Web Architecture

Question 1

How can resources be represented?

Answer 1

text (plain, html, csv), image, audio, video, application

Question 2

How can resources be identified?

Answer 2

With URIs (Uniform Resource Identifiers)

Question 3

How can resources be interacted with?

Answer 3

Using network protocols like HTML

Question 4

What does the bow-tie model represent?

Answer 4

The shape of the web
Sections such as LSCC core, IN, OUT, and disconnected components

Question 5

What is the web?

Answer 5

A distibuted information system that provides acess to resources

Question 6

What is hypertext?

Answer 6

A way to link information in a non-linear interactive way - cannot be represented conveniently on paper

Question 7

What are 2 disadvantages of hypertext?

Answer 7

Disorienting - easy to lose sense of direction
Cognitive overhead - additional effort to maintain several trails at once

Question 8

What is hypermedia?

Answer 8

Non-textual media

Question 9

What are nodes, links, anchors, and endpoints?

Answer 9

Node - a point in the network e.g. a webpage
Link - a connection between nodes
Anchor - the clickable element that links pages
Endpoint - the destination of a link

<a>anchor</a>

Question 10

What are embedded links?

Answer 10

Links that are encapsulated in a node, and form part of the document content

Question 11

What are first class links?

Answer 11

Where links are separated from nodes allowing multiple link overlays/linkbases (links over same node), creating different connections without changing the node
Link bases can be tailored to reader
Has 2 endpoints

Question 12

What are bidirectional links?

Answer 12

Links that can be traversed backwards as well as forwards

Question 13

What are N-ary links?

Answer 13

Links involving more than 2 nodes, allowing relationships between multiple entities

Question 14

What are generic links?

Answer 14

Links where, by using locspecs, all occurences of a word can be linked to the same endpoint

Question 15

What are functional links?

Answer 15

Links that represent predefined relationships

Question 16

What are typed links?

Answer 16

Links that define the nature or relationship of the link, such as “friend,” “parent,” or “employee”

Question 17

What is REST?

Answer 17

Representational State Transfer
A web architecture style that uses stateless communication to manipulate resource representation

Question 18

What does REST aim to do (2)?

Answer 18

Minimises latency and network communication
Maximises independence and scalability of components

Question 19

What are the 4 components of REST?

Answer 19

Origin servers - the ultimate place you get a resource from
Gateways - for integrating legacy servers
Proxies - to filter & cache
User agents

User agent & origin server are end points that communicate using HTTP
If using gateway, origin server & gateway don’t communicate in HTTP

Question 20

What are the5 constraints of REST?

Answer 20

Client-server - separation of concerns (client: user interface, server: data storage)
Stateless - no context stored on server, session state kept on client
Caching - response data labelled as cacheable or non-cacheable
Uniform interface between components - identify what next possible actions could be
Layered - system components have no knowledge of components they don’t directly interact with

Question 21

What are the 3 advantages of client-server constraint?

Answer 21

• Improves portability
• Improves scalability (as server simplified)
• Allows components to evolve separately

Question 22

What are the 3 advantages and 1 disadvantage of stateless constraint?

Answer 22

Advantages:
* Improves visibililty (of requests)
* Improves reliability
* Improves scalability

Disadvantage:
* Increases per-action overhead

Question 23

What are the 2 advantages and 1 disadvantage of caching constraint?

Answer 23

Advantages:
* Eliminates some actions
* Reduces latency

Disadvantage:
* Reduces reliability

Question 24

What are the 2 advantages and 1 disadvantage of uniform interface constraint?

Answer 24

Advantages:
* Improves visibility (of interactions)
* Implementations decoupled from services they provide

Disadvantage:
* Reduces efficiency

Question 25

What are the 2 advantages and 1 disadvantage of layered constraint?

Answer 25

Advantages:
* Limits system complexity
* Improves scalability

Disadvantage:
* Adds latency & overhead

Question 26

What are the 3 principles of identification?

Answer 26

Global - addresses should be unambiguous & human readable
Distinct identifiers - using same URI for different resources creates a URI collision
Avoid aliases - don’t use different URIs for same resource

Question 27

How should documents be named?

Answer 27

Use logical names rather than physical addresses to avoid issues when documents are moves

Question 28

URL vs URN

Answer 28

URL specifies location of resource on internet
URN uniquely identifies resource by name - not that good approach as can just use HTTP

Question 29

What are IRIs (Internationalised Resource Identifiers)?

Answer 29

An extension to URIs, allowing Unicode characters

Question 30

Why shouldn’t you change URIs?

Answer 30

Breaks pages linked to old URI -> 404

Question 31

What are the 5 principles of representation?

Answer 31

Separate content, presentation & interaction
Identify links to other resources
Links should be web-wide
W3C representation principles - follow a format to future proof
Links should be navigable

Question 32

Data vs metadata

Answer 32

Data is the actual information/content
Metadata is data that describes other data e.g. file size, creation date

Question 33

What are the 5 principles of interaction?

Answer 33

Reuse representation formats
Provide representations
Safe retrieval
References doesn’t imply dereference - just because you can retrieve a representation, doesn’t mean you must
Representations should be consistent

Question 34

What is a safe method?

Answer 34

One that doesn’t change the state of the resource

Question 35

What is an impotency method?

Answer 35

One that doesn’t change the result even when applied multiple times
Only POST isn’t impotent

Question 36

What to the HTTP responses (1xx - 5xx) represent?

Answer 36

1xx - informational message
2xx - success
3xx - redirection
4xx - client error
5xx - server error

Question 37

What are the 2 styles of content negotiation?

Answer 37

Sever-driven - server makes final choice of representation
Client-driven - clinet makes final choice of representation

Question 38

What are the 3 stages of server-driven content negotiation?

Answer 38

1) Client tells server what it is able to accept in request header
2) Server chooses appropriate representation to return to client based on “quality” (provided by client)
3) Server tells clients its choice in response header

Question 39

Name three properties that can be negotiated

Answer 39

Media type
Language
Encoding

Question 40

What are the 3 stages of client-side content negotiation?

Answer 40

1) Client requests resource representation
2) Server returns HTTP redirect status (“300 multiple choices”) with list of URIs
3) Client requests a representation of one of the URIs

Question 41

What is “Client Hints”?

Answer 41

A HTTP extension that allows browsers to state their capabilities & preferences

Question 42

How can you avoid the lost update problem?

Answer 42

When carrying out unsafe methods, check if the state of the resource has change since the GET method

Question 43

What 2 ways are there for validating if resources are the same?

Answer 43

Strong validation - checks if representations are byte-for-byte identical
Weak validation - checks if representations contain “the same content”

Question 44

What are ETags? What headers can be applied to them?

Answer 44

Entity tags are identifiers for resource versions

Headers:
* If-Match: <etag>, <etag>, ...
* If-None-Match: <etag>, <etag>, ...</etag></etag></etag></etag>

Question 45

What are cookies?

Answer 45

A way for web servers to persist state across HTTP requests (even though HTTP is supposed to be stateless)

Question 46

What are “Secure” and “HttpOnly” cookies?

Answer 46

Secure - indicates that cookies should only ever be sent over HTTPS
HttpOnly - cookies should not be visible from within the Document.cookie interface

Question 47

Discuss the physical limits on data transmission (3)

Answer 47

Sending a message at c (3e8) still takes 0.067s to go halfway round the world
Optical fibres are ~70% of c, coxial cables are >80% of c
Routers, switches, etc introducers delays

Question 48

How does TCP delay HTTP?

Answer 48

HTTP runs of top of TCP
TCP establishes connections with a three-way handshake (>=0.2s)

Question 49

What 2 methods reduced TCP delay for HTTP?

Answer 49

Keep-Alive - TCP connections reused for multiple HTTP requests
Pipelining - multiple requests made without waiting for responses

Question 50

What 4 improvements were made to adhere to data transfer capacity limits?

Answer 50

Multiplex requests - when client requests HTML document with multiple images, stylesheets & scripts, send a single connection for all resources
Prioritised requests - sends important content first
Compressed headers to reduce amount of data sent
Server push - when a client requests HTML doc with image, instead of waiting for them to request image, pre-emptively push resource

Question 51

What are tunnels in the context of proxies?

Answer 51

CONNECT method establishes tunnel between client & server
With tunnel establishes, proxy server no longer inspects/modifies data; just forwards

Question 52

How is data secured in HTTPS?

Answer 52

Using the TLS (Transport Layer Security) protocol

Question 53

What are the 4 cryptography principles?

Answer 53

Confidentiality - no unathorised reading
Integrity - no unauthorised modificaiton
Authenticaiton - proof of authorisation
Non-repudiation - data author can’t deny authorship

Question 54

How do digital signatures created (3 steps)?

Answer 54

Combines asymmetric encryption & cryptographic hash

1) Generate cryptographic hash of image
2) Encrypt hash with private key
3) Attach encrypted hash to message

Question 55

How are digital signatures verified (3 steps)?

Answer 55

1) Generate cryptographic hash of image
2) Decrypt hash with public key
3) Compare hashes

If hashes match, message has not been altered and signature is valid

Question 56

What is the Certificate Authority?

Answer 56

A trusted organisation that issues digital certificates

Question 57

How does the Diffie-Hellman Key Exchange work?

Answer 57

1) Prime number p and root module g are shared publically
2) A and B pick random large integers: a and b
3) A and B calculate g^amodp=PUa and g^bmodp=PUb respectively and send results publically
4) A calculates PUb^amodp and B calculates PUa^b*modp

Question 58

Authentication vs authorisation

Answer 58

Authentication - verifying identity of user/system
Authorisation - granting access/permissions to resources

Question 59

What are the 6 steps in granting authorisation in OAuth?

Answer 59

1) Client requests authorisation from the authorisation server via the resource owner
2) Resource owner authenticates the request
3) Authorisation server sends an authorisation code to client via the resource owner
4) Client sends the authorisation code to the authorisation server
5) Authorisation server sends access token to client
6) Client accesses resource on resource server

Question 60

What is cross-site request forgery?

Answer 60

When a user (unintentionally) allows one origin to talk to a different origin
User clicks on a link/form while authenticated on a site allowing attacker to perform actions on site with user’s authentication

Question 61

How is cross-site request forgery prevented?

Answer 61

Same origin policy
Restricts web pages from making requests to different domains than the one that hosted it

Question 62

How is “same origin” determined?

Answer 62

• URIs use same protocol
• URIs have same host
• URIs have same port

Question 63

What is the default port for HTTP?

Answer 63

80

Question 64

What blocking exceptions are there to same origin policy?

Answer 64

Embedded resources (media, stylesheets, scripts, etc)

Question 65

What is CORS (cross-origin resource sharing)?

Answer 65

Secuity feature that relaxes SOP, allowing certain origins to make requests to a domain different to the one that server the web page
Servers indicate which origin may make requests and restrict headers send & received

Question 66

What criteria must simple requests satisfy for CORS?

Answer 66

Only methods: GET, HEAD, POST
Only headers: Accept:, Accept-Language:, Content-Type:, Content-Language
Content-Type: text/plain, (application/…), (multipart/…)

Question 67

What is a CORS preflight?

Answer 67

Used for more complex requests (other methods, custom headers)
A preliminary HTTP request to check if actual request is allowed by the server before sending actual request

Question 68

What is SGML (Standard Generalised Markup Language)?

Answer 68

An old markup language (old version of HTML)
A language for defining markup languages

Question 69

What is XML (eXtensible Markup Language)?

Answer 69

A general purpose markup language
A W3C-defined subset of SGML
A language for defining domain-specific markup languages

Question 70

What is DTD (Document Type Definition)?

Answer 70

A formal definition of the grammar for an XML document
Tells document processor how to parse the document

Question 71

What are the 2 expressive limitations of DTD?

Answer 71

Limited by how precisely it can constrain data & element values:
* Can’t specify the range of values that attributes can take
* Can’t define a range for the content of non-markup elements

Question 72

What 2 schema language competitors does DTD have?

Answer 72

XML Schema
RELAX NG

Question 73

Doment well-formedness vs validity

Answer 73

Well-formedness - obeys syntax rules in XML spec
Validity - well-formed and structure is based on a defined schema (e.g. DTD)