Wireless Application Protocol and Microsoft Mobile Information 2001 Server put the Web on wheels

For mobile users who heavily rely on portable devices to contact others, to have others reach them, and to organize their calendars and address books, carrying a cellular phone, pager, and Personal Digital Assistant (PDA) is as common nowadays as wearing a watch and carrying keys and a wallet. Advanced versions of these wireless devices, or handsets, also let mobile users receive and send email messages, read news and stock quotes, and access Web servers anytime, anywhere.

An important mainstream technology that enables advanced features for mobile users is Wireless Application Protocol (WAP), a standard for implementing wireless client/server communication and applications. According to International Data Corporation (IDC), the number of WAP-enabled handsets worldwide will grow from 99 million at the end of 2000 to 1.3 billion by 2004.

In addition to handset vendors, many other vendors are incorporating WAP into their development strategies and new products to support mobile commerce and enable WAP clients to ride the Internet wave. Microsoft will deliver a WAP application platform called Mobile Information 2001 Server and let WAP clients access Microsoft Exchange Server this year. If you have mobile users, you might be interested in an introduction to the WAP protocol, architecture, and deployment models and a discussion of how Mobile Information Server fits into a WAP deployment.

WAP Basics
In June 1997, four forward-thinking companies—Ericsson, Motorola, Nokia, and Openwave Systems (formerly Phone.com and Unwired Planet)—joined together to create a new technology called WAP for delivering Internet content to wireless and mobile devices. In December 1997, the four companies formed the WAP Forum to develop WAP as a standard protocol and open the door for other companies to participate in developing and managing the standard. About 400 companies have joined the WAP Forum.

Since WAP's first release in April 1998, the WAP Forum has issued two additional releases. The current version is WAP 1.2, dated November 1999. The WAP Forum is developing another major release with the working name WAP June 2000 Conformance Release.

WAP lets you use a WAP-enabled wireless device to exchange data with wired Internet-content servers. When compared with their wired counterparts, wireless devices generally have smaller screens, less processing power, less memory, limited input capabilities, and slower network connections (typically from 9.6Kbps to 19.2Kbps). Figure 1 shows a basic model of WAP communication. To request Internet content, a user enters a URL (e.g., http://www.acme.com) at a WAP device, which uses WAP to send the URL to a WAP gateway. When the WAP gateway receives the request, it converts the request to a valid HTTP-based URL request. After the WAP gateway checks the DNS server for the IP address associated with the URL, the gateway forwards the HTTP URL request to the Web content server (the origin server, in WAP parlance) over the Internet or over an IP network.

The origin server treats the received request from the gateway as a regular HTTP request and uses HTTP to return the requested information or content, such as a stock quote, in the HTML format to the gateway. HTML has too much overhead for efficient transmission over the current generation of low-bandwidth wireless connections and less powerful wireless devices. WAP uses a much simpler and more efficient markup language called Wireless Markup Language (WML). When the gateway receives the HTTP-based information, the gateway converts the HTML content into WML content that the WAP device can understand. The gateway can even encode the WML content into a compact binary format to reduce the packet size. The gateway then uses WAP to forward the content to the mobile device, which in turn decodes and interprets the content and displays it in the device's microbrowser.

The WAP gateway plays three important roles in fulfilling the WAP client's request for Web content. First, it performs the protocol translation between the WAP client and the HTTP server. Second, it converts the content format from HTML to WML, called format transcoding. And third, it provides a secure tunnel for data traveling between the WAP client and the Web server. Some vendors call the WAP gateway a proxy server because it links the WAP and Web traffic.

WAP Architecture
WAP is a set of wireless communication protocols with a layered architecture similar to the International Organization for Standardization (ISO) Open System Interconnection (OSI) network model. The ISO OSI model has seven layers; WAP has six, as Figure 2 shows. Each layer performs a function and interacts with the layer above and the layer below to complete a WAP transaction. For example, when a WAP client submits a URL request on a WAP device, the device processes the request starting at the application layer and moving through all the layers until it sends the request to a WAP gateway over the network layer.

Let's take a look at each layer in WAP. Wireless Application Environment (WAE) at the application layer consists of six key components: the microbrowser, WML, WMLScript, Wireless Telephony Application (WTA), Push Over the Air (OTA) protocol, and Push Access Protocol (PAP). Like a regular browser, a microbrowser submits requests for information, receives results, interprets the results, and presents them on the screen of a device—in this case, a WAP device. A microbrowser has both WML and WMLScript interpreters. Like HTML, WML defines how to format and display data, but WML is heavily derived from XML. Similar to JavaScript, WMLScript provides programming logic for applications.

In addition to WML, some microbrowsers support HTML and Handheld Device Markup Language (HDML). HDML is a modification of HTML developed by Openwave and was most widely used in cellular phones before WML. For example, the Microsoft Mobile Explorer microbrowser supports HTML, and Openwave's UP.Browser supports HDML.

WTA adds telephony features to WAP so that you can receive calls while browsing and search contact information when receiving a call. Push OTA and PAP let WAP-enabled origin servers push information to WAP clients through WAP gateways.

At WAP's session layer, Wireless Session Protocol (WSP) provides a session service for data exchange between a WAP client and a WAP gateway or a WAP client and an origin server that supports WSP. WSP provides both connection-oriented and connectionless session services. The connection-oriented session service runs over Wireless Transaction Protocol (WTP) layered on top of Wireless Datagram Protocol (WDP). The connectionless session service doesn't require WTP and runs over just WDP. Wireless Transport Layer Security (WTLS) provides optional authentication and encryption services for both types of sessions.

WTP provides transaction services and can use acknowledgment and retransmission to ensure the success of a transaction. WTP supports three classes of transactions: unreliable one-way request (class 0), reliable one-way request (class 1), and reliable two-way request (class 2). In a class 0 transaction, when an initiator sends a message to a responder, the responder doesn't acknowledge the message and the initiator doesn't wait for acknowledgment. You could use class 0 transactions in a typical paging network that doesn't guarantee that pagers receive all sent messages.

In a class 1 transaction, the responder acknowledges the initiator when it receives a message. The initiator can retransmit the message if it doesn't receive an acknowledgment in a specified interval. You could use class 1 transactions in a better paging network that ensures its pagers receive all sent messages.

In a class 2 transaction, the responder answers the initiator's message or request with a result. When the initiator receives the result, it must acknowledge the responder. If the initiator doesn't receive the result or an acknowledgment that asks it to wait for the result, the initiator retransmits the request. If the responder doesn't receive an acknowledgment after sending a result, it retransmits the result. You could use the class 2 transaction in a wireless trading network that requires high reliability.

Wireless networks use radio waves to transmit data. Wireless networks are much easier to hack than wired networks and need plenty of protection. WAP offers WTLS as an option for guaranteeing data privacy and integrity and client/server authentication between WAP clients and gateways. WTLS is derived from the IP protocol Transport Layer Security (TLS), which is also called Secure Sockets Layer (SSL), but WTLS is simpler and more efficient than TLS or SSL. WTLS uses public key infrastructure (PKI) certificates to let WAP gateways and clients authenticate each other and encrypt and digitally sign exchanged data. WTLS certificates can be X.509 certificates or minicertificates, which are smaller and simpler than X.509s.

The WAP Forum designed WAP to run on any wireless network (bearer, in wireless terminology), such as Global System for Mobile Communication (GSM), Code Division Multiple Access (CDMA), and Cellular Digital Packet Data (CDPD). WAP achieves this flexibility through WDP, which provides a consistent interface to the higher layers and lets WAE, WSP, WTP, and WTLS be independent of bearers. Wireless application developers can develop one application and run it on any WAP system. WDP also performs packet segmentation and reassembly and data error detection and correction.

WAP Deployment
WAP has received great support from the industry. Handset vendors such as Ericsson, Mitsubishi, Motorola, NeoPoint, and Nokia have delivered or will deliver WAP-enabled phones. Wireless-product vendors such as Ericsson, IBM, Nokia, and Openwave sell WAP gateways. Wireless carriers and service providers such as AT&T Wireless and BT Cellnet provide WAP services to enterprises and consumers. Some major news and search engine sites, such as BBC News and Yahoo!, support WAP content by using WML. Consumers with WAP-enabled cellular phones access these sites through their service providers. OS and application vendors such as Microsoft and Sun Microsystems are developing WAP application platforms to help enterprises and WAP service providers build better WAP communication environments.

Many IT departments will surely need to implement WAP services for their mobile users soon. The four major WAP deployment models are two tier, three tier, four tier, and five tier. The two-tier deployment model, which Figure 3, page 35, shows, consists only of WAP clients and an all-purpose server that delivers content according to both Internet and WAP standards. The WAP client and server could use WTLS to establish an end-to-end secure tunnel for data exchange. However, easy-to-use commercial products for designing and maintaining HTML and WML content in parallel on the same server don't currently exist.

In contrast with the two-tier scenario, the three-tier deployment model, which Figure 4 shows, leaves the existing origin server intact and adds a WAP gateway between the WAP client and origin server. The WAP service provider's WAP gateway performs format transcoding, protocol conversion, and security processing; the enterprise simply subscribes to the WAP service from the WAP service provider. The disadvantage of this model is a security vulnerability. The three-tier model uses WTLS to secure communication between the WAP client and gateway and TLS to secure communication between the WAP gateway and origin server. The WAP gateway must decrypt content from one security protocol and encrypt it for another security protocol when transferring the content from a wireless to a wired network. Be very sure that a WAP service provider has tight security controls in place before you entrust your enterprise's data to it.

An enterprise, however, can add a WAP gateway in its own network and terminate the WTLS tunnel from the WAP clients there instead of at the service provider's WAP gateway. This four-tier approach provides better control over the security of WAP communication between the enterprise and its clients. The enterprise's WAP gateway must perform the WAP-to-Web format transcoding because the WTLS tunnel ends at the enterprise's gateway.

In an alternative four-tier deployment model, a special WAP gateway transcodes data from databases and messaging, scheduling, and other applications (rather than HTML data) to the WML content displayable on WAP devices. The WAP application gateway in the enterprise sends WML data in IP packets secured by TLS to the service provider's gateway. The service provider's gateway converts the IP packets to WAP packets with WTLS security. Thus, this four-tier model has the same security vulnerability as the three-tier model. Mobile Information Server is an application gateway that sits in the enterprise's network between the service provider's WAP gateway and the enterprise's origin server. Figure 5 shows both four-tier deployment models.

An enterprise that wants to handle both WTLS processing and WAP-to-Web or WAP-to-application transcoding on gateways in its own network can use a five-tier deployment model to put the two functions on two systems. Most WAP gateways that perform application-data transcoding don't provide the WTLS function.

Mobile Information Server
Mobile Information Server is Microsoft's platform for supporting wireless applications. The platform will run on Windows 2000 Server and will let WAP devices access .NET Enterprise Servers, such as Exchange Server, Microsoft IIS, and Microsoft SQL Server. The first version of Mobile Information Server is scheduled to be released this year and will come in two flavors: Enterprise Edition and Carrier Edition. Corporations will use the enterprise edition to WAP-enable their Windows and Web applications. Carriers and service providers will use the carrier edition, which will include all the enterprise edition features and will add some carrier-specific features to provide data services for diverse wireless network infrastructures.

Microsoft will ship Mobile Information Server with the Outlook Mobile Access application, which WAP-enables Exchange 2000 Server and Exchange Server 5.5. Mobile Information Server with Outlook Mobile Access will function as a special-purpose WAP gateway that performs application-data transcoding between Exchange Server and mobile devices that have WML microbrowsers. Outlook Mobile Access will support only WML microbrowsers, but the Mobile Information Server platform will also support HTML and HDML microbrowsers. Outlook Mobile Access won't support WAP's push protocols, Push OTA protocol and PAP; it will use the popular Short Message Service (SMS) wireless protocol instead.

Mobile Information Server will also come with an application called Outlook Mobile Manager. Outlook Mobile Manager will run on a user's Outlook desktop without Mobile Information Server and will act as a wireless notification agent. Outlook Mobile Manager can use SMTP to send notifications to any wireless device that has an email address. You will even be able to configure Outlook Mobile Manager to control which email messages, calendar entries, contacts, and tasks it will notify you about. Microsoft is working with telecom companies such as Ericsson and QUALCOMM to develop more wireless applications that will run on Mobile Information Server.

How It Works
To deploy Mobile Information Server with Outlook Mobile Access, you will use a four-tier model, as Figure 6 shows, or a five-tier model. In a four-tier deployment, the WAP mobile client sends a WAP request to your service provider's WAP gateway, which translates the request into HTTP and forwards it to the Mobile Information Server in your network. The Mobile Information Server can reside in your Internet demilitarized zone (DMZ) so that communications from the service provider's WAP gateway to your Mobile Information Server remain outside your intranet.

Mobile Information Server then sends a request for the user's credentials to the WAP client through the service provider's WAP gateway. The client submits his or her name and password to the Mobile Information Server through the WAP gateway. Mobile Information Server authenticates the client against Active Directory (AD). Mobile Information Server supports two kinds of credentials. Mobile credentials require you to create separate AD user accounts for wireless remote access from Mobile Information Server. Native credentials use clients' standard AD accounts, but clients can't change their password without a wired Windows machine.

After Mobile Information Server verifies the user's credentials, the server converts the HTTP request from the WAP gateway to an HTTP-DAV request and sends it to Exchange Server. Exchange Server sends an HTTP-DAV response to Mobile Information Server, which transcodes the response into WML and sends it to the client through the WAP gateway. To secure your communications, you should ask your service provider to support WTLS between the client and gateway and TLS or SSL between the gateway and your Mobile Information Server.

Anywhere, Anytime, Any Device
Having learned the basics of WAP and Mobile Information Server, you're ready to consider building a WAP-enabled network. For more information about WAP, see "Related Web Sites." After your WAP network is in place, your mobile users can access your corporate data anywhere, anytime, and from any device.

Related Websites
FORUM:

WAP Forum
http://www.wapforum.org

WAP FORUM FOUNDERS:

Ericsson
http://www.ericsson.com
Motorola
http://www.motorola.com

Nokia
http://www.nokia.com

Openwave Systems
http://www.openwave.com

WAP DEVELOPMENT, PRODUCTS, AND PORTALS:
WAPfactory.net
http://www.wap.com

WAP-Resources.net
http://www.wap-resources.net

Wireless Data Forum
http://www.wirelessdata.org

Wireless Developer Network
http://www.wirelessdevnet.com

YES2WAP.com
http://www.yes2wap.com

YOURWAP.com
http://www.yourwap.com

MICROSOFT MOBILE INFORMATION 2001 SERVER AND MOBILITY VISION:

http://www.microsoft.com/servers/miserver
http://www.microsoft.com/directaccess/products/net/ mobile/default.asp
http://www.microsoft.com/business/mobility