[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: EDI over http
[Rik Drummond] Look here for three drafts on how to do secure EDI on
[Rik Drummond] Also CommerceNet has been helping companies
interoperability test products which conform to these drafts. Companies
like netscape, cyclone, harbinger, st. paul software, saa consultants,
sterling commerce and tandem all have, or will soon have, products on the
market which meet these specifications.
Derin Bluhm wrote:
> I have been tasked with setting up EDI over the internet for our
> company. For standards based EDI to work over the internet, you must
> have non-repudiation and security of transmission.
> S/MIME using X.509 self generated digital certificates appears to be a
> perfect fit. A digital certificate allows for digital signing of a
> message to verify that the sender is the authorized trading partner
> (non-repudiation). It also provides for detection of changes to the
> content of the message, so you are ensured that the contents have not
> been altered in-transit.
> Digital certificates further permit you to encrypt the entire message,
> ensuring that only the concerned parties have access to this HIGHLY
> sensitive information.
> The only other reliable option seems to be encryption over a direct
> TCP-IP connection between trading partners. Newer java classes provide
> for creating/parsing digital certificates and encrypting data channels.
> Derin M. Bluhm
> Pragmatyxs, Inc.