This basic site architecture is fast evolving to serve a wider variety of needs beyond static document access and browsing. The Common Gateway Interface (CGI) extends the architecture-thirds to three by adding a back-end server that provides services to the Web server on behalf of the Web client, permitting dynamic composition of web pages. Helpers / plug-ins and Java / JavaScript provide other interesting Web architecture extensions. Common Gateway Interface (CGI) – CGI is a standard for interfacing external programs with Web servers (see Figure 1). The server hands client requests encoded in URLs to the appropriate registered CGI program, which executes and returns results as encoded MIME messages back to the server. CGI’s openness avoids the need to extend HTTP. The most common CGI applications handle HTML <FORM> and <ISINDEX> commands. CGI programs are executable programs that run on the Web server. They can be written in any scripting language (interpreted) or programming language (must be compiled first) available to be executed on a Web server, including C, C + +, Fortran, PERL, TCL, Unix shells, Visual Basic, Apple script, and others . Security precautions typically require that CGI programs be run from a specified directory (eg, / cgi-bin) under control of the webmaster (Web system administrator), that is, they must be registered with the system. Arguments to CGI programs are transmitted from client to server environment variables via encoded in URLs. The CGI program typically returns HTML pages that it constructs on the fly. Some problems with CGI are: the CGI interface requires the server to execute a program the CGI interface does not provide a way to share data and communications resources so if a program must access an external resource, it must open and close that resource. It is difficult to construct transactional interactions using CGI. The current version is CGI/1.1. W3C and others are xperimenting with next generation object-oriented APIs based on OMG IDL; Netscape provides Netscape Server API (NSAPI) and Progress Software and Microsoft provide Internet Server API (ISAPI). Helpers / Plug-ins – When a client browser retrieves a file, it launches an installed helper application or plug-in to process the file based on the file’s MIME-type (see below). For example, it may launch a Postscript or Acrobat reader, or MPEG or QuickTime player. A helper application runs external to the browser while a plug-in runs within the browser. For information on how to create new Netscape Navigator plug-ins, see The Plug-in Developer’s Guide. Common Gateway Client (ITC) – this gateway allows a third-party application to remotely control the Web browser client. Client APIs Netscape 2.0 (NCAPIs) depends on platform specific native methods of interprocess communication (IPC). They plan to support DDE and OLE2 for Windows customers, X properties for UNIX customers, and Apple Macintosh Events for customers.
Extensions to HTTP. W3C and IETF Application Area HTTP Working Group are working together on current and future versions of HTTP. The HTTP-NG project is assessing two implementation approaches to HTTP “replacements”: Spero’s approach – allows many requests per connection, the requests can be asynchronous and the server can respond in any order, allowing several transfers in parallel. A “session layer” the connection divides into numerous channels. Control messages (GET requests, meta information) are returned in a control channel, each object is returned in its own channel.W3C approach – Jim Gettys at W3C is using Xerox ILU (a variant CORBA) to implement an ILU transport similar to Spero’s session protocol. The advantages of this approach are openness with respect to plug gable transport protocols, support for multiple language environments, and a step towards viewing the “web of objects.” Related to this approach, Netscape recently announced future support for OMG Internet Inter-ORB Protocol (IIOP) standard on both client and server. This will provide a uniform and language neutral object interchange format making it easier to construct distributed object applications.
Java / JavaScript – Java is a cross-platform programming language WWW modeled after C + + from Sun Microsystems. Java programs embedded in HTML documents are called applets and are specified using <APPLET> tags. The HTML for an applet contains a code attribute that specifies the URL of the file compiled applet. Applets are compiled to a platform-independent byte code which can safely be downloaded and executed by the Java interpreter embedded into the Web browser. Browsers that support Java are said to be Java-enabled. If performance is critical, a Java applet can be compiled to native machine language on the fly. Such a compilation is known as a Just-In-Time (JIT) compiler. JavaScript is a scripting language designed for creating dynamic, interactive Web applications that link together objects and resources on both clients and servers. A client JavaScript can recognize and respond to user events such as mouse clicks, form input, and page navigation, and query the state or alter the performance of an applet or plug-in. A server JavaScript script can exhibit behavior similar to common gateway interface (CGI) programs. JavaScript scripts are embedded in HTML documents using <SCRIPT> tags. Similar to Java applets, JavaScript scripts are directly interpreted within the client’s browser and are therefore platform-independent. For a comparison of Java and JavaScript, see here. The Java Language Specification can be found here, a Java tutorial here, the Java Virtual Machine (interpreter) here, the Java Developer’s Kit (JDK) here, and Java FAQs here. A comprehensive Java page of resources can be found at JPL.
The JavaScript Language Specification can be found here, a JavaScript tutorial here, and the JavaScript FAQs here. The IETF Security Area Web Transaction Security (WTS) Working Group is working on security services for WWW. As chartered, it has produced Internet-drafts of Requirements for Web Transaction Security and a Secure Hyper Text Transfer Protocol specification Security Extensions For more HTML.