What is WAP?

What is WAP?

WAP is another three letter acronym (TLA) and it stands for the Wireless Application Protocol. It is a initiative started by Unwired Planet, Motorola, Nokia and Ericsson to develop a standard for wireless content delivery on the next generation of mobile communicators.

What is the WAP stack of protocols?

The WAP stack is a set of protocols that covers the whole process of wireless content delivery: from the definition of WML and WMLScript for creating and layout of the actual content, the specification of security measures in the WTLS to the lowest parts of the stack dealing with the actual transport of content.

How is WAP technology similar to the Internet?

The WAP stack has many similarities to the Internet set of technologies. For instance, the Wireless Markup Language used to create WAP pages is very similar to HTML used to create WWW pages. Similarly, the WMLScript is based on JavaScript. It should be noted that both WML and WMLScript are adapted and optimised for a wireless environment (e.g. compression to save bandwidth).

The same story goes for the lower parts of the stack (e.g. WSP and WTP). They are in general similar to the Internet protocols (e.g. HTTP) but with optimisation for use in a wireless environment.

Why is WAP important for Internet Service Providers (ISPs)?

WAP will be the way people on the move will access information sources using a mobile phone device. If you are an ISP and you are aware of the mobile data forecasts, you might want to look into how WAP will change your industry and your business model. Your clients use you to access the Internet - who will they use to access the WAP services of the future?

Why is WAP important for Content Providers?

You are delivering content or, for instance, selling your products, via the Internet channel. You are also aware that the number of people using mobile access to the Internet (e.g. via GSM and their laptop or PDA) is increasing rapidly. You know that the number of mobile phone users in growing much more rapidly than the number of Internet users (there are more than 120 million GSM users today). Shouldn't these people have access to your services and products using WAP?

Why is WAP important for Internet Developers?

If you are a developer of internet sites you may soon find yourself and your colleagues developing WAP sites. Investing in getting familiar with the (im)possibilities of WAP (or more specifically WML and WMLScript) now can give you the leading edge in the future.

WML and WMLScript are not difficult to learn if you already have experience with HTML and JavaScript. Developers' tools are available as we speak (e.g. DSR's WAP Developer Toolkit).

Is WAP secure?

Yes. WAP includes a specification called WTLS which implements options for authentication and encryption. It is optimized for use in the mobile environment. SSL or Secure Sockets Layer which is widely used in the "web" world to encrypt the data stream between the browser and the webserver is actually also used in the WAP environment. However, SSL is only used between the webserver and the WAP gateway. Between the WAP gateway and the WAP device, a similar system called WTLS or Wireless Transport Layer Security is used.

Although no systems are totally secure, SSL and WTLS on their own provide adequate security for most applications. However, there is a potential security problem where the two protocols meet, and that's inside the WAP gateway.

SSL is not directly compatible with WTLS, so the WAP gateway must decrypt the SSL protected data stream coming from the webserver and then re-encrypt it using WTLS before passing the data on to the WAP device. Inside the memory of the WAP gateway, the data is unprotected.

All the major WAP players are developing solutions to this problem, but for now these solutions create other problems. Developers of so called "WAP servers", or webservers with WAP gateway capabilities provide end-to-end security in a way because the data stream leaves the content server (the "WAP server") already encrypted with WTLS.

However, the mobile operator's WAP gateway can now no longer be part of the chain, and the user has to reconfigure his WAP device to point to the "WAP server" which will become the WAP gateway for this session. But, this WAP gateway only provides access to this one service, and when the user wants to access his other favourite WAP sites, he has to reconfigure his phone again.