In this section: |
Before you begin using the HTTP tools that are available in iSM, it is recommended that you have a good understanding of HTTP, and the types you plan to support.
Hypertext Transfer Protocol (HTTP) is the foundation of data communication for Web browsers and servers. It is the default network request/response system used to transfer files from one host to another over the Internet.
HTTP is an application-layer network protocol built on top of Transmission Control Protocol - Internet Protocol (TCP/IP) which enables two hosts to establish a connection between them and exchange files or data streams. In addition:
HTTP first came into common use in 1996, prior to the creation of today’s encryption mechanisms. Other aspects of the protocol that have come to be viewed as shortcomings are being addressed in technologies such as JavaScript and ActiveX. Nevertheless, HTTP remains a bedrock technology. One reason for this is encryption capability has been appended to HTTP as detailed in the following section.
To implement secure transmissions that encrypt the user name, password, and content, HTTP is often protected with Secure Sockets Layer - Transport Layer Security (SSL/TLS). The designation HTTPS indicates HTTP that uses SSL/TLS.
In addition, HTTPS provides bidirectional encryption for counterparty authentication, designed to prevent packet capture and other man-in-the-middle attacks. Originally used for payment transactions on the World Wide Web, HTTPS grew to be used for e-mail and for any other private transactions in corporate information systems.
Due to encryption processing, it may be slower than native HTTP. HTTPS typically uses port 443.
HTTP versus HTTPS
The following table compares HTTP to HTTPS.
|
HTTP |
HTTPS |
|---|---|
|
Default Port - 80 |
Default Port - 443 |
|
Additional Protocol - No |
Additional Protocol - Yes. Uses the Secure Sockets Layer (SSL) which transports secure data to and from the server. |
|
Sender/Receiver Identification - No |
Sender/Receiver Identification - Yes. SSL encrypts the data, preventing third party access. |
|
Certificate - No |
Certificate - Yes. The owner of the Web site purchases a certificate from a trusted authority. |
Native HTTP is synchronous, processing one request/response pair at a time. It blocks the next request, preventing it from beginning until the active request has completed. However, this behavior is not always desirable.
Non-blocking HTTP (nHTTP) is asynchronous. It permits subsequent requests to begin processing before the current request has completed. In addition to improved performance, nHTTP provides an array of configurable parameters for security, connectivity, and header manipulation.
HTTP versus nHTTP
The following table compares HTTP to nHTTP.
|
HTTP |
nHTTP |
|---|---|
|
Synchronous - waits for a task to finish before processing the next task. |
Asynchronous - Begins to processes other tasks before the current one completes. |
|
Blocking - processes one request/response pair at a time - the protocol handler is not required to match a request to its paired response. |
Non-Blocking - can process a request and its related response independently from one another, therefore the protocol handler must match a request to its paired response. |
|
Stateless - provides a response after a request, then requires no further attention. For high availability, a stateless service requires redundant, load-balanced instances. |
Stateful - can process subsequent requests to the service depending on the results of a prior request. For high availability, a stateful service can use an active/passive or active/active configuration. |
| iWay Software |