|
eBusiness Technology Standards: EIDX/CompTIA Internet Commerce
Model
The information on this page is the first draft of an adaptation
of Internet Commerce Model:
Recommended Technologies for Internet Commerce published by
the VICS Internet Standards Committee
on October 20, 1998.
The EIDX/CompTIA ECSB Technology made a first pass at making updates
to reflect technology changes that have occured since 1998. There
is much more work to do, and a more thorough reworking of the material
in process. The reworking of the material includes networking with
the VICS team, who are also revisiting this material.
Since 1986, VICS, the Voluntary Interindustry Commerce Standards
Association, has worked to improve the efficiency of the entire
supply chain. VICS establishes cross-industry standards that simplify
the flow of product and information in the general merchandise retail
industry for retailers and suppliers alike. EIDX and CompTIA ECSB
are grateful that VICS has allowed us to leverage from their work.
Technology Standards for Electronic Commerce
The following graphic is the new model, which is still under development.
However, we think it useful enough to share at this point, and welcome
comments. Following this is the original model graphic. The text
narration corresponds to the old graphic.
Larger images:
Pg.1
Pg.2
Click here to view a larger image.
Original Model
Background
The sudden evolution of the Internet—from a means of sharing
technical information among academic, government and commercial
research projects to a universal, low-cost, high-performance network—has
begun to transform how companies conduct every aspect of their businesses.
From marketing through the World Wide Web to transferring purchase
orders via e-mail, information and transactions that were once exchanged
on paper increasingly are transmitted electronically over the Internet.
Far from just displacing other media, the Internet’s potential
for automating the interaction among companies and with consumers
also makes many new business practices possible. Consumer-oriented
initiatives like Internet shopping are already having significant
impact. High profile business-to-business commerce efforts include
Open Buying on the Internet (OBI),
RosettaNet, Open Applications
Group (OAG), ebXML,
CompTIA, EIDX, and VICS’
Collaborative Planning, Forecasting, and Replenishment (CPFR)
guidelines.
The rapid progress of Internet-based business also presents major
risks. One major concern is that many of the potential benefits
of the Internet will be lost because of the absence of common specifications
and business practices. The complexity and cost of managing an array
of overlapping or conflicting proprietary electronic commerce schemes
could be staggering.
Purpose
Because multiple organizations participate in Internet commerce
initiatives, it is particularly urgent that communications be based
upon common standards. Organizations such as COMPTIA and EIDX have
played a significant role in establishing electronic commerce standards
and practices. Electronic data interchange (EDI) standards are already
in wide use throughout industry. The progress that COMPTIA, EIDX
and others have made should not be swept away by the excitement
over the Internet. However, new technologies should also be embraced
as soon as they become viable.
Internet commerce is broader than buying and selling. Internet
Commerce encompasses all trading partner interactions that can be
conducted over the Internet. This EIDX/CTIA document is the work
of the COMPTIA/EIDX Technology Subcommittee. (The COMPTIA/EIDX Technology
Subcommittee was established to create guidelines for Internet commerce
implementations.) The document takes the form of formal recommendations
of standards to deploy, as well as discussions of implementation
considerations for areas where recommendations cannot be established
at this time. This document is the first product of the committee’s
efforts. The recommendations are intended to provide guidance to
COMPTIA/EIDX members who are pursuing Internet commerce initiatives,
so that members select similar technologies and specifications for
interacting with one another. These Recommendations do not establish
any new standards, but provide a profile of existing standards,
specifications, and guidelines for members’ use.
These guidelines should reduce the barriers to interoperability,
accelerate the pace of adoption, and ultimately, enhance the competitiveness
of COMPTIA/EIDX members. They are strictly voluntary.
Overview
Principles
The vision of Internet commerce is a platform- and vendor-independent
environment in which multiple parties can inter-operate. Partners
of different sizes and technical levels can collaborate through
technologies that are accessible to them. This communication is
supported by formal standards, which evolve through an open process.
These guidelines are based on the following principles:
- Standards: The model should use existing standards wherever
possible. Where de jure standards have not been established, the
committee has selected de facto standards that have an open process,
that are managed by a non-profit organization, and are supported
by multiple technology vendors. If these criteria have not been
met in an area, the committee has declined to make a recommendation.
- Scalability: The system must be able to scale from the
SME to the large enterprise (smallest to the largest) implementations
in terms of number of transactions, trading partners, collaborative
relationships, users, and collaboration interactions.
- Security: Trust and privacy are major issues in a collaborative
environment. For obvious reasons, sensitive information should
be accessible only to those who have permission to view it. Internet
commerce solutions must ensure data is secure when exchanged via
public networks.
- Openness: Solutions that require a single vendor's application
are not acceptable in collaborative relationships. Each trading
partner must independently consider all of its customer/supplier
relationships. It is unlikely that all of them would choose the
same implementation approach. By using open and published standards,
new trading partners can come online quickly, and the systems
can evolve. In addition, an open solution must be based on mature
technologies, because the rapid pace of development and market
acceptance can take evolving technologies in diverging directions-including
extinction.
- Manageability: An Internet commerce solution should be
easily maintainable by all parties.
- Extensibility: The model must be able to accommodate
and expand future technology evolution while maintaining migration
from one technology to another.
Categories of Internet Use
COMPTIA/EIDX members are engaged in many Internet-based business-to-business
initiatives. Three general categories of Internet use have been
identified:
- Publish: Share specifications, advertising and other static
information with trading partners. Usually, users display this
data on World Wide Web (WWW) browsers, or in other associated
applications, such as a spreadsheet, a document viewer, audio,
or video player. This data may be subject to access control, and
available only to trading partners, or it may be open to the public.
- Interact: Give trading partners interactive access to product
catalogs, shipment tracking, account balances, and other business
information. Data gathering, such as on-line surveys and discussion,
is included in this category as well.
- Transact: Conduct business over the Internet by taking orders,
collecting payment, disbursing funds, submitting bids, or performing
other business transactions.
Internet specifications for video, FAX, voice, shared whiteboards,
and other ad-hoc communications are also increasingly important,
but are outside the scope of this version of the document.
Specification Approach
Some aspects of Internet commerce are clearly standardized, and
have a recognized committee or organization that is responsible.
For example, the Internet Engineering Task Force (IETF) sets many
of the fundamental Internet protocol standards, while the World
Wide Web Consortium (W3C) manages development of World Wide Web-related
standards. The COMPTIA/EIDX Technology Subcommittee has selected
specifications that are managed by the following organizations:
Openness is a base criterion for selection as a standard. Typically,
technical experts in a given area work for several months or years
to develop proposals that are then available for review and comment
by the broader community. In these areas, the COMPTIA/EIDX Technology
Subcommittee has identified the relevant standards and established
guidelines for their use.
Other relevant Internet specifications are less standardized, and
it is much more difficult to establish a reasonable guideline. In
this case, one of three conditions usually exists:
- There are competing specifications
- Commonly used approaches should be open but may have evolved
from a proprietary solution. For example, Pretty Good Privacy
(PGP) is a popular public key encryption mechanism, but its maker
maintains the rights to the technology.
- Standard approaches to specifications are emerging. Alternative
approaches are emerging for different business scenarios. For
example, determining whether a shared server or peer-to-peer systems
provide the appropriate systems architecture for an Internet initiative
depends upon many factors.
Where no clear recommendations can be established, this document
provides a discussion of the considerations that one should make
when selecting an alternative for its work. These general considerations
are distinguished from the specific recommendations provided in
other parts of the document.
The Internet Commerce Model: Recommendations
Technically, COMPTIA/EIDX Technology Subcommittee’s recommendations
fall into the following areas:
| Component |
Description |
| Physical Layer |
Concerns electrical and mechanical
connections to the network |
| Network Protocol |
Standards for the physical and
logical structure of the network itself. |
| Data Transport |
Standards for propagating files,
messages, transactions, and other data content over the network.
|
| Object Invocation |
Standards for enabling methods
to be invoked on distributed objects. |
| Business Process |
Standards for processes, scenarios
and rules for conducting business between trading partners. |
| Data Dictionary |
Standard semantics (content
and meaning) for messages exchanged within a given data format. |
| Data Guideline |
Standards and conventions for
structuring data content. |
| Presentation |
Standards for the markup or graphical
display of data to a user. |
| Security |
Standards for software and utilities
which prevent data and applications from being inappropriately
accessed, altered, destroyed or otherwise compromised. |
The technologies are organized into these areas in the model illustrated
in Figure 1 at the top of this page. Each component area of the
model includes the recommended specifications for that area. Most
areas present alternatives, which are appropriate for different
scenarios.
While there are some dependencies among the model components, the
objectives of each are functionally distinct. The order of the components
is not intended to imply layering or dependency.
The following sections describe the components of the COMPTIA/EIDX
Internet Commerce Model in more detail.
Physical Layer
The Physical Layer provides the hardware means of sending and
receiving data on a carrier. This layer conveys the bit stream through
the network at the electrical and mechanical level, and manages
putting data onto the network media and taking the data off.
Typical protocols at the physical layer include the RS-232, the
RS-449 family, CCITT X.25 and X.21 facility interfaces, other CCITT
(V) and (X) series recommendations, and the physical aspects of
the IEEE 802.X media access protocols for Local Area Networks.
Network Protocol
The first component in the model is the Network Protocol. On the
Internet, the fundamental protocol is the Internet Protocol (IP).
In fact, perhaps the best definition of the Internet is simply:
the interconnected public and private networks running the Internet
Protocol.
A computer connected to the Internet is "named" by its
IP address - and computers communicate with each other by using
this IP address.
TCP/IP
The Internet Protocol (IP) defines the rules for routing data
through the internet but is unreliable and does not know how to
make connections. The Transmission Control Protocol (TCP) defines
rules for connections and data transmission over the Internet Protocol.
Most of the other Internet protocols then layer upon both TCP and
IP. Hence, this level is frequently referred to as TCP/IP.
So what does TCP/IP do really? Is it one thing or two? Well, here's
the scoop:
- An application or program launches the transmission.
- TCP breaks outgoing messages or files into transmission packets
or chunks of an efficient size for routing, if necessary (depends
on message size).
- The packets contain both the sender's and the receiver's addresses.
IP routes the packets through the the necessary gateways and domains
on the Internet until they arrive at the final destination.
- Then TCP at the receiving end reassembles the packets and delivers
the reconstituted message to the program/application that performs
whatever's next (such as decrypting, translating, whatever).
Today, TCP/IP is the most broadly implemented network protocol
set in the world. It is delivered with a wide range of computers,
from the desktop to supercomputers. It is this near ubiquity that
makes the Internet today’s de facto global information infrastructure.
Lease-line dial-up is not strictly an internet protocol. However,
we include it in the model to represent the fact that a Small-to-Medium
Enterprise (SME) company typically accesses the network via a modem
dial-up to an Internet Service Provider (ISP). The ISP, in turn,
connects to the network via TCP/IP.
Transport
The transport layer deals with moving an entire useful set of information
from one system to another over a network protocol. The three recommended
specifications in this area are:
- FTP: The file transfer protocol allows for the transfer of entire
files from one computer system to another. FTP is an especially
useful protocol when files are extremely large.
- SMTP/MIME: SMTP is the Simple Mail Transfer Protocol, used to
send plain text messages over the Internet (i.e., over Internet
Protocol, IP). SMTP has been enhanced with the Multipurpose Internet
Mail Extensions (MIME), to allow it to carry more than just plain
text. SMTP/MIME allows electronic mail (email) to carry other
types of messages, including attachments (enclosures) that are
a popular part of most local area network (LAN) email systems.
Many LAN email systems are migrating to native support of SMTP/MIME
instead of being based on proprietary protocols. This eliminates
the need for gateways between the LAN email system and the Internet.
- HTTP: HyperText Transfer Protocol is the protocol for exchanging
data using the World Wide Web. Real time synchronous exchange
of data/information is not possible via Simple Mail Transfer Protocol
(SMTP). HTTP, on the other hand, provides the capability for moving
content and exchanging data in real time using the Internet. Secure
HTTP (S-HTTP or HTTPS) uses a particular application of public
key cryptography, Secure Sockets Layer or SSL (see below for a
more description of SSL), for encryption and decryption of the
data being carried by HTTP. S-HTTP can provide privacy as well
as authentication.
The appropriate physical medium for transporting data depends
upon the architecture selected, and the level of service desired.
Some applications use a distributed presentation (remote user) model.
Remote users utilize a web browser, and display application screens
via HTTP and asp. Other applications use a peer-to-peer approach,
where a remote user uses an application within their organization,
which interacts with a remote application. Other applications inter-operate
by transferring data to each other and then import/export this data.
FTP can be used to transfer data in file form; SMTP can be used
to transfer it as electronic mail messages.
Registries and Repositories
There is ongoing technology evolution. Registries and repositories
are not fully functional today, but we expect that they will be
an important technology component in the future. EIDX/CompTIA will
continue to evaluate this area.
Transaction/Exchange Methodology
The transaction methodology (also referred to as exchange methodology)
describes what needs to occur in order for the exchange to be considered
complete. Business documents (transactions) are components of a
business process, and the transaction methodology describes which
transactions must be exchanged for a particular business process.
- CompTIA/EIDX Guidelines, maintained by Computing Technology
Industries Association and Electronic Industries Data Exchange
Association, are industrial implementation guidelines for use
throughout the supply chain. These guidelines are a subset of
the United Nations/Electronic Data Interchange for Administration,
Commerce and Transport (UN/EDIFACT).
- RosettaNet PIP™: (Partner Interface Process).
The purpose of each PIP is to provide common business/data models
and documents enabling system developers to implement RosettaNet
eBusiness interfaces. Each includes a)XML document(s) based on
implementation Framework DTDs, specifying PIP Service(s), Transactions(s),
and Messages(s) which include dictionary Properties; b) Class
and sequence diagrams in UML; c) Validation tool; and d)Implementation
guide.
- BODs: (Business Object Document): A BOD is OAG's counterpart
to a RosettaNet PIP that includes DTDs and is considered a business
process as opposed to a technical model.
Data Dictionary
In order for companies to inter-operate (do business with each
other) they need a language in common. This is especially true when
an information system at one company wishes to share or exchange
information with an information system at another company. Data
dictionaries can establish a precise meaning for the shared information,
allowing for a meaningful sharing. The languages of the day are
XML-based languages. The problem is that as of May 2002, the U.S.
Government estimates that is has 1200 XML vocabularies that it must
deal with. More than one of these vocabularies makes a claim to
having the largest deployment base. EIDX and CompTIA are focusing
on the following organizations that develop and maintain such dictionaries:
- aspASC X12 EDI: The ASC X12 Data Element Dictionary represents
the collection of basic building blocks on which all Electronic
Data Interchange transaction sets are constructed. The dictionary
listing (in data element number order) defines each data element
and its cross-reference to EDI segments and transaction sets in
which it is used including all available codes and attributes.
The COMPTIA/EIDX EDI Guidelines use the ASC X12 Data Element Dictionary
for the complete specification of all data elements.
- aspEDIFACT: The UN/EDIFACT Data Dictionary defines each data
element and its cross-reference to all UN/EDIFACT messages in
which it is used including all available codes and attributes.
UN/EDIFACT is defined below under "CompTIA/EIDX Guidelines".
The Guidelines use the UN/EDIFACT data dictionary for the complete
specification of all data elements.
- aspRosettaNet: RosettaNet is an independent, self-funded,
non-profit consortium dedicated to the development and deployment
of standard electronic business interfaces. These standards form
a common e-Business language, aligning processes between supply
chain partners on a global basis
- aspOAG: The Open Applications Group (OAG) has developed the
Business Object Document Architecture (BOD). This architecture
provides the framework to communicate messages or business documents.
BOD consists of 2 major components - control Layer and Business
Data Layer. The OAG work group has provided the specification
to develop a set of OAG compliant DTD's (Document Type Definition)
to support their XML messaging requirement. Both the XML messages
and its DTDs make up the BOD.
- aspebXML - Core Components: The ebXML Core Components Project
Team is working on the methodology to develop a common business
data dictionary. The goal of this effort is to develop a syntactical
neutral data dictionary where it can support numerous syntax such
as XMl, X12, EDIFACT, etc. This effort is currently a work in
progress; the EIDX/CompTIA Technology Subcommittee will publish
the final version, as it becomes available.
- aspXML standards to be evaluated:
- aspfinXML
- asptpaML
- aspCBL
- aspUBL
- aspUDDI/XAML
- aspUDEF/GUID
- aspOthers to be determined
Data Guidelines While data dictionaries
can establish a standard meaning for shared data, there must also
be some agreement on the format of the data to be shared.
- CompTIA/EIDX Guidelines Rewrite, maintained by Computing Technology
Industries Association and Electronic Industries Data Exchange
Assoication, are industrial implementation guidelines for use
throughout the supply chain. These guidelines are a subset of
the United Nations/Electronic Data Interchange for Administration,
Commerce and Transport (UN/EDIFACT).
- RosettaNet DTD (XML Document Type Definition). Rewrite
The purpose of each PIP is to provide common business/data models
and documents enabling system developers to implement RosettaNet
eBusiness interfaces. Each includes a)XML document(s) based on
implementation Framework DTDs, specifying PIP Service(s), Transactions(s),
and Messages(s) which include dictionary Properties; b) Class
and sequence diagrams in UML; c)Validation tool; and d)Implementation
guide.
Presentation
In many applications, data need only be shared between computer-based
applications. In these cases, there is no direct presentation layer
(though the result of the computer application may ultimately be
presented to a person in some form). Other applications present
information to a user.
- HyperText Markup Language (asp) is the "language"
used to describe what a World Wide Web page should look like.
Browsers interpret this language to make the final presentation
of this information to the user. asp is still evolving, as users
of the Web find the need for improved control over the specific
layout of information sent to the browser as well as the need
to simplify the generation and maintenance of Web pages. Applications
such as those based on the World Wide Web (which uses HTTP to
transmit data), typically expect a user to view the information
that has been transported. Web data is visually presented with
a browser. Today’s browsers typically support viewing data
that has been created using HyperText Markup Language (asp) 3.0,
Java, and JavaScript.
Limitations in what can be accomplished within asp have spurred
great interest in other technologies that would allow more dynamic
presentations at the user’s computer. For example, Java and
JavaScript provide for less static web pages. This is still a rapidly
shifting area, with the standards battle still underway.
- Graphical presentations: Much of the use of the World Wide Web
includes the transmission of images, or pictures. A variety of
standards exist for images of various sorts. Many of the most
common image formats are supported directly by the web browsers.
Other formats require additional software to be viewed. Today,
the major graphic image formats typically supported by the browser
are:
a) GIF
b) JPEG
- Extensible Style Language (XSL).
Determines how XML data is displayed on a web browser. You
may have different XSL definitions for a single XML file depending
on how the data is to be interpreted for the user.
Internet Commerce Model: Considerations Two major areas of
Internet technology currently offer too many competing alternatives
for clear guidelines to be established at this time:
- Security: Techniques for authentication, encryption, non-repudiation,
and origin of messages that implementations should take into account.
- Application Architecture: Alternatives for the location, coordination,
and management of the data processing elements (servers, agents,
and other components) that make up an Internet commerce implementation.
Nonetheless, it is essential that any Internet commerce initiative
respond to security and application architecture concerns.
The following sections provide considerations for implementation
in these areas, in lieu of firm recommendations.
Security
Every Internet commerce implementation will need to consider how
communication will be secured, especially when messages are exchanged
over public networks. Today’s Internet is still evolving from
its earlier research-orientation to becoming a truly usable system
for commerce - and safety is one of the major areas still under
development. At the current time, security is implemented in a number
of different ways for a number of different purposes.
This section of the specification provides the background information
on security issues to assist organizations that are contemplating
initiatives. Some of the major areas in which standards are important
include the following (PAIN):
- Privacy: Ensuring that unauthorized parties cannot read the
information that is being transmitted.
- Authentication: Ensures the identity of a user or source
of a transaction.
- Integrity: Ensuring that the message content cannot be changed
(intentionally or accidentally) or, if it is changed, that the
change will be detected.
- Non-repudiation. Ensures that the sender cannot deny having
sent a transaction, and the recipient cannot deny having received
the transaction.
Although they are not a focus of Internet standardization, implementations
must also consider the impact that Internet firewalls may have on
the selection of protocols to be used.
Privacy
Privacy is implemented in a variety of ways for different applications
on the Internet. Techniques for privacy are primarily based on public
key cryptography. For use on the World Wide Web, the primary privacy
mechanism is Secure Sockets Layer (SSL); a specific system based
on public key cryptography. This is a broadly accepted de facto
standard. Secure Sockets Layer is implemented in such a way that
other Internet applications can make use of it; to date, the World
Wide Web is the principal application that actually uses it.
The Internet standard for message privacy is Secure MIME (S/MIME).
If a message is encrypted with the recipient’s public key,
it can only be decrypted by the recipient’s private key, ensuring
that the message cannot be seen by anybody but the intended recipient.
This guarantees privacy. Keys should be updated/replaced on
a periodic basis; in the financial industry, some partners change
their keys daily.
How safe is encryption?
- A 4 character alphabetic password can be cracked in about a
minute by the average computer
- A 40 bit encryption key can be cracked in 24 hours on a parallel
computing system
- Probably won't be able to crack a 128 bit encryption key created
with a good algorithm any time in this century; based on the number
of possible combinations of bits (3.4 x 10 38), the mathematics
suggest that it takes 876,530,835,323,573,935 years to test all
possible combinations awith a 375 MHz processor, assuming that
you have a computer that has the computing power to do this, and
don't experience any power outages
Authentication
There are a variety of application areas and techniques for authentication
- "proving" that an entity (a person or a process) is
who it claims to be. Typically, highly reliable methods for authentication
cost more than methods that provide less assurance. For example,
a user is authenticated when he/she logs onto a computer system:
- At the simplest level, a "user name/password" is used
to authenticate someone when logging in to a computer system.
- Security tokens provide an additional level of assurance. In
addition to knowing something (user name/password), the user must
also possess something (the token). There are a variety of systems
that utilize different types of tokens (both hardware tokens such
as security cards and software tokens). Systems that require "something
you know" plus "something you have" provide better
authentication/security than those that require only one of these.
In exchanging information, there also is frequently a need for authentication.
For example, is electronic mail really from the person that claims
to be sending it? Techniques that assist in the authenticating messages
include:
- Digital signatures: A digital signature proves that a
document came from a specific person. Today, there are a number
of techniques for providing a digital signature. One of the most
obvious application areas is in electronic mail. As mentioned
above, the primary privacy mechanisms being proposed for electronic
mail on the Internet are based on public key cryptography. If
mail is encrypted with the sender’s private key, it can be
decrypted with the sender’s public key, which proves that
it came from the sender.
- Certificates: Digital certificates are employed with
public key cryptography - and require some form of directory services
- to provide even more information. For example, the encrypting
of a document with a person’s private key guarantees that
it came from that person. A directory system that contains a certificate
associated with that person, which could be accessed using that
person’s public key, could show other information about that
person, such as what corporate authority that person has, which
can facilitate electronic business. The current standard for certificates
is X509.3.
Integrity
Data integrity is essentially a free by-product of most privacy
schemes. The encryption of the data prevents any purposeful changing
of the data. If the encrypted information is changed (intentionally
or accidentally), it cannot be successfully decrypted, giving an
obvious indication that the data has been corrupted.
Non-Repudiation
Non-repudiation is a specific type of integrity check. It ensures
that both parties agree that the transaction of data has occurred.
The sender issues a signal with the transaction, called a Non-Repudiation
of Orgin (NRO), to indicate that they do not deny having sent the
transaction. Upon receipt of the data, the recipient issues a Non-Repudiation
of Receipt (NRR), to indicate that they do not deny having received
the transaction.
The signals generated can only be sent by the sender and receiver,
and not by any other party.
For more information, refer to the IETF
web site.
Firewalls
Many organizations utilize Internet firewalls to filter Internet
traffic. These systems enhance security by preventing unauthorized
public access to local computing resources. Often, network administrators
restrict all but a few message types. For example, FTP requests
may be blocked, eliminating that protocol from consideration at
the affected sites. In virtually all cases, however, HTTP access
is allowed. Some middleware products have developed tunneling schemes
that map other protocol requests to HTTP, and then back again, in
order to enable access when a firewall is in place.
Application Architecture
There are many technical scenarios under which Internet commerce
could be deployed. Every network of trading partners will need to
agree on the location, coordination, and management of data processing
elements in their implementation. Depending on each case scenario,
resources available, and the need for expediency, the architecture
may follow one of the application architectures considered in this
document.
Data in Internet commerce applications could be managed by each
trading partner, or by an independent, third party service bureau.
Selection of the transport mechanism depends upon the level of service
required, the availability of the technology to each trading partner,
and ease of deployment. In all cases, the message content exchanged
over these transports should conform to the selection of data format
standards.
Some aspects of collaboration are time-critical. The level of
sensitivity to response times varies dramatically, depending upon
the products and trading partners involved. COMPTIA/EIDX Technology
Subcommittee implementers must negotiate level-of-service agreements,
select transports, and design their applications to achieve appropriate
response times in each communication context.
There are many alternatives for distributing data and information
processing among collaborating trading partners. Each of these collaboration
environments presents significant tradeoffs. Examples of each are
likely to prevail in different industries, depending upon the rate
of market acceptance.
When designing or selecting solutions, there is always a tradeoff
between using best of breed but loosely coupled solutions and using
out-of-the-box, turnkey solutions.
Centralized Server
In supply chains that have a few large and many small players,
one company can develop and manage a collaboration environment on
behalf of its trading partners. Because a significant part of any
of the smaller companies' production flows through the larger trading
partner, and the burden is not on them to develop or maintain the
system, smaller companies are usually motivated to adopt their partner's
technology.
Distributed Servers
A system built on a network of distributed servers can manage
the data relevant to any individual company locally and restrict
distribution of sensitive information to trading partners that need
it. Distributed server networks are highly scaleable because the
number of systems grows with the number of trading partners.
Distributed server networks are more complex than centralized
or loosely coupled systems, so they require more sophisticated engineering
and management. The distributed server approach also requires each
trading partner to install and maintain its own system, which could
be an impediment to the widespread adoption of Internet commerce.
Data synchronization is the most challenging implementation issue,
whether performed via database replication, distributed transactions,
or other means.
Transactional Example: EDI over the Internet
Organizations that are already COMPTIA/EIDX X12 or EDIFACT compliant
may choose to send EDI transactions over the Internet, as opposed
to using private Value-Added Networks (VANs). EDI over the
Internet has the potential to reduce costs and reach a larger number
of potential trading partners. These transactions may exist as orders,
catalog information, point of sale data, and any other transactions,
as defined and supported by COMPTIA/EIDX-approved standards. EDI
message exchange might be accomplished through the use of an automated
e-mail system.
The following model shows the technological components that might
be needed to accomplish Internet-based EDI transaction processing.
Many alternatives are possible; this model is not meant to be all-inclusive.
Model Components
| Physical Layer |
tbd |
tbd |
| Network Protocol |
TCP/IP |
Required (Internet Protocol) |
| Transport |
SMTP/MIME * |
Required (Most widely used) |
| Object Invocation |
N/A |
N/A |
| Business Process |
EIDX/CompTIA |
Required |
| Data Dictionary |
ASC X12 |
Required |
| Data Guidelines |
ComPTIA/EIDX |
Required |
| Presentation |
N/A |
N/A |
| Security |
Encrypted |
Recommended |
* Note that SMTP does not guarantee the order of messages. Other
protocols, such as HTTP, can be used to achieve this goal.
Conclusion
These Internet guidelines are a work in progress. The COMPTIA/EIDX
Technology Subcommittee has selected the combination of standards
and conventions that best meet the needs of general merchandise
supply chain trading partners, based upon the technologies currently
available. Technologies in this domain continue to evolve rapidly.
In order to validate the technology selection and continue to develop
the technical recommendations for Internet commerce, the committee
will encourage members to conduct additional reference pilots. Through
the piloting process, the technologies outlined in this document
will be tested further in real business situations and field conditions.
The committee then hopes to publish subsequent revisions to this
document that will enhance these guidelines and standards selections
as they emerge.
|
contact
us 
