Internet information and services through wireless devices is supposed to be the 'Next Big Thing', opening up huge markets and giving consumers and business people a whole new level of convenience. And in Europe at least, the wireless Internet is practically synonymous with Wireless Application Protocol (WAP), the set of standards promoted by all the biggest wireless companies. WAP will, experts say, be the system that first delivers wireless banking, information and "m-commerce".
WAP is now available through several wireless carriers in the UK, and it hit the spotlight in a big way with last week's Internet World, where every other stall seemed to be promoting some service or other over an Internet-enabled mobile phone. But while the wave of hype is growing to tsunami proportions, WAP still has a number of nagging issues to resolve -- issues as basic as security.
Scott Goldman, chief executive of WAP Forum, the industry group set up to promote the standard, spoke to ZDNet UK about the potential and the pitfalls facing WAP as it finally becomes a reality.
He stressed that WAP, as a global standard, is the best way forward for wireless systems, despite the existence of established challengers such as i-Mode in Japan and HDML in the US (See: "WAP: A worldwide standard faces worldwide competition".) And he downplayed concerns over security, depicting WAP as a "100 foot wall with a one-inch hole". (See: "WAP industry grapples with security concerns".)
Whatever short-term hurdles WAP might face, Goldman is convinced that "WAP is going to be here for a long time... we're in all kinds of devices, we're going to be here through 3G and beyond."
ZDNet UK: What are the advantages of WAP? Why will people want to use it?
Scott Goldman: WAP is the way people can take the Internet with them when they leave their desktop. In the same way the cellular phone gives you ability to leave your desk and still do business, still stay in touch, a WAP-enabled device gives you similar type of mobility whether it's a phone or another device. And in the same way [a Palm Pilot] can't do everything a computer can do, [a WAP device] can't do everything a laptop can do.
You made the point that these devices don't do everything a Web browser does -- what sorts of things do you see ordinary consumers using this for?
The kinds of uses you're going to see today are, as an example, location-based services. That's something you absolutely cannot do from a fixed Web connection, just by its very definition -- it's fixed. But when you have a mobile device, you can use all kinds of location-based services -- real time traffic reports are already available. Two companies in Paris just announced real-time instant parking information.
Location based services would also include m-commerce. If you opt into a location based commerce, you could be walking by a pizza store or a Gap clothing store, and the store could say to your phone: "Stop by right now, show us the coupon on your phone, get a 20 percent discount."
Let's say you're like me and you travel a lot. When I go to a foreign city, I can go to my WAP browser, scroll down to entertainment, tell it that it's OK for it to check locally. Now I want restaurants, Italian, moderately priced, reservations available, 7.30pm, click, click, click, I'm done, I'm in. I'm already doing all this stuff, and I've only been using it for three or four months.
When people get these devices today, there's an issue of whether the services are user-friendly. They're kind of expensive. There are services like you're talking about -- restaurant bookings etc -- but for many consumers they might be unavailable or difficult to find. Is there a danger of a backlash?
If there is a backlash against this, the fact of the matter is that the only people it's going to hurt are the people creating the hype. WAP is going to be here for a long time. We're going to be pervasive, we're in all kinds of devices, we're going to be here through 3G and beyond. So it's not going to hurt WAP per se, what it is going to hurt is the companies hyping something that cannot live up to expectations.
Advertising aside, is WAP ready for prime time? Can consumers go on and do useful things with it today?
You can. You absolutely can. But I think what I call prime time is being task specific. This is an analogy I used earlier -- this is hunting, not gathering. You want to go out and get a piece of information, retrieve it, bring it back to you, that is what WAP is all about. You want to cruise around the Web, surf here, surf there, click links, download big files and all that stuff, that's not what WAP is all about -- that's not what it's designed for today.
On the production side of things, some people have said there are issues with getting the content out there. One study a couple of weeks ago (from WAP portal AnywhereYouGo.com) showed that a third of the sites they tested had incompatibilities and didn't work.
Yeah, I read that study. They surveyed all of 50 sites, and only 14 of them came back as incompatible, and I don't view that as being statistically valid.
But a lot of developers have said "If we want to make our site available on WAP phones, we have to encode it a different way for every different device that's going to access it."
Well, that's not true. The reason is that we have a certification process, and also if you understand the way XML works, as everyone moves toward an XML world, we'll be able to write a module in WML for that site [WML is an XML-compliant language]. There are services, software, third-party vendors that create conversion software that you can simply put on a gateway and that will convert an existing site into WML. So you don't have to rewrite the entire site.
And besides, anybody who is writing a site today, who wants that site to render on a variety of devices, whether it's a WAP phone, a WebTV box, a refrigerator-door browser, or whatever it may be, they're going to have to write it in XML. They're going to put little modules around that XML core code, so that when the device has a conversation with the Web site, the Web site says to the device: "What kind of device are you?" The device says either, "I'm a 17-inch colour screen connected to a T1 connection," or it says, "I'm a six-line device on a wireless phone." That way the site knows which module to send. That's the benefit of WAP as opposed to the detriment.
The idea is you have an automated process that takes the page and turns it into a WML page, and that works for any WAP device. Does that really work today?
Yes, it does.
Then what would be your response to the developer who was quoted saying: "I have to encode my information to WML once for a four-line display device and again for a six-line display"?
I would say to that developer that he has to follow the content-authoring guidelines that the WAP Forum has established, because if he does that, he will not have to rewrite that code multiple times. In fact we have a certification process which allows us to take some of these sites, and we can put the WML code through our testing filter, and we can test if it's WAP-compliant. If it's compliant, then they know they can use that code on multiple devices.
One of the big promises of WAP is to enable mobile e-commerce, "m-commerce". But in order to do that you have to have pretty good security, if you're going to be sending your credit card number or banking over the device. Some people say it isn't secure enough yet. How secure is WAP today? (For the facts on WAP security, see "WAP industry grapples with security concerns".)
I would say that the security of WAP is about a 100 foot long wall with a one-inch hole in it. WAP 1.3, a specification that will be released probably by the end of this summer, and that will plug that one-inch hole. We know we've got a one-inch hole in there, but in order to penetrate into that one inch hole you have to be in exactly the right place on the network, at exactly the right time that the transaction is going through, know exactly what type of tool to use, and then, maybe, you can get in there.
But we wanted it to be fully secure so in WAP 1.3 we are specifying full end-to-end security, and there will be no holes in the wall.
Apparently, though, none of the commercial WAP gateways in place today implement SSL security. What's going on there?
That's a question I don't know the answer to. If they choose not to implement SSL, that's up to them. Certainly WAP transport security layer is built for security, so it's available to them.
Analysts say to get really secure transmissions it may take a higher-bandwidth underlying network like GPRS. Is that excessive?
I don't agree with that. I think what you'll find is when you're sending data bits back and forth like that, the payload on those things is really very small. And WAP is expert at managing data in very brief time frames over the network. GPRS will be a boon to everybody, there's no doubt about that. Higher speeds, always on, all that stuff is great. But we do not think you need GPRS for m-commerce and I think the people who are using it are living proof of that. I use m-commerce on a fairly regular basis.
Still, people are already worried about buying things over the Internet -- it sounds like they might have to think twice before sending their financial information over the mobile Internet.
I'm a lot more paranoid about giving my credit card to somebody over the phone, or giving it to some waiter in a restaurant than I am with putting it on a WAP enabled device and sending it over the airwaves. First of all, on a phone like this you're sending it over a digital signal, that's naturally encrypted to begin with, and then you have full security, except for that one-inch hole that I mentioned. So I think we're way ahead of the game in terms of m-commerce.
Part 2: Goldman defends WAP's long-term viability amidst competition from the likes of Japan's hugely popular i-Mode, and the advent of high-speed wireless systems.
Take me to the Mobile Technology Special
Take me to the XML Special
Take me to the WAP Access Guide