Lessons Learned from the Evolution Lessons Learned from the Evolution of eB/eG Secure Communication—of eB/eG Secure Communication—

What Does the Future Hold?What Does the Future Hold?

Rik Drummond,

CEO,

Drummond Group Inc.

www.oasis-open.org

Agenda Business to Business (B2B) versus Business to

Consumer (B2C) Lessons learned from other Secure Messaging

Standards Lessons Learned from the Evolution of B2B

communication Software Quality Assurance testing versus

Interoperability Testing Why is B2B Interoperability Certification Critical? Enter Web services B2B Challenges of Web services B2B Analysis of these issues for future Role of interoperability testing: Web services

Lessons Learned from the Evolution of B2B

communication

B2B communication differs greatly from B2C communication

SMTP and HTTP evolved through B2C communication

B2C has a human in the loop to catch errors – B2B is connecting back office systems WITHOUT human intervention

B2B processes thousands of transactions worth billions of dollars

A single failure could cost thousands of dollars to repair

Reliable, seamless security handshake is critical

Lessons Learned from the Evolution of B2B communication

The goal is cross-industry adoption for most B2B communication, but it is difficult:

RNET – is difficult to implement, little cross-industry adoption

ebMS – ebXML had slow adoption in the early days because of market confusion – is this for small or large companies? But it has turned the corner!

AS2 – had the luxury of a big user to drive adoption and interoperability certification

Lessons Learned from the Evolution of B2B communication

Evolution of new products takes 18-24 months with the right conditions

Syntax, semantics and choreography must be consistently defined in products

Chicken or the egg problem slows adoption: If we build the software, will they come to buy it? Or, if we have a user need, will the software built be able to fix the problem and work with everyone else?

Interoperability certification is critical for B2B messaging

Software Quality Assurance testing versus Interoperability

testing Software is internally developed through QA

testing against a test platform This is conformance testing Because of the financial impact of B2B

messaging, there is another level of assurance needed: interoperability testing

This extends the QA testing to ensure that product will test against other products utilized in the field

Why is B2B Interoperability Certification Critical?

Interoperability B2B certification is critical: Standards have holes Allows software companies to extend their QA

process to test against other companies Critical security testing Neutrality – every vendor is treated equally Choice of certified products that work together Drives standard adoption

The New Kid on the block: Web services B2B

Provides a flexible and extensible platform for messaging

Supports application-level conversations between entities distributed over a network

Handles EDI, XML (like AS2) and more complex styles of “query-and-response” and “document-push” messaging

Supports integration with identity management (SAML) and “circle of trust” infrastructures to secure access control

Most common technology stack found in Service-Oriented Architectures

Challenges of Web services

Same challenges as in generic B2B Security toolkits & certificate exchange Compression New products, versions changing as

standards evolve Number of open source products developed

for B2C Immature interoperability Standards overload A robust Web services B2B profile must

compose many standards

Analysis of future issues

Support of security tokens beyond X.509 increases toolkit complexity

Political obstacles with respect to Web services still hinder standardization and platform neutrality

Support of complex B2B conversational choreographies increased the complexity of interoperability testing

Developing a robust B2B Web services profile involves a “supermarket shopping” mentality with regards to standards

Web Services B2B Interoperability Testing

A robust business-level Web services profile aimed at engaging B2B use cases is critical – With vendors and end users, DGI is driving development

Interoperability testing hand-in-hand with profile development is “critical” to adoption and market growth

Supply chains more likely to adopt standard and implement software once products are tested, certified to be interoperable

Drummond Certified Test runs May 14 – June 29 Test results will be announced in July/August

2007

Questions?

www.drummondgroup.com info@drummondgroup.com

© 2007 All rights reserved.