EDI over the Internet March 23, 2004 Joseph Conron Internet Commerce Corp.
-
date post
20-Dec-2015 -
Category
Documents
-
view
217 -
download
2
Transcript of EDI over the Internet March 23, 2004 Joseph Conron Internet Commerce Corp.
EDI over the Internet
March 23, 2004
Joseph ConronInternet Commerce Corp
AGENDA
Definition of EDIEDI StandardsEDI Transactions
EDI NetworksWhat they doHow they work
Internet and EDI (EDIINT) EDI, the Internet, and RFCsAS2 – an application of Internet StandardsImpact – how the Internet transformed EDI services.
Final Thoughts and Questions
What is EDI?
EDI Document
• Computer-to-computer exchange of business documents.
• Documents use standardized format.
• Documents are called transaction sets.
• EDI transaction set is roughly equivalent to a paper business form– purchase order
– Invoice
– shipping notice
• Organizations that exchange EDI transaction sets are called trading partners.
Elelctronic Data Interchange
Why EDI?
The Goal is to move From This:
US Postal Service
EDI NETWORK
To This:
UCC
TradaComs
VICS
Standards take the guesswork out of understandingthe content of a business document
Structure, content, and syntax of EDI transactions areestablished by the governing standards committee
ANSI X12
TDCC
UN/Edifact
What is an EDI Standard?
*American National Standards Institute ANSI X12
*UN Edifact - EDI for the Facilitation of Administration, Commerce, and Transport
Why Standards?
• Hardware Differences• Diverse Business Systems• Different Operating Systems• Programming Languages• File Structures• Different Character Sets
Example: 07/08/2004
Possible Interpretations - August 7, 2004 in Germany July 8, 2004 in the U.S.
Standards Ensure a Commonly Understood Meaning When Computers Exchange Data
Standards Language• Interchange - Envelope• Transaction - Document• Functional Groups - Similar Documents• Segment - Line• Data Elements - Word• Identifier - Code• Delimiters - Punctuation• Syntax - Format
PO850
INV810
EDI StandardsEDI Standards
ISA*00* *00* *01*VAN1 *12*VAN2 *981015*1226*U*00303*000000179*0*P*>…GS*PO*VAN1*VAN2*981015*1226*179*X*003030…ST*850*000001173…BEG*00*NE*739168**981011…DTM*017*981101…N1*ST*VAN1*92*006…PO1*1*6*EA*3.71**SK*332531*ZZ*BLUE WIDGETS 55555…PO1*2*6*EA*2.2**SK*332560*ZZ*RED IDGETS 33945…PO1*3*6*EA*1.25**SK*332586*ZZ*YELLOW WIDGETS 53945…PO1*4*6*EA*.5**SK*333637*ZZ*GREEN WIDGETS1049…PO1*5*6*EA*5.39**SK*333640*ZZ*PURPLE WIDGETS 51041…PO1*6*12*EA*.36**SK*333653*ZZ*BLACK WIDGETS 51000…PO1*7*6*EA*.99**SK*333695*ZZ*WHITE WIDGETS 51042…PO1*8*6*EA*3.15**SK*333718*ZZ*BEIGE WIDGETS 53949…PO1*9*6*EA*2.8**SK*333721*ZZ*ORANGE WIDGETS 51043…PO1*10*6*EA*2.98**SK*333734*ZZ*GRAY WIDGETS 51044…PO1*11*24*EA*.79**SK*333776*ZZ*VIOLET WIDGETS EZ21406…PO1*12*6*EA*1.12**SK*333802*ZZ*MAROON WIDGETS51051…PO1*13*10*EA*.99**SK*333815*ZZ*AQUA WIDGETS51053…CTT*13…SE*19*000001173…ST*850*000001174…BEG*00*NE*739169**981011…DTM*017*981101…N1*ST*VAN1*92*028…PO1*1*24*EA*.62**SK*332667*ZZ*BROWN WIDGETS20501…PO1*2*10*EA*5.8**SK*333624*ZZ*BLUE WIDGETS 13945…PO1*3*6*EA*5.39**SK*333640*ZZ*PURPLE WIDGETS 51041…CTT*3…SE*9*000001174…ST*850*000001175…BEG*00*NE*739170**981011…DTM*017*981101…N1*ST*VAN1*92*031…PO1*1*6*EA*2.2**SK*332560*ZZ*RED WIDGETS 33945…PO1*2*6*EA*1.25**SK*332586*ZZ*YELLOW WIDGETS 53945…PO1*3*10*EA*4.24**SK*332612*ZZ*BROWN WIDGETS 23945…PO1*4*24*EA*.77**SK*332748*ZZ*RED WIDGETS-22201…PO1*5*6*EA*.36**SK*333653*ZZ*BLACK WIDGETS 51000…PO1*6*6*EA*3.15**SK*333718*ZZ*BEIGE WIDGETS 53949…PO1*7*10*EA*.99**SK*333815*ZZ*AQUA WITS 51053…CTT*7…SE*13*000001175…ST*850*000001176…BEG*00*NE*739171**981011…DTM*017*981101…N1*ST*VAN1*92*037…PO1*1*24*EA*1.01**SK*333569*ZZ*VIOLET WIDGETS 21202…PO1*2*10*EA*5.99**SK*333611*ZZ*BROWN WIDGETS-12955…PO1*3*6*EA*.5**SK*333637*ZZ*GREEN WIDGETS 51049…PO1*4*6*EA*5.39**SK*333640*ZZ*PURPLE WIDGETS 51041…PO1*5*6*EA*3.15**SK*333718*ZZ*BEIGE WIDGETS 53949…PO1*6*6*EA*2.8**SK*333721*ZZ*ORANGE WIDGETS 51043…CTT*6…SE*12*000001176…ST*850*000001177…BEG*00*NE*739172**981011…DTM*017*981101…N1*ST*VAN1*92*045…PO1*1*6*EA*3.71**SK*332531*ZZ*BLUE WIDGETS 55555…PO1*2*6*EA*2.12**SK*332573*ZZ*FLO TEMP SOLDER42945…PO1*3*24*EA*.82**SK*332638*ZZ*MASSIVE WIDGETS-20801…PO1*4*24*EA*.62**SK*332667*ZZ*SMART WIDGETS-20501…PO1*5*24*EA*.75**SK*333556*ZZ*VIOLET
Purchase Order
X12 Data String
Documents Used Will Vary by Industry
Product Data &Price Catalog - 832
EDI Transactions
SUPPLIER
CUSTOMER
Purchase Order - 850
Invoice - 810
Purchase Order Acknowledgement - 855
Advance Ship Notice - 856
Remittance Advice - 820
Product Activity Data - 852
Functional Acknowledgements - 997
Company A
Bank
Shipper
VendorA
Before EDI Networks
Initially, Quite Simple
VendorB
Company A
Bank
Shipper
VendorA
Company D
Company C
Company B
Before EDI Networks
But It Got Ugly Real Fast!
VAN
VendorB
Company A
Bank
Shipper
VendorA
Company D
Company C
Company B
Proprietary EDI Networks
Outsource the Headaches to an Intermediary
EDI Networks before Internet
• EDI Services provided by Value Added Networks (VANs)– GE Information Services
– Sterling Commerce
– IBM
• Before Internet, VANS used proprietary software and bisync communications links.
• Many of these links are still in use!
Leased Lines
SNA/BisyncX.25 (X.400)
Your SiteTradingPartner
Site
EDITranslator
EDI VAN EDITranslator
Mainframe/Fault Tolerant Hardware
Async Dial
Bisync Dial-Out
Large Processing, Support, and Network Infrastructure.
EDI Networks before Internet
EDI VANCompetitor
Bisync
TradingPartner
Site
Interconnect
EDI Meets the Internet• Until 1998, all EDI traffic was handled by VANs, and
none of these used the Internet.
• In 1998, Internet Commerce Corp deploys the first Internet based EDI network, now called ICC.net.
• FTP, SMTP, HTTP, PGP are the Internet protocols used for file transfer and document management.
• FTP, SMTP – file transfer of EDI documents
• HTTP – browser applet to manage “mailboxes”
• PGP - security
EDI Meets the Internet
• ICC would continue to be the only EDI network using the Internet for the next two years.
• Major VANS like IBM, Sterling Commerce, and GE Information Systems would take two to three years to catch up.
Question: why did it take a start-up to change the way EDI is transmitted? Why didn’t one of the major players do it?
Answers?
1. Too expensive?
2. Too much invested in existing infrastructure?
3. Perception that the Internet is not secure?
Resistance to the Internet
• EDI world entrenched in proprietary point to point solutions (i.e., CLOSED systems).
• Internet viewed as insecure.
• To solve this problem, EDI world would need:– Privacy (encrypted data)
– Authentication (know your partner!)
– Message Integrity (no message tampering)
– Non-repudiation (sender cannot deny sending a message, nor can receiver deny getting it)
– All of this had to be standardized to allow interoperability (make it easy to transact with any potential trading partner).
A Solution based on Existing Standards
• Security provided by using RFC 2633 (S/MIME)– S/MIME is based on RFC 1521, RFC 1847
• Non-repudiation obtained by using RFC 2298 (MDN)
• Define “Secure Transmission Loop” model
• Formally the solution is given in RFC 3335 (S/MIME + MDN + SMTP)
• Solution extended by AS2 (S/MIME + MDN + HTTP|HTTPS)– Note: “AS” means “Applicability Statement”
S/MIME
• For signing, Multipart/SignedContent-Type: multipart/signed; boundary="as2BouNdary1as2";
protocol="application/pkcs7-signature"; micalg=sha1
• To carry signed, encrypted objectsContent-type: application/pkcs7-mime; smime-type=enveloped-data;
name=smime.p7m
• pkcs7 uses RSA public key cryptography and X.509 certificates.– Encrypt with partner’s public key
– Sign with your own private key
– Requires that partners exchange certificates.
Secure Transmission Loop
• Sender signs and encrypts data using S/MIME.
• Sender transmits message, requesting MDN.
• Receiver decrypts data and authenticates sender.
• Receiver creates and signs MDN and transmits to sender.
Question: How can a sender correlate an MDN with any of the unacknowledged messages?
Synchronous or Asynchronous MDN
• Sender may ask receiver for synchronous or asynchronous MDN– Synchronous MDN is returned on same HTTP session.
– Asynchronous MDN is returned on separate HTTP session initiated by original receiver.
– Most AS2 transactions use synchronous MDNs
– Can you think of reasons why one method is better than the other?
– Which one is harder to manage?
– Why?
Synchronous or Asynchronous MDN
Synchronous AS2-MDN
[C] ----( connect )----> [S]
[C] -----( send )------> [S] [HTTP Request [AS2-Message]]
[C] <---( receive )----- [S] [HTTP Response [AS2-MDN]]
Asynchronous AS2-MDN
[C] ----( connect )----> [S]
[C] -----( send )------> [S] [HTTP Request [AS2-Message]]
[C] <---( receive )----- [S] [HTTP Response]
[C]*<---( connect )----- [S]
[C] <--- ( send )------- [S] [HTTP Request [AS2-MDN]]
[C] ----( receive )----> [S] [HTTP Response]
AS2 Message Identification
• AS2 defines new headers that identify the sender and the receiver:– AS2-from: <as2-name>
– AS2-to: <as2-name>
• From RFC 822 we use the message-id: header to identify this message.
• The message-id: is returned in an MDN as original-message-id: field.
Question: why do we need AS2 sender and receiver Ids? Isn’t the IP address sufficient?
Example AS2 Request(signed but not encrypted)
POST /invoke/wm.EDIINT/receive HTTP/1.1
Host: 208.234.160.12:80
User-Agent: AS2 Company Server
Date: Wed, 31 Jul 2002 13:34:50 GMT
From: [email protected]
AS2-Version: 1.1
AS2-From: as2Name
AS2-To: 0123456780000
Subject: G1 Test Case
Message-Id: <200207310834482A70BF63@\"~~foo~~\">
Disposition-Notification-To: [email protected]
Disposition-Notification-Options: signed-receipt-protocol=optional,pkcs7-signature; signed-receipt-micalg=optional,sha1
These request signed, synchronous MDN
Example AS2 Request (continued)
Content-Type: multipart/signed; boundary="as2BouNdary1as2"; protocol="application/pkcs7-signature"; micalg=sha1
Content-Length: 2464
--as2BouNdary1as2
Content-Type: application/edi-x12
Content-Disposition: Attachment; filename=rfc1767.dat
[ISA ...EDI transaction data...IEA...]
--as2BouNdary1as2
Content-Type: application/pkcs7-signature
[omitted binary pkcs7 signature data]
--as2BouNdary1as2--
Synchronous MDN Example
HTTP/1.1 200 OK
AS2-From: 0123456780000
AS2-To: as2Name
AS2-Version: 1.1
Message-ID: <709700825.1028122454671.JavaMail@ediXchange>
Content-Type: multipart/signed; micalg=sha1;protocol="application/pkcs7-signature"; boundary="----=_Part_57_648441049.1028122454671"
Connection: Close
Content-Length: 1980
Note: the Message-Id is the ID for THIS MDN!
Synchronous MDN Example
------=_Part_56_1672293592.1028122454656
Content-Type: message/disposition-notification
Content-Transfer-Encoding: 7bit
Reporting-UA: AS2 Server
Original-Recipient: rfc822; 0123456780000
Final-Recipient: rfc822; 0123456780000
Original-Message-ID: <200207310834482A70BF63@\"~~foo~~\">
Received-content-MIC: 7v7F++fQaNB1sVLFtMRp+dF+eG4=, sha1
Disposition: automatic-action/MDN-sent-automatically;processed
------=_Part_56_1672293592.1028122454656—
{Followed by a signature multipart}
This is the ID of the message that MDN acknowledges.
AS2 Reality
• In 2002, Wal-Mart decreed that it would accept ONLY AS2 transactions, and ordered all trading partners to switch to AS2.
• Most other major retailers would soon follow suit.• Today, it appears that the retail industry has adopted AS2
as its EDI transport, but other industry segments have yet to commit to AS2.
• Other options in use for secure EDI are:– FTP/S (FTP using TLS).– S/FTP (FTP using IPSEC).– VPN.
• Between interconnects (the VANS), EDI is sent “in the clear” using FTP!
Impact of Internet on EDI
• The migration from proprietary EDI networks to the Internet has dramatically lowered the cost of EDI services.– Before the Internet, costs were typically $.20/KC or
more– Today, costs are under 0.10/KC
• Startup costs are lower because users no longer need special telecom setup.– Just need a PC and an ISP!
• Consequently, EDI is now accessible to many more businesses then ever.
Final Thoughts• Standards are important - they facilitate
interoperability• To become “popular”, any new standard must
present a low “barrier to entry”– Must be easy to implement– Must not require any (significant) changes to current
business practices
• Build “new” technologies by applying existing technologies.
• The Internet and its related protocols are examples of this philosophy.