In the typical Web scenario, a user types a URL into the browser. The browser sends an HTTP request to the Web server, which interprets the request and determines which resources to retrieve or execute. If the URL specifies a file, then the server sends it back. If the URL specifies an ASP page, its code is executed before returning the results to the client. In both cases, the Web server writes an HTTP header to the file or ASP output and sends it back to the browser. The browser interprets the response and displays the contents to the user. Figure 1 compares the typical server/Web browser process with a mobile Web application scenario.
Figure 1 Desktop Versus Mobile
To access a Web site on a mobile phone, the user types the URL in the browser. Using Wireless Transport Layer Security (WTLS), the mobile phone browser creates an encrypted URL request that contains the subscriber's identification and sends it over Wireless Session Protocol (WSP) to a WAP gateway server. WSP is a variant of HTTP that transfers information in binary format, rather than text-based format. Web protocols such as HTTP and languages such as XML have been designed to be human-readable. But this makes them too big for the wireless world. An HTTP header for a 10KB Web document will be about 100 or 200 bytes. To overcome this problem, WSP converts the HTTP header text into binary data, making the amount of data transferred much smaller. The WAP gateway handles the translation between text and binary. WSP uses the Wireless Transaction Protocol (WTP), instead of TCP, to manage each request-response transaction. The WAP gateway server interprets the request, translates it into a conventional HTTP request, and sends it to the Web server. This presents a security risk because during the translation, the data must be decrypted and re-encrypted. Vendor-specific solutions for WAP gateway servers from Microsoft and Openwave address this issue by securing the translation throughout the entire process.
After receiving the request, the Web server interprets it and determines which resources to retrieve or execute. If the URL specifies a file, the server sends the file to the client. If the URL specifies an ASP page, then the Web server executes the ASP code before sending the results to the WAP gateway server. In this scenario the returned content must be in the form of a WML document. The gateway server removes the unnecessary headers, translates the WML document into binary, and sends the response to the mobile phone browser. The browser interprets the WML and displays it to the user.
