Lessons Learned from the Evolution of eB/eG Secure Communication—What Does the Future Hold? Rik...
-
Upload
lynne-heath -
Category
Documents
-
view
215 -
download
0
Transcript of Lessons Learned from the Evolution of eB/eG Secure Communication—What Does the Future Hold? Rik...
Lessons Learned from the Evolution Lessons Learned from the Evolution of eB/eG Secure Communication—of eB/eG Secure Communication—
What Does the Future Hold?What Does the Future Hold?
Rik Drummond,
CEO,
Drummond Group Inc.
www.oasis-open.org
Agenda Business to Business (B2B) versus Business to
Consumer (B2C) Lessons learned from other Secure Messaging
Standards Lessons Learned from the Evolution of B2B
communication Software Quality Assurance testing versus
Interoperability Testing Why is B2B Interoperability Certification Critical? Enter Web services B2B Challenges of Web services B2B Analysis of these issues for future Role of interoperability testing: Web services
Lessons Learned from the Evolution of B2B
communication
B2B communication differs greatly from B2C communication
SMTP and HTTP evolved through B2C communication
B2C has a human in the loop to catch errors – B2B is connecting back office systems WITHOUT human intervention
B2B processes thousands of transactions worth billions of dollars
A single failure could cost thousands of dollars to repair
Reliable, seamless security handshake is critical
Lessons Learned from the Evolution of B2B communication
The goal is cross-industry adoption for most B2B communication, but it is difficult:
RNET – is difficult to implement, little cross-industry adoption
ebMS – ebXML had slow adoption in the early days because of market confusion – is this for small or large companies? But it has turned the corner!
AS2 – had the luxury of a big user to drive adoption and interoperability certification
Lessons Learned from the Evolution of B2B communication
Evolution of new products takes 18-24 months with the right conditions
Syntax, semantics and choreography must be consistently defined in products
Chicken or the egg problem slows adoption: If we build the software, will they come to buy it? Or, if we have a user need, will the software built be able to fix the problem and work with everyone else?
Interoperability certification is critical for B2B messaging
Software Quality Assurance testing versus Interoperability
testing Software is internally developed through QA
testing against a test platform This is conformance testing Because of the financial impact of B2B
messaging, there is another level of assurance needed: interoperability testing
This extends the QA testing to ensure that product will test against other products utilized in the field
Why is B2B Interoperability Certification Critical?
Interoperability B2B certification is critical: Standards have holes Allows software companies to extend their QA
process to test against other companies Critical security testing Neutrality – every vendor is treated equally Choice of certified products that work together Drives standard adoption
The New Kid on the block: Web services B2B
Provides a flexible and extensible platform for messaging
Supports application-level conversations between entities distributed over a network
Handles EDI, XML (like AS2) and more complex styles of “query-and-response” and “document-push” messaging
Supports integration with identity management (SAML) and “circle of trust” infrastructures to secure access control
Most common technology stack found in Service-Oriented Architectures
Challenges of Web services
Same challenges as in generic B2B Security toolkits & certificate exchange Compression New products, versions changing as
standards evolve Number of open source products developed
for B2C Immature interoperability Standards overload A robust Web services B2B profile must
compose many standards
Analysis of future issues
Support of security tokens beyond X.509 increases toolkit complexity
Political obstacles with respect to Web services still hinder standardization and platform neutrality
Support of complex B2B conversational choreographies increased the complexity of interoperability testing
Developing a robust B2B Web services profile involves a “supermarket shopping” mentality with regards to standards
Web Services B2B Interoperability Testing
A robust business-level Web services profile aimed at engaging B2B use cases is critical – With vendors and end users, DGI is driving development
Interoperability testing hand-in-hand with profile development is “critical” to adoption and market growth
Supply chains more likely to adopt standard and implement software once products are tested, certified to be interoperable
Drummond Certified Test runs May 14 – June 29 Test results will be announced in July/August
2007