CS 632 - PAPER SURVEY ON E-COMMERCE



CS 632 - PAPER SURVEY: TOPICS IN E-COMMERCE

Mohammad Waqar Alam

1. INTRODUCTION

There has been tremendous demand for trading over the Internet ever since its popularity exploded. Many have predicted that networked trading would have an enormous impact on world economy. However, electronic commerce (E-Commerce, or EC) has several obstacles to overcome before it reaches its full potential.

This paper surveys 5 articles and identifies two diverse areas of research within the field of E-commerce. Firstly, transaction management issues such as atomicity of actions and customer anonymity have been considerably explored. A second issue involves software engineering; component-based programming has emerged as the leading implementation methodology employed in EC. Related to this issue is the rise of XML as the standard language for EC documents and business to business communications. Figure 1 gives an overview of the ideas covered in the papers read.

Section 2 deals with papers on transaction management issues in E-Commerce.

[pic]

Section 3 extracts ideas recommending and implementing component based programming, and Section 4 introduces the projected role of XML. Most of the discussion in this survey is based upon:

1. J. D. Tygar. Atomicity in Electronic Commerce.

2. J. Camp, M. Harkavy, J. D. Tygar, B. Yee. Anonymous Atomic Transactions.

3. J. Domingo-Ferrer, J. Herrera-Joancomarti. An Anonymous Electronic Commerce Scheme with an Off-Line Authority and Untrusted Agents.

4. M. Bichler, A. Segev, J. Zhao. Component-based E-Commerce: Assessment of Current Practices and Future Directions.

5. B. Meltzer, R. Glushko. XML and Electronic Commerce: Enabling the Network Economy.

Other papers such as [5] and [7] were also analyzed for supplemental ideas.

2. Atomicity and Anonymity in E-Commerce

Tygar [1] systematically introduces the notion of atomicity in transactions in EC. He defines three levels:

□ Money Atomicity: Money atomic protocols affect the transfer of funds from one party to another without the possibility of creation or destruction of money.

□ Goods Atomicity: Goods atomic protocols are money atomic and effect an exact transfer of goods for money (analogous to cash-on-delivery).

□ Certified Delivery: Such protocols are goods atomic and allow both merchant and customer to prove exactly which goods were delivered. Two flavors are present – one-sided allows only the customer to prove what was delivered, while two-sided provides symmetric power.

Tygar’s research shows that many of the existing EC protocols do not satisfy the basic requirement of money atomicity. In response, his group developed NetBill at Carnegie Mellon University, a system that provides all three levels of atomicity. The NetBill protocol is effectively detailed in [1], and a high level description is given here. The system has three components: a merchant, a customer and the NetBill server. The server is equivalent to an online bank and customers have accounts there. The protocol has three phases:

1. Price Request Phase: Customer contacts merchant requesting price quote; she specifies her identity, (group) credentials, product ID (PID), transaction ID (TID) and optional flags. Merchant responds with price, specified by PID and TID.

2. Goods Delivery Phase: Merchant receives request for the product and sends it to the customer after encrypting it with a unique key, K. Backup information for the server is also created.

3. Payment Phase: Customer sends the merchant a form of payment (redeemable at the server) along with her identity. The merchant forwards this to the server, with other information such as his account number and key K. After authentication, the NetBill server sends the customer K for decryption.

It is assumed in this model that goods purchased can be encrypted by the merchant, who releases the decryption key to the server upon receiving payment. One of the disadvantages is that all messages exchanged are encrypted with various keys, resulting in a computationally expensive protocol. The NetBill server has a record of the goods specified by the customer, as well as those sent by the merchant. This results in certified delivery. The paper does not specify how the system would work for goods that can not be encrypted and sent over the network; I assume a similar mechanism would be necessary to implement excludability in the absence of a merchant specified “key.” The author envisions a large packaging and shipping industry resulting from this.

The NetBill system introduces customer anonymity by allowing pseudonyms, generated by a separate server. However, this does not implement full anonymity since there is still one component (pseudonym server) that knows the true identity of the customer.

The issue of full anonymity is addressed in [2] by Camp et al. The protocol specified here guarantees goods atomicity, with variations that allow certified delivery. It differs from the NetBill protocol in that there is a fourth component, the transaction log. The protocol has two phases:

□ Withdrawal and Exchange: After negotiation between customer and merchant has transpired, a blinded-request protocol is used to communicate between the customer and bank. Funds are withdrawn in the form of single-use tokens.

□ Purchase: Merchant sends encrypted goods and transaction number. The customer decides upon an expiration time for the token, as well as a log for the transaction. She communicates her desire to proceed to the bank, which authenticates and forwards this intention to the merchant. The merchant commits by sending the merchandise key to the log, along with authentication information.

This protocol is based on ideas from the two-phase commit model and assumes that the merchant trusts the log. Unfortunately, the encryption/decryption of messages make this protocol computationally expensive as well.

Both the above papers had one-to-one interactions between a customer and a merchant, as well as an online bank. In [3], Domingo-Ferrer and Herrera-Joancomarti explore the usage of Intelligent Trade Agents (ITA) in an environment that preserves anonymity and has an offline authority.

An ITA is a program that has the ability to roam a network, collect business-related data and use them to make decisions to buy goods on their owner’s behalf. Such programs are meant to solve the problem of sifting and sorting enormous amounts of information for a single purchase. Typically an agent is provided with product specifications, and authorization to a funds transfer mechanism. The authors first describe the existing scheme that uses ITAs, and then detail their improved idea.

In the initial scheme, the ITA had knowledge of its customer’s credit card number, and interacted with the authorization server and merchant server with a protocol similar to that in NetBill ([1]). The drawbacks of this scheme were:

□ The ITA was trusted with the user’s credit card number.

□ The authorization server had to be online.

□ Payment by credit card implied transactions were not anonymous.

The new scheme utilizes a secret exchange protocol developed in an earlier paper. This is used as a framework to permit two mutually suspicious parties to sign a secure contract, and is detailed in [3]. The scheme uses a device such as a smart card to store the buyer’s money, which is delegated to the agent and hence preserves customer anonymity as well as eliminating the need for an online third party. The contract signing protocol is enforced between the ITA and customer, which allows the scheme to deal with untrusted agents.

The above papers dealt with two important transaction management issues in E-Commerce. The remaining papers focus on software implementation approaches.

3. Component-based Programming in E-Commerce

Component-based programming (CBP) has been proposed as the standard software methodology for E-Commerce systems and applications. Systems developed using this approach consist of a lightweight kernel to which new features can be added in the form of components.

The impetus behind the advancement of CBP in EC has been the absence of:

□ Application-level interoperability.

□ Industrial standards for electronic trading

□ Large scale code reusability of EC applications.

Bichler et al, provide a strong persuasion of CBP in [4]. Components implement specific functions, and can be accessed by other software through interfaces. CBP capabilities are geared to solve most challenges faced by the EC community, such as plug and play, interoperability across networks and systems, mobility in networked environments etc. The authors present fundamental concepts of CBP, and compare it with Object-Oriented Programming. Component frameworks define rules for independently developed and dynamically loadable components, rather than for classes that are linked together. OO frameworks tend to be white-box, i.e., the source code needs to be understood for proper usage of the framework. By contrast, CBP frameworks are black-boxes in that only their outputs and inputs need be known.

Bichler et al present techniques such as containers, wrappers and mediators that can be used to resolve incompatibility between components and systems. An important concept discussed deals with interoperability between software components of an application, and the choice between API-based or Document-Centric approaches. CORBA and JavaBeans are examples of API based components. The paper suggests that document-centric approaches, such as those that use XML as a basis, are better suited to E-Commerce applications, while realizing that it will be some time before this approach becomes the standard.

The paper concludes by taking a stab at future research. The authors have stressed that there needs to be a study of different CBP frameworks, as well as other development methodologies for E-Commerce applications. Studies on the role of ITAs, as well as database support for component-based EC are also recommended.

4. Potential for XML in the Network Economy

One of the suggestions in [4] for future research was development of database systems that are able to effectively manage XML-based documents. These are typically read-only and are likely to be semi-structured.

In [6], Meltzer and Glushko introduce XML as the enabling technology that makes it possible for business documents, forms and messages to be interoperable and comprehensible. In particular, it can be inferred from this paper that using standardized tag sets could enable the documents to be stored in index structures with specific tags identifying the key attributes. To this effect, the authors advocate the importance of a standardized Common Business Library, which specifies common tags for various industries. XML’s flexibility allows customized tags to be created on top of those in the library.

5. Conclusions

The paper survey has investigated two research areas within E-Commerce, and has also explored the issues underlying them. The exposure has revealed open questions and has built some knowledge necessary to answer these.

References

[1] J. D. Tygar. Atomicity in Electronic Commerce. In Internet Besieged. Addison-Wesley and ACM Press. October 1997, pages 389-406. Paper at:

[2] Jean Camp, Michael Harkavy, J. D. Tygar and Bennet Yee. Anonymous Atomic Transactions. In Proceedings of 2nd Usenix Workshop on Electronic Commerce. November 1996, pages. 123-133. Paper at:

[3] Josep Domingo-Ferrer, Jordi Herrerra-Joancomarti. An Anonymous Electronic Commerce Scheme with an Off-Line Authority and Untrusted Agents. In Sigmod Record, Volume 27, Number 4 (December 1998).

[4] M. Bichler, A. Segev, J. Zhao. Component-based E-Commerce: Assesment of Current Practices and Future Directions. In Sigmod Record, Volume 27, Number 4 (December 1998).

[5] Sherif Danish. Building Database-driven Electronic Catalogs. In Sigmod Record, Volume 27, Number 4 (December 1998).

[6] Bart Meltzer, Robert Glushkko. XML and Electronic Commerce: Enabling the Network Economy. In Sigmod Record, Volume 27, Number 4 (December 1998).

[7] Benny Reich, Israel Ben-Shaul. A Componentized Architecture for Dynamic Electronic Markets. In Sigmod Record, Volume 27, Number 4 (December 1998).

[8] J. Gray, A. Reuter. Transactions Processing: Techniques and Concepts. Morgan Kaufmann, San Mateo, CA, 1994.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download