1 / 12

Lessons Learned from the Evolution of eB/eG Secure Communication—What Does the Future Hold?

www.oasis-open.org. Lessons Learned from the Evolution of eB/eG Secure Communication—What Does the Future Hold?. Rik Drummond, CEO, Drummond Group Inc. Agenda. Business to Business (B2B) versus Business to Consumer (B2C) Lessons learned from other Secure Messaging Standards

shira
Download Presentation

Lessons Learned from the Evolution of eB/eG Secure Communication—What Does the Future Hold?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. www.oasis-open.org Lessons Learned from the Evolution of eB/eG Secure Communication—What Does the Future Hold? Rik Drummond, CEO, Drummond Group Inc.

  2. Agenda • Business to Business (B2B) versus Business to Consumer (B2C) • Lessons learned from other Secure Messaging Standards • Lessons Learned from the Evolution of B2B communication • Software Quality Assurance testing versus Interoperability Testing • Why is B2B Interoperability Certification Critical? • Enter Web services B2B • Challenges of Web services B2B • Analysis of these issues for future • Role of interoperability testing: Web services

  3. Lessons Learned from the Evolution of B2B communication B2B communication differs greatly from B2C communication • SMTP and HTTP evolved through B2C communication • B2C has a human in the loop to catch errors – B2B is connecting back office systems WITHOUT human intervention • B2B processes thousands of transactions worth billions of dollars • A single failure could cost thousands of dollars to repair • Reliable, seamless security handshake is critical

  4. Lessons Learned from the Evolution of B2B communication The goal is cross-industry adoption for most B2B communication, but it is difficult: • RNET – is difficult to implement, little cross-industry adoption • ebMS – ebXML had slow adoption in the early days because of market confusion – is this for small or large companies? But it has turned the corner! • AS2 – had the luxury of a big user to drive adoption and interoperability certification

  5. Lessons Learned from the Evolution of B2B communication • Evolution of new products takes 18-24 months with the right conditions • Syntax, semantics and choreography must be consistently defined in products • Chicken or the egg problem slows adoption: If we build the software, will they come to buy it? Or, if we have a user need, will the software built be able to fix the problem and work with everyone else? • Interoperability certification is critical for B2B messaging

  6. Software Quality Assurance testing versus Interoperability testing • Software is internally developed through QA testing against a test platform • This is conformance testing • Because of the financial impact of B2B messaging, there is another level of assurance needed: interoperability testing • This extends the QA testing to ensure that product will test against other products utilized in the field

  7. Why is B2B Interoperability Certification Critical? Interoperability B2B certification is critical: • Standards have holes • Allows software companies to extend their QA process to test against other companies • Critical security testing • Neutrality – every vendor is treated equally • Choice of certified products that work together • Drives standard adoption

  8. The New Kid on the block: Web services B2B • Provides a flexible and extensible platform for messaging • Supports application-level conversations between entities distributed over a network • Handles EDI, XML (like AS2) and more complex styles of “query-and-response” and “document-push” messaging • Supports integration with identity management (SAML) and “circle of trust” infrastructures to secure access control • Most common technology stack found in Service-Oriented Architectures

  9. Challenges of Web services • Same challenges as in generic B2B • Security toolkits & certificate exchange • Compression • New products, versions changing as standards evolve • Number of open source products developed for B2C • Immature interoperability • Standards overload • A robust Web services B2B profile must compose many standards

  10. Analysis of future issues • Support of security tokens beyond X.509 increases toolkit complexity • Political obstacles with respect to Web services still hinder standardization and platform neutrality • Support of complex B2B conversational choreographies increased the complexity of interoperability testing • Developing a robust B2B Web services profile involves a “supermarket shopping” mentality with regards to standards

  11. Web Services B2B Interoperability Testing • A robust business-level Web services profile aimed at engaging B2B use cases is critical – With vendors and end users, DGI is driving development • Interoperability testing hand-in-hand with profile development is “critical” to adoption and market growth • Supply chains more likely to adopt standard and implement software once products are tested, certified to be interoperable • Drummond Certified Test runs May 14 – June 29 • Test results will be announced in July/August 2007

  12. Questions?www.drummondgroup.cominfo@drummondgroup.com © 2007 All rights reserved.

More Related