Professional Documents
Culture Documents
WAP2000 Overview
WAP2000 Overview
WAP2000 Overview
Copyright © Nokia Corporation 2002, 2001, 2000, 1999. All rights reserved.
We welcome and consider all comments and suggestions. Join the Nokia Software Developer Forum
at:
http://www.forum.nokia.com
This document is part of the Nokia Mobile Internet Toolkit. Reproduction, distribution or
transmission of part or all of this documentation in any form without the prior written permission
of Nokia is prohibited.
The content of this documentation may be changed without prior notice.
“Nokia,” the arrows symbol and Nokia’s product names are trademarks of Nokia.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun
Microsystems, Inc. in the United States and other countries.
Microsoft, Windows, Windows NT, and Windows 2000 are registered trademarks of Microsoft
Corporation.
Portions of the Nokia Mobile Internet Toolkit contain technology used under license from the World
Wide Web Consortium and are copyrighted by the World Wide Web Consortium (Massachusetts
Institute of Technology, Institut National de Recherche en Informatique et en Automatique, Keio
University).
Contents
Preface................................................................................................................7
Audience.................................................................................................................................... 7
Typographical Conventions....................................................................................................... 7
Related Documents................................................................................................................... 8
Task Elements..................................................................................................27
go Element .............................................................................................................................. 27
prev Element ........................................................................................................................... 28
refresh Element ....................................................................................................................... 29
noop Element .......................................................................................................................... 29
Variables...........................................................................................................31
Naming Variables .................................................................................................................... 31
3
Setting Variables ..................................................................................................................... 32
Substituting Variables.............................................................................................................. 32
Variable Example .................................................................................................................... 33
WMLScript........................................................................................................ 57
WMLScript Standard Libraries ................................................................................................ 57
WML and WMLScript Examples.............................................................................................. 58
Example: Random Number Generator............................................................................... 58
WML code (random.wml)................................................................................................. 58
WMLScript Code (random.wmls) ..................................................................................... 59
Example: Currency Converter............................................................................................ 59
WML Code (currency.wml) .............................................................................................. 59
WMLScript Code (currency.wmls) ................................................................................... 60
Example: Mortgage Payment Calculator ........................................................................... 62
WML Code (mortgage.wml) ............................................................................................. 62
WMLScript Code (mortgage.wmls) .................................................................................. 63
Example Description ........................................................................................................ 63
4
Stock Quote Generation Servlet ...................................................................................... 73
Push Initiator Program ....................................................................................................... 76
Registering for the Stock Quote Service ............................................................................ 80
The HTML Registration Form .......................................................................................... 80
The Stock Registration Servlet ........................................................................................ 81
Notes on the Push Application ........................................................................................... 82
Glossary ...........................................................................................................97
5
Preface
Audience
This guide introduces various aspects of WAP technology in a convenient, easy to read manner. It
thus provides an overview of developing WAP applications that use the two major content types:
WML and WML Script. In addition, there are chapters about other WAP technologies for
implementing Push messages (Service Indication (SI), Service Loading (SL), Cache Operation, and
Multipart) and for WTLS and WIM Security.
This manual provides numerous examples of both client- and server-side WAP applications.
This guide is intended for WAP application developers and is provided as an accompaniment to the
Nokia Mobile Internet Toolkit User's Guide. The User's Guide provides a comprehensive description of
the Toolkit user interface.
This guide is not intended to serve as a comprehensive reference manual relating to the
technologies presented. It is essential for all application developers to download relevant WAP
specifications from the WAP Forum web site at http://www.wapforum.org/. Some of these
specifications are listed in the Preface in the section titled "Related Documents."
Typographical Conventions
Notation Explanation
Courier Text that you enter, program code, file and directory
names, function names.
7
Preface WAP June 2000 Overview
Related Documents
The following Nokia document describes the Toolkit user interface.
n Nokia Mobile Internet Toolkit User's Guide
The following specifications, in addition to several others, are created and maintained by WAP
Forum. They are freely available at http://www.wapforum.org/.
n WAP Architecture Specification
n WAP Wireless Application Environment Overview Specification
n WAP Wireless Application Environment Specification
n WAP Wireless Markup Language Specification
n WAP WMLScript Language Specification
n WAP WMLScript Standard Libraries Specification
n WAP Binary XML Content Format Specification
n WAP Wireless Session Protocol Specification
n WAP Push Architectural Overview
n WAP Push OTA Specification
n WAP Push Access Protocol Specification
n WAP Push Proxy Gateway Specification
n WAP Service Indication Specification
n WAP Service Loading Specification
n WAG User Agent Profile (UAPROF) Specification
8
WML Overview
Wireless Markup Language (WML) is a markup language that is based on the Extensible Markup
Language (XML) and is used for creating content destined for display on wireless mobile devices.
A WML source file has a MIME content type of text/vnd.wap.wml. An encoded or compiled
WML file has a MIME content type of application/vnd.wap.wmlc.
A WML file, whether encoded or not, is called a deck. A deck is the smallest unit of WML that a web
server can send to a user agent for processing in the mobile device.
The basic constituent of a WML deck is the card, which specifies a single interaction between the
device's user agent and the user. When a user agent receives a deck, it typically activates the first
card in the deck, though it can be directed to any particular card in the deck.
Deck
Card Card
Card Card
Card Card
Card Card
WML is a case-sensitive language, that is, Speed and speed are different entities. WML also
converts one or more contiguous newlines, carriage returns, tabs and spaces to a single space. To
make the examples contained here easier to follow, we have formatted them with newlines and
tabs. However, note that this formatting is not required for WML to be valid.
WML inherits most of its syntactic constructs from XML. For detailed information on the syntactical
issues of XML, refer to the XML Specification.
Entities
WML text can contain numeric or named character entities that specify specific characters in the
document character set. Entities are used to specify characters in the document character set which
must either be escaped in WML or which may be difficult to enter in a text editor. For example, the
ampersand (&) is represented by the named entity &. All entities begin with an ampersand
and end with a semicolon.
9
WML Overview WAP June 2000 Overview
Tags
A tag is a language element descriptor. A tag describes an element and contains an element type
name and a unique identifier. A tag could also include attributes describing other properties.
WML consists of content surrounded by formatting tags, each enclosed in a pair of angle brackets,
< and >.
<tag> This starts an element. The start tag can contain attributes.
<tag/> This is an empty element, for example <br/>, indicating a line break.
Elements
Elements specify all markup and structural information for a WML deck. Elements may contain a
start tag, content, other elements, and an end tag. Elements have one of two structures:
<tag> content </tag>
- or-
<tag/>
Elements containing content and other elements are identified by a start tag <tag> and an end
tag </tag>. An empty-element tag <tag/> identifies elements with no content.
The following table lists some commonly used WML elements:
Events do
ontimer
onenterforward
onenterbackward
onpick
onevent
postfield
Tasks go
prev
10
WAP June 2000 Overview WML Overview
refresh
noop
Variables setvar
Text formatting br
p
table
tr
td
pre (WAP 1.2 and 1.3)
You use WML elements to create the various components of a card. You might have a component
that creates a connection between one document and another, or between one part of a document
to another part. This type of component is called a link. Or, you might need a component that is
simply part of getting a job done. This type of component is called a task.
WML elements fall into different categories to handle these different components, as explained in
following sections.
For detailed information on the WML elements, refer to the WAP Wireless Markup Language
Specification (see the section titled "Related Documents").
Attributes
Many WML elements allow you to include attributes in them. Attributes specify additional
information for an element. You always specify attributes in the start tag of an element, using the
following syntax:
<tag attribute1="value1" attribute2="value2" attribute3="value3"...>
You separate each option-value pair by white space, which may be a tab, newline, carriage return,
or space character. You must enclose the value in double quotation marks (").
11
WML Overview WAP June 2000 Overview
Comments
WML comments follow the XML commenting style and have the following syntax:
<!-- a comment -->
Comments are intended to be used by the WML author and are not displayed to the user by the user
agent. Note that WML comments cannot be nested.
Variables
Parameters can be set for WML cards and decks using variables. To substitute a variable into a card
or deck, the following syntaxes are used:
$identifier
$(identifier)
$(identifier:conversion)
Parentheses are required if white space does not indicate the end of a variable. Variable syntax has
the highest priority in WML, that is, anywhere the variable syntax is legal, an unescaped ‘$’
character indicates a variable substitution. Variable references are legal in any PCDATA and in any
attribute value identified by the vdata entity type.
Case Sensitivity
XML is a case-sensitive language, and WML has inherited this characteristic. No case folding is
performed when parsing a WML deck. This implies that all WML tags, attributes and contents are
case sensitive. In addition, any enumerated attribute values are case sensitive.
For example, the following attribute values are all different:
n id="Card1"
n id="card1"
n id="CARD1"
12
WAP June 2000 Overview WML Overview
WML Structure
A valid WML deck is a valid XML document and therefore must contain an XML declaration and a
document type declaration (in this case for WAP 1.1) as follows:
<?xml version="1.0"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN"
"http://www.wapforum.org/DTD/wml_1.1.xml">
A WML deck begins and ends with the wml element, while all other elements lie between these
start and end tags:
<wml>
...all other elements...
</wml>
The following is a simple WML deck containing a single card. Note that the line numbers are used
for reference purposes only and are not part of the actual code.
<?xml version="1.0"?> <!-- 1 -->
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML <!-- 2 -->
1.2//EN"
"http://www.wapforum.org/DTD/wml12.dtd"> <!-- 3 -->
<wml> <!-- 4 -->
<card id="First_Card" title="First Card"> <!-- 5 -->
<p> <!-- 6 -->
The first WML example <!-- 7 -->
</p> <!-- 8 -->
</card> <!-- 9 -->
</wml> <!-- 10 ->
3 The third line specifies the location of the WML document type definition (DTD). The DTD can be
located in the network, or you can store it locally to make accessing it faster.
4 The fourth line defines the header of the WML deck. All WML decks must begin with a <wml>
tag and end with a </wml> tag.
5 The following lines define a card containing a start and an end tag and text to be displayed to
the user.
6 The last line is the deck footer. The user agent treats everything between the deck header and
the deck footer as a single WML deck.
When a user agent loads the deck, it is displayed as shown below.
13
WML Overview WAP June 2000 Overview
14
Deck and Card Elements
The following table briefly explains the elements you use to define the cards within a deck.
Element Explanation
wml Defines a deck and encloses all the information and cards in
the deck.
card Indicates the general layout and user schemes in the user
agent.
card Element
The card is the basic unit of navigation within a deck. It is possible to move from one card to
another within the same deck or to move to another deck. Unless specified otherwise, upon
navigation to another deck, the first card is displayed.
The following is a simple card:
<card id="card_name" title="title">
<p>
Text containing <i> information </i>.
</p>
</card>
The following table describes the elements and attributes displayed in the above card.
15
Deck and Card Elements WAP June 2000 Overview
16
WAP June 2000 Overview Deck and Card Elements
template Element
The template element enables you to specify that certain task elements (listed below) be
executed whenever any card in the deck is entered. The task specified by the template element will
be executed unless that task is overriden by another task element specified within the card.
A do element’s scope covers the wml element in which it is defined. If you define it in a deck’s
template, it applies to the whole deck, that is to every card in that deck. If you define it in a
card, it applies only to that individual card. Note that when a do element appears inside another
element, the element with the narrower scope takes precedence.
You can include the following elements in a template:
n do
n onevent
n onenterforward
n onenterbackward
n ontimer
In the following example, a deck-level do element indicates that a prev task should execute on
receipt of a particular user action.
n The first card inherits the do element specified in the template and will display the do to the
user.
n The second card overrides the deck-level do element with a noop. The user agent will not
display the do element when displaying the second card.
n The third card does not override the deck-level do element because it uses a different name
attribute.
<wml>
<template>
<do type="options" name="Prev" label="Previous">
<prev/>
</do>
</template>
<card id="First_Card">
<do type="accept" name="Next" label="Next">
<go href="#Second_Card"/>
</do>
<!-- deck-level do not overridden. The card exposes
the deck-level do as part of the current card. -->
<p>
Card 1
<!-- rest of the card -->
...
</p>
</card>
17
Deck and Card Elements WAP June 2000 Overview
<card id="Second_Card">
<do type="accept" name="Next" label="Next">
<go href="#Third_Card"/>
</do>
<p>
Card 2
<!-- rest of the card -->
...
</p>
</card>
<card id="Third_Card">
<!-- deck-level do is not overridden because the
following <do> element uses a different name
attribute -->
access Element
When you specify a URL, you gain access to all the variables it uses. To give you control over this
potential security risk, WML supports access control performed with the access element.
You can use the access element in the deck header to specify access control for the entire deck.
The following is a simple example using the access element:
<wml>
<head>
<access domain="domain" path="path"/>
</head>
<card id="card1">
<p>
Card content
</p>
</card>
</wml>
18
WAP June 2000 Overview Deck and Card Elements
prev None.
19
Deck and Card Elements WAP June 2000 Overview
Secure WML
The following WML elements and attributes help to reduce security risks when creating WML
services.
20
WAP June 2000 Overview Deck and Card Elements
Deck2a.wml Example
In card1 the template task is overridden with a no-operation task. The third card includes a go
task that specifies the URL of the deck2b.wml. When the user activates the go task, the user
agent navigates to the deck and displays its content.
<?xml version="1.0"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN"
"http://www.wapforum.org/DTD/wml_1.1.xml">
<wml>
<template>
<do type="prev" name="Previous" label="Previous">
<prev/>
</do>
</template>
<card id="card1" title="First Card" newcontext="true">
<p>
Card 1 ... <br/>
<do type="accept" label="Next Card">
<go href="#card2"/>
</do>
21
Event Elements
Several WML elements can generate intrinsic events when the user interacts with them. These
intrinsic events indicate state transitions inside the user agent. WML defines the four intrinsic
events described in this section.
The following table briefly describes these elements.
Element Explanation
do Element
A card element can contain do elements that assign a task to a certain key. The following is a
simple example of a do element:
<do type="tasktype" label="label" name="name" optional="false">
23
Event Elements WAP June 2000 Overview
Entity Explanation
ontimer Element
The timer element declares the existence of a card timer, which is started upon card entry and
stopped upon card exit. This timer can be used to process inactivity or idle time. The value of a timer
will decrement from the initial value, triggering the delivery of an ontimer event when the timer
reaches the value zero. It is a WML syntax error to have more than one timer in a card.
The timeout value is specified in units of one-tenth (1/10) of a second. However, note that you
should not expect a particular timer resolution.
Component Explanation
24
WAP June 2000 Overview Event Elements
The timer element is used in conjunction with the ontimer entity, which is specified in the
card element in the format ontimer="/next". The ontimer entity specifies a URL to fetch
upon timer expiration.
The following is a simple example of how to use the timer element:
<card id="cardname" ontimer="/next">
<timer name="key" value="50"/>
<p>
Hello World!
</p>
</card>
onenterforward Element
The onenterforward event occurs when the user navigates to a card using a go task or any
other method with identical semantics.
onenterbackward Element
The onenterbackward event occurs when the user navigates into a card using a prev task or
any method with identical semantics. In other words, the onenterbackward event occurs when
the user navigates into a card by navigating to a URL that has been retrieved from the history stack.
25
Event Elements WAP June 2000 Overview
onpick Element
One of the attributes of the options element is onpick, having the format
onpick="/url".
In a multiple-selection option list, when the user selects or deselects the option having the
onpick attribute, the user agent navigates to the URL specified by the onpick attribute.
onevent Element
The onevent element binds a task to one of the three previously discussed intrinsic events--
ontimer, onenterforward, or onenterbackward--using the format <onevent
type="intrinsic-event">.
Using the onevent element gives you more control over user agent behavior. An onevent element
is implemented within a parent element, specifying the full event binding for a particular intrinsic
event. For example, consider the following WML code:
<card>
<onevent type="onenterforward">
<go href="/url"/>
</onevent>
<p>
Hello
</p>
</card>
26
Task Elements
A do element can specify tasks that the user agent is to do when the user presses a key or
navigates to a card or deck. The go, prev, noop and refresh tasks of WML are described in the
following table.
Task Explanation
go Element
The go element directs the user agent to the location specified by an href. If the href names a
WML card or deck, it is displayed.
The following is a simple example using the go element.
<go href="#card2"/>
The following table describes the elements used in the above example.
27
Task Elements WAP June 2000 Overview
prev Element
The prev element declares a prev task, indicating navigation to the previous URI on the history
stack. A prev performs a pop operation on the history stack.
The following table lists attributes of the prev element.
28
WAP June 2000 Overview Task Elements
refresh Element
The refresh element declares a refresh task, indicating an update of the user agent context
as specified by the setvar element. Side effects of the state changes that are visible to the user
(for example, a change in the screen display) occur during the processing of the refresh task.
noop Element
The noop element specifies that nothing should be done, that is, “no operation”. You will find this
a useful element when you want to override template action.
29
Variables
Parameters can be set for all WML content. This gives you flexibility in creating cards dynamically,
changing displayed content, and navigating based on user input. WML variables can be used instead
of strings; their current value is substituted at runtime.
Variables allow you to create dynamic decks and cards based on user input.
You use the setvar element to specify a variable.
Naming Variables
WML variable names consist of a US-ASCII letter or underscore followed by a zero or more letters,
digits, or underscores. Any other characters are illegal. Note also that variable names are case-
sensitive. Parentheses are required anywhere the end of a variable cannot be inferred from the
surrounding context, for example, if the variable ends with an illegal character such as a white
space. The following examples demonstrate legal variables:
This is a $var
This is another $(var).
This is an escaped $(var:e).
Long form of escaped $(var:escape).
Long form of unescape $(var:unesc).
Short form of no-escape $(var:N).
Other legal variable forms: $_X $X32 $Test_9A
A side effect of the parsing rules is that the literal dollar sign must be encoded with a pair of dollar
sign entities. A single dollar sign entity, even when specified as $, results in a variable
substitution.
In order to include a $ character in a WML deck, it must be explicitly escaped by using the
following syntax:
$$
Two dollar signs in a row are replaced by a single $ character. For example:
This is a $$ character.
would be displayed as:
This is a $ character.
To include the $ character in URL-escaped strings, specify it with the URL-escaped form %24.
31
Variables WAP June 2000 Overview
Note that variable names are case sensitive. This means that variable1, Variable1 and
varIABle1 are all different variables.
Setting Variables
There are a number of ways to set the value of a variable.
n The setvar element, which can be specified in the following task elements:
— go
— prev
— refresh
n The input element, which sets the variable (specified by the name attribute) to whatever the
user enters.
n The select element, which sets the variable (specified by the value attribute) based on the
user's choice of options..
Note that the user input is written to variables when the user commits the input to the input or
select element.
The VAR element specifies a variable name and value, for example:
<setvar name="location" value="$(X)"/>
Note the following when setting variables:
n You can change variable values set with WML using WMLScript and vice versa, meaning that
WML and WMLScript use the same variables.
n You can use the newcontext attribute to clear all the variable values of the current browser
context.
Substituting Variables
You can substitute variable values into formatted text, option values, and URL attributes in WML
elements. However, note that only textual information can be substituted, that is, no substitution of
elements or attributes is possible. The substitution of variable values happens at runtime in the user
agent. As the substitution is merely a string substitution operation, it does not affect the current
value of the variable. If an undefined variable is referenced, it results in the substitution of the
empty string.
The following table describes how you can substitute variable values.
32
WAP June 2000 Overview Variables
Note that the use of a conversion during variable substitution does not affect the actual value of
the variable.
If no conversion is specified, the variable is substituted using the conversion format appropriate for
the context. The onenterbackward, onenterforward, href and src attributes default to
escape conversion; elsewhere, no conversion is done. Specifying the noesc conversion disables
context-sensitive escaping of a variable.
Variable Example
The following example demonstrates the use of tasks and variables in WML decks and cards. Note
that the variables will not be set until the user navigates to the second card of the deck.
<wml>
<card id="card1" title="First Card" newcontext="true">
<p>
Card 1 Contents... <br/>
33
Variables WAP June 2000 Overview
</card>
<p>
Card 2 Contents... <br/>
card1 var1 = $(card1_var1) <br/>
card2 var1 = $(card2_var1) <br/>
</p>
n When you press Options to navigate to the second card, the variable card1_var1 is set.
n Upon entry to the second card, the variable card2_var1 is set and the browser context is
refreshed. Now the user agent displays the following user interface:
34
User Input Elements
The user input elements provide a mechanism for capturing user input. The following table lists
these elements.
Element Description
input Element
The input element specifies a text entry object. You can determine the format of the string the
user enters and place default text in the entry field.
The following is a simple example using the input element:
<card>
Entry: <input name="varname" default="default"
format="fmt" emptyok="boolean" size="input_size"
maxlength="max_char"/>
</card>
The following table lists the input attributes used in the above example.
35
User Input Elements WAP June 2000 Overview
36
WAP June 2000 Overview User Input Elements
The following deck defines a card requesting the user to enter a name and a card displaying the
name entered.
<wml>
<card id="Card_1" title="Card 1">
<do type="accept">
<go href="#Card_2"/>
</do>
<p>
Enter your name: <input name="username"/>
</p>
</card>
37
User Input Elements WAP June 2000 Overview
1 When you navigate to the card, the prompt asks you to enter your name. Press Options to see
the selections. Press Select to go to input card.
2 In the input card that appears, enter your name by using your computer keyboard or the
keypads of the simulation phone. When you are done, press OK.
3 The first card appears again, with the name you entered. Press OK to go to the second card of
the deck.
The name attribute specifies a variable name to which the phone stores the text that the user
enters in the text entry field. To substitute a variable value at runtime, you must add a dollar sign
($) in front of the variable name.
select Element
A select list specifies a list of options that the user can choose from. WML supports both single-
choice and multiple-choice lists.
The following is a simple example using the select element:
<card id="card1" title="Currency" newcontext="true">
<p>
Amount: <input format="*N" name="amount"
title="Amount:"/>
<select name="from" value="USD" title="From:">
<option value="DEM">German Mark</option>
<option value="FRF">French Franc</option>
<option value="FIM">Finnish Markka</option>
<option value="USD">US Dollar</option>
</select>
<select name="to" value="FIM" title="To:">
<option value="DEM">German Mark</option>
<option value="FRF">French Franc</option>
38
WAP June 2000 Overview User Input Elements
The following table describes the attributes of the select element used in the above example:
39
User Input Elements WAP June 2000 Overview
Single-Choice List
The following example illustrates a simple single-choice list with a default value. Note the
following:
n The “dog” option would be pre-selected if the “I” variable had not been previously set.
n If the user were to choose the “cat” option, the variable “I” would be set to a value of “2”.
<wml>
<card>
<p>
Please choose your favorite animal:
<select iname="I" ivalue="1">
<option value="D">Dog</option>
<option value="C">Cat</option>
</select>
</p>
</card>
</wml>
This deck generates the following interface in the user agent (as shown on a 6150 model phone):
40
WAP June 2000 Overview User Input Elements
Multiple-Choice List
The following example specifies a multiple-choice list. Note the following:
n The “dog” and “cat” options would be pre-selected if the variable “I” had not been previously
set.
n If the user were to choose the “cat” and “horse” options, the variable “X” would be set to “C;H”
and the variable “I” would be set to “2;3”.
<wml>
<card>
<p>
Please choose <i>all</i> of your favorite
animals:
<select name="X" iname="I" ivalue="1;2"
multiple="true">
<option value="D">Dog</option>
<option value="C">Cat</option>
<option value="H">Horse</option>
</select>
</p>
</card>
</wml>
This deck generates the following interface in the user agent (as shown on a 6150 model phone):
41
User Input Elements WAP June 2000 Overview
Character Explanation
M Allows any character. The user agent may choose to assume that
the character is uppercase for the purposes of simple data entry,
but must allow entry of any character. This is the default format.
m Allows any character. The user agent may choose to assume that
the character is lowercase for the purposes of simple data entry,
but must allow entry of any character.
42
WAP June 2000 Overview User Input Elements
Character Explanation
For example, let us suppose that you use the format specifier
\(3N\). This instructs the user agent to automatically insert a
left parenthesis before the user has entered anything, and a right
parenthesis after the user has entered three digits.
The following example is a card that prompts the user for a first name, last name and age. Note
that in the Age field the user can enter a two-digit number.
<card>
<p>
First name: <input type="TEXT" name="first"/><br/>
Last name: <input type="TEXT" name="last"/><BR/>
Age: <input type="TEXT" key="age" format="NN"/>
</p>
</card>
43
Anchors and Images
anchor Element
The anchor and a elements specify the head of a link. The tail of a link is specified as part of
other elements, for example, a card name attribute. Note that it is a WML syntax error to nest
anchored links.
You can use anchors anywhere formatted text is legal, except for option elements.
An anchored link must have an associated task that specifies the behavior when the anchor is
selected. You must anchor one of the following task elements to a link:
n go
n prev
n refresh
Note that it is a WML syntax error to specify more than one task in either an anchor or a
element.
The a element is a short form of the anchor element and is bound to a go task without variables.
For example, the following markup
<anchor>follow me
<go href="destination"
</anchor>
is identical semantically to the following markup
<a href="destination">follow me</a>
45
Anchors and Images WAP June 2000 Overview
The following table describes the elements used within the anchor element in the above example
(note that the anchor element can also specify the xml:lang attribute:
The following WML deck includes a link to file.wml. When the user activates the link, the user
agent navigates to file.wml and sets the specified variable.
<wml>
<card id="links" title="Links">
<p>
This is normal text, but here is a
<anchor title="LINK">link!
<go href="dir/file.wml">
<setvar name="var_name" value="var_value"/>
</go>
</anchor>
</p>
</card>
</wml>
The deck generates the following text in the user agent:
img Element
The img element indicates that an image is to be included in the text flow. The following is a
simple example using the img element.
<card id="card_name" title="title">
<p>
This text flow presents an
<img alt=”Picture not available”
46
WAP June 2000 Overview Anchors and Images
src=”http://three.com/picture.wbmp” />
that I designed myself.
</p>
</card>
The following table describes the attributes of the img element used in the above example.
47
Text Formatting Elements
The following sections describe using WML elements to format text that is displayed on the user
agent screen.
Emphasis
The emphasis tags specify text emphasis markup information. The emphasis tags are described in
the following table.
49
Text Formatting Elements WAP June 2000 Overview
n If mode="wrap" is specified, the line is word-wrapped onto multiple lines. In this breaking
mode, line breaks should be inserted into a text flow as appropriate for presentation on an
individual device, and any space between words is a legal line breaking point.
n If mode="nowrap" is specified, the line is not automatically wrapped. In this non-breaking
mode, the user agent must provide a mechanism to view entire non-wrapped lines (horizontal
scrolling, for example, or some other user-agent-specific mechanism).
Any space between words is a legal line break point. The non-breaking space entity ( or
 ) indicates that the user agent must not treat the space as a space between words. It is
recommended that you use to prevent unwanted line breaks. The soft-hyphen character
entity (­ or ­) indicates a location that may be used by the user agent for a line break.
If a line break occurs at a soft-hyphen, the user agent inserts a hyphen character (-) at the
end of the line. In all other operations, the soft-hyphen entity is ignored. Note also that a user
agent may ignore soft-hyphens when formatting text lines.
The p tag establishes both the new wrap and alignment parameters for a paragraph. If the wrap
mode is not specified, it is identical to the line–wrap mode of the previous paragraph in the current
card. If the text alignment is not specified, it defaults to left.
Empty paragraphs, such as an empty element or an element with only insignificant white space,
should be considered as insignificant and ignored by visual user agents. Insignificant paragraphs do
not impact line-wrap mode. If the p element in a card does not specify a line-wrap or alignment
mode, that mode defaults to the initial mode for the card. The user agent must insert a line break
into the text flow between significant p elements.
table Element
You use the table element, with the tr and td elements, to create sets of aligned columns of
text and images. The table elements determine the structure of the columns. The elements
separate content into columns, but do not specify column or intercolumn widths.
The user agent makes a best effort to present the information in a manner appropriate to the
device. Note that you cannot nest table elements. Tables are constructed using the following
three elements.
50
WAP June 2000 Overview Text Formatting Elements
The alignment of the text and images within a column is specified by the align attribute. You
can align the contents of a column center, left, or right. The align attribute value is interpreted as
a list of alignment designations, one for each column. You specify center alignment with the value
"C", left alignment with the value "L", and right alignment with the value "R".
The first designator in the list applies to the first column, the second designator to the second
column, and so on. The default alignment is applied for any column for which an alignment
designation is omitted. For left-to-right languages, the default alignment is left. For right-to-left
languages, the default alignment is right.
You must use the columns attribute to specify the number of columns for the row set. The user
agent must create a row set with exactly the number of columns specified by the columns
attribute value.
If the actual number of columns in a row is less than the value specified in the columns attribute,
the row must be effectively padded with empty columns. The orientation of the table depends on
the language: for left-to-right languages, the leftmost column is the first column in the table.
Columns are added to the right side of a row to pad left-to right tables. Columns are added to the
left side of a row to pad right-to left tables.
If the actual number of columns in a row is greater than the value specified by the columns
attribute, the extra columns of the row must be aggregated into the last column, such that the row
contains exactly the number of columns specified. A single inter-word space must be inserted
between two cells that are being aggregated.
Depending on the display characteristics, the user agent may create aligned columns for each table,
or may use a single set of aligned columns for all tables in a card. To ensure the narrowest display
width, the user agent should determine the width of each column from the maximum width of the
text and images in that column. A non-zero width gutter must be used to separate each non-empty
column.
The following example contains a card with a single column group, containing two columns and
three rows.
<wml>
<card>
<p>
<table columns="2" align="L">
<tr><td>One </td><td> Two </td></tr>
<!--row missing one cell -->
<tr><td>1<td/></tr>
<!-- row with too many cells -->
<tr><td>B</td><td>C<td/><td>D</td></tr>
</table>
</p>
</card>
</wml>
The following table describes the elements and attributes of the table element used in the above
example.
51
Text Formatting Elements WAP June 2000 Overview
Special Characters
WML supports both named and numeric character entities. Note that all numeric character entities
are referenced with respect to the document character set (Unicode) and not to the current
document encoding (charset). This means that the notation { always refers to the same
logical character, independent of the current character encoding.
WML supports the following character entity formats:
n Named character entities, such as & and <
n Decimal numeric character entities, such as {
n Hexadecimal numeric character entities, such as 
The following table illustrates the seven named character entities that are particularly important in
the processing of WML.
52
WAP June 2000 Overview Text Formatting Elements
! Note: The semicolon (;) is part of the escape sequence for a special character.
To include a special character, simply use the escaped notation described in the table above. For
example, the following code includes a less than character (<) in the escaped form <.
<wml>
<card id="Card_1">
<p>
Numerically 5 < 10
</p>
</card>
</wml>
This would generate the following screen display:
53
Text Formatting Elements WAP June 2000 Overview
Note that the user agent can only display a few lines at a time and so you must scroll down through
the display to see the last lines of the card.
In the user agent, the above WML generates the following display:
54
WAP June 2000 Overview Text Formatting Elements
1 Lines 1-3 define the document prologue that identifies the XML subset. This prologue must be
included at the beginning of every WML deck, that is, before every <wml> tag.
4 The fourth line defines the header of the WML deck. All WML decks must begin with a <wml>
tag and end with a </wml> tag.
5 The fifth line of the deck specifies the header of the first card. Like decks, cards require begin
and end tags, for example, <card> and </card>.
Most WML elements allow you to specify attributes. Attributes are entered in the form
attribute=value, where attribute is the attribute name and value is an alphabetic
or numeric value that you specify.
6 The sixth line defines an action, which specifies what the user agent should do when the user
presses a specified function key. The type attribute identifies the key (accept) and the label
attribute a label name (Next) for the specified key.
7 The seventh line specifies the action related to the specified key. The href attribute identifies
the target href destination, for example, the card named card2.
9 Lines 9 and 10 insert a paragraph break and then some text to display.
11 Lines 11 and 12 close the paragraph and terminate the first card.
13 Lines 13-17 specify a second card that displays some text, and line 18 terminates the deck.
55
WMLScript
This chapter discusses the features of the Wireless Markup Language Script (WMLScript) language
and how to use them.
WMLScript is part of the WAP application layer, and you can use it to add client side procedural
logic to WML cards and decks. The language is based on ECMAScript, but it has been modified to
better support low bandwidth devices such as mobile phones.
WMLScript can also be used as a standalone tool.
With WMLScript, you can supplement the functions of WML in the following ways:
n You can check the validity of user input.
n You can access facilities of the user agent. For example, on a mobile phone, allowing the
programmer to make phone calls, send messages, add phone numbers to the address book, or
access the SIM card.
n You can generate messages and dialogs locally, thus allowing alerts, error messages,
confirmations etc to be seen faster by the user.
n You can build extensions to the user agent software and configure a user agent after it has
been deployed.
For a detailed presentation of WMLScript, refer to the WAP WMLScript Language Specification (see
the section titled “Related Documents”).
Library Description
57
WMLScript WAP June 2000 Overview
Library Description
n The first card (card1) calls the WML script random.wmls and requests the function
getRandom that generates a random number.
n The second card (card2) shows the result of the WMLScript operation.
n The script file random.wmls generates a random number and returns the result to the second
card of the WML deck.
58
WAP June 2000 Overview WMLScript
59
WMLScript WAP June 2000 Overview
<onevent type="onenterforward">
<go href="currency.wmls#getInfoDate('date')"/>
</onevent>
<p>
The currency rates were obtained from the Federal
Reserve Bank of New York on $(date).
<do type="prev" label="Back">
<prev/>
</do>
</p>
</card>
</wml>
60
WAP June 2000 Overview WMLScript
61
WMLScript WAP June 2000 Overview
/*
* Return the results to the browser
*/
WMLBrowser.setVar(varName,returnString);
WMLBrowser.refresh();
}
62
WAP June 2000 Overview WMLScript
Example Description
1 Open and Show the file mortgage.wml. The simulation displays the following:
63
WMLScript WAP June 2000 Overview
This card displays the default values for principal, interest, and number of payments.
2 Use the UP and DOWN arrows to select a field; then choose the Options soft key to change its
value:
4 Edit the principal amount by choosing Clear to delete the last numeral entered and then
entering the desired value. Set the values similarly for the Interest and Num payments fields.
5 After entering all the values, select Calculate and then scroll down through the display to see
the last line which shows the monthly mortgage payment.
64
Push Message Framework
The Push Message Framework is a term used to describe all of the protocols, service interfaces, and
software entities, which together provide the capability of "pushing" data to user agents in a WAP
client device in an asynchronous manner, that is, without the end user specifically requesting to
receive this data.
Note that, because Push Gateway software has not been extensively deployed to date, Push
functions have not been extensively tested.
The Push Framework provides content providers the ability to make available to their mobile
customers new services such as automatic notification of new email, updated stock quotes, prepaid
bank balances, and so on.
The following figure depicts the Push Framework Architecture.
65
Push Message Framework WAP June 2000 Overview
In the Push Framework Architecture figure (above), the numbered arrows depict the sequence in
which the discrete events which comprise a Push Message transmission occur. Inside the arrows,
the content type of the transmission is labeled.
Typically, WML content is not pushed directly to a client user agent because its reception and
display could disrupt the user’s current browser activities. Instead, the Push Initiator program sends
a Push message, which contains a priority (or intrusiveness) level, a URL to fetch, and an alert
(typically text) message to display to the user.
This alert message is displayed at some point (that point depending on the intrusivenss level
specified) to the user. The text of the message presents the user with the opportunity to fetch the
URL which contains the WML content announced by the alert message.
A Push message can contain one of three content types: Service Indication (SI), Service Loading (SL),
and Cache Operation (C0). In addition, there is a composite type Push message, called Multipart,
which may contain one or more different content types, including a Push message content type. All
of these content types are discussed in some detail in the following sections.
66
WAP June 2000 Overview Push Message Framework
Attribute Description
created The date and time (in UTC format) of the creation of, or
last modification made to, the content specified by href.
si-expires The date and time when the SI expires and thereby can be
automatically deleted or marked as expired.
67
Push Message Framework WAP June 2000 Overview
Because the user may be busy with other activities, this service loading mechanism also provides
the push application developer with the option to set the level of intrusiveness. The SL may also
direct that the pulled content be cached only and not displayed or executed, as a performance
enhancement.
The Service Loading content type is specified by the sl element, which takes one required href
attribute and an optional action attribute. The following is an example of an sl Push message:
<?xml version="1.0"?>
<!DOCTYPE sl PUBLIC "-//WAPFORUM//DTD SL 1.0//EN"
"http://www.wapforum.org/DTD/sl.dtd">
<sl>
href= "http://www.stockquote.com/xyz.wml"
action= "execute-low"
</sl>
Attribute Description
action Attribute specifying what action the user agent should take
after “pulling” the service application. The three possible
values are:
(1) execute-low: the user agent loads the service application
into a new user agent context and executes it in the same
way as a method request initiated by the end user according
to the WAE specification in a non-intrusive manner.
(2) execute-high: same as execute-low except it MAY result
in user-intrusive behavior.
(3) cache: same as execute-low except instead of executing
the content, it is placed in cache, if cache exists; if there is no
cache, the application context is silently discarded.
68
WAP June 2000 Overview Push Message Framework
Attribute Description
69
Push Message Framework WAP June 2000 Overview
Multipart Content
A multipart message is a message containing multiple parts, each of which may have a different
content type. The multipart message is analogous to an envelope; it contains a set of headers and
an ordered list of component parts (its contents). Each part in turn consists of (1) a set of headers
that apply to that part (one of which is required to be a Content-Type header) and (2) its content.
The multipart message format may be used to improve the user's experience by minimizing latency,
or the time required to fetch content over the network. Thus, for example, a three-part multipart
message might consist of (1) a news flash indicating there is a weather update, (2) the text
containing a weather warning for a particular area, and (3) a map (WBMP image) of the affected
area. When the user’s client device receives the multipart message, it unpacks and stores each part
in the cache. Thus, the user, after having read the news flash, can read the weather warning and
view the map without waiting for these items to be retrieved over the network.
The Toolkit can display a multipart message, whether it is pushed to the Toolkit or is received as a
response to a request. The Toolkit can also create and save a multipart message using pre-existing
files, which may be WSP-encoded or simply text.
Note, however, that when saving a multipart file in WSP-encoded format (that is, with an envelope
content type of "application/vnd.wap.multipart.mixed," "application/vnd.wap.multipart.alternative,"
or "application/vnd.wap.multipart.related"), the individual parts must already be encoded. The
Toolkit will encode only the envelope and body part headers, not the body part content.
When a WAP browser (such as the Toolkit) receives a multipart message, it processes the message
according to the rules described in Table 1.
The MIME specifications (RFCs 2045 and 2046) define the multipart format and the three multipart
types supported by the Toolkit. The WAP specifications define a compact encoding of multipart files,
and the Toolkit enables you to create either MIME (unencoded) or WSP-encoded multipart content.
However, note that the nesting of multipart parts within other multipart parts is not supported.
The Toolkit handles three multipart content subtypes and behaves in conformance to the WAE
specifications as follows:
70
WAP June 2000 Overview Push Message Framework
the part when it is stored in cache, the Toolkit uses the Content-
Location header if present; otherwise, it uses the X-Wap-
Content-URI header.
71
Push Message Framework WAP June 2000 Overview
Conceptually, we can envision this stock service as consisting of three major components (presented
in the order in which a developer is likely to develop them):
First, there is a Stock Generation program, which is activated when the customer chooses to be
updated with his or her latest stock quotes. This program reads the customer database to get the
list of stocks, then gets the current stock prices from another database or feed, constructs a WML-
formatted message containing the quotes, and transmits it to the customer phone via the WAP
gateway. This is a traditional "Pull" application.
Next, there is a Push Initiator Program that reads the customer database and, based on the
recorded preferences found, periodically generates a notification message and transmits (pushes) it
via a WAP Gateway to the customer phone. This message notifies the user that a stock quote page
is ready and, if the user accepts, will ask the phone’s browser to pull the page from our web server
via the WAP Gateway.
Finally, there is a Customer Registration program for subscribing to the service. For this, we will
design an HTML registration page and an accompanying registration servlet to process the
customer’s choices of stocks and update frequency. It will store these preferences in a standard
database.
The following figure depicts the overall architecture of the StockTrade push application. The
following sections of this chapter present a description of the program components with
accompanying program code.
Push Proxy Gateway Web Server
Cstomer Registration
HTML Form
Radio tower
Customer Quote
Registration Stock Generation
Web Server CGI Program
Push Initiator Program
Program
Current
Customer
Stock
Data
Quotes
72
WAP June 2000 Overview Push Message Framework
73
Push Message Framework WAP June 2000 Overview
import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
74
WAP June 2000 Overview Push Message Framework
/*
* These are stub classes which would provide stock database info
* and track customer info.
*/
class Customer {
private String id;
public Customer(String id) {
this.id = id;
}
public Vector getStocks() {
Vector v = new Vector(1);
v.add("FooCo");
return v;
}
}
class CustomerDatabase {
public static Customer get (String id) {
return new Customer(id);
}
}
class StockInfoDB {
public static String getPrice( String name ) {
return "Stock price of " + name;
}
}
We will need to configure the StockTrade web server to map URL requests to
http://www.stocktrade.com/getQuote to the StockServlet class. Refer to the
administration documentation for your particular web server to learn how to do this.
If you are running the Nokia WAP Server, you may also choose to configure the WAP server to map
the above URL to the StockServlet class directly, thus intercepting the URL and handling it without
involving a separate web server. Refer to the Nokia WAP Server Administration Guide for
information on how to configure servlets in the Nokia WAP Server.
75
Push Message Framework WAP June 2000 Overview
<?xml version="1.0"?>
<!DOCTYPE si PUBLIC "-//WAPFORUM//DTD SI 1.0//EN"
"http://www.wapforum.org/DTD/si.dtd">
<si>
<indication
href= "http://stockquote.com/welcome.wml"
si-id= "cust-msg-num52"
created= "2000-03-31T15.28.19Z"
si-expires= "2000-03-31T23.59.59Z"
action= "signal-medium"
View stock quotes now?
</indication>
<info>
<item class=MoreInfo>
Your last update was Tuesday at 3 PM.
</item>
</info>
</si>
The Push Initiator program reads the customer database to determine which customers have
requested the stock quote update service and how frequently each has requested the updates to be;
it then formats and transmits a Push message for each customer that needs to be updated.
The message is formatted as a PAP (Push Access Protocol) message containing a Service Indication
message in its content portion. The Service Indication content has the href attribute of its
indication element set to the above URL, with the customer id appended as the query string,
and its display message set to be the string "View stock quotes now?".
The java source to the Push Initiator stand-alone applet is shown below. It includes a helper class
that describes the Push Access Protocol message (PapMessage).
/**
* This class is the Push Initiator applet for the
* stock update application.
*
76
WAP June 2000 Overview Push Message Framework
import java.util.*;
/**
* @param PushGatewayAddress[:port]
*/
public static void main(String[] args) {
//
// Check for argument list
//
if (args.length < 1) {
System.out.println("Usage: PushInitiator
gateway_address");
return;
}
String gatewayAddress = args[1];
conn = new Connection( gatewayAddress );
if (conn == null) {
System.out.println( "Can't contact Gateway " +
gatewayAddress);
return;
}
//
// Open customer database and retrieve customer list
//
Vector custList = CustomerDatabase.getList();
//
// Cycle through customers and send push messages to
// each one based on their update schedule.
//
for (int i =0;i < custList.size(); i++ ) {
Customer cust = (Customer)custList.elementAt( i );
if (cust.isTimeToUpdate()) {
PapMessage pm = new PapMessage();
String id = generateUniquePushId();
pm.setId( id );
pm.setRecipient( cust.getPhoneNumber() );
pm.setHref( SITE_URL + "?" + cust.getId() );
conn.send( pm );
cust.setUpdated();
77
Push Message Framework WAP June 2000 Overview
//
// the close writes timestamp back to
// database
//
cust.close();
}
}
conn.close(); // close Gateway Connection
}
/**
* This class represents a Push Access Protocol
* formatted Message
*/
class PapMessage {
static private final String MIME_BOUNDARY = "asdflkjqqwerpoiu";
static private final String DISPLAY_MSG = "New stock update.
See now?";
String id; // Message ID
String recipient; // Client phone number
String displayMsg; // Message displayed on phone
String href; // URL to fetch when message is activated
Date creationDate; // When we created message
PapMessage() {
this.creationDate = new Date();
this.displayMsg = DISPLAY_MSG;
this.id = null;
this.recipient = null;
}
void setId(String id)
{ this.id = id; }
void setRecipient( String recipient )
{ this.recipient = recipient; }
public void setDisplayMessage( String message )
{ this.displayMsg = message; }
void setHref( String href )
{ this.href = href; }
/**
* Returns XML version of this message
*/
public String toString() {
StringBuffer sb = new StringBuffer();
//
// First, the Content Type
//
sb.append("Content-Type: multipart/related; boundary="
+ MIME_BOUNDARY + "type=\"application/xml\"\n\n");
//
78
WAP June 2000 Overview Push Message Framework
/*
* Stub classes
*/
class Connection {
private String host;
public Connection(String host) {
this.host = host;
}
public void send(PapMessage pm) {
System.out.println("Sending PAP message");
}
public void close() {}
}
class Customer {
private String name;
public Customer(String name) {
this.name = name;
}
79
Push Message Framework WAP June 2000 Overview
80
WAP June 2000 Overview Push Message Framework
$(newid)&stocklist=$(stocklist)&freq=$(freq)">
<p>
<b>(1) Enter your phone number:</b> <input type=text
size=13 name="newid" value="phone number" >
<p>
<b>(2) Choose one or more of the following stock symbols:
<p>
<input type=checkbox name=stocklist value=ibm>IBM
<input type=checkbox name=stocklist value=nok>MSFT
<input type=checkbox name=stocklist value=cpq>CPQ
<input type=checkbox name=stocklist value=sun>NOK
<input type=checkbox name=stocklist value=msft>SUN
<p>
<b>(3) Choose how often you'd like to receive stock
updates:
<p>
<input type=radio name=freq value=hourly>Every Hour
<input type=radio name=freq value=twice>Twice A Day
<input type=radio name=freq value=daily>Once A Day
<p>
<input type=submit>
</form>
</HTML>
81
Push Message Framework WAP June 2000 Overview
res.setContentType("text/html");
//
// Get info from request
//
PrintWriter out = res.getWriter();
String newId = req.getParameter("newid");
if (newId == null) {
out.println("<HTML><HEAD>You must enter ");
out.println("your phone number!</HTML>");
out.close();
return;
}
//
// Allocate a new customer record or fetch
// existing one.
//
Customer cust = CustomerDatabase.newRecord( newId );
//
// Get the list of stock names from the argument list
// and parse them, adding to customer list.
//
String stockNames = req.getParameter("stocklist");
StringTokenizer tok = new StringToken( stockNames, ",");
while ( tok.hasMoreElements() ) {
cust.addStock( tok.nextElement();
}
// Commit customer record to the database.
cust.close();
}
}
82
WAP Security
The WAP Forum has developed the following specifications to describe the security provisions
adopted for use in the wireless mobile device market. These are available at the WAP Forum's
download site.
Wireless Transport Layer Security Specification (WTLS). This document defines WTLS, which is a
security layer protocol operating above the transport layer protocol (WDP) and below the session
layer protocol (WSP). WTLS specifies an interface for establishing a secure connection between
client (mobile device) and server (WAP Gateway).
WMLScript Crypto Library Specification. This document defines the cryptographic functions and
the signed formats that a WAP Client is required to use in order to communicate with a secure
server (via WTLS).
Wireless Identity Module Specification (WIM). This document defines the functions that must be
supported by a tamper-resistant hardware device (such as a Smart Card or a Subscriber Identity
Module (SIM) of the type used in phones). These functions include, in particular, the storing of
private keys and certificates, as well as functions supporting their use in signing data that is to be
securely transmitted.
Public Key Infrastructure Definition (WPKI). This document describes the infrastructure and
procedures that are required to establish the trust relationships that make possible authentication
between servers and clients.
Additionally, there is an ongoing effort to define an appropriate user interaction model for E-
Commerce transactions. One group involved in this effort is the MeT CUE Task Force, which has
created a specification titled MeT Consistent User Experience. This document defines the concept
of a Personal Trusted Device (PTD) and then proceeds to recommend guidelines for presenting
security-related displays to the user who is also the owner of the PTD. (Version 1.0 of this
specification may be accessed at the URLhttp://www.mobiletransaction.org/documents.html.)
83
WAP Security WAP June 2000 Overview
functions that are required in a WIM device, so you can develop and test secure applications using
Nokia SoftID as your device and have them perform exactly as they would if you were using a
hardware WIM device.
See Nokia Mobile Internet Toolkit online help for further information on the use of both WIM
hardware and Nokia SoftID.
Then, the following line in the CryptoScript.java module contains the call to the signText
function:
out.println("signed = Crypto.signText('Large pizza: $10.50, Soda:
$2.50',5,0,'');");
The signed result is then returned to the SignDeck.java module in the signed variable.
SignDeck.java Module
/*
84
WAP June 2000 Overview WAP Security
* @(#)SignDeck.java
*
*/
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
/**
SignDeck builds the WML content required for invoking the WMLScript
Crypto.signText() function. It also receives the signed content and
verifies.
*/
/**
* Handle HTTP GET
*/
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
PrintWriter out = response.getWriter();
response.setContentType("text/vnd.wap.wml");
out.println("<wml><card id='order'
title='Confirm Order'>");
out.println("<p>");
out.println("You have ordered" + "<br/>");
out.println("Large pizza : $$10.50" +
"<br/>");
out.println("Soda: $$2.50" + "<br/>");
out.println("<do type='options'
label='Confirm'>");
out.println("<go href='#Sign' />");
out.println("</do>");
out.println("</p>");
out.println("</card>");
out.println("<card id='Sign'
title='Authenticate order'>");
out.println("<p>");
out.println("Please sign the order" +
"<br/>");
out.println("Large pizza : $$10.50" +
"<br/>");
out.println("Soda: $$2.50" + "<br/>");
out.println("<do type='options'
label='Sign'>");
out.println("<go href='CryptoScript#sign()' />");
85
WAP Security WAP June 2000 Overview
out.println("</do>");
out.println("<do type='options' name='a'
label='Submit'>");
out.println("<go href='example'
method='post'>");
out.println("<postfield name='signed'
value='$(signed)'/>");
out.println("</go>");
out.println("</do>");
out.println("</p>");
out.println("</card>");
out.println("</wml>");
}
/**
* Handle HTTP POST
*/
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
PrintWriter out = response.getWriter();
response.setContentType("text/vnd.wap.wml");
// flag to indicate signature validation
boolean success = false;
// Verify Signature
// Call appropriate sign verification engine
// & update "success"
// success = verifySign(signed);
success = true;
out.println("<wml><card id='sign'
title='Sign-Result'>");
out.println("<p>");
if(success) {
out.println("Thank you for the order" +
"<br/>");
}
else {
86
WAP June 2000 Overview WAP Security
CryptoScript.java Module
/*
* @(#)CryptoScript.java
*/
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
/**
CryptoScript builds the content for the WMLScript
Crypto.signText()function. WMLScript will update the browser variable
with signed content.
*/
/**
* Handle HTTP GET
*/
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
PrintWriter out = response.getWriter();
response.setContentType("text/vnd.wap.wmlscript");
out.println("WMLBrowser.setVar('signed',signed);");
out.println("WMLBrowser.refresh();}");
}
/**
* Handle HTTP POST
*/
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
doGet(request, response);
87
WAP Security WAP June 2000 Overview
}
}
WML Display
This section presents the series of screen images that the purchaser of pizza over the Internet sees
on the WAP device based on the application code presented above. The screens are presented in
order and are accompanied by explanatory text.
1 2 3
<card id='order' ...> <card id='sign' ...> <card id='sign' ...>
<do type='options'...>
<go href='Cryptoscript'/>
Screens 1 and 2 are generated by the execution of the SignDeck.java module; this module attempts
to simulate what an E-Commerce Transaction Server might generate. The security icon at the top
right of the display in screens 1 and 2 indicate that the originating requester of the user action is a
secure server.
When the user chooses the "Sign" option in screen 3, execution is passed to the CryptoScript.java
module. This module in turn passes the text to be signed to the WMLScript Cryptographic Library
function Crypto.signText().
4 5 6
Crypto.signText() Crypto.signText() Crypto.signText()
function function function
Screens 4 through 6 are generated by the Crypto.signText() function itself. The function
first prompts in screen 4 "Do you want to digitally sign the following text?", appending the
parameters passed to it at the end of the prompt.
When the user chooses OK (in screen 4), the function presents (in screen 5) to the user a list of
available certificates from which the user must choose one, which will be used in the signing. The
signing of text requires a non repudiation certificate, and the signText function locates this
88
WAP June 2000 Overview WAP Security
certificate in the WIM and presents it to the user. (Note that, in this example, which uses the Nokia
SoftID WIM, there is only one non repudiation certificate.)
After the user selects a certificate, the function prompts in screen 6 for a password. This password
enables the user to access the non repudiation certificate which is to be used in the signing of the
text. Note the lock icon in the upper right corner; this indicates that the request for this PIN
security information originates locally, that is, from the Personal Trusted Device (PTD).
Once the user has entered the password correctly, the function proceeds to digitally sign the text
passed to it and to return the signed content in the WML variable signed.
7 8
<card id='sign' ...> <card id='sign' ...>
<do type='options'...>
label='Complete'
When the CryptoScript.java module returns the digitally signed text to the SignDeck.java module,
the user is presented with screen 7. This time the user chooses Submit, which results in the
transmission of the digitally signed text back to the server. Screen 8 displays a server-generated
WML message indicating that the server has received the digitally signed text and has successfully
verified the digital signature. This completes the transaction.
89
Appendix A: June 2000 WAP
Conformance
The WAP Forum has published numerous specifications that describe the overall architecture and
detailed protocols that together define the Wireless Application Protocol framework.
The majority of these specifications (generally all except overview and architecture documents)
define features and functions and characterize these as mandatory or optional. A conforming
application must implement all mandatory functions and can implement optional ones.
Therefore, any WAP application, such as the Toolkit, can be measured as to its conformance by
comparing features implemented and those not implemented relative to the specifications. Though
most Toolkit users will not find it necessary to use the conformance tables supplied in this
Appendix, Nokia supplies it for those who may need to check various aspects of Toolkit
conformance to the specifications.
This appendix is divided into three sections. The first lists the names of those WAP specifications
that are fully supported by the Toolkit. Full support means that the Toolkit implements all ”required”
functions.
The second section lists those WAP specifications that are not supported at all. Nonsupport means
that the Toolkit implements none of the functions required by the specification.
The third section lists those WAP specifications for which the Toolkit provides support but which
also require comment or clarification. In this category, because there are so many specifications and
because most of these have lengthy lists of features, it is convenient to list, for each specification,
only those functions and features that are not supported or about which Nokia has a comment to
make. Thus, any function or feature not mentioned is supported.
Note too that, in the specifications, features are categorized as either ”Client Features” or ”Server
Features.” As the Toolkit is a client application, server features are not addressed at all in this
Appendix.
Also note, WAP specifications that apply solely to server-side applications (such as the WAP Push
Access Protocol) are not included in this Appendix.
91
WAP Security WAP June 2000 Overview
SPEC-ServiceLoad-19991108 -
SPEC-WTP-19991105 -
SPEC-CacheOp-19991206 -
SPEC-WMLScriptCrypto-19991105 -
SPEC-WTLS-19991105 -
SPEC-WIM-19991105 -
SPEC-PushOTA-19991108
The Toolkit supports all client functions specified with the following qualifications:
92
WAP June 2000 Overview WAP Security
SPEC-ServiceInd-19991108
The Toolkit supports all functions specified with the following qualifications:
SPEC-PushMessage-19990816
The Toolkit displays but ignores all Push WAP headers in push messages except for the X-Wap-
Content-URI header, which is used in caching as described in the specification.
SPEC-WDP-19991105
The Toolkit supports only UDP (IPv4), not GSM or CDMA bearers. Both source and destination
addressing are supported in UDP.
SPEC-WCMP-19990804
The client stack reports WCMP error messages as exceptions, and the Toolkit handles these
exceptions as any other network exceptions.
The Toolkit does not provide an interface to the WCMP Echo Request.
SPEC-WTAI-19991108
n The Nokia 7110 phone simulation supports none of this specification. WTAI calls are rejected as
either an attempt to open a malformed URL or as an attempt to open unknown content.
93
WAP Security WAP June 2000 Overview
n The Toolkit default phone simulation supports this specification with the following
qualifications:
— Of the three WTAI libraries (Network Common, Network Specific, and Public), only the Public
library is supported. The Public WTAI library consists of calls to WTAPublic.makeCall,
WTAPublic.sendDTMFTones, andWTAPublic.addPBEntry, and scripts containing these calls will
be properly encoded. Scripts containing calls to the other two libraries (Network Common and
Network Specific) will fail on compilation.
— The WTAI specification states that calls to the WTAI libraries can be made as function calls in
scripts or as URIs in decks. Because the Toolkit does not recognize the “wtai://” URI scheme, no
WTAI calls can be made from the URL component in the main window; however, such calls
made as function calls in WMLScript are recognized. In scripts, these function calls will always
return the proper standard error code for “Service not available or nonexisting function," that is,
the integer –3.
SPEC-WBXML-19991104
The Toolkit provides encoder and decoder support for all content types listed in Section 7.2 except
for the following: WML 1.0 (obsolete), WTA 1.0 (deprecated), and CHANNEL 1.1.
SPEC-WML-19991104
The Toolkit supports all mandatory functions for WML 1.1 through 1.3.
The following features are ignored: (1) the fieldset and meta elements, (2) the xml:lang
attribute in all elements, (3) the ordered attribute of the card element, (4) the tabindex
attribute, though tabbing can be done using the <space> and <shift-space> keystrokes in the
natural order of control elements within a card, and (5) the soft-hyphen character entity (­).
The supported targets for the reference processing model are limited to WML and WMLScript in
either text or binary formats.
The Toolkit's binary encoder enforces WML whitespace rules as do other conforming WML encoders;
in addition, the Toolkit encoder (1) throws out any leading <br> elements and (2) collapses
contiguous <br> elements into one <br> element. WML decks encoded by the Toolkit encoder are
valid, as the Toolkit encoder adheres to all WML validation rules.
SPEC-WAESpec-19991104
The Toolkit supports all mandatory features for the WAE User Agent as described in both WAP 1.1
and 1.2 except for the following:
Section Comments
5.1.8.5 Image types supported are WBMP, GIF, JPEG, and PNG.
94
WAP June 2000 Overview WAP Security
8 The Toolkit does not support the "suspend/resume" service; however, it sends
cachable headers to the WAP Gateway in the "connect service primitive." The
Toolkit always sends all cachable headers to the WAP Gateway and does not
keep track of headers already sent during Gateway session negotiation..
SPEC-WTA-19991108 -
SPEC-WTAIGSM-19991108 -
SPEC-WTAIIS136-19991108 -
SPEC-WTAIPDC-19991108 -
SPEC-WAPOver GSMUSSD-19990715 -
SPEC-WDPWCMPAdapt-19991105 -
95
Glossary
API
Application Programming Interface.
Attribute
A syntactical component of an element that is typically used to specify a characteristic quality
of an element, other than type or content.
Author
An author is a person or program that writes or generates WML, WMLScript or other content.
Bandwidth
Bandwidth is the capacity that a telecommunications medium has for carrying data. For analog
or voice communication, bandwidth is measured in the difference between the upper and lower
transmission frequencies expressed in cycles per second, or hertz (Hz). For digital
communication, bandwidth and transmission speed are usually treated as synonyms and
measured in bits per second. The actual speed or transmission time of any message or file from
origin to destination depends on a number of factors. Most Internet transmissions travel at very
high speed on fiber optic lines most of the way. Switching en route, lower bandwidths on local
loops at both ends, and server processing time add to the overall transmission time.
Bearer
97
Glossary WAP June 2000 Overview
A service that enables over the air transmission of digital data. Bearers support different
protocol-based data formats such as SMS (Short Message Service), CSD (Circuit Switched Data),
and so on.
Bearer Adapter
A software module (an implementation of WDP) that enables the WPS (Wireless Protocol Stack)
to work with a particular bearer.
Byte
A sequence of consecutive bits treated as a unit. On almost all modern computers, a byte is
comprised of 8 bits, though other numbers were formerly encountered. To avoid ambiguity, the
term octet is used in the language of international standards to refer to an 8-bit unit.
Large amounts of memory are indicated in terms of kilobytes (1,024 bytes), megabytes
(1,048,576 bytes), and gigabytes (approximately 1 billion bytes). A disk that can hold 1.44
megabytes, for example, is capable of storing approximately 1.4 million ASCII characters, or
about 3,000 pages of information.
Bytecode
Content encoding where the content is typically a set of low-level opcodes (ie, instructions) and
operands for a targeted hardware (or virtual) machine
Card
A single WML navigational and user interface unit. A card may contain information to present
to the user or instructions for gathering user input, for example.
Client
A device or application that initiates a request for connection with a server.
Concatenation
Appending one string to another to make a new string. For example, the string “foo”
concatenated with the string “bar” gives the string “foobar”.
Content Dispatcher
The Content Dispatcher is a general purpose module designed to dispatch messages to the
destination content handlers (WML, WMLScript, Multipart, SI, and SL handlers). Upon startup,
the Content Dispatcher registers with the Application Dispatcher for all messages whose
content type is supported by the WAE.
Content Encoding
When used as a verb, content encoding indicates the act of converting a data object from one
format to another. Typically the resulting format requires less physical space than the original,
98
WAP June 2000 Overview Glossary
is easier to process or store, and is encrypted. When used as a noun, content encoding specifies
a particular format or encoding standard or process.
Content Generator
A service that generates or formats content. Typically content generators reside on origin
servers.
CSD
Circuit Switched Data.
Deck
A collection of one or more WML cards contained in a file of type wml. A WML deck is also an
XML document.
Device
A network entity that is capable of sending and receiving packets of information and which has
a unique device address. A device can act as both a client or a server within a given context or
across multiple contexts. For example, a device can service a number of clients (as a server)
while being a client to another server
— The contents of all elements, that is, the names of the other generic identifiers that are allowed
to appear inside them.
— The attributes and their default values.
ECMA
European Computer Manufacturer's Association. See http://www.ecma.ch/ for more
information.
ECMAScript
A script language developed by the ECMA and defined in the ECMA-262 specification.
ECMAScript is based on JavaScript. See http://www.ecma.ch/ for more information.
99
Glossary WAP June 2000 Overview
Element
An entity in XML that describes the structure and content of information. Elements may
contain a start tag, content , an end tag, as well as one or more attributes.
GUI
Graphical User Interface
IPC
Interprocess Communication.
JavaScript™
A de facto standard language that can be used to add dynamic behaviour to HTML documents.
MIME
Multipurpose Internet Mail Extension.
MMS
Multimedia Messaging Service. The capability within a WAP Client to receive and process
multimedia message types such as those providing for sound and video.
MTM
Message Type Module. A plug-in module containing a set of components that support a specific
messaging protocol. Used within the extensible, multi-protocol messaging framework
introduced in EPOC Release 5, the MTM handles all interaction with lower level communication
protocols such as TCP/IP.
Origin Server
The server on which a given resource resides or is to be created, often referred to as a web
server or an HTTP server.
100
WAP June 2000 Overview Glossary
A protocol for specifying control information and content that is to be pushed to a client via a
Push Proxy Gateway (PPG).
Push Framework
A term describing the entire WAP push system and encompassing the protocols, service
interfaces, and software entities used to push content to a WAP client.
Push Initiator
The origin server that submits content to the Push Framework for delivery to a user agent on a
WAP client.
Push Session
A WSP session that is capable of conducting Push operations.
Reference Implementation
Implementation of the Nokia WAP Client on a specific platform; Nokia provides a Windows NT
reference implementation.
Rendering
Formatting and presenting information to the display of a mobile device.
Resource
A network data object or service that can be identified by a URL.
Server
A device (or application) that passively waits for connection requests from one or more clients.
A server may accept or reject a connection request from a client.
101
Glossary WAP June 2000 Overview
A protocol defined within the GSM standard that enables point-to-point transmission of short
messages. A short message is 140 bytes (or 160 characters) in length and uses a special 7-bit
character set; also, by means of concatenating messages, it can be used to transmit up to 31
KB of binary text or data.
Tag
A tag is a generic term for a language element descriptor. WML consists of content surrounded
by formatting tags. Each tag is enclosed in a pair of angle brackets: < and >. Tags are generally
used in pairs, one to start the element and one to end it.
Terminal
A device providing the user with user agent capabilities, including the ability to request and
receive information. Also called a mobile terminal or mobile station.
Transcode
The act of converting from one character set to another, for example, conversion from UCS-2 to
UTF-8.
Unicode
An encoding scheme for written characters and text. Unlike ASCII, which uses 7 bits for each
character, Unicode uses 16 bits, which means that it can represent more than 65,000 unique
characters, a huge increase over ASCII’s code capacity of 128 characters. Unicode was authored
and is maintained by the Unicode Consortium, a group comprised of major corporations and
institutions involved in international computing. The character repertory and the codes
assigned in Unicode are identical to those specified by ISO 10646, the international Universal
Character Set (UCS) standard.
The Unicode Standard, Version 2.0 defines codes for characters used in every major language
written today. In all, the Unicode standard currently defines codes for nearly 39,000 characters
from the world’s alphabetic, ideographic and syllabic scripts and symbol collections. The
Unicode repertory was derived from many pre-existing character set standards to which
previously unstandardized characters have been added. In particular, the first 256 code values
are identical to those of ISO 8859-1 extended to 16 bits. Unicode values are displayed as four
hex digits preceded by U+. For example, U+0041 is Latin upper case A.
102
WAP June 2000 Overview Glossary
— The domain name, or the exclusive name, that identifies a web site.
User
A user is a person who interacts with a user agent to view, hear, or otherwise use a resource.
VCAL
vCalendar, a WAP content type representing an Electronic Calendaring and Scheduling Format.
VCARD
vCard, a WAP content type representing an Electronic Business Card.
VM
Virtual Machine, or bytecode interpreter.
103
Glossary WAP June 2000 Overview
Web server
The server on which a given resource resides or is to be created. Often referred to as an origin
server or an HTTP server.
WMLScript
A scripting language used to program a mobile device. WMLScript is an extended subset of the
JavaScript scripting language.
WPS
Wireless Protocol Stack (includes session management and all the layers: WPS, WTP, WTLS and
WDP)
104
WAP June 2000 Overview Glossary
WTA specifies a framework for supporting wireless telephony applications: these are
applications which interface between an in-device WTA user agent and the network telephony
infrastructure.
105