The World Wide Web started out as a distributed hypertext system, where documents hosted on networked computers contain references to other documents, hosted on different networked computers. These documents can be retrieved using a browser, dedicated client software for viewing hypertext documents, and following hyperlinks embedded within the text of these documents. In order to make such a distributed hypertext system work, three fundamental agreements (standards) are necessary:

  1. Resource Identifiers URIs (originally called URLs) provide universally dereferenceable identifiers for resources on the Web. 
  2. Transfer Protocol HTTP (Hypertext Transfer Protocol) is a universally supported transfer protocol that, in its bare essence, provides a simple mechanism to retrieve a resource across the network, and to submit form data from a browser to a Web server. HTTP is a request/response-based client-server protocol: The browser will send a request to a server that
  3. identifies the resource
  4. identifies the media types of representations that the client is willing to consume in response (e.g., plain text or HTML; GIF or PNG)
  5. Potentially is characterized as a form submission. The server responds with a resource representation that fulfills these constraints.

Content Format HTML is a broadly implemented format for content and started as a simple and declarative markup language. The early versions already included an anchor element that permits embedding hyperlinks to resources identified by URLs within the text. Based on plain text with embedded “tags”, this markup language can be written in a simple text editor, which is, remarkably, even done today, approximately 20 years later. Notably, these three basic agreements are loosely coupled: While the URLs we use most frequently identify resources retrieved through HTTP, URLs can also be used to identify resources retrieved through other protocols, such as FTP, or even video chatting protocols like Apple’s Facetime. HTTP can be used to retrieve URI-identifiable resources in just about any format that is represented in bits and bytes, such as HTML documents, images, PDF documents, or scripts (i.e., executable program segments generally written in an interpretable scripting language such as JavaScript). Similarly, the concept of hyperlinks exists in formats beyond HTML: PDF and even Word documents might permit these. Nevertheless, the Web’s basic fabric is built on universal support for URLs, HTTP, and HTML.

The early Web was non-interactive, declarative, and stateless on the client-side. While these properties, in all their simplicity, enabled the initial goals of the World Wide Web, they were insufficient to meet the demand for the rich application platform that the Web has become today. Without a doubt, JavaScript is the single most influential technology in the evolution of the Web. Initially intended to manipulate Web pages within the browser through the DOM, or Document Object Model, JavaScript quickly proved much more powerful, making it the de facto client-side programming language of the Web. One of the driving factors behind the success of JavaScript is AJAX, a programming technique based on JavaScript and XML that enables asynchronous network operations. Using AJAX, Web pages are able to store and retrieve information in the background, integrating changes and new content into the Web page on the fly. Many modern Web applications still depend on this technique, albeit that XML has been replaced with the JavaScript Object Notation (JSON), a JavaScript-based format for representing objects. A second technological upgrade consists of the rich content types available on the Web today. Modern Web content is no longer limited to HTML and images, as modern browsers also support several audio and video formats, XML-based languages for defining images (SVG) and scientific data (MathML), and advanced styling information for HTML documents (CSS). Finally, the third essential component for a rich application platform is the clientside state within the browser. A first approach encoded parameters in every URL, a very impractical solution, which was quickly replaced by cookies, which are key-value pairs issued by the server, stored by the browser, and attached to each request.

Today, cookies are used by practically every Web application but have the disadvantage that they are attached to every request, making them unfit for storing large amounts of data. Therefore, several recently introduced APIs offer client-side storage in the form of key-value pairs, an object database, or a virtual file system. These three major changes on top of the basic hypertext system have sparked the shift from one-way information exchange to a bidirectional read/write Web, also known as Web 2.0. This new stage in the evolution of the Web combines the technological advances with social aspects of actively participating users, resulting in dynamic applications, that actively improve as their number of users increases. Well-known examples are Wikipedia, Facebook, and the many Google services we use throughout the day. The social effect even intensified when people started carrying always-on, always-connected devices everywhere they go. Smartphones enable instant and continuous access to information, further stimulating location and context-aware social services.

Further development of the browser towards an application platform has resulted in a paradigm shift, where more responsibilities are pushed towards the client. The client component is no longer simply a view on the application running in the backend but has become the application, which interacts with a light, storage-centered backend application through rich, RESTful APIs. The technologies behind this paradigm shift are lightweight server-side technologies (e.g. NodeJS, Go), client-side libraries (e.g. JQuery, Bootstrap), and client-side templating frameworks (e.g. AngularJS, Ember.js). Additionally, browsers offer numerous useful features to Web applications, such as access to client-side storage facilities, access to information about the device and its sensors, and numerous communication mechanisms. This “application” of the Web is further stimulated by the rise of mobile devices, with their restricted operating systems and vendor-controlled application stores. Not only is the majority of applications offered in today’s application stores based on Web technology, but recent standardization efforts provide the necessary APIs to build Web applications that can interact with the underlying device, making them indistinguishable from native applications.

The Web has known several evolutionary steps, which have transformed the static server-side content into dynamic server-side applications and have transformed dull page-viewing browsers into execution platforms running highly dynamic and powerful Web applications. We observe a similar trend in the evolution of Web security, resulting in a shift from server-side to client-side Web security.


The divine scriptures are God’s beacons to the world. Surely God offered His trust to the heavens and the earth, and the hills, but they shrank from bearing it and were afraid of it. And man undertook it.
Back to top button