[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AS#2 Transport Protocol/Security
We discussed a related area several months ago..."Is SMTP reliable". It
is..so lets don't start that discussion again. Part of smtps "model" is
store-and-forward..which implies an intermediary between the two offical
endpoints of the conversation. This means to many that for "real-time" smtp
is a poor model. It does not support JIT well...via Chrysler....They need a
new model...other than store-and-forward.
At some later point in a different thread...WEB servers exchanging edi info
in real time was brought up. This is why we are discussion this area...It
obviously needed to be discussed...
Now my vision (which could be changed by this great discussion at any time)
is as follows:
Two case for edi using the web:
1) A client fills in a blank data form and it gets converted to edi
-- the reflexive operation is also supported. In this case some standard
CGI routine may be sufficent to facilitate the form-EDI area....if it even
needs facilitation....which it may not
2) The hub (or generic receiving party) always has a web server up.
Businesses which conduct JIT edi with this business institute http sessions
(SSL based I would assume or a Secure Virtual network connection). These
sessions would be up for long periods of time (what ever that means) with
no """"intermediary"""". The two responsible endpoints are directly
communicating.
How will this be used for edi? The second case may have several sub-cases.
I will just look at one, because I am responding to Javed's note.
In this case the two web servers are in session with SSL in effect between them.
The spoke sends in an signed-ASN to the hub, the hub's WEB/EDI server
responds instantly that it has received the ASN with a NRR. The reason that
the ASN is signed is because we need that for Non repudiation of Origin for
the ASN document. We may choose to keep the signed-ASN in our data archive
so that we can prove "what, when, who and where" on that document in the
future.
I hate long notes like this because they don't get read well..just to long
for a good dialogue...Let me know your thoughts..
Later...Rik
At 10:29 AM 9/19/96, Javed Chaudry wrote:
>Carl Hage wrote:
>
>>
>> Rik wrote:
>> : I think we are back to requirments again. What are the requirments for
>two
>> : WEB servers to exchange EDI in real time?
>>
>> The question seems flawed to me, since HTTP is a *client*-server
>protocol,
>> not a server-server protocol (except for proxy caching).
>>
>
>Rik: I agree with Carl. Why are we even thinking about WEB servers ? Real
>EDI (i.e., machine to machine) over the Internet has nothing to do with
>WEB or HTTP. Following is a very basic model:::
>
>Step 1:
>Company A generates a transaction that is fed into EDI translator.
>
>Step 2:
>EDI Translator generates an EDIFACT/ANSI X12 compliant transaction.
>
>Step 3:
>An SMTP application sends the transaction set wrapped as a MIME attachment.
>This procedure can also implement PGP for "confidentiality",
>"authentication" and "non-repudiation"
>
>Step 4:
>Company B's SMTP application receives the mail. Automatically performs
>security checks and forwards the transaction to the EDI translator.
>
>Now, the questions we need to look into are::
>
>How reliable is this method (is the mail delivery guaranteed?)?
>How can we deal with the issue of SMTP mail delays?
>Is PGP sufficient for EDI transactions ?
>Is SMTP transport mechanism suitable for EDI ?
>Can a VPN be more reliable transport technology ?
>
>Regards,
>------------------------------------------------------------
>Javed Chaudry
>Altschuler, Melvoin and Glasser, LLP
>30 S. Wacker Dr.
>Chicago, IL 60606
>Phone: 312/207-2800
>Fax: 312/207-2954
>email: jchaudry@amgnet.com
>------------------------------------------------------------
------------------------------------------------------
| Rik Drummond - The Drummond Group |
| 5008 Brentwood Ct., Ft. Worth, TX 76132 USA |
| Voice: 817 294 7339 Fax: 817 294 7950 |
------------------------------------------------------