Presentation is loading. Please wait.

Presentation is loading. Please wait.

March 23, 2004 Joseph Conron Internet Commerce Corp

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "March 23, 2004 Joseph Conron Internet Commerce Corp"— Presentation transcript:

1 March 23, 2004 Joseph Conron Internet Commerce Corp
EDI over the Internet March 23, 2004 Joseph Conron Internet Commerce Corp

2 AGENDA Definition of EDI EDI Networks Internet and EDI (EDIINT)
EDI Standards EDI Transactions EDI Networks What they do How they work Internet and EDI (EDIINT) EDI, the Internet, and RFCs AS2 – an application of Internet Standards Impact – how the Internet transformed EDI services. Final Thoughts and Questions

3 What is EDI? Elelctronic Data Interchange
EDI Document Elelctronic Data Interchange Computer-to-computer exchange of business documents. Documents use standardized format. Documents are called transaction sets. EDI transaction set is roughly equivalent to a paper business form purchase order Invoice shipping notice Organizations that exchange EDI transaction sets are called trading partners.

4 The Goal is to move From This:
Why EDI? The Goal is to move From This: US Postal Service To This: EDI NETWORK

5 What is an EDI Standard? ANSI X12 VICS TDCC UCC TradaComs UN/Edifact
Standards take the guesswork out of understanding the content of a business document Structure, content, and syntax of EDI transactions are established by the governing standards committee *American National Standards Institute ANSI X12 *UN Edifact - EDI for the Facilitation of Administration, Commerce, and Transport

6 Why Standards? Hardware Differences Diverse Business Systems
Different Operating Systems Programming Languages File Structures Different Character Sets Example: /08/2004 Possible Interpretations August 7, 2004 in Germany July 8, 2004 in the U.S. Standards Ensure a Commonly Understood Meaning When Computers Exchange Data

7 Standards Language Interchange - Envelope Transaction - Document
Functional Groups - Similar Documents Segment - Line Data Elements - Word Identifier Code Delimiters Punctuation Syntax - Format PO 850 INV 810

8 EDI Standards Purchase Order
X12 Data String ISA*00* *00* *01*VAN *12*VAN2 *981015*1226*U*00303* *0*P*>…GS*PO*VAN1*VAN2*981015*1226*179*X*003030…ST*850* …BEG*00*NE*739168**981011…DTM*017*981101…N1*ST*VAN1*92*006…PO1*1*6*EA*3.71**SK*332531*ZZ*BLUE WIDGETS …PO1*2*6*EA*2.2**SK*332560*ZZ*RED IDGETS …PO1*3*6*EA*1.25**SK*332586*ZZ*YELLOW WIDGETS …PO1*4*6*EA*.5**SK*333637*ZZ*GREEN WIDGETS1049…PO1*5*6*EA*5.39**SK*333640*ZZ*PURPLE WIDGETS …PO1*6*12*EA*.36**SK*333653*ZZ*BLACK WIDGETS …PO1*7*6*EA*.99**SK*333695*ZZ*WHITE WIDGETS …PO1*8*6*EA*3.15**SK*333718*ZZ*BEIGE WIDGETS …PO1*9*6*EA*2.8**SK*333721*ZZ*ORANGE WIDGETS 51043…PO1*10*6*EA*2.98**SK*333734*ZZ*GRAY WIDGETS 51044…PO1*11*24*EA*.79**SK*333776*ZZ*VIOLET WIDGETS EZ21406…PO1*12*6*EA*1.12**SK*333802*ZZ*MAROON WIDGETS51051…PO1*13*10*EA*.99**SK*333815*ZZ*AQUA WIDGETS51053…CTT*13…SE*19* …ST*850* …BEG*00*NE*739169**981011…DTM*017*981101…N1*ST*VAN1*92*028…PO1*1*24*EA*.62**SK*332667*ZZ*BROWN WIDGETS20501…PO1*2*10*EA*5.8**SK*333624*ZZ*BLUE WIDGETS 13945…PO1*3*6*EA*5.39**SK*333640*ZZ*PURPLE WIDGETS 51041…CTT*3…SE*9* …ST*850* …BEG*00*NE*739170**981011…DTM*017*981101…N1*ST*VAN1*92*031…PO1*1*6*EA*2.2**SK*332560*ZZ*RED WIDGETS …PO1*2*6*EA*1.25**SK*332586*ZZ*YELLOW WIDGETS …PO1*3*10*EA*4.24**SK*332612*ZZ*BROWN WIDGETS …PO1*4*24*EA*.77**SK*332748*ZZ*RED WIDGETS-22201…PO1*5*6*EA*.36**SK*333653*ZZ*BLACK WIDGETS …PO1*6*6*EA*3.15**SK*333718*ZZ*BEIGE WIDGETS …PO1*7*10*EA*.99**SK*333815*ZZ*AQUA WITS 51053…CTT*7…SE*13* …ST*850* …BEG*00*NE*739171**981011…DTM*017*981101…N1*ST*VAN1*92*037…PO1*1*24*EA*1.01**SK*333569*ZZ*VIOLET WIDGETS 21202…PO1*2*10*EA*5.99**SK*333611*ZZ*BROWN WIDGETS-12955…PO1*3*6*EA*.5**SK*333637*ZZ*GREEN WIDGETS …PO1*4*6*EA*5.39**SK*333640*ZZ*PURPLE WIDGETS …PO1*5*6*EA*3.15**SK*333718*ZZ*BEIGE WIDGETS …PO1*6*6*EA*2.8**SK*333721*ZZ*ORANGE WIDGETS 51043…CTT*6…SE*12* …ST*850* …BEG*00*NE*739172**981011…DTM*017*981101…N1*ST*VAN1*92*045…PO1*1*6*EA*3.71**SK*332531*ZZ*BLUE WIDGETS …PO1*2*6*EA*2.12**SK*332573*ZZ*FLO TEMP SOLDER42945…PO1*3*24*EA*.82**SK*332638*ZZ*MASSIVE WIDGETS-20801…PO1*4*24*EA*.62**SK*332667*ZZ*SMART WIDGETS-20501…PO1*5*24*EA*.75**SK*333556*ZZ*VIOLET

9

10 Documents Used Will Vary by Industry
EDI Transactions Product Data &Price Catalog - 832 Purchase Order - 850 S U P L I E R Purchase Order Acknowledgement - 855 CUSTOMER Advance Ship Notice - 856 Invoice - 810 Remittance Advice Product Activity Data - 852 Functional Acknowledgements - 997 Documents Used Will Vary by Industry

11 Before EDI Networks Initially, Quite Simple Company A Vendor A Shipper
Bank Shipper Vendor A Initially, Quite Simple

12 Before EDI Networks But It Got Ugly Real Fast! Company A Vendor A
Company B Shipper Company C Bank Company D Vendor B But It Got Ugly Real Fast!

13 Proprietary EDI Networks
Company A Vendor A Company B Shipper VAN Company C Bank Company D Vendor B Outsource the Headaches to an Intermediary

14 EDI Networks before Internet
EDI Services provided by Value Added Networks (VANs) GE Information Services Sterling Commerce IBM Before Internet, VANS used proprietary software and bisync communications links. Many of these links are still in use!

15 EDI Networks before Internet Mainframe/Fault Tolerant Hardware
Trading Partner Site Your Site EDI VAN EDI Translator EDI Translator Leased Lines SNA/Bisync X.25 (X.400) Async Dial Bisync Dial-Out Interconnect Bisync EDI VAN Competitor Trading Partner Site Large Processing, Support, and Network Infrastructure.

16 EDI Meets the Internet Until 1998, all EDI traffic was handled by VANs, and none of these used the Internet. In 1998, Internet Commerce Corp deploys the first Internet based EDI network, now called ICC.net. FTP, SMTP, HTTP, PGP are the Internet protocols used for file transfer and document management. FTP, SMTP – file transfer of EDI documents HTTP – browser applet to manage “mailboxes” PGP - security

17 EDI Meets the Internet ICC would continue to be the only EDI network using the Internet for the next two years. Major VANS like IBM, Sterling Commerce, and GE Information Systems would take two to three years to catch up. Question: why did it take a start-up to change the way EDI is transmitted? Why didn’t one of the major players do it?

18 Answers? Too expensive? Too much invested in existing infrastructure?
Perception that the Internet is not secure?

19 Resistance to the Internet
EDI world entrenched in proprietary point to point solutions (i.e., CLOSED systems). Internet viewed as insecure. To solve this problem, EDI world would need: Privacy (encrypted data) Authentication (know your partner!) Message Integrity (no message tampering) Non-repudiation (sender cannot deny sending a message, nor can receiver deny getting it) All of this had to be standardized to allow interoperability (make it easy to transact with any potential trading partner).

20 A Solution based on Existing Standards
Security provided by using RFC 2633 (S/MIME) S/MIME is based on RFC 1521, RFC 1847 Non-repudiation obtained by using RFC 2298 (MDN) Define “Secure Transmission Loop” model Formally the solution is given in RFC 3335 (S/MIME + MDN + SMTP) Solution extended by AS2 (S/MIME + MDN + HTTP|HTTPS) Note: “AS” means “Applicability Statement”

21 S/MIME For signing, Multipart/Signed
Content-Type: multipart/signed; boundary="as2BouNdary1as2"; protocol="application/pkcs7-signature"; micalg=sha1 To carry signed, encrypted objects Content-type: application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m pkcs7 uses RSA public key cryptography and X.509 certificates. Encrypt with partner’s public key Sign with your own private key Requires that partners exchange certificates.

22 Secure Transmission Loop
Sender signs and encrypts data using S/MIME. Sender transmits message, requesting MDN. Receiver decrypts data and authenticates sender. Receiver creates and signs MDN and transmits to sender. Question: How can a sender correlate an MDN with any of the unacknowledged messages?

23 Synchronous or Asynchronous MDN
Sender may ask receiver for synchronous or asynchronous MDN Synchronous MDN is returned on same HTTP session. Asynchronous MDN is returned on separate HTTP session initiated by original receiver. Most AS2 transactions use synchronous MDNs Can you think of reasons why one method is better than the other? Which one is harder to manage? Why?

24 Synchronous or Asynchronous MDN
Synchronous AS2-MDN [C] ----( connect )----> [S] [C] -----( send )------> [S] [HTTP Request [AS2-Message]] [C] <---( receive )----- [S] [HTTP Response [AS2-MDN]] Asynchronous AS2-MDN [C] <---( receive )----- [S] [HTTP Response] [C]*<---( connect )----- [S] [C] <--- ( send ) [S] [HTTP Request [AS2-MDN]] [C] ----( receive )----> [S] [HTTP Response]

25 AS2 Message Identification
AS2 defines new headers that identify the sender and the receiver: AS2-from: <as2-name> AS2-to: <as2-name> From RFC 822 we use the message-id: header to identify this message. The message-id: is returned in an MDN as original-message-id: field. Question: why do we need AS2 sender and receiver Ids? Isn’t the IP address sufficient?

26 Example AS2 Request (signed but not encrypted)
POST /invoke/wm.EDIINT/receive HTTP/1.1 Host: :80 User-Agent: AS2 Company Server Date: Wed, 31 Jul :34:50 GMT From: AS2-Version: 1.1 AS2-From: as2Name AS2-To: Subject: G1 Test Case Message-Id: Disposition-Notification-To: Disposition-Notification-Options: signed-receipt-protocol=optional,pkcs7-signature; signed-receipt-micalg=optional,sha1 These request signed, synchronous MDN

27 Example AS2 Request (continued)
Content-Type: multipart/signed; boundary="as2BouNdary1as2"; protocol="application/pkcs7-signature"; micalg=sha1 Content-Length: 2464 --as2BouNdary1as2 Content-Type: application/edi-x12 Content-Disposition: Attachment; filename=rfc1767.dat [ISA ...EDI transaction data...IEA...] Content-Type: application/pkcs7-signature [omitted binary pkcs7 signature data] --as2BouNdary1as2--

28 Synchronous MDN Example
HTTP/ OK AS2-From: AS2-To: as2Name AS2-Version: 1.1 Message-ID: Content-Type: multipart/signed; micalg=sha1;protocol="application/pkcs7-signature"; boundary="----=_Part_57_ " Connection: Close Content-Length: 1980 Note: the Message-Id is the ID for THIS MDN!

29 Synchronous MDN Example
------=_Part_56_ Content-Type: message/disposition-notification Content-Transfer-Encoding: 7bit Reporting-UA: AS2 Server Original-Recipient: rfc822; Final-Recipient: rfc822; Original-Message-ID: Received-content-MIC: 7v7F++fQaNB1sVLFtMRp+dF+eG4=, sha1 Disposition: automatic-action/MDN-sent-automatically;processed ------=_Part_56_ — {Followed by a signature multipart} This is the ID of the message that MDN acknowledges.

30 AS2 Reality In 2002, Wal-Mart decreed that it would accept ONLY AS2 transactions, and ordered all trading partners to switch to AS2. Most other major retailers would soon follow suit. Today, it appears that the retail industry has adopted AS2 as its EDI transport, but other industry segments have yet to commit to AS2. Other options in use for secure EDI are: FTP/S (FTP using TLS). S/FTP (FTP using IPSEC). VPN. Between interconnects (the VANS), EDI is sent “in the clear” using FTP!

31 Impact of Internet on EDI
The migration from proprietary EDI networks to the Internet has dramatically lowered the cost of EDI services. Before the Internet, costs were typically $.20/KC or more Today, costs are under 0.10/KC Startup costs are lower because users no longer need special telecom setup. Just need a PC and an ISP! Consequently, EDI is now accessible to many more businesses then ever.

32 Final Thoughts Standards are important - they facilitate interoperability To become “popular”, any new standard must present a low “barrier to entry” Must be easy to implement Must not require any (significant) changes to current business practices Build “new” technologies by applying existing technologies. The Internet and its related protocols are examples of this philosophy.

Download ppt "March 23, 2004 Joseph Conron Internet Commerce Corp"

Similar presentations

Våra sponsorer.

Våra sponsorer.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
(4.4) Internet Protocols Layered approach to Internet Software 1.

(4.4) Internet Protocols Layered approach to Internet Software 1.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
15 - 1 Chapter 15 The Third Component: Powerful Networks.

Chapter 15 The Third Component: Powerful Networks.
Telecommunication and Networks

Telecommunication and Networks
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Electronic Data Interchange (EDI)

Electronic Data Interchange (EDI)
Security in application integration Kari Nordström.

Security in application integration Kari Nordström.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Virtual Private Network

Virtual Private Network
QAD Pitch Report QAD EDI. Introduction to EDI … the transfer of structured data, by agreed messaging standards, from one computer system to another without.

QAD Pitch Report QAD EDI. Introduction to EDI … the transfer of structured data, by agreed messaging standards, from one computer system to another without.
Secure Data Transmission EDI-INT AS1, AS2, AS3 Kevin Grant.

Secure Data Transmission EDI-INT AS1, AS2, AS3 Kevin Grant.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Basic Technology for Electronic Commerce Fan Fan address: GUANGXI UNIVERSITY BUSINESS SCHOOL 2005.

Basic Technology for Electronic Commerce Fan Fan address: GUANGXI UNIVERSITY BUSINESS SCHOOL 2005.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Similar presentations

Ads by Google