Although any application server is capable of serving up WML pages, the leading-edge method of generating WML pages is to store your Web content in XML format and apply XML style sheets on the XML to generate WML.

Cocoon, a set of open-source tools offered by the Apache XML project (xml.apache.org) is Java servlet technology that can easily transform XML-encoded Web content into WML using XML Style Sheet technology. If you're interested in this approach to generating WML content, Cocoon is a good place to study how these transformations can be accomplished.

Similar capabilities are offered by the Art Technology Group's Dynamo 4.5 application server (www.atg.com) and the open-source Enhydra application server (www.enhydra.com), both of which take different approaches to compiling content into Java classes.

It's easy enough to deploy your WAP application and let the network providers handle all the WAP gateway chores. In fact, the location of the WAP gateway that your cell phone uses is usually preprogrammed into your handset. But there are cases when having the network service provider's WAP gateway handle all the format and protocol conversions between the Internet and WAP may not be in your best interest.

In particular, when secure connections are required between the cell phone and your server, you may want to manage the entire connection yourself. That's because a potential security hole opens up where the WAP gateway translates between Wireless Transport Layer Security (WTLS) and Transport Layer Security (TLS) connections since the encrypted channels essentially must be stopped and restarted.

Some businesses will prefer to run their own WTLS sessions from behind the corporate firewall. The WAP Forum is working on a new standard to allow companies to run their own secure, direct connections. That standard, called the Proxy Navigation Model, will let network service operators such as AT&T Wireless and Sprint PCS temporarily cede control of their WAP gateways to a WAP gateway located behind your company's firewall.

For companies that need a high level of security now, the only choice in the United States is to run a private Internet connection, such as a T1 line, directly to the network service provider and use a dedicated WAP gateway in the service provider's machine room.

Secure channels, of course, require use of digital certificates. Unfortunately, cell phones lack both the secure storage for digital certificates and the computational power necessary to handle encryption algorithms. Benchmarks conducted by Ericsson have found cell phones taking as long as 15 minutes to handle the RSA handshake necessary for WTLS connections-far longer than any user would wait.

The lack of secure storage is addressed in the WAP 1.2 standard, released in December, but it may be another year or so before we see compatible handsets in the United States. Those handsets will probably look like the European WAP handsets, which have a small card slot under the battery that holds a Subscriber Identity Module (SIM) card. That device, which in Europe holds cell phone subscriber identification data, could contain digital certificate information for the subscriber and possibly even a co-processor to aid in numerical calculations.

The WAP 1.2 standard defines a WAP Identity Module standard for holding all the user identity and security information necessary for secure connections with WTLS. It's not clear yet whether a new WIM card will be developed or simply an updated version of the SIM card with WIM information on it.

continued...page 4
return to page 1, 2