RFCs in HTML Format


RFC 1865

                         EDI Meets the Internet

                    Frequently Asked Questions about
           Electronic Data Interchange (EDI) on the Internet

Table of Contents

   1. Introduction ................................................    4
   1.1.  What is this document ....................................    4
   1.2.  What do you mean by electronic data interchange (EDI) ?  .    4
   1.3.  What are the X12 Standards that I should be aware of ?  ..    4
   1.4.  To whom do I send comments and suggestions ? .............    5
   1.5.  How can I get a copy of this document? ...................    5
   2. General Information .........................................    6
   2.1.  What is the Internet ?  ..................................    6
   2.2.  Is there a difference between EDI and
         electronic commerce (EC) ? ...............................    6
   2.3.  What makes the Internet useful for EDI ?  ................    6
   2.4.  Does this means we will now have to coordinate our
         EC/EDI activities with the Internet?  ....................    7
   2.5.  How do I find the addresses of other Trading partners
         on the Internet if I don't have to coordinate my EDI
         activities with a central organization or VAN?  ..........    7
   2.6.  How fast is the Internet?  ...............................    7
   2.7.  What about reliability of the Internet?  .................    7
   2.8.  What are RFCs and where can I get them ?  ................    8



Houser, et al                Informational                      [Page 1]

RFC 1865 EDI Meets the Internet January 1996 2.9. Where can I get general information about the Internet? . 8 3. Getting Connected To The Internet ........................... 9 3.1. What do I need to get to use the Internet? .............. 9 3.2. What software is used to support electronic mail? ....... 9 3.3. What types of client-server or server-server protocols exist on the Internet? ........................ 10 3.4. What methods exist to broadcast information across the Internet? ........................................... 12 3.5. What are the ways to connect to the Internet ? .......... 13 4. Organizational Issues ....................................... 15 4.1. Why is the way we currently do EDI so limiting to its growth? .................................................. 15 4.2. My organization has an internal automated system for processing requisitions and issuing purchase orders, but it does not create the X12 formatted EDI transactions; what should we do ? ........................................... 16 4.3. My organization already has a dial-in bulletin board service (BBS) where we post transactions; should we keep it? .................................................. 16 4.4. My organization currently has a Trading Partner Agreement with each trading partner we're currently doing business with. Can we keep them ? .................. 16 4.5. It would be nice to get more trading partners and/or more competition, but I'm worried about getting too many transactions to be able to handle them. Has this been a problem ? ................................................ 17 4.6. Does this mean that I'll receive more messages ? ......... 17 4.7. If we see a transaction posted on VAN, how do we respond in electronic format ? ........................... 18 4.8. My organization has an established bilateral relationship (such as an existing contract. Can we send these transactions via the Internet ? ............... 18 5. The Role Of Value Added Networks ............................ 18 5.1. What is a VAN? ................... ....................... 18 5.2. What is an Internet Service Provider (ISP)? .............. 19 5.3. How might an ISP be used for EDI? ........................ 19 5.4. Doesn't EDI presume the services of companies called Value Added Networks (VANs)? ............................. 19 5.5. If I can use X12 protocol and my VAN to send transactions, what is the benefit of using the Internet? ............................................ 20 5.6. Can we expect VANs to offer connections to other VANs via the Internet? ........................................ 20 5.7. How can I use the Internet directly for exchanging EDI messages without going through a VAN? .................... 20 5.8. Can the ISA 06 or 08 identify any entity other than the 'end' Trading Partners (i.e. a routing entity) ? ......... 21 Houser, et al Informational [Page 2]
RFC 1865 EDI Meets the Internet January 1996 5.9. Can we specify both the recipient's address and their VAN address in the ISA ? ................................ 22 5.10. Are there other options for routing EDI X12 messages ? ............................................... 22 6. US Federal Involvement ...................................... 22 6.1. What is the commitment of the US Federal Government to EDI ? ................................................ 22 6.2. What is the timetable for the Federal effort ? .......... 23 6.3. Will the US Government use the Internet to send EDI transactions ? ...................................... 23 6.4. I heard the US Government prohibited commercial use of the Internet? ........................................ 24 6.5. The US Government is using both Internet and OSI E-mail protocols. What should one consider when choosing which to use ? ................................. 24 6.6. How is the US Government using VANs to distribute business opportunities? ................................. 25 6.7. How would use of the Internet for Federal procurement change this RFQ process? ................................ 25 7. EDI Resources On The Internet ............................... 26 7.1. Are EDI Standards available on the Internet ? ........... 26 7.2. Are EDIFACT Standards available on the Internet ? ....... 28 7.3. The EDI X12 standards are quite complex. How do we decide what X12 transactions to implement and how ? ..... 29 7.4. What Implementation Conventions (ICs) are available over the Internet ? ..................................... 29 7.5. How can a trading partner keep up with all these implementation conventions (ICs) and revisions in X12 and EDIFACT? ......................................... 31 7.6 Where can I get information on EDI translation software ? ............................................... 31 7.7. How do I keep in touch with others pursuing EDI and Electronic Commerce on the Internet ? .................... 32 7.8. Can I get messages that have been previously posted to the EDI mailing lists ? ............................... 35 7.9. How do I make EDI related material available to the Internet community ? .............................. 35 7.10. Where are EDI Archives on the Internet ? ................. 35 8. Security Considerations ..................................... 36 8.1. What security measures are needed to connect to the Internet ? ............................................... 36 8.2. How do we go about protecting our system ? ............... 36 8.3. Is there good publicly available software I can use? ..... 37 8.4. How good are electronic or digital signatures ? Can they be used in court ? .............................. 38 8.5. Are there other US government standards publications I should be aware of? .................................... 38 Houser, et al Informational [Page 3]
RFC 1865 EDI Meets the Internet January 1996 9. References .................................................. 39 10. Credits .................................................... 40 11. Authors' Addresses ......................................... 41 1. Introduction 1.1. What is this document This document is informational in nature and attempts to answer frequently asked questions concerning the use of the Internet for Electronic Data Interchange (EDI). The primary audience is the EDI community that is unfamiliar with the Internet, including software developers, users, and service providers. The reader needs some understanding of EDI. Informational RFCs are prepared by the Internet Engineering Task Force (IETF) to improve understanding and effectiveness in the use of the Internet. 1.2. What do you mean by electronic data interchange (EDI) ? Except as noted, the document refers to EDI as the use of the 1) X12 standard developed by the ANSI Accredited Standards Committee X12 or 2) EDIFACT[1] standard United Nations Economic Commission for Europe (UN/ECE), Working Party for the Facilitation of International Trade Procedures (WP.4). The differences between these standards is beyond the scope of this FAQ. Both standards activities are managed in the US by: Data Interchange Standards Association, Inc, 1800 Diagonal Road, Suite 200 Alexandria, Virginia, 22314-2852 Voice: 703-548-7005 FAX: 703-548-5738 There are numerous other standards one could use for EDI, but discussion of them is not in the scope of this document. 1.3. What are the X12 Standards that I should be aware of ? ACCREDITED STANDARDS COMMITTEE (ASC) X12 Standards are available from DISA at the address specified in Question 1. The following is a good starting set of X12 standards. 1. ASC X12S/94-172, An Introduction to Electronic Data Interchange, DISA 1994 Publications Catalog Houser, et al Informational [Page 4]
RFC 1865 EDI Meets the Internet January 1996 2. ASC X12.3 Data Element Dictionary 3. ASC X12.5 Interchange Control Structure 4. ASC X12.6 Application Control Structure 5. ASC X12.22 Segment Directory 6. ASC X12.58 Security Structures 1.4. To whom do I send comments and suggestions ? Readers are invited to add questions; please include an answer if you know or want to suggest one. Of course corrections and comments are welcome; send them to the IETF-EDI mail list by subscribing as described in question 7.6. Or a send your comment to houser.walt@forum.va.gov. 1.5. How can I get a copy of this document? Request for Comments documents (RFC) are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd rfc" and then "get rfc1865.txt". A Web address for the RFC is: ftp://ds.internic.net/rfc/rfc1865.txt RFC directories are located at: o Africa at: ftp.is.co.za (196.4.160.2) o Europe: nic.nordu.net (192.36.148.17) o Pacific Rim: munnari.oz.au (128.250.1.21) o US East Coast: ds.internic.net (198.49.45.10) o US West Coast: ftp.isi.edu (128.9.0.32) RFCs are also available by mail. Send a message to: mailserv@ds.internic.net. In the body type: "FILE /rfc/rfc1865.txt" NOTE: The mail server at ds.internic.net can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e., documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Houser, et al Informational [Page 5]
RFC 1865 EDI Meets the Internet January 1996 2. General Information 2.1. What is the Internet ? It is the inter-working of existing corporate and government networks using commonly used telecommunications standards. It is not a new physical network, although some new facilities may be needed. Rather, it is based on mutual interests of users to communicate more effectively via electronic message and file transfers. Internet communications may be interpersonal (person-to-person) E-Mail or process-to-process like EDI. Messages may be inquiries to shared databases and responses. Messages may be entire files. 2.2. Is there a difference between EDI and electronic commerce (EC) ? Electronic Data Interchange (EDI) is defined as the inter-process (computer application to computer application) communication of business information in a standardized electronic form. Electronic Commerce includes EDI, but recognizes the need for inter-personal (human to human) communications, the transfer of moneys, and the sharing of common data bases as additional activities that aid in the efficient conduct of business. By incorporating a wide range of technologies, EC is much broader than EDI. However, the focus of this document in on EDI, not electronic commerce. 2.3. What makes the Internet useful for EDI ? The greatest benefits will derive from: o Adoption of common standards and proven inter-operable systems, o Adoption and deployment of a distributed Directory Service capability, so that one can readily contact electronically any other organization in the world. o Explicit commitment by participating organizations to cooperatively route traffic, work to resolve addresses, and meet required standards. o Ubiquitous network coverage from many service providers. This allows the customer to choose the level of service needed. o Layering of applications (such as EDI) over existing, proven, applications. o A standards process with reference implementations which all vendors have equal access. (a.k.a. a level playing field). Houser, et al Informational [Page 6]
RFC 1865 EDI Meets the Internet January 1996 o Widely available public domain software including but not limited to applications, protocol/transports and multiple platform development tools. 2.4. Does this means we will now have to coordinate our EC/EDI activities with the Internet? The Internet is not an organization or government agency. You use the Internet to do business like you would use the telephone. The same Internet connection your organization uses to send electronic mail would be the one you use to send EDI transactions. Software developers write EDI translators, packages or templates for your e- mail system so that you can handle your own EDI transactions. Your EDI activities do not need to be coordinated, but your connection to the Internet does. 2.5. How do I find the addresses of other Trading partners on the Internet if I don't have to coordinate my EDI activities with a central organization or VAN? The Internet works by assigning names or "domains" to networks/companies/machines. This is called the Domain Name Service (DNS). It works from a distributed tree structure. The Internet requires registration of your Internet Protocol (IP) address and Domain Name in the Domain Name Service (DNS). Your internet service provider can do this for you or assist you in contacting the right people to get your assigned addresses and domain names. 2.6. How fast is the Internet? For a modest amount of data with a dedicated connection, a message transmission would occur in a matter of seconds, unless the ISP selected one of the trading partners is overloaded. The maximum delay over the internet backbones is at most a few seconds. Like the interstate highway system, speed depends on how close you and your trading partner are to Internet backbones. Unfortunately, some areas may lack the capacity or "bandwidth" to handle the workload your organization requires. Contact your local Internet Service Provider for details on service in your area. Also, the more you are willing to spend, the better the service. The Internet is inexpensive, but (contrary to popular mythology) it is not free. 2.7. What about reliability of the Internet? For high reliability mission critical applications, redundant ISPs may be used (with separate backbones), and redundant mail servers at separate locations can be used. A single internet email or server address can be used to transparently route to any of the redundant Houser, et al Informational [Page 7]
RFC 1865 EDI Meets the Internet January 1996 servers or network connections. If a dedicated Internet connection is used to transmit information, e.g., via SMTP (see questions 3.2 and 3.5), then the message is delivered directly to the trading partner's system and delivery is assured. If a part time store and forward connection is used, then the integrity of the message depends on the ISP or other computers used in the forwarding of a message. 2.8. What are RFCs and where can I get them ? RFC stands for Request For Comments. The RFC series of notes covers a broad range of topics related to computer communications. The core topics are the Internet and the TCP/IP protocol suite. There are three categories of RFCs today, Standards Track, Informational, or Experimental. Many of the RFCs describe de-facto standards in the Internet Community. Copies of RFCs are often posted to the USENET newsgroup comp.doc and obtainable from archive sites such as ds.internic.net. ftp://ds.internic.net/rfc/ 2.9. Where can I get general information about the Internet? Your local bookstore probably has one of the many recent introductory publications on the Internet. In addition, look for (or have someone get you) the following bibliographies for free: RFC 1175 Bowers, K., LaQuey, T., Reynolds, J., Roubicek, K., Stahl, M., and A. Yuan, "FYI on Where to Start - A Bibliography of Internetworking Information", 08/16/1990 (FYI 3) ftp://ds.internic.net/rfc/rfc1175.txt RFC 1463 Hoffman, E., and L. Jackson, "FYI on Introducing the Internet -- A Short Bibliography of Introductory Internetworking Readings for the Network Novice", 05/27/93 (FYI 19) ftp://ds.internic.net/rfc/rfc1463.txt The reader may want to look at the Frequently Asked Questions (FAQ) document for the newsgroup alt.internet.services. This FAQ, as well as all Usenet FAQs, can be retrieved via ftp from rtfm.mit.edu in the directory /pub/usenet/news.answers. These FAQs are also available Houser, et al Informational [Page 8]
RFC 1865 EDI Meets the Internet January 1996 from ftp.sterling.com in the directory /usenet/news.answers. 3. Getting Connected To The Internet 3.1. What do I need to get to use the Internet? You need to know your existing telecommunications connectivity, address resolution, and routing capabilities. Then you need to establish and operate an Electronic Mail gateway and/or other application gateway, e.g., for the file transfer protocol (FTP). Larger organizations may supply their trading partners with the TCP/IP software and X12 translator interfaced to E-mail or FTP. 3.2. What software is used to support electronic mail? a) Simple Mail Transfer Protocol (SMTP) Servers A dedicated internet connection usually uses SMTP software to send and receive messages. The SMTP server may transfer messages to the "spool" area for incoming email in the file system, may queue the messages for transmission via UUCP, may hold mail in a POP server, or may transfer the message to a proprietary email system. b) Unix-to-Unix Copy (UUCP) Servers A UUCP server is used to transfer messages when a store and forward is used, either between machines within a WAN, or to another machine with a dialup link. c) Post Office Protocol (POP) mail Servers A POP server holds email which can later be retrieved by a client application run by the user, typically on a PC which might not be running 24 hours a day. The TCP/IP protocol is used either over a LAN or dialup SLIP connection to retrieve messages. d) Mail User Agents (Mail Readers) Uses or applications employ client programs to retrieve and display email messages from the file system mail spool area, or from another server computer using POP or some other proprietary protocol (e.g. Microsoft-Mail). This mail user agent (UA) software is also used to compose and send email via a POP server or system email. The mail user agent may also process attached files using a proprietary format within a mail message, using one of the common de-facto standards, or using the Multipurpose Internet Mail Houser, et al Informational [Page 9]
RFC 1865 EDI Meets the Internet January 1996 Extensions (MIME) internet standard. Among other things, MIME permits the identification and concatenation of message parts (called "body parts") into a single message that can traverse the Internet using the SMTP protocol. The Work in Progress, "EDI in MIME" provides the necessary standards for MIME compliant user agents to identify EDI body parts. A MIME compliant mail reader can process the contents of the messages and dispatch data to external software. For example, files can be dragged to file system directories, images can be displayed, and audio data can be played. In the case of EDI, a message formatted according to the MIME-EDI specification could be automatically transferred to an EDI processing program. e) Automated Mail Processing A typical Mail User Agents is an interactive application. However there are automated email message processing programs which can sort incoming mail, process forms returned by others, or in the case of EDI data, transfer the message contents to the EDI system. Messages formatted according to the MIME EDI specification can be properly recognized by any MIME compliant mail processing program. 3.3. What types of client-server or server-server protocols exist on the Internet? Internet email is typically used for two party messaging. The FTP, gopher, and HTTP protocols allow many users, possibly anonymous, to retrieve data from a central source. For example, corporate catalogs can be restricted by potential customers. a) File Transfer Protocol (FTP) Companies with existing connectivity to the Internet may use FTP to transfer files to one-another or to their VAN. This solution employs the same TCP/IP used for SMTP. Furthermore, Internet documents such as EDI in MIME Work in Progress are available via FTP on the FTP server "ds.internic.net." b) gopher service protocol. Gopher service is a way of organizing selected documents and files on an Internet server in a simple tree menu, so that users on other Internet computers can find them easily. Most gopher menus are also linked to other gopher menus elsewhere, so that users can easily jump from one Internet server to another. There are thousands of gopher servers in operation worldwide. Houser, et al Informational [Page 10]
RFC 1865 EDI Meets the Internet January 1996 c) The Hypertext Transfer Protocol (HTTP) HTTP defines http-server and http-clients that comprise the World Wide Web (WWW). WWW was developed by the European Laboratory for Particle Physics (CERN) as a tool for exchanging multimedia data between researchers. Although there is also no specification for graphics in HTTP, most web browsers are graphical in nature. Mosaic, available free from the National Center for Supercomputer Applications (NCSA), provides a Graphical User Interface (GUI) that facilitates user access to information on the Internet. Mosaic interprets hypertext based information on the WWW, as well as to other linked Index/Directory services such as Archie, FTP, Gopher, and X.500 Directory information. Mosaic also supports on line Graphic Interchange Format (GIF), Joint Photographic Experts Group (JPEG), Motion Picture Experts Group (MPEG), QuickTime, and other document, image, and audio types. Vendors have developed product catalogues using Mosaic servers. d) WHOIS WHOIS servers generally offer information about the organization to which they belong. There are many WHOIS servers scattered throughout the Internet. To obtain a list of registered WHOIS servers, anonymous FTP to rtfm.mit.edu and get the file /pub/whois/whois-servers.list. You can: o run a client program on your own machine to access the WHOIS server, o telnet to a site which hosts the server, eg: telnet to whois.internic.net and type help to access the full online help o send an email message to retrieve information from the database. eg: send email to mailserv@internic.net with a command in the Subject field. Any information in the body part of message will be ignored. ie. Subject: whois <search string> Therefore, to find information on the Internic Registration Service, the subject should contain: whois internic Moreover, to obtain help information on this service you can send two separate email with the following in their subject line, respectively: Houser, et al Informational [Page 11]
RFC 1865 EDI Meets the Internet January 1996 help whois help 3.4. What methods exist to broadcast information across the Internet? There are also some usual methods to broadcast messages to multiple recipients as described below: a) Usenet News Usenet news is a cooperative broadcast of messages to all participants. Messages are organized into categories called newsgroups, and there are over 10,000 newsgroups carried by the major ISPs. Individual customers typically subscribe to some subset of these which is of interest to the organization. Messages are typically held for a week or two, then either archived or discarded. Some newsgroups are free form, i.e. anyone can post a message, while others are "moderated", i.e. require approval prior to posting. Though not currently used for any type of EDI, Usenet news could be used to broadcast RFQs. For example, comp.newprod is used to announce new products, and misc.jobs.wanted is used to announce job openings. b) Mailing Lists If the interest is limited, a mailing list may be used in lieu of a newsgroup. These are typically used for discussion groups or announcements of a particular nature. Mailing lists are typically open, i.e. anyone can "subscribe" by sending an email message to a server. For discussion groups, anyone can send a message to the server which is then rebroadcast to all subscribers. Since Internet email is extremely inexpensive, there is normally no charge for use of a mailing list, except for the content of e-magazines, etc. Sponsors of an email list typically provide the list as a public service. For example, a mailing list could be used to broadcast EDI RFQs, etc. Vendors might subscribe to various lists related to their product or service in order to receive messages sent by potential customers. Mailing lists could be provided by large companies for internal use, by industry organizations, or VANs. For example, a firm or government agency could sponsor various mailing lists for EDI RFQ's, new product announcements, etc. related to procurement. The organization could easily allow other potential customers to use the same mailing lists to contact vendors. All parties would benefit, and the improved access to vendors from an open mailing Houser, et al Informational [Page 12]
RFC 1865 EDI Meets the Internet January 1996 list would more than offset the cost to support the mailing list server. Thus service might be available for free. 3.5. What are the ways to connect to the Internet ? The following provides a general overview of connectivity options now available: a) Dedicated Connection Typically a leased telephone line is used to connect a gateway computer or Typically a leased telephone line is used to connect a gateway computer or bridge/router of a corporate LAN/WAN to the router of the Internet Service Provider's (ISP) Point-Of-Presence (POP, not to be confused with the Post Office Protocol). The connection may be of various types and speeds, e.g. modem, ISDN, DS0, or DS1 line. With a dedicated connection, the SMTP protocol is typically used to deliver email directly to a trading partners system. Also, real-time client server applications can be run directly with a trading partners system, including information transferred using the FTP and HTTP protocols. Some ISPs provide optional services even with dedicated connections. For example, store and forward email on an ISP server can be used as a backup for a direct SMTP server operated by a trading partner. The ISP may offer disk space on their FTP and HTTP servers with a high speed connection to the Internet. For example, a trading partner might use a 14.4Kb modem for dedicated email transfers and use a 1.5Mb connection operated by the ISP to distribute FTP and HTTP information. b) On-demand Connection An on-demand connection operates like a dedicated connection, except a dialup ISDN or modem connection is used. If the link remains idle for a certain period of time, the connection is dropped. Some ISPs offer dial-out capability so any inbound or outbound traffic can reestablish the link. However, many ISPs require their customers to dial-in, so only outbound traffic and regular polling will establish the link. In the latter case, store and forward would likely be used for email, and the ISP servers would be used for FTP and HTTP information. Houser, et al Informational [Page 13]
RFC 1865 EDI Meets the Internet January 1996
RFC 1865 EDI Meets the Internet January 1996 menu item, then Publications, and then select a version of the Implementation Guide. Note that guidelines are sometimes referred to by the release/version designation (currently 3040). The Defense Information Systems Agency (DISA) Center for Standards is the designated configuration manager for DoD Electronic Commerce/Electronic Data Interchange (EC/EDI) standards. The DoD EC/EDI Standards repository system, available via anonymous FTP from ftp.sterling.com in the /edi/DoD-edi/ directory, contains DoD EDI ICs separated into two categories, User and Test. ftp://ftp.sterling.com/edi/DoD-edi/ Test conventions are identical to User, except that the condition designator for all applicable transaction sets, data segments and data elements used by that convention are designated as Mandatory for test purposes. Implementation convention files, both user and test versions, can be downloaded either individually or all together in compressed self-extracting files. All the implementation files are available, when decompressed, in both WordPerfect 5.1/5.2 (.WP) file format and Standard Exchange Format (SEF) test files which are for use with EDISIM software or any other EDI software that conforms with the EDISIM .SEF file format. The /DoD-edi/2003_User & _Test directories contain draft DoD Implementation Conventions based on ANSI X12 Version 2 Release 3 (2003): 840 Request for Quotation 843 Response to Request for Quotation 850 Purchase Order 997 Functional Acknowledgement The /DoD-edi/3010_User & _Test directories contain draft DoD Implementation Conventions based on ANSI X12 Version 3 Release 1 (3010): 810 Invoice: 810 Commercial 810 Progress Payment 810 Public Voucher 840 Request for Quotation 843 Response to Request for Quotation 850 Purchase Order 997 Functional Acknowledgement Additional 2003 and 3010 based conventions may be added in the near future. 3010 based conventions will never progress to approved Houser, et al Informational [Page 30]
RFC 1865 EDI Meets the Internet January 1996 status but will be used temporarily by various DoD agencies to implement phase I of the DoD Electronic Commerce (EC)/Electronic Data Interchange (EDI) in Contracting Report. The /DoD-edi/3050_User directory contains draft DoD Implementation Conventions based on ANSI X12 Version 3 Release 5 (3050): 840 Request for Quotation 843 Response to Request for Quotation 850 Purchase Order 855 Purchase Order Acknowledgement 860 Purchase Order Change Request - Buyer Initiated 865 Purchase Order Change Acknowledgement/Request - Seller Initiated Note that the ICs in the /DoD-edi/3050_USER directory were developed as a means to express DOD requirements for an ANSI X12 3050 based transaction set. They are not approved for implementation. They have been submitted to the Federal IC configuration management process for adoption throughout the federal government. Since they are subject to Federal review and are based upon a standard not yet released, changes can be anticipated. (See ECA PMO above) 7.5 How can a trading partner keep up with all these implementation conventions (ICs) and revisions in X12 and EDIFACT? The US government is trying to standardize electronic communications internally and with it's 300,000 plus suppliers. This requires standardization of the standards process and cross communication between programs. The IMPDEF message and the NIST Federal IC Registry will place electronic versions of all its ICs on the Registry - both full federal ICs and individual agency ICs - so that any trading partner can download and use them. In combination with message data compliance checking as well, smaller firms should be able to get into EDI and start benefitting both themselves and the government. 7.6. Where can I get information on EDI translation software ? Several commercial trade magazines publish periodic guides to EDI translation software. Under commission by the US Government, the Logistics Management Institute (LMI) of McLean, Va. published "A Guide to EDI Translation Software, 1994 Edition." The guide describes the features and characteristics of EDI software offered by more than 60 vendors. Commercial organizations can get copies for $20 each by sending a check made out to the Logistics Management nstitute. Federal agencies may have up to five free copies by sending requests to Houser, et al Informational [Page 31]
RFC 1865 EDI Meets the Internet January 1996 Logistics Management Institute Attn. Library 2000 Corporate Ridge McLean, Virginia, 22102-7805 You can fax a typed request to the LMI library at (703) 917-7597 or send a request to library@lmi.org. Requests for hard copies of the Guide must include the requester's name, organization, address, telephone number, and number of copies desired. All requests should cite Report IR421RD1. If you have questions about the Guide, you can contact the author, Harold Frohman, at (703) 917-7286 or send him an Internet message at hfrohman@lmi.org. A somewhat older LMI report (1992), but still quite relevant, is EDI Planning and Implementation Guide (DL204RD1, August 1992). 7.7. How do I keep in touch with others pursuing EDI and Electronic Commerce on the Internet ? There are several EDI related mailing lists on (and off) the Internet. Information on subscription follows below. ---------------------- IETF-EDI Mailing list: ---------------------- The IETF-EDI list has been established as a forum for discussing methods of operating EDI transactions over the Internet, and for discussing specifications which permit such operation. This list is therefore focused on the technology of Internet usage of EDI, rather than on more general aspects of EDI technology or use. To subscribe, send an e-mail message to: LISTSERV@BYU.EDU. The text of the message should only contain the following: sub ietf-edi <your-name> Messages intended for the ietf-edi list should be sent to: IETF-EDI@BYU.EDU. Houser, et al Informational [Page 32]
RFC 1865 EDI Meets the Internet January 1996 ------------------- EDI-L Mailing list: ------------------- The EDI-L list is target towards more general EDI discussions. The edi-l mailing list is also gatewayed to the USENET newsgroup bit.listserv.edi-l. To subscribe, send an e-mail message to: listserv@uccvma.ucop.edu The text of the message should only contain the following: subscribe edi-l <your-name> Messages intended for the edi-l list should be sent to: EDI-l@uccvma.ucop.edu --------------------- EDI-NEW Mailing list: --------------------- This list complements ietf-edi in the sense that it promotes discussion of new approaches to edi and the extension of edi beyond its traditional domains. To subscribe, send an e-mail message to: edi-new-request@tegsun.harvard.edu The text of the message should only contain the following: subscribe edi-new <your-name> Messages intended for the edi-new list should be sent to: edi-new@tegsun.harvard.edu Houser, et al Informational [Page 33]
RFC 1865 EDI Meets the Internet January 1996 ---------------------- SPEEDE-L Mailing list: ---------------------- The main purpose of this list is for discussions of Educational EDI Standards. To subscribe, send an e-mail message to: listserv@vtvm1.cc.vt.edu The text of the message should only contain the following: SUBSCRIBE SPEEDE-L firstname lastname Messages intended for the speede-l list should be sent to: speede-l@vtvm1.cc.vt.edu ---------------------- OPEN-EDI Mailing list: ---------------------- The main purpose of this list is for UN/EDIFACT users to review the work of JTC1/SC30. To subscribe, send an e-mail message to: majordomo@utu.premenos.com The text of the message should only contain the following: subscribe open-edi Messages intended for the open-edi list should be sent to: OPEN-EDI@utu.premenos.com ------------------ ECAT Mailing list: ------------------ The Federal Electronic Commerce for Acquisition Team (ECAT) has established an open mail list for those interested in ECAT activities. Houser, et al Informational [Page 34]
RFC 1865 EDI Meets the Internet January 1996 Information sent to the forum address is automatically distributed to all forum members. This forum is available 24 hours a day, 7 days a week. Currently, only ASCII text messages up to 250kb are supported. For best results when sending messages to this forum, each line should be limited 70 characters followed by a carriage return. Also, your name and email address should be included in the body of messages sent. To subscribe, send an e-mail message to: listserv@forums.fed.gov The text of the message should only contain the following: subscribe ecat firstname lastname Messages intended for the ECAT list should be sent to: ECAT@forums.fed.gov. 7.8. Can I get messages that have been previously posted to the EDI mailing lists ? Yes. Messages that have appeared on the ecat, edi-l, edi-new, fed- reg, x12c-impdef and ietf-edi list are available via FTP from ftp://ftp.sterling.com/edi/lists/ 7.9. I have EDI related material I'd like to make available to the Internet community. How do I do that ? If you have an existing Internet connected site, you can make the information available via FTP or WWW. If you do not wish to go to the effort, send mail to Kent Landfield at edi-archive@sterling.com Sterling Software is making the archive publicly available to the community. Anyone who wants to distribute EDI related documents may contact Sterling to make your documents publicly available on ftp.sterling.com. For example, the Department of Veterans Affairs has posted numerous studies and training materials on EDI which are available to the public at ftp.sterling.com/edi/va/. 7.10. Where are EDI Archives on the Internet ? Some have been discussed previously while others have not. Here is a very incomplete list of sites that archive EDI related material and Houser, et al Informational [Page 35]
RFC 1865 EDI Meets the Internet January 1996 make that information publicly available. o ftp://admissions.carleton.ca/pub/ o ftp://ds.internic.net/ietf/edi/ o ftp://ds.internic.net/pub/ecat.library/ o ftp://ftp.sterling.com/edi/ o ftp://ftp.swin.edu.au/pub/edi/ o ftp://prospero.isi.edu/pub/papers/security/ o ftp://turiel.cs.mu.oz.au/pub/edi/ o http://snad.ncsl.nist.gov/dartg/edi/fededi.html o http://waltz.ncsl.nist.gov/ECIF/ecif.html o http://www.disa.org/ o http://www.acq.osd.mil/ec/ o http://www.ietf.cnri.reston.va.us/ o http://www.premenos.com/standards/EDIStandards.html 8. Security Considerations 8.1. What security measures are needed to connect to the Internet ? Internet security measures can be placed in two broad categories: protecting your system from intruders and protecting the content and integrity of your messages. With respect to the latter, EC/EDI transactions of nominal value and sensitivity do not require special security requirements. However, if the information has any sensitive aspects, you will need to take measures discussed below. Competitors might intercept your bids and undercut your proposal. Or they could monitor your purchases and shipping notices to determine your firm's production capacity. To ensure confidentiality of the message, your e-mail system should offer some means of encrypting the message in a manner only the intended recipient can read. Trading partners are responsible for satisfying existing rules and regulations relating to computer security and privacy. For example, bid data received by government systems is subject to the appropriate controls. Trading partner financial account data is likewise subject to disclosure restrictions. To thwart those who might tamper with a message to divert delivery by changing the "ship-to" address, digital signatures can attest to the integrity of the message. Digital signatures can also authenticate messages, preventing pranksters or rivals from submitting false orders. 8.2. How do we go about protecting our system ? The weakest link in most systems are people and passwords; your current practices for managing both will apply to use of the Internet. Steps you can take include: Houser, et al Informational [Page 36]
RFC 1865 EDI Meets the Internet January 1996 o Obtain, study, implement, and enforce the NIST FIPS (112) on passwords. Make the practice of safe computing a condition of continued employment and let your staff know it. o Conduct a risk assessment as described in Appendix M of the Federal Electronic Commerce for Acquisition Team report Streamlining Procurement Through Electronic Commerce. This documents is available via ftp at ds.internic.net in the directory /pub/ecat.library. o Apply the recommendations from NIST Special Publication 800-9, Good Security Practices for Electronic Commerce, Including Electronic Data Interchange as appropriate. o Establish necessary internal and external "Firewalls." See John Wack and Lisa Carnahan, "Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls," NIST Special Publication 800-10, undated. o Review RFC 1281[4] Guidelines for the Secure Operation of the Internet and RFC 1244 Holbrook and Reynolds "Site Security Handbook" o Review Cheswick and Bellovin's "Firewalls and Internet Security - Repelling the Wily Hacker," Addison-Wesley [5] o Consider implementing active countermeasures in your firewalls. See "There Be Dragons" by S. Bellovin, Proceedings of the Third Usenix UNIX Security Symposium, September 1992[6]. You can contact Bellovin at smb@ulysses.att.com. 8.3. Is there good publicly available software I can use? These are several free, publicly available, security tools one can obtain via ftp from one of many good archives. If your company uses UNIX systems to connect to the Internet or has UNIX systems connected to the Internet get and use the following tools: 1. The Purdue University COAST - Security Archive (Computer Operations, Audit, and Security Tools, run by Gene Spafford) is located at coast.cs.purdue.edu and mirrored in a few places, including ftp.sterling.com. 2. COPS available from ftp.cert.org in /pub/tools 3. TIGER available from net.tamu.edu in pub/ These tools are a series of scripts and programs that will alert you to many well-know problems and holes in UNIX systems and how to fix them. Houser, et al Informational [Page 37]
RFC 1865 EDI Meets the Internet January 1996 The Computer Emergency Response Team (CERT) at Carnegie Mellon University can assist with computer break-ins as well as provide notices of security activity on the Internet. The US Department of Energy's Computer Incident Advisory Capability (CIAC), located at Lawrence Livermore National Laboratory, can provide assistance at ciac@llnl.gov or at 510-422-8193. CIAC offers software and documents on their anonymous ftp server at ciac.llnl.gov. Both CERT and CIAC are members of the Forum of Incident Response and Security Teams (FIRST), a global organization to foster cooperation and coordination among computer security teams worldwide. 8.4. How good are electronic or digital signatures ? Can they be used in court ? Properly used, these signature systems are better than existing paper based authentication and forgery detection technology. You will find a clear and concise description of how these signatures work in Gary Ratterree's RIPEM Beginner's Guide; contact Ratterree at grayr@cs.tamu.edu. Other references include: ftp://ftp.tis.com/pub/PEM/ for Privacy Enhanced Mail ftp://ftp.rsa.com/ for PEM ftp net-dist.mit.edu:/pub/PGP for Pretty Good Privacy (PGP) An "infrastructure" for public keys is not required to use public key encryption or digital signatures. In the absence of such an infrastructure, the encryption protocol and the public keys would need to be exchanged bilaterally, such as part of the trading partner agreement. A public key infrastructure would provide a secure means to obtain a public key without a need for a manual key exchange. But digital techniques will become more convenient with the arrival of additional infrastructure and support systems. The US government is taking steps to ensure the admissibility in court of such systems. We anticipate that the necessary regulatory and legal infrastructure will be in place about the same time as the necessary directory and certificate services and other supporting systems come on-line. We expect to see expansion of several government pilot programs in the later half of 1994. NIST recently published a report on the Public Key Infrastructure (PKI) and related policy issues; for information contact the NIST Computer Security Division at 301-975-2934. 8.5. Are there other US government standards publications I should be aware of? Yes. Here is a sample of those you will often hear mentioned. Houser, et al Informational [Page 38]
RFC 1865 EDI Meets the Internet January 1996 1. Federal Information Processing Standard (FIPS) Publication 46-1, Data Encryption Standard, January 1988. 2. FIPS Publication 65, Guideline for Automated Data Processing Risk Analysis, August 1979. 3. FIPS Publication 113, Computer Data Authentication, May 1985. 4. FIPS Publication 180, Secure Hash Standard - (SHS), May 1993. 5. FIPS Publication 186, Digital Signature Standard - (DSS), May 1994. 6. NIST Special Publication 800-9, Good Security Practices for Electronic Commerce Including Electronic Data Interchange, December 1993. The FIPS standards may be ordered from the U.S. Department of Commerce National Technical Information Service Springfield, VA 22161. 9. References [1] UN/EDIFACT (Electronic Data Interchange for Administration, Commerce and Transport) Syntax Rules (ISO 9735), March 1993, United Nations Economic Commission for Europe (UN/ECE), Working Party for the Facilitation of International Trade Procedures (WP.4) [2] FIPS Publication 161-1, Electronic Data Interchange (EDI), National Institute of Standards and Technology, April 1993. [3] The Internet Message: Closing the book with electronic mail, Marshal T. Rose., Prentice Hall, Englewood Cliffs, New Jersey, 1993 [4] Pethia, R., Crocker, S., and B. Fraser, "Guidelines for the Secure Operation of the Internet", RFC 1281, Software Engineering Institute, Trusted Information Systems, Inc., Software Engineering Institute, November 1991 [5] Firewalls and Internet Security - Repelling the Wily Hacker, by Cheswick and Bellovin, Addison-Wesley, 1994, ISBN 0-201-63357-4 Houser, et al Informational [Page 39]
RFC 1865 EDI Meets the Internet January 1996 [6] There Be Dragons, S. Bellovin, Proceedings of the Third Usenix UNIX Security Symposium, Baltimore, Maryland, September 1992. USENIX Association, ISBN 1-880446-46-4 10. Credits James A.(Artch) Griffin <artch@AGRIFFIN.CPCUG.ORG> is credited with co-authorship as he prepared the ECAT FAQ which I used (or perhaps abused) as the base document. Artch was judicious and patient as he watched his original text being rewritten over and over. Carl Hage contributed detailed explanations and clarifications of the various Internet protocols and services and how EDI can employ them. I would like to thank the following people for their comments and specific contributions: Kent Landfield, Mike Bauer, Kit Lueder, Eric Christ, Betsy Bainbridge, Bob Lyons, Kirby Spencer, Sally Hambridge, Ed Levinson, Warren Smith, Steve Bass, Jerry Johnson, Randy VandenBrink, John Pillay, Jim W.C. Smith, Mark Charles, Jean- Philippe Favreau. I apologize if I omitted any one of the many folks who responded to my many calls for comments. I greatly appreciate Kent Landfield for his editorial assistance during final preparation of this document. Sterling Software graciously hosted the work in progress for ftp access and review, saving many bits of Internet SMTP traffic. Finally, I am grateful for the patient cooperation of the IETF Working Group and the participants of the IETF-EDI and EDI-L lists. It's a nice cyberplace to work! WRH, Washington, DC. Houser, et al Informational [Page 40]
RFC 1865 EDI Meets the Internet January 1996 11. Authors' Addresses Walter Houser Department of Veterans Affairs 810 Vermont Avenue Washington DC, 20240 Phone: 202-786-9572 EMail: houser.walt@forum.va.gov houser@cpcug.org http://www.va.gov/



Back to RFC index

 

Associates:

 



Sponsered-Sites:

Register domain name and transfer | Cheap webhosting service | Domain name registration

 

 

""