19

Khi nim Thng mi in t trn nn Web

Hin nay ( thi im nm 2000 ) th cha c mt nn tng ( framework ) thng mi in t tiu chun v cng cha c nn tng no c h tr nhiu t cc nh cung cp n c th c coi l tiu chun trn thc t. C mt lot cc cng ngh v gii php c s dng, c trong C2B ( v d nh CGI scripts, Java ) v trong B2B ( v d nh SAP - Systems, Applications, and Products in Data Processing ). Cc chng sau y trnh by mt s khi nim th v da trn XML, HTML, v PEP cng nh Java Commerce.

19.1 Gii thiu

Mc d c nhiu Gi gii php cho thng mi in t c cung cp bi cc cng ty khc nhau nh Java, CORBA hay SAP ( Systems, Applications, and Products in Data Processing ); nhng trong nhiu trng hp h khng gii thiu cc khi nim mi t cc quan im bo mt ( tc l nhng khi nim khng b bao ph bi nhng chng trc ). Chng ny trnh by mt s khi nim thng mi in t da trn Web v trn Java Commerce. Nhm cng ngh u tin ( phn 19.2 ) c da trn XML, c gii thiu chng 15. Markup Micropayment l mt phn m rng mi ca HTML nhm h tr cc giao dch siu nh ( micropayment ) ( phn 19.3 ). JEPI vi mc tiu chun ha v t ng ha qu trnh m phn phng thc thanh ton ( phn 19.4 ). Cui cng ,Java Commerce cung cp mt nn tng da trn Java cho php xy dng cc ng dng da cu trc hng thnh phn ( commponent ) v da trn bo mt thng mi in t ( secure e-commerce ) ( phn 19.5 )

19.2 Khi nim Nn tng XML

Nhiu khi nim thng mi in t da trn nn tng XML hin ang c xut v xem xt tr thnh tiu chun. L do l XML cho php hu ht cc nh cung cp t nh ngha mt min th ca ring h. Tuy nhin, y li l mt tr ngi tin tng cho kh nng tng hp ( Tnh tng hp l kh nng 2 hoc nhiu h thng hoc thnh phn trao i cc thng tin v s dng cc thng tin c trao i . i vi phn mm, khi nim tnh tng hp c s dng m t kh nng cc chng trnh khc nhau trao i d liu thng qua mt tp cc th tc nghip v chung, v c v vit cng cc nh dng tp v s dng cng cc giao thc ) v s ph bin ca cng ngh, do c nhng nhiu nh cung cp xut tin hnh xc nh mt vn t vng v cc giao thc chung ( v d UCLP,Ontology ). Hin nay khng r rng lm th no c th a ra mt tiu chun ha, ngoi tr rng nhng tiu chun s da theo khu vc. C th, cc xut nh ngha chung cc th ca
Nguyn Ngc Vnh Page 1

XML cho cc lnh vc thng mi c th, chng hn nh OpenBuying, OpenTravel, OpenTrading. Ngnh cng nghip c nhng c gng tng t vi EDI ( Electronic Data Interchange ), do , cng c n lc s dng t vng EDI trong XML ( XML/EDI ). Cui cng B phn thc y thng mi v kinh doanh in t ( UN/CEFACT ) ca Lin Hp Quc v t chc V s tin b ca cc chun thng tin theo cu trc ( OASIS ) xut thit lp Electronic Business XML pht trin mt nn tng k thut m n s dng XML mt cch nht qun cho vic trao i ca tt c cc d liu kinh doanh in t. T quan im bo mt, ch k k thut s ( X509 hoc PKCS#7 ) v cc knh an ton ( IPSec hoc SSL/TLS ) c khuyn co trong hu ht cc trng hp. Mt trong nhng khun kh thanh ton mi v y ha hn, Internet Open Trading Protocol ( IOTP ) c m t trong chng 9. Phn di y cung cp mt tng quan v mt s xut khc da trn XML c lin quan n thng mi in t. Ngn ng m hnh ha thng mi in t (The Electronic Commerce Modeling Language - ECML ) nh ngha tp tiu chun cc trng thng tin kch hot v in t t nhiu nh cung cp dng trong vic in vo cc biu mu web ca h. Cc trng c th xc nh bi , v d, mt mu ( form ) HTML hoc bi mt giao dch IOTP xc thc. Mt cch hiu d dng hn, ECML l mt nh dng ph qut cho cc trang web thng mi trc tuyn c cha thng tin khch hng c s dng cho mua hng trc tuyn, nh dng thng qua vic s dng cc th XML. l mt cch tiu chun chuyn thanh ton, vn chuyn v thng tin thanh ton n cc trang web thng gia bt k vic mua ca khch hng l t trang web no. Nu mu c chun ha, thng tin ca khch hng c th c nhp trc tip vo cc mu t mt chic v in t ch bng mt thao tc bm mt nt bm. iu ny tit kim cho khch hng khi phi nhiu ln in cc thng tin tng t trn nhiu mu trn nhiu trang web. Khng c c ch bo mt c bit no c nh ngha,nhng khuyn khch s dng SSL/TLS, IPSec. Cc thnh vin sng lp ca Lin minh ECML bao gm America Online, American Express, Brodia, Compaq, CyberCash, Discover, FSTC, IBM, MasterCard, Microsoft, Novell, SETCo, Sun Microsystems, Trintech v Visa USA. Di y l mt v d v nhng thay i m ECML s yu cu trong mt form HTML : Trc :
<INPUT type="text" name="Credit_Card_Number" size=19>Credit Card Number

Sau :
<INPUT Number type="text" name="Ecom_Payment_Card_Number" size=19>Credit Card

Ngn ng kin to ch k ti liu ( The Signed Document Markup Language - SDML ver hin ti l 2.0 ) nh ngha mt phng php chung cho vic to ch k s da trn ti liu,trn mt hoc nhiu phn ca mt ti liu, hoc trn nhiu ti liu ( v d trang web, th in t ). Nh thng l, n c p dng m ha cng khai v cc hm bm. C cu ca SDML l mt phn c xc nh bi Standard Generalized Markup Language ( SGML ). SDML l s khi qut ca cc dch v ti chnh Financial Services Markup Language ( FSML ) c pht trin bi Financial Services Technology Consortium. FSML xc nh cc
Nguyn Ngc Vnh Page 2

phn ti liu c th cn cho kim tra in t ( electronic checks ) ( v d : cc th cn thit xc nh cc khon mc kim tra d liu c th, ng ngha ca bn ghi d liu v x l yu cu cho kim tra in t ). Mt khc, IETF XML Digital Signatures Working Group v W3C XML-Signature Working Group ang cng nhau pht trin chi tit k thut cho mt ch k XML ( phn 15.1 ). Hin nay cha r lm th no bit cc chi tit k thut c lin quan. Di y l mt v d ca mt ti liu c k in t :

Nguyn Ngc Vnh

Page 3

Cui cng, cXML ( commerce eXtensible Markup Language - Ngn ng nh du M rng Thng mi ) ca cng ty Ariba, l mt giao thc n gin nn tng XML cho cc giao dch thng mi in t gia cc doanh nghip vi nhau thng qua Internet. cXML c da trn XML v cung cp nh dng lc XML cho cc giao dch thng mi, cho php chng trnh thay i v chng thc ti liu m khng cn phi c kin thc trc v mu vn bn. cXML cho php cc t chc mua bn, cc nh cung cp, cc nh cung cp dch v, v cc trung gian c th giao tip bng cch s dng mt ngn ng duy nht, tiu chun v m. Thnh cng ca mt cng thng tin thng mi din t gia cc doanh nghip ( m hnh thng mi in t B2B ) ph thuc vo mt giao thc linh hot v c chp nhn rng ri. cXML l ngn ng c xc nh, mt ngn ng mnh m c thit k c bit cho m hnh thng mi in t gia cc doanh nghip ( B2B ), n l s la chn ca cc t chc mua vi khi lng ln v cc nh cung cp. cXML c khi xng pht trin vi Microsoft v Ariba , c h tr bi mt s cng ty khc ( nh Visa, Cisco Systems, Philips, NCR ). Trong phin bn 1.0 cc thnh phn Credential c s dng xc thc trn c s ca mt khu ( sharedSecret ) hoc ch k s ( digitalSignature ). Giao dch cXML bao gm cc vn bn, l cc tp tin vn bn n gin c gi tr bao bc bi tp cc th. Hu ht cc loi ti liu cXML tng t ti liu cng truyn thng c s dng trong kinh doanh. Cc loi ti liu cXML thng dng nht l : Catalogs : Catalogs l cc tp tin chuyn ti sn phm v dch v ni dung ti cc t chc mua sm ( a buying organization ). Chng m t cc sn phm v dch v c cung cp bi mt nh cung cp v gi ca h, v chng l nhng knh truyn thng chnh t cc nh cung cp ti cho khch hng ca mnh. Cc nh cung cp to cc hng mc cc t chc s dng cc ng dng mua sm c th nhn thy sn phm v dch v h cung cp v c th mua chung t h. ng dng mua sm c cc catalog v lu tr chng bn trong c s d liu ca mnh. Sau khi mt t chc mua sm thng qua mt danh mc, ni dung c hin th ti cho ngi dng, ngi dng c th chn cc mc v thm chng vo yu cu mua hng. Catalogs PunchOut Purchase Order ( n t mua hng )

Nguyn Ngc Vnh

Page 4

Nh cung cp c th to cc hng mc cho bt k sn phm hoc dch v, bt k n c xc nh th no, gi, hoc cch phn phi. i vi mi mc trong danh mc, thng tin c bn c yu cu, v thng tin ty chn c th c tnh nng nng cao, chng hn nh m t a ngn ng. PunchOut PunchOut l giao thc d dng thc hin cc phin qun l tng tc qua mng Internet. S dng thi gian thc, cc thng ip ng b cXML, PunchOut cho php to giao tip gia cc ng dng, cung cp cho ngi dng tng tc lin mch ti cc trang web t xa. C ba loi PunchOut : Procurement PunchOut PunchOut Chaining Provider PunchOut

Procurement PunchOut : Procurement PunchOut mang n cho cc nh cung cp mt thay th cho danh mc tnh ( catalog ). Cc trang PunchOut l ng, v l danh mc tng tc chy trn mt trang web. Nh cung cp c cc trang web thng mi in t c th thay i chng h tr PunchOut. Cc trang PunchOut giao tip vi cc h thng mua sm qua Internet bng cch s dng cXML. i vi trang web PunchOut, cc ng dng mua sm hin th mt nt thay v cc chi tit sn phm hoc gi c. Khi ngi dng nhp vo nt ny, trnh duyt web hin th cc trang t trang web ca chnh nh cung cp. Ty thuc vo nhng g nh cung cp trin khai thc hin trn cc trang ny, ngi dng c th duyt cc ty chn sn phm, xc nh cu hnh v chn phng php giao hng. Khi ngi dng hon tt chn khon mc, h nhp vo

Nguyn Ngc Vnh

Page 5

mt nt tr v thng tin t hng cho cc ng dng cung ng. Cc sn phm vi y cu hnh v s tin h phi tr xut hin trong yu cu mua ca h.

PunchOut Chaining PunchOut Chaining l Procurement PunchOut c lin quan n mt PunchOut. cXML Path Routing cho php chc nng ny.

cXML Path Routing cho php n t hng v cc tin nhn khc ( message ) n sau tr v cc ch ( marketplaces ) v cc nh cung cp. Path Routing thng bo cho tt c cc bn v n t hng cui cng, v bt k PunchOut no tip theo ch nh cho ng dng cung ng lm th no chia n t hng trn danh ngha ca marketplace. Provider PunchOut Provider PunchOut cho php cc ng dng c th gi n mt ng dng t xa m ng dng cung cp cc dch v cho ng dng ngun, chng hn nh xc nhn th tn dng, xc thc ngi dng hoc t ng k. Purchase Orders Cc t chc mua sm ( buying organizations ) gi n t hng cho nh cung cp yu cu thc hin hp ng.

Nguyn Ngc Vnh

Page 6

u nhc ca cXML u im : - D dng thc thi qu trnh t ng nhn, thc hin cp nht danh mc v chuyn i danh mc - Nhiu gii php bn bn sn vi cc giao thc m gi - cXML h tr cc giao dch phin kt ni bn hng t xa - Kh nng m rng: Nu cc quan h ca ngi mua cn nhiu thng tin hn bn cht cXML c th h tr, d liu c th gi n theo kiu end-to-end - Thc y s pht trin ca XML Nhc im : - cXML ch cung cp chun XML vi kiu thng mi in t B2B v thiu nhiu c php t EDI

19.3 Micropayment Markup

Micropayment : L cc giao dch thanh ton lin quan n 1 s tin rt nh (PayPal nh ngha l giao dch di 12 USD ,Visa l di 20 USD c ). Ngun gc : - Micropayments cung cp mt ngun thu nhp thay th cho cc nh cung cp ni dung (ban u l vn bn v hnh nh, v a phng tin sau ny) vt ra ngoi qung co v ng k.

Nguyn Ngc Vnh

Page 7

- Micropayments cng c th cung cp ngun thu nhp cho cc nh cung cp dch v ( tra cu c s d liu, dch v proxy ...). - Do tm quan trng ngy cng tng ca hng ha phi vt th ( v d : thng tin) trong nn kinh t ton cu, vi kh nng cung cp tc thi v chi ph khng ng k, th thng thng phng thc thanh ton cn t hn sn phm thc t. H thng giao dch nh vy thng t thnh cng. - Hu ht cc h thng Micropayment cng c gng cung cp mt giao din ngi dng n gin, c bit l vic mua thc hin d dng nht c th. Mc tiu : - H thng Micropayment c gng tit kim chi ph, bao gm c chi ph qun l ri ro ti chnh, chi ph hot ng ( bao gm c thng tin lin lc, x l, lu tr ), v thit lp chi ph. Nguyn tc : - Micropayments lin quan n ngi mua/khch hng C, mt nh cung cp/thng gia M, v c kh nng thm mt hoc cc bn gi ti khon (thng c gi l mi gii [ trong Millicent], my ch thanh ton [trong Micropayments IBM], trung gian [trong France Telecom Micropayments], ...) Phng php tip cn : - S dng m ha i xng - Khng i hi phi c ch k s. Ch k s rt tn km,i hi thi gian ng k cho vic k v xc nhn. - Ni dung ca micropayment c th c nhn thy bng cc nhp vo mt loi lin kt c bit - mi c nh ngha gi l lin kt cho mi khon ph ( the per-fee link ). Cn mt phng php m ha ( encoding ) cho mi per-fee link trong mt ti liu HTML. N khng phi cc vn v v bo mt a ch lin quan n vic truyn ti cc per-fee link t cc thng gia n ngi tiu dng,chng hn nh xc thc ca cc thng s trong per-fee link ( v d gi ) hoc tnh b mt ca per-fee link. Cc thanh ton cho cc phn nh ca mt sn phm hay dch v lm gim s cn thit ca bo mt. Tuy nhin, cc ng dng vi yu cu bo mt c th s dng v d nh SSL/TLS. Kin trc :

Nguyn Ngc Vnh

Page 8

B tr ca h thng micropayment :

Nguyn Ngc Vnh

Page 9

SentraMicroPay ( mt gii php cho MicroPayment )

19.4 Joint Electronic Payments Initiative ( JEPI )

JEPI ( Pht kin kt ni cc phng thc thanh ton in t ) l mt d n hp tc gia Commerce Net v World Wide Web Consortium ( W3C ) vi mt s i tc cng nghip ( IBM, Microsoft, CyberCash, GCTech, ) tm hiu qu trnh din ra sau khi mua sm v trc khi thanh ton thc t bt u. y l thi im cc cng c thnh ton chnh xc ( th tn dng, th ghi n, tin in t,. ) phi c tha thun gia khch hng v my ch thng gia,sau cc giao dch mi c th xy ra. Internet ang ngy cng tr thnh mt u trng thng mi, trong cc khon thanh ton c tr cho hng ho, thng tin, v dch v. h tr cc loi hnh thng mi nh vy, cc phng thc thanh ton khc nhau qua cc giao thc Internet c xut v thng qua mt lot cc t chc. Hu ht cc giao thc thanh ton ny khng tng thch vi nhau, v dng nh c t khch hng tim nng khi thng nht cc phng thc thanh ton hoc cc giao thc ny b t b. Trong thc t, s tn ti ca cc c ch thanh ton khc nhau l hp l bi v lun lun c cc nhu cu khc nhau v mt m hc, tr ca giao dch, phm vi s lng, ...Trong khi h s a dng ca h thng thnh ton mang li mi trng kinh doanh cnh tranh lnh mnh th n cng mang n thm s phc tp cho ngi dng cui, tc ngi tiu dng v cc thng gia. Mc tiu ca JEPI l xc nh mt phng thc tiu chun cho m phn cc phng thc thanh ton v giao thc gia khch hng, trung gian thanh ton v my ch thng qua web. N mang n nhiu h thng thanh ton gip ngi tiu dng v thng
Nguyn Ngc Vnh Page 10

nhn trong qu trnh giao dch, c th la chn mt h thng thanh ton ph hp cho c hai bn cho bt k giao dch no. Kin trc : V tr ca W3C trong d n JEPI l cung cp mt c ch kin trc kh thi v trung lp lm vic m phn cc phng tin thnh ton trn cc trang web mt cch t ng. N khng phi l cung cp mt giao thc thanh ton mi hoc mt cch mi chuyn i t ng gia cc h thng thanh ton.

Kin trc ca JEPI JEPI khng phi l mt giao thc thanh ton mi cng nh mt nn tng chuyn i, nhng thay vo , l mt cch thng lng v chn mt h thng thnh ton duy nht c s dng cho mt giao dch c th t nhm ca nhiu h thng thnh ton c ci t trn nn tng my khch - my ch. JEPI xoay quanh vic to ra cc chi tit k thut cho cp giao thc m phn : Mt framework m rng HTTP chung gi l PEP cho php mt khch hng Web v my ch yu cu mt trong nhng modun m rng m h h tr, thng lng cc tham s cc phn m rng, Mt modun m rng c th, UPP, c s dng m phn v cc cng c thanh ton (th tn dng, th ghi n, tin in t, ), thng hiu ( Visa,Master Card, American Express, ), v giao thc thanh ton ( SET, CyberCash, GlobeID, ).

Protocol Extension Protocol ( PEP ) Giao thc m rng giao thc ( PEP ) l mt framework chung m t phn m rng trong HTTP. Trong JEPI, PEP c s dng nh l mt giao thc m phn c mc ch
Nguyn Ngc Vnh Page 11

chung m mt web client v mt my ch c th ng m rng modun s dng, thng lng cc thng s cho cc modun , v yu cu kt thc ci khc bt u s dng mt phn m phn m rng. Mi phn m rng ca PEP i din cho mt phn m rng HTTP v c lin kt vi mt URL. Mt phn m rng PEP s dng mt s trng tiu mi thc hin cc nh danh phn m rng v thng tin lin quan t web client, qua cc trung gian, cc my ch, v ngc li. Mi h thng thanh ton trong JEPI c coi l mt phn m rng PEP c xc nh bi mt URL. Tuy nhin,c v nh JEPI khng cn c h tr lu na : PICS ( Platform for Internet Content Selection - Nn tng cho ni dung Internet la chn ) lu khng cn s dng PEP, v SEA ( Kin trc bo mt m rng cho HTTP/1.x Security Fundamentals for HTTP/1.x ) th khng bo gi i vo s dng rng ri. c im k thut ca JEPI ch l mt lu k thut ca W3C, do , s tn ti ca n l khng chc chn cho d W3C s theo ui cng vic trn JEPI. Universal Payment Preamble ( UPP ) M u cho thnh ton quc t ( UPP ) l nn tng ca JEPI. N cung cp ng ngha ca cc la chn thnh ton. N c da trn PEP v do hot ng cp HTTP. Tiu ca UPP cho php cc bn tham gia m phn la chn thay th thanh ton ti bt k thi im no trong mua sm, cho n khi mt h thng thanh ton c th c chn ra. N cung cp hai kh nng : m phn dch v thanh ton v bt u h thng thanh ton c th. Dch v thanh ton v thng tin khi u l thng sut vic mua sm thanh ton v nu thch hp, c t thanh ton li cho khch hng khc nh cung cp tng tc. UPP c gi nh vy v n trao i thng tin cn phi c gii quyt trc khi mt h thng thanh ton c th c truy nhp, v cung cp mt thng bo bt u truy nhp vo giao thc thanh ton. Ngoi vic cho php trao i thng tin mua chng hn nh s tin, tin t, thng hiu,UPP cng cung cp mt cch chuyn sang trng thi tip theo ty thuc vo kt qu ca vic thc hin ca h thng thanh ton c la chn, hai bn c th thng bo cho vic thnh cng, tht bi, hoc hy b giao dch. Kin trc ca JEPI bn thn n khng gii quyt cc vn v bo mt a ch. H thng thanh ton c th c m phn bi UPP chu trch nhim cho vic truyn ti an ton ca thng tin tng ng. Mt v d v dng hot ng ca UPP : My khch gi yu cu ti ca hng :

Nguyn Ngc Vnh

Page 12

My ch yu cu my khch s dng giao thc UPP cho nt Submit. Cc my ch cng thng bo cho khch hng rng my ch c th chp nhn tin in t Coin v GlobeID :

Khch hng nhn nt Submit, v ni vi my ch l n s dng Coin. Khch hng cng gi mt lot cc thng tin thnh ton, tc s ti khon, ngy ht hn v s tin :

Cc my ch thc hin trn cc h thng thanh ton c la chn, v thng bo cho khch hng v 3 URL la chn ty thuc vo kt qu :

19.5 Java Commerce

Java Commerce ( JC ) l mt nn tng da trn Java pht trin cc ng dng thng mi in t da trn Internet. Vo thi im 4-2000 ch c cc thnh phn pha my khch ( client side ) ( v d Java Commerce Client - JCC ) l c sn. Cc tnh nng thng thng c yu cu t cc my ch l kh nng gi Java Commerce Messages, m c th c to bi cc applet, cc chng trnh CGI hoc Servlet. Ngoi ra, cc my ch phi c cu hnh chp nhn cc cng c thanh ton c la chn v hiu cc giao thc thanh ton tng ng. Cng ngh Java Commerce c gii thiu nm 1996, nhng tic l khng c nhiu tin b c ghi nhn k t , v vy n vn cn trong giai on pht trin.

Nguyn Ngc Vnh

Page 13

Cc cng ngh chnh trong JCC l Java Wallet v Commerce JavaBeans. Java Wallet l mt giao din ngi dng cho vic mua hng trc tuyn v cc giao dch ti chnh khc ( v d : ngn hng ti nh - home banking ). JavaBeans API lm cho n c th vit phn mm thnh cng trong Java ( cc thnh phn khp kn, n v phn mm c th ti s dng ). C th, JCC bao gm cc h thng con sau y : Giao din ngi dng ha ( a wallet ci v, v in t ) c s dng tng tc vi ngi s dng ( v d : chn v chnh sa cc cng c thnh ton, chnh sa ty chn ngi dng, xem xt cc giao dch ) Java Commerce Messages ( JCM ) l mt nh dng thng ip dng trong giao tip gia my ch thng mi vi my khch/khch hng. Mt JCM c gi bi my ch thng mi yu cu my khch thc hin hot ng ( v d : mua ) v cung cp thng tin v giao thc ( v d : SET ) v cng c ( v d : VisaCard ) c th c dng cho hot ng ny. Khi hot ng, cc giao thc v cc cng c, tt c u l cc thnh phn ca Commerce JavaBeans, JCM cng cung cp thng tin v nhng beans ( phn ) cn np qua mng v ci t trong wallet ( v ). Mt tp tin JCM c phn m rng .jcm v l loi ng dng MIME/x-java-commerce. Cassette l cc file JAR c k k thut s cha mt hoc nhiu thnh phn ca Commerce JavaBeans v ngun ca n. Java Wallet c thit k t ng ti v v ci t cc cassette c quy inh bi 1 giao dch c th. Cc applet pha thng gia c th bao gm cc giao din cassette nht nh. Mt c s d liu cc quan h c m ha an ton lu tr thng tin ngi dng ( v d : s th tn dng ), ng k cassette, thng tin tng thch cassette v cc bn nht k ( log ) giao dch. Gateway Security Model ( GSM ) m rng m hnh bo mt ca Java. N h tr nhiu mi trng ng dng i hi phi c s tng tc gia cc ng dng t nhiu nh cung cp, mi trng nh vy c da trn s tin cy c gii hn ( limited trust ).

Khng c mi quan h kinh doanh da trn s tin tng tuyt i gia hai bn. M hnh bo mt Java mi nht c th c s dng m hnh ha cc mi quan h tin cy c gii hn duy nht gia mt on m, cc dch v v ngun lc ca h thng m trn cc m c thc hin. V d, mt applet c th c cho php c mt tp tin nht nh ch khng c c v ghi tt c cc tp tin trong h thng tp tin. Tuy nhin, m hnh ny khng th tr thnh m hnh tin cy gia cc phn mm thng mi khc nhau ( v d : applet, bean ) n t cc bn khc nhau. V d, mt ng dng bo co thu c th nhp khu tng vn thng tin t ng dng c s d liu ca mt nh mi gii, nhng n khng th c cc thng tin c vn danh mc u t t c s d liu u t ca ngi dng. gii quyt vn ny GSM xc nh ra cc vai tr, mi phn ca phn mm c phn cng mt hoc nhiu vai tr ( v d : nh mi gii, bo co thu, c vn danh mc u t ). Cc vai tr ny da trn tha thun hp ng gia cc bn lin quan trong mi quan h thng mi. Cc vai tr c thc hin vi ch k s : mt cassete ( tc mt JAR file ) c k ( signed ) vi cc vai tr Commerce JavaBeans ca n s c trong JCC. Nh vy, nu c quan
Nguyn Ngc Vnh Page 14

thu mun c truy cp vo cassete ca nh mi gii, u tin phi k hp ng vi nh mi gii. Cc nh mi gii sau s k cassete ca c quan thu cho vai tr bo co thu, do cho php n c mt s phn ca ng dng c s d liu ca nh mi gii. Mt s vai tr c xc nh trong JCC, v cc vai tr mi c th c nh ngha bi cc ng dng. GSM l mt m hnh bo mt hng i tng trong cc quyn ( v d : c quyn ) c th c chuyn qua li t nhng ngi y nhim khc nhau, nh trong m t trn. GSM da trn m hnh kh nng c minh ha nh hnh di y ( Hnh 19.1 ). Khi mt on m yu cu mt dch v m n cn quyn truy cp c th, n phi np n y nhim ca mnh n gatekeeper - ngi gi cng. Gatekeeper xc minh xem cc chng ch c hp l bng cch a chng qua cho b phn Kim tra y quyn credential checker. Nu cc chng ch hp l, cc dch v kh nng ( capability service ) to ra mt i tng nng lc mi, tr li cho on code nh vo gatekeeper.

Hnh 19.1 M hnh kh nng Trong GSM, mt i tng kh nng quay tr li bi cng l mt i tng Java c gi bi Permit ( giy php ). Hnh 19.2 cho thy mt dng kim sot an ninh ( security control flow ) n gin ha trong GSM. V y l mt th vai tr ( tc l n y quyn credential ) c thng qua cng ( Gate ) bi Bean v c th c s dng ch 1 ln. Nh gii thch trc, mt vai tr i i din cho mt ch k k thut s v c s dng chng minh tnh hp l ca mt V Ticket. Mt cng i din cho mt phng thc chng thc, trong trng hp ny da trn xc minh ch k k thut s. Cc cng thng qua cho V nh vo Role Manager ( B qun l vai tr ) , xc minh ch k v c gng tm kha cng khai tng ng trong bng y quyn m c th c cp quyn truy cp c yu cu. Mt v l hp l nu ngi k c ch nh mt vai tr c th c xc nhn tng ng vi kha cng khai, v nu v c to ra chnh xc cho vai tr m n ang c gng c c mt giy php. Nu v l hp l, th Role Manager nh du ( bo m ) ln n v tr v cho
Nguyn Ngc Vnh Page 15

Gate. Bng cch ny , V v hiu ha v vy n khng th c s dng cho mc ch khc, c th gy nguy him. Gate to ra mt i tng Permit cui cng c a n Bean.

Hnh 19.2 M hnh cng kim sot an ninh V d, mt cassete cha mt OperationBean phi c k vi vai tr Operation. Vai tr Operation cho php OperationBean c c mt OperationPermit t mt OperationGate. Hoc, thm mt mc trnh n th xung trong giao din ngi dng ca v in t, mt cassete OperationBean phi c k cho vai tr trnh n ( menu role ). Vai tr trnh n cho php cc OperationBean c c mt MenuPermit t MenuGate.

Nguyn Ngc Vnh

Page 16