
          3. Regulation of Cryptography
          4. Denied Parties
          5. The Problem of Uncertainty
        7. Summary
      2. 3. Internet Business Strategy
        1. Commerce and Technology Revolutions
        2. A Historical Analogy
        3. The Internet Value Proposition
          1. Transforming Customer Relationships
          2. Displacing the Sources of Value
        4. Four Strategies
          1. Channel Master
            1. Example: Cisco Systems
          2. Customer Magnet
            1. Example: Yahoo
          3. Value Chain Pirate
            1. Example: Autoweb
          4. Digital Distributor
            1. Example: Monster.com
        5. New Competitive Threats
        6. New Competitive Opportunities
        7. Disintermediation and Reintermediation
        8. Summary
      3. 4. Business Models—Some Case Studies
        1. Introduction to Business Segments
          1. Segment Granularity, Market Size, and Timing
          2. Segment Similarities and Differences
          3. Commerce Value Chain
        2. Consumer Retail
          1. Value Proposition
          2. System Functionality
          3. Attract—Advertising and Marketing
          4. Interact—Content
          5. Act—Order Processing
          6. Act—Payment
            1. Cash
            2. Credit
            3. Check
            4. Debit Cards
            5. Credit and Charge Cards
            6. Summary
          7. Act—Fulfillment
            1. Relationship Between Payment and Fulfillment
          8. React—Customer Service
            1. Opportunities for Improved Service
            2. Opportunities for Reduced Costs
        3. Business-to-Business Models
          1. Value Proposition
          2. Differences in Relation to Consumer Retail
          3. Attract—Advertising and Marketing
          4. Interact—Content
            1. Searching Is Essential
            2. Custom Catalogs
          5. Act—Order Processing
            1. Approvals and Workflow
            2. Delegation
          6. Act—Payment
            1. Purchase Orders
            2. Procurement Cards
            3. Electronic Funds Transfers
          7. Act—Fulfillment
          8. React—Customer Service
        4. Information Commerce
          1. Value Proposition
          2. Business Models
            1. Advertiser Support
            2. Subscription Services
            3. Bundling Arrangements
            4. Document Sales
            5. Usage-Based Charging
            6. Information Marketplace
          3. Differences in Relation to Consumer Retail and Business-to-Business Cataloging
            1. Requirements for Customer Systems
          4. Interact—Content
          5. Act—Order Processing
          6. Act—Payment
            1. Electronic Cash
            2. Microtransactions and Tokens
            3. Transaction Aggregation
          7. Act—Fulfillment
            1. Downloading
            2. Subscriptions
            3. Push Content
          8. React—Customer Service
            1. Copy Protection and Rights Management
        5. Summary
      4. 5. Conflicting Goals and Requirements
        1. Goals of the Participants
          1. Buyers
            1. Retail Customers
            2. Business Customers
          2. Sellers
          3. Financial Processors
          4. Government
        2. The Role of Standards
          1. Late Versus Early Standardization
            1. Late Standardization
            2. Early Standardization
          2. Standards for Internet Commerce
          3. Standards of Good Practice
        3. Privacy Versus Merchandising
          1. Platform for Privacy Preferences
          2. Cookies
            1. What Are Cookies?
            2. What Are the Benefits?
            3. What Is the Downside?
        4. Summary
      5. 6. Functional Architecture
        1. What Is Architecture?
        2. Core Architectural Ideas
          1. Understanding of Roles
          2. Decomposition of Functions
          3. Linking Content to Transactions
          4. Trust Models
        3. Roles
          1. Customer Roles
          2. Business Roles
          3. Roles and Reality
        4. Components
          1. Customer Components and Clients
          2. Seller Components and Servers
        5. Examples of System Architecture
          1. Web Server with Order Form
          2. Open Market Distributed Commerce Architecture
          3. Federated Commerce System
          4. Business-to-Business Purchasing
            1. Transaction Flow in the OBI Model
        6. Summary
      6. 7. Implementation Strategies
        1. Organizing for Internet Commerce
        2. Planning the Implementation
        3. Outsourcing
        4. Custom Development
        5. Packaged Applications
        6. Working with System Integrators
        7. The Roles of Internet Service Providers
          1. Communications Services
          2. Hosting Services
          3. Application Service Providers
          4. Commerce Service Providers
          5. Web Services
        8. Project Management
        9. Staying Up-to-Date
          1. Issues for the Business
          2. Issues for the Customers
        10. The Role of Standards
        11. 24/7 Operation
        12. Security Design
        13. Multiorganization Operation
        14. Summary
    5. Two. The Technology of Internet Commerce
      1. 8. The Internet and the World Wide Web
        1. The Technology of the Internet
        2. Development of the Internet
        3. Design Principles of the Internet
        4. Core Network Protocols
          1. Physical Layer
          2. Internet Protocol (IP)
          3. Unreliable Datagram Protocol (UDP)
          4. Transmission Control Protocol (TCP)
          5. Domain Name System (DNS)
        5. The World Wide Web
          1. Web Fundamentals
          2. Uniform Resource Locators
          3. Web Protocols
            1. HyperText Transfer Protocol (HTTP)
            2. Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
          4. Other Web Tools
        6. Agents
        7. Intranets
        8. Extranets
        9. Consumer Devices and Network Computers
        10. The Future of the Internet: Protocol Evolution
        11. Summary
      2. 9. Building Blocks for Internet Commerce
        1. Components in an Internet Commerce System
        2. Content Transport
          1. Pull Content
            1. Protocol Variations
            2. Caching
            3. Effects of Caching on Commerce Applications
            4. Offline Browsers
          2. Push Content
          3. Peer-to-Peer Networking
          4. Extension Mechanisms
            1. MIME Types
            2. Plug-ins
            3. Scripting
            4. Applets
            5. Controls
          5. Client Software Requirements
        3. Media and Application Integration
          1. E-Mail and the Web
          2. Television and the Web
          3. Print and the Web
        4. Server Components
          1. The Common Gateway Interface (CGI)
          2. Beyond CGI
            1. Server APIs
            2. FastCGI
          3. Server-Side Scripting
          4. Database-Driven Templates
        5. Programming Clients
          1. Scripting
          2. Java
          3. ActiveX
        6. Sessions and Cookies
          1. Why Sessions Are Important
          2. State and Sessions
            1. State Kept in Database
            2. State Kept in Application
            3. State Kept in Client
          3. Session and Client State Mechanisms
            1. Authentication Mechanisms
            2. Dynamic URLs
            3. Cookies
            4. Forms
            5. Applets
        7. Object Technology
          1. CORBA
          2. COM
          3. JavaBeans/RMI
          4. Web Services
          5. Implications of Object Technology for Internet Commerce
        8. Application Servers
        9. Commerce Client Technology
          1. Advantages of Clients for Commerce
          2. Disadvantages of Clients for Commerce
          3. Client Functionality
          4. Commerce Client Examples
        10. Delivering Digital Goods
          1. Securing Delivery
          2. Failure Recovery
            1. Auditability
          3. Rights Management
            1. Secure Container Technology
            2. Fingerprinting and Watermarks
        11. Summary
      3. 10. System Design
        1. The Problem of Design
        2. A Philosophy of Design
          1. Understanding the Customer's Requirements
          2. Planning for Evolution
          3. Starting Small
          4. Keeping Options Open
          5. Developing an Architecture
        3. An Architectural Approach
          1. Performance and Scaling
          2. Reliability
          3. Transactions
          4. Managing State
        4. Security
        5. Design Principles Versus Technology Fads
        6. Summary
      4. 11. XML and Web Services
        1. What Is XML?
          1. XML Content for People
          2. XML as an Interchange Format
          3. Why XML Is Successful
          4. Origins of XML
          5. Other Options
        2. Basic XML Standards and Technologies
          1. XML
          2. Namespaces and Schemas
          3. DOM and SAX
          4. XPath
          5. XLink and XPointer
          6. XSL and XSLT
          7. XML for Presentation
        3. XML for Data Exchange
          1. OAGI
          2. ebXML
          3. RosettaNet
        4. XML for Communications—Web Services
          1. The Vision of Web Services
          2. Remote Procedure Calls
          3. SOAP
          4. WSDL
          5. UDDI
        5. XML for Applications
          1. XML Data Storage
          2. XML Processing
          3. XML Transformation
          4. XML Data Access
        6. Summary
      5. 12. Creating and Managing Content
        1. What the Customers See
        2. Basic Content
          1. Basic Formatting
            1. Text
            2. Lists
            3. Images
            4. Forms
          2. Advanced Formatting
            1. Tables
            2. Frames
            3. Image Maps
          3. Controlling Appearance
          4. Web Pages and Forms
          5. Images
            1. Image Maps
          6. Multimedia
          7. Other Types of Content
            1. VRML
            2. PDF
            3. Flash and Shockwave
        3. Tools for Creating Content
          1. Desktop Publishing Tools
          2. Database Connectors
        4. Managing Content
          1. Creation
          2. Editing
          3. Staging and Testing
            1. Content Testing
            2. Link Testing
            3. Commerce Testing
            4. Indexing
            5. Editorial Review
          4. Production
          5. Archiving
        5. Multimedia Presentation
        6. Personalization
          1. Authentication and Identity
            1. Browser Cookie
            2. Name and Password for a Single Site
            3. Central Authentication Database with Delegation
            4. Personal Digital Certificates
          2. User Profiles
            1. Registration Information
            2. Optional User-Supplied Information
            3. Linked Information
            4. Browsing Information
            5. Storing Profiles
          3. Custom Content
            1. Personal Newspaper
            2. Custom Catalog
            3. Merchandising
            4. Summary
        7. Integration with Other Media
          1. URLs in Advertising
          2. CD-ROMs and DVDs
          3. E-Mail and the Web
          4. Wireless and Mobile Devices
        8. Summary
      6. 13. Cryptography
        1. Keeping Secrets
        2. Types of Cryptography
          1. Algorithms, Modes, Protocols, and Key Management
        3. How to Evaluate Cryptography
          1. Cryptographic Strength
        4. Operational Choices
          1. Key Length
          2. Key Updates
        5. One-Time Pads
        6. Secret-Key (Symmetric) Cryptography
          1. Block Ciphers and Stream Ciphers
          2. Secret-Key Cryptosystems
        7. Public-Key (Asymmetric) Cryptography
          1. A Public-Key Cryptography Example
          2. Public-Key Cryptosystems
            1. RSA
            2. Elliptic Curves
        8. Modes
          1. Electronic Codebook Mode
          2. Cipher Block Chaining Mode
          3. Cipher Feedback Mode
          4. Output Feedback Mode
        9. Protocols
          1. Communications
          2. Message Digests and Hash Functions
          3. Message Authentication Codes
          4. Digital Signatures
          5. Timestamps
          6. Certificates
          7. Key Exchange
          8. Secret Sharing
        10. Key Management
          1. Key Generation
          2. Key Storage
          3. Key Destruction
          4. Key Distribution
        11. Certificates and Certificate Authorities
        12. Summary
      7. 14. Security
        1. Concerns About Security
        2. Why We Worry About Security for Internet Commerce
          1. The Physical World Does Worry About Security
          2. Our Computers Are Connected
          3. The Network Is Public
          4. The Network Is Digital
          5. Computers Collect Data
          6. Computers Can Be Programmed
          7. Without Good Security, Computer Fraud Is Untraceable
          8. Computers Are Not Perfect Replacements for Humans
          9. The Internet Seems Anonymous and Distant
          10. Information Commerce Is Different
          11. The Legal System Must Catch Up
          12. There Are Proven Paths of Attack
          13. Because We Can
          14. Risk of the Unknown
        3. Thinking About Security
          1. Technology
          2. Policies and Procedures
          3. People
        4. Security Design
          1. Creating the Security Policy
          2. Designing the Environment
          3. Designing the Application Security Mechanisms
          4. Monitoring and Auditing
        5. Analyzing Risk
          1. Adversaries
          2. Threats
        6. Basic Computer Security
          1. Key Security Issues
          2. Security Principles
        7. Basic Internet Security
        8. Client Security Issues
          1. Methods of Attack on Client Computers
            1. Physical Access to the Computer
            2. Opportunistic Introduction of Software (Viruses)
            3. Network Security Problems
            4. Directed Attack over the Network
            5. Protocol Attacks
            6. Tempest
          2. Purposes of Attacks on Client Computers
            1. Annoyance
            2. Use of Resources
            3. Destruction of Information
            4. Theft of Information
            5. Use of Credentials
        9. Server Security Issues
          1. Methods of Attack on Server Computers
            1. Logging in as an Ordinary User
            2. Exploiting Bugs in Applications
            3. Exploiting Incorrectly Set Security Controls
          2. Purposes of Attacks on Server Computers
            1. Access to Information
            2. Alteration of Information
            3. Access to Security Credentials
            4. Denial of Service
        10. Achieving Application Security
          1. Firewalls
        11. Authentication
          1. Passwords
            1. Choosing Passwords
            2. Changing Passwords
            3. Using Passwords at Multiple Sites
            4. Password Storage
            5. Default Passwords
          2. Other Authentication Technologies
            1. One-Time Passwords
            2. Hardware Tokens and Smart Cards
        12. Authentication on the Web
          1. Direct Authentication
            1. Basic Authentication
            2. Digest Authentication
            3. Login Forms
            4. Client Certificates
          2. Indirect Authentication
          3. Server Authentication
        13. Web Sessions
        14. Summary
      8. 15. Payment Systems
        1. The Role of Payment
        2. A Word About Money
        3. Real-World Payment Systems
          1. Cash
          2. Credit Cards, Charge Cards, and Debit Cards
            1. Packaging a Payment System
            2. How Credit Card Transactions Work
            3. Risk Management
            4. International Issues
          3. Checks
          4. Electronic Funds Transfer (EFT) and Automated Clearinghouse (ACH)
          5. Purchase Orders
          6. Affinity Programs
          7. Private-Label Cards
          8. Money Orders
          9. Corporate Purchasing Cards
          10. Coupons
          11. Gift Certificates
        4. Smart Cards
        5. Online Credit Card Payment
          1. Secure Communication
          2. Secure Electronic Transactions (SET)
          3. 3D Secure
        6. Electronic Cash
          1. Cash Cards
          2. DigiCash
        7. Micropayments
          1. Business Models for Micropayments
          2. Technical Micropayments Systems
            1. MilliCent
            2. NetBill
          3. Transaction Aggregation
        8. Peer-to-Peer Payment Systems
        9. Payment in the Abstract
          1. Business-to-Business Commerce
          2. Information Commerce
        10. Summary
      9. 16. Shopping Carts and Order Management
        1. Overview
        2. Shopping Carts
          1. Server-Side Shopping Carts
          2. Client-Side Shopping Carts
          3. Protocol-Based Shopping Carts
        3. Managing Shopping Carts
          1. Item Selection
          2. Saved Shopping Carts
        4. Purchase Order Information Flow
          1. Business-to-Consumer Commerce
          2. Order Processing Subsystems
          3. Order Validation
          4. Taxes
          5. Shipping
          6. Inventory
          7. Business-to-Business Commerce
            1. Backing ERP System
            2. Open Buying on the Internet
          8. The Internet as a Replacement for EDI
        5. Shopping Cart Presentation
        6. Abandoned Shopping Carts
        7. Summary
      10. 17. Transaction Processing
        1. Transactions and Internet Commerce
        2. Overview of Transaction Processing
          1. Two-Phase Commit
        3. Transaction Processing in Internet Commerce
          1. Integrating External Systems with Transactions
          2. Implementing Transactions
          3. Database Engines
          4. Transaction Processing Monitors
          5. Application Servers
          6. Application Code
        4. Client Software
        5. Implementing Transaction Processing Systems
          1. Files
          2. Databases
          3. TP Monitors
        6. Keeping Business Records
          1. Core Business Records
          2. Collateral Business Records
          3. Government Records
          4. Record Life Cycle
          5. Design Implications of Record Keeping
            1. Mutable and Immutable Records
            2. Failure and Transaction Semantics
            3. Access Patterns
          6. Logging
        7. Audits
        8. Summary
      11. 18. Integration with Enterprise Applications
        1. The Details Behind the Scenes
        2. Enterprise Systems Architecture
        3. Integration Pitfalls
        4. Middleware
          1. Layers of Middleware
          2. Types of Middleware
            1. Message-Oriented Middleware
            2. Remote Procedure Call
            3. Publish-Subscribe
          3. Planning Considerations for Middleware
            1. Naming
            2. Security
            3. External Communications
        5. Enterprise Resource Planning Systems
        6. Taxes
          1. Sales Tax in the United States
            1. Seller Information
            2. Buyer Information
            3. Product Information
            4. Transaction Information
          2. Canadian Goods and Services Tax
          3. Value-Added Tax
        7. Logistics, Shipping, and Handling
          1. Pricing of Shipping and Handling
          2. International Transport
            1. Customs Duties
            2. Paperwork
          3. Transport and Tracking
          4. Privacy
            1. Anonymity
            2. Tracking Numbers
          5. Advanced Logistics
            1. Warehouse Selection
            2. The Virtual Corporation
        8. Inventory Management
          1. The Virtual Warehouse
            1. Catalog Interfaces
            2. Transaction Interfaces
            3. Merchant Interfaces
            4. Enterprise Resource Planning Interfaces
            5. Administrative Interfaces
        9. Example: SAP Integration
          1. General Scenario
        10. Summary
      12. 19. Reliable and Scalable Systems
        1. Overview
        2. Enterprise-Class Concepts
        3. Reliability
        4. Availability
        5. High-Availability Systems
          1. Approaches to High Availability
        6. Building Highly Available Systems
          1. Basic Reference Architecture
          2. Redundant Web Servers
          3. Standby Database Servers
          4. Mirrored Storage System
          5. Operational Issues
        7. Replication and Scaling
        8. Backup and Disaster Recovery
        9. Summary
      13. 20. Mobile and Wireless Systems
        1. Overview of Mobile and Wireless Technologies
        2. A Range of Devices
          1. Wireless PDAs
          2. One-Way Pagers
          3. Two-Way Pagers
          4. Mobile Phones
          5. Smart Phones
          6. Some Detailed Examples
            1. Palm VII
            2. EarthLink Wireless: Palm Vx with Novatel Modem
            3. Sprint PCS Wireless Web
            4. RIM BlackBerry
        3. Wireless LAN Technology
        4. Security and the Wireless LAN
        5. The Mobile User Experience
        6. Outsourcing
        7. Summary
    6. Three. Systems for Internet Commerce
      1. 21. Putting It All Together
        1. Building Complete Systems
        2. Federated Commerce System
          1. Consumer Services
          2. Value-Added Services
          3. Who Pays Whom?
        3. System Functionality
          1. Walking Through a Transaction
            1. Digital Goods
            2. Subscriptions
        4. System Architecture
          1. Separating Content from Transactions
            1. Reduction of Operational Costs
            2. Enabling of Service Providers
            3. Provision of Security Containment
          2. Supporting a Broad Range of Applications
          3. Supporting System Scaling
          4. Supporting System Evolution
            1. Functional Evolution
            2. Technological Evolution
        5. Transaction Engine
          1. Buyer Applications: User Interface and APIs
            1. Buyer Applications with User Interface
            2. Buyer APIs
          2. Seller Applications and APIs
            1. Seller Applications
            2. Seller APIs
          3. Operator Applications and APIs
            1. Operator Applications
            2. Operator APIs
        6. System Functionality
          1. Business-to-Business Commerce
          2. Business-to-Consumer Commerce
          3. Information Commerce
        7. Case Study: Business-to-Business System
          1. The Users
          2. Content Systems
            1. Product Database
            2. Catalog
            3. Configurator
          3. Transaction System
            1. Order Sources
            2. Order Destinations
        8. Case Study: Business-to-Consumer System
          1. Overall System Architecture
          2. Content Systems
            1. Catalog
            2. Content Management
            3. Content
            4. Business Logic
          3. Analytics
          4. Transaction Engine
        9. Case Study: Information Commerce
          1. Content Servers
          2. Subscription Server
        10. Summary
      2. 22. The Future of Internet Commerce
        1. Trends
          1. Hardware Technology Trends
          2. Software Technology Trends
          3. Software Development and Standardization Trends
          4. Infrastructure Trends
          5. Application Trends
        2. Discontinuities
        3. Staying Up-to-Date
        4. Strategic Imperatives
      3. Resources and Further Reading
        1. Chapter 1—Introduction
        2. Chapter 2—The Commerce Value Chain
        3. Chapter 3—Internet Business Strategy
        4. Chapter 8—The Internet and the World Wide Web
        5. Chapter 9—Building Blocks for Internet Commerce
        6. Chapter 10—System Design
        7. Chapter 11—XML and Web Services
        8. Chapter 12—Creating and Managing Content
        9. Chapter 13—Cryptography
        10. Chapter 14—Security
        11. Chapter 15—Payment Systems
        12. Chapter 17—Transaction Processing
        13. Chapter 18—Integration with Enterprise Applications
        14. Chapter 19—Reliable and Scalable Systems
        15. Chapter 20—Mobile and Wireless Systems
        16. Chapter 22—The Future of Internet Commerce