diff options
| author | Thomas Voss <mail@thomasvoss.com> | 2024-11-27 20:54:24 +0100 | 
|---|---|---|
| committer | Thomas Voss <mail@thomasvoss.com> | 2024-11-27 20:54:24 +0100 | 
| commit | 4bfd864f10b68b71482b35c818559068ef8d5797 (patch) | |
| tree | e3989f47a7994642eb325063d46e8f08ffa681dc /doc/rfc/rfc1865.txt | |
| parent | ea76e11061bda059ae9f9ad130a9895cc85607db (diff) | |
doc: Add RFC documents
Diffstat (limited to 'doc/rfc/rfc1865.txt')
| -rw-r--r-- | doc/rfc/rfc1865.txt | 2299 | 
1 files changed, 2299 insertions, 0 deletions
| diff --git a/doc/rfc/rfc1865.txt b/doc/rfc/rfc1865.txt new file mode 100644 index 0000000..e2be02b --- /dev/null +++ b/doc/rfc/rfc1865.txt @@ -0,0 +1,2299 @@ + + + + + + +Network Working Group                                          W. Houser +Request for Comments: 1865                     Dept. of Veterans Affairs +Category: Informational                                       J. Griffin +                                                       Athena Associates +                                                                 C. Hage +                                                      C. Hage Associates +                                                            January 1996 + + +                         EDI Meets the Internet + +                    Frequently Asked Questions about +           Electronic Data Interchange (EDI) on the Internet + +Status of this Memo + +   This memo provides information for the Internet community.  This memo +   does not specify an Internet standard of any kind.  Distribution of +   this memo is unlimited. + +Abstract + +   This memo is targeted towards the EDI community that is unfamiliar +   with the Internet, including EDI software developers, users, and +   service providers.  The memo introduces the Internet and assumes a +   basic knowledge of EDI. + +Table of Contents + +   1. Introduction ................................................    4 +   1.1.  What is this document ....................................    4 +   1.2.  What do you mean by electronic data interchange (EDI) ?  .    4 +   1.3.  What are the X12 Standards that I should be aware of ?  ..    4 +   1.4.  To whom do I send comments and suggestions ? .............    5 +   1.5.  How can I get a copy of this document? ...................    5 +   2. General Information .........................................    6 +   2.1.  What is the Internet ?  ..................................    6 +   2.2.  Is there a difference between EDI and +         electronic commerce (EC) ? ...............................    6 +   2.3.  What makes the Internet useful for EDI ?  ................    6 +   2.4.  Does this means we will now have to coordinate our +         EC/EDI activities with the Internet?  ....................    7 +   2.5.  How do I find the addresses of other Trading partners +         on the Internet if I don't have to coordinate my EDI +         activities with a central organization or VAN?  ..........    7 +   2.6.  How fast is the Internet?  ...............................    7 +   2.7.  What about reliability of the Internet?  .................    7 +   2.8.  What are RFCs and where can I get them ?  ................    8 + + + +Houser, et al                Informational                      [Page 1] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   2.9.  Where can I get general information about the Internet?  .    8 +   3. Getting Connected To The Internet ...........................    9 +   3.1.  What do I need to get to use the Internet?  ..............    9 +   3.2.  What software is used to support electronic mail?  .......    9 +   3.3.  What types of client-server or server-server +         protocols exist on the Internet?  ........................   10 +   3.4.  What methods exist to broadcast information across +         the Internet?  ...........................................   12 +   3.5.  What are the ways to connect to the Internet ?  ..........   13 +   4. Organizational Issues .......................................   15 +   4.1.  Why is the way we currently do EDI so limiting to its +         growth?  ..................................................  15 +   4.2.  My organization has an internal automated system for +         processing requisitions and issuing purchase orders, but it +         does not create the X12 formatted EDI transactions; what +         should we do ?  ...........................................  16 +   4.3.  My organization already has a dial-in bulletin board +         service (BBS) where we post transactions; should we +         keep it? ..................................................  16 +   4.4.  My organization currently has a Trading Partner +         Agreement with each trading partner we're currently +         doing business with. Can we keep them ?  ..................  16 +   4.5.  It would be nice to get more trading partners and/or +         more competition, but I'm worried about getting too many +         transactions to be able to handle them.  Has this been a +         problem ?  ................................................  17 +   4.6.  Does this mean that I'll receive more messages ?  .........  17 +   4.7.  If we see a transaction posted on VAN, how do we +         respond in electronic format ?  ...........................  18 +   4.8.  My organization has an established bilateral +         relationship (such as an existing contract.  Can we +         send these transactions via the Internet ?  ...............  18 +   5. The Role Of Value Added Networks ............................   18 +   5.1.  What is a VAN?  ................... .......................  18 +   5.2.  What is an Internet Service Provider (ISP)?  ..............  19 +   5.3.  How might an ISP be used for EDI?  ........................  19 +   5.4.  Doesn't EDI presume the services of companies called +         Value Added Networks (VANs)?  .............................  19 +   5.5.  If I can use X12 protocol and my VAN to send +         transactions, what is the benefit of using +         the Internet?  ............................................  20 +   5.6.  Can we expect VANs to offer connections to other VANs +         via the Internet?  ........................................  20 +   5.7.  How can I use the Internet directly for exchanging EDI +         messages without going through a VAN?  ....................  20 +   5.8.  Can the ISA 06 or 08 identify any entity other than the +         'end' Trading Partners (i.e. a routing entity) ?  .........  21 + + + + +Houser, et al                Informational                      [Page 2] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   5.9.  Can we specify both the recipient's address and their +         VAN address in the ISA ?  ................................   22 +   5.10. Are there other options for routing EDI X12 +         messages ? ...............................................   22 +   6. US Federal Involvement ......................................   22 +   6.1.  What is the commitment of the US Federal Government +         to EDI ?  ................................................   22 +   6.2.  What is the timetable for the Federal effort ?  ..........   23 +   6.3.  Will the US Government use the Internet to send +         EDI transactions ?  ......................................   23 +   6.4.  I heard the US Government prohibited commercial use +         of the Internet?  ........................................   24 +   6.5.  The US Government is using both Internet and OSI +         E-mail protocols.  What should one consider when +         choosing which to use ?  .................................   24 +   6.6.  How is the US Government using VANs to distribute +         business opportunities?  .................................   25 +   6.7.  How would use of the Internet for Federal procurement +         change this RFQ process?  ................................   25 +   7. EDI Resources On The Internet ...............................   26 +   7.1.  Are EDI Standards available on the Internet ?  ...........   26 +   7.2.  Are EDIFACT Standards available on the Internet ?  .......   28 +   7.3.  The EDI X12 standards are quite complex.  How do we +         decide what X12 transactions to implement and how ?  .....   29 +   7.4.  What Implementation Conventions (ICs) are available +         over the Internet ?  .....................................   29 +   7.5.  How can a trading partner keep up with all these +         implementation conventions (ICs) and revisions in +         X12 and EDIFACT? .........................................   31 +   7.6   Where can I get information on EDI translation +         software ? ...............................................   31 +   7.7.  How do I keep in touch with others pursuing EDI and +         Electronic Commerce on the Internet ? ....................   32 +   7.8.  Can I get messages that have been previously posted +         to the EDI mailing lists ? ...............................   35 +   7.9.  How do I make EDI related material available +         to the Internet community ? ..............................   35 +   7.10. Where are EDI Archives on the Internet ? .................   35 + +   8. Security Considerations .....................................   36 +   8.1.  What security measures are needed to connect to the +         Internet ?  ...............................................  36 +   8.2.  How do we go about protecting our system ?  ...............  36 +   8.3.  Is there good publicly available software I can use?  .....  37 +   8.4.  How good are electronic or digital signatures ? +         Can they be used in court ?  ..............................  38 +   8.5.  Are there other US government standards publications +         I should be aware of?  ....................................  38 + + + +Houser, et al                Informational                      [Page 3] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   9. References ..................................................   39 +   10. Credits ....................................................   40 +   11. Authors' Addresses .........................................   41 + +1. Introduction + +1.1.  What is this document + +   This document is informational in nature and attempts to answer +   frequently asked questions concerning the use of the Internet for +   Electronic Data Interchange (EDI).  The primary audience is the EDI +   community that is unfamiliar with the Internet, including software +   developers, users, and service providers.   The reader needs some +   understanding of EDI.  Informational RFCs are prepared by the +   Internet Engineering Task Force (IETF) to improve understanding and +   effectiveness in the use of the Internet. + +1.2.  What do you mean by electronic data interchange (EDI) ? + +   Except as noted, the document refers to EDI as the use of the + +        1) X12 standard developed by the ANSI Accredited Standards +           Committee X12 or + +        2) EDIFACT[1] standard United Nations Economic Commission for +           Europe (UN/ECE), Working Party for the Facilitation of +           International Trade Procedures (WP.4). + +   The differences between these standards is beyond the scope of this +   FAQ.  Both standards activities are managed in the US by: + +                Data Interchange Standards Association, Inc, +                1800 Diagonal Road, Suite 200 +                Alexandria, Virginia, 22314-2852 +                Voice: 703-548-7005 +                FAX: 703-548-5738 + +   There are numerous other standards one could use for EDI, but +   discussion of them is not in the scope of this document. + +1.3.  What are the X12 Standards that I should be aware of ? + +   ACCREDITED STANDARDS COMMITTEE (ASC) X12 Standards are available from +   DISA at the address specified in Question 1.  The following is a good +   starting set of X12 standards. + +       1.  ASC X12S/94-172, An Introduction to Electronic +           Data Interchange, DISA 1994 Publications Catalog + + + +Houser, et al                Informational                      [Page 4] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +       2.  ASC X12.3 Data Element Dictionary +       3.  ASC X12.5 Interchange Control Structure +       4.  ASC X12.6 Application Control Structure +       5.  ASC X12.22 Segment Directory +       6.  ASC X12.58 Security Structures + +1.4.  To whom do I send comments and suggestions ? + +   Readers are invited to add questions; please include an answer if you +   know or want to suggest one.  Of course corrections and comments are +   welcome; send them to the IETF-EDI mail list by subscribing as +   described in question 7.6.  Or a send your comment to +   houser.walt@forum.va.gov. + +1.5.  How can I get a copy of this document? + +   Request for Comments documents (RFC) are available by anonymous FTP. +   Login with the username "anonymous" and a password of your e-mail +   address.  After logging in, type "cd rfc" and then + +        "get rfc1865.txt". + +   A Web address for the RFC is: + +      ftp://ds.internic.net/rfc/rfc1865.txt + +   RFC directories are located at: + +        o  Africa at:        ftp.is.co.za    (196.4.160.2) +        o  Europe:           nic.nordu.net   (192.36.148.17) +        o  Pacific Rim:      munnari.oz.au   (128.250.1.21) +        o  US East Coast:    ds.internic.net (198.49.45.10) +        o  US West Coast:    ftp.isi.edu     (128.9.0.32) + +   RFCs are also available by mail.  Send a message to: +   mailserv@ds.internic.net. In the body type: + +        "FILE /rfc/rfc1865.txt" + +   NOTE: The mail server at ds.internic.net can return the document in +   MIME-encoded form by using the "mpack" utility.  To use this feature, +   insert the command "ENCODING mime" before the "FILE" command.  To +   decode the response(s), you will need "munpack" or a MIME-compliant +   mail reader.  Different MIME-compliant mail readers exhibit different +   behavior, especially when dealing with "multipart" MIME messages +   (i.e., documents which have been split up into multiple messages), so +   check your local documentation on how to manipulate these messages. + + + + +Houser, et al                Informational                      [Page 5] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +2. General Information + +2.1.  What is the Internet ? + +   It is the inter-working of existing corporate and government networks +   using commonly used telecommunications standards.  It is not a new +   physical network, although some new facilities may be needed. +   Rather, it is based on mutual interests of users to communicate more +   effectively via electronic message and file transfers.  Internet +   communications may be interpersonal (person-to-person) E-Mail or +   process-to-process like EDI.  Messages may be inquiries to shared +   databases and responses. Messages may be entire files. + +2.2.  Is there a difference between EDI and electronic commerce (EC) ? + +   Electronic Data Interchange (EDI) is defined as the inter-process +   (computer application to computer application) communication of +   business information in a standardized electronic form.  Electronic +   Commerce includes EDI, but recognizes the need for inter-personal +   (human to human) communications, the transfer of moneys, and the +   sharing of common data bases as additional activities that aid in the +   efficient conduct of business.  By incorporating a wide range of +   technologies, EC is much broader than EDI.  However, the focus of +   this document in on EDI, not electronic commerce. + +2.3.  What makes the Internet useful for EDI ? + +   The greatest benefits will derive from: + +      o  Adoption of common standards and proven inter-operable systems, + +      o  Adoption and deployment of a distributed Directory Service +         capability, so that one can readily contact electronically any +         other organization in the world. + +      o  Explicit commitment by participating organizations to +         cooperatively route traffic, work to resolve addresses, and +         meet required standards. + +      o  Ubiquitous network coverage from many service providers. This +         allows the customer to choose the level of service needed. + +      o  Layering of applications (such as EDI) over existing, proven, +         applications. + +      o  A standards process with reference implementations which +         all vendors have equal access.  (a.k.a. a level playing field). + + + + +Houser, et al                Informational                      [Page 6] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +      o  Widely available public domain software including but not +         limited to applications, protocol/transports and multiple +         platform development tools. + +2.4.  Does this means we will now have to coordinate our EC/EDI +      activities with the Internet? + +   The Internet is not an organization or government agency.  You use +   the Internet to do business like you would use the telephone.  The +   same Internet connection your organization uses to send electronic +   mail would be the one you use to send EDI transactions.  Software +   developers write EDI translators, packages or templates for your e- +   mail system so that you can handle your own EDI transactions.  Your +   EDI activities do not need to be coordinated, but your connection to +   the Internet does. + +2.5.  How do I find the addresses of other Trading partners on the +      Internet if I don't have to coordinate my EDI activities with +      a central organization or VAN? + +   The Internet works by assigning names or "domains" to +   networks/companies/machines.  This is called the Domain Name Service +   (DNS). It works from a distributed tree structure.  The Internet +   requires registration of your Internet Protocol (IP) address and +   Domain Name in the Domain Name Service (DNS).  Your internet service +   provider can do this for you or assist you in contacting the right +   people to get your assigned addresses and domain names. + +2.6.  How fast is the Internet? + +   For a modest amount of data with a dedicated connection, a message +   transmission would occur in a matter of seconds, unless the ISP +   selected one of the trading partners is overloaded.  The maximum +   delay over the internet backbones is at most a few seconds.  Like the +   interstate highway system, speed depends on how close you and your +   trading partner are to Internet backbones.  Unfortunately, some areas +   may lack the capacity or "bandwidth" to handle the workload your +   organization requires.  Contact your local Internet Service Provider +   for details on service in your area.  Also, the more you are willing +   to spend, the better the service.  The Internet is inexpensive, but +   (contrary to popular mythology) it is not free. + +2.7.  What about reliability of the Internet? + +   For high reliability mission critical applications, redundant ISPs +   may be used (with separate backbones), and redundant mail servers at +   separate locations can be used. A single internet email or server +   address can be used to transparently route to any of the redundant + + + +Houser, et al                Informational                      [Page 7] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   servers or network connections. + +   If a dedicated Internet connection is used to transmit information, +   e.g., via SMTP (see questions 3.2 and 3.5), then the message is +   delivered directly to the trading partner's system and delivery is +   assured. If a part time store and forward connection is used, then +   the integrity of the message depends on the ISP or other computers +   used in the forwarding of a message. + +2.8.  What are RFCs and where can I get them ? + +   RFC stands for Request For Comments.  The RFC series of notes covers +   a broad range of topics related to computer communications.  The core +   topics are the Internet and the TCP/IP protocol suite.  There are +   three categories of RFCs today, Standards Track, Informational, or +   Experimental.  Many of the RFCs describe de-facto standards in the +   Internet Community.  Copies of RFCs are often posted to the USENET +   newsgroup comp.doc and obtainable from archive sites such as +   ds.internic.net. + +                        ftp://ds.internic.net/rfc/ + +2.9.  Where can I get general information about the Internet? + +   Your local bookstore probably has one of the many recent introductory +   publications on the Internet.  In addition, look for (or have someone +   get you) the following bibliographies for free: + +         RFC 1175 +             Bowers, K., LaQuey, T., Reynolds, J., Roubicek, K., +             Stahl, M., and A. Yuan, "FYI on Where to Start - +             A Bibliography of Internetworking Information", +             08/16/1990 (FYI 3) + +                    ftp://ds.internic.net/rfc/rfc1175.txt + +         RFC 1463 +             Hoffman, E., and L. Jackson, "FYI on Introducing the +             Internet -- A Short Bibliography of Introductory +             Internetworking Readings for the Network Novice", +             05/27/93 (FYI 19) + +                    ftp://ds.internic.net/rfc/rfc1463.txt + +   The reader may want to look at the Frequently Asked Questions (FAQ) +   document for the newsgroup alt.internet.services.  This FAQ, as well +   as all Usenet FAQs, can be retrieved via ftp from rtfm.mit.edu in the +   directory /pub/usenet/news.answers.  These FAQs are also available + + + +Houser, et al                Informational                      [Page 8] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   from ftp.sterling.com in the directory /usenet/news.answers. + +3. Getting Connected To The Internet + +3.1.  What do I need to get to use the Internet? + +   You need to know your existing telecommunications connectivity, +   address resolution, and routing capabilities.  Then you need to +   establish and operate an Electronic Mail gateway and/or other +   application gateway, e.g., for the file transfer protocol (FTP). +   Larger organizations may supply their trading partners with the +   TCP/IP software and X12 translator interfaced to E-mail or FTP. + +3.2.  What software is used to support electronic mail? + +   a) Simple Mail Transfer Protocol (SMTP) Servers + +      A dedicated internet connection usually uses SMTP software to send +      and receive messages. The SMTP server may transfer messages to the +      "spool" area for incoming email in the file system, may queue the +      messages for transmission via UUCP, may hold mail in a POP server, +      or may transfer the message to a proprietary email system. + +   b) Unix-to-Unix Copy (UUCP) Servers + +      A UUCP server is used to transfer messages when a store and +      forward is used, either between machines within a WAN, or to +      another machine with a dialup link. + +   c) Post Office Protocol (POP) mail Servers + +      A POP server holds email which can later be retrieved by a client +      application run by the user, typically on a PC which might not be +      running 24 hours a day.  The TCP/IP protocol is used either over a +      LAN or dialup SLIP connection to retrieve messages. + +   d) Mail User Agents (Mail Readers) + +      Uses or applications employ client programs to retrieve and +      display email messages from the file system mail spool area, or +      from another server computer using POP or some other proprietary +      protocol (e.g. Microsoft-Mail). This mail user agent (UA) software +      is also used to compose and send email via a POP server or system +      email. + +      The mail user agent may also process attached files using a +      proprietary format within a mail message, using one of the common +      de-facto standards, or using the Multipurpose Internet Mail + + + +Houser, et al                Informational                      [Page 9] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +      Extensions (MIME) internet standard.  Among other things, MIME +      permits the identification and concatenation of message parts +      (called "body parts") into a single message that can traverse the +      Internet using the SMTP protocol.  The Work in Progress, "EDI in +      MIME"  provides the necessary standards for MIME compliant user +      agents to identify EDI body parts.  A MIME compliant mail reader +      can process the contents of the messages and dispatch data to +      external software. For example, files can be dragged to file +      system directories, images can be displayed, and audio data can be +      played.  In the case of EDI, a message formatted according to the +      MIME-EDI specification could be automatically transferred to an +      EDI processing program. + +   e) Automated Mail Processing + +      A typical Mail User Agents is an interactive application. However +      there are automated email message processing programs which can +      sort incoming mail, process forms returned by others, or in the +      case of EDI data, transfer the message contents to the EDI system. +      Messages formatted according to the MIME EDI specification can be +      properly recognized by any MIME compliant mail processing program. + +3.3.  What types of client-server or server-server protocols exist on +      the Internet? + +   Internet email is typically used for two party messaging. The FTP, +   gopher, and HTTP protocols allow many users, possibly anonymous, to +   retrieve data from a central source. For example, corporate catalogs +   can be restricted by potential customers. + +   a) File Transfer Protocol (FTP) + +      Companies with existing connectivity to the Internet may use FTP +      to transfer files to one-another or to their VAN.  This solution +      employs the same TCP/IP used for SMTP.  Furthermore, Internet +      documents such as EDI in MIME Work in Progress are available via +      FTP on the FTP server "ds.internic.net." + +   b) gopher service protocol. + +      Gopher service is a way of organizing selected documents and files +      on an Internet server in a simple tree menu, so that users on +      other Internet computers can find them easily.  Most gopher menus +      are also linked to other gopher menus elsewhere, so that users can +      easily jump from one Internet server to another.  There are +      thousands of gopher servers in operation worldwide. + + + + + +Houser, et al                Informational                     [Page 10] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   c) The Hypertext Transfer Protocol (HTTP) + +      HTTP defines http-server and http-clients that comprise the World +      Wide Web (WWW).  WWW was developed by the European Laboratory for +      Particle Physics (CERN) as a tool for exchanging multimedia data +      between researchers.  Although there is also no specification for +      graphics in HTTP, most web browsers are graphical in nature. +      Mosaic, available free from the National Center for Supercomputer +      Applications (NCSA), provides a Graphical User Interface (GUI) +      that facilitates user access to information on the Internet. +      Mosaic interprets hypertext based information on the WWW, as well +      as to other linked Index/Directory services such as Archie, FTP, +      Gopher, and X.500 Directory information.  Mosaic also supports on +      line Graphic Interchange Format (GIF), Joint Photographic Experts +      Group (JPEG), Motion Picture Experts Group (MPEG), QuickTime, and +      other document, image, and audio types.  Vendors have developed +      product catalogues using Mosaic servers. + +   d) WHOIS + +      WHOIS servers generally offer information about the organization +      to which they belong.  There are many WHOIS servers scattered +      throughout the Internet.  To obtain a list of registered WHOIS +      servers, anonymous FTP to rtfm.mit.edu and get the file +      /pub/whois/whois-servers.list.  You can: + +       o   run a client program on your own machine to access the +           WHOIS server, + +       o   telnet to a site which hosts the server, eg: telnet to +           whois.internic.net and type help to access the full online +           help + +       o   send an email message to retrieve information from the +           database.  eg: send email to mailserv@internic.net with +           a command in the Subject field.  Any information in the +           body part of message will be ignored.  ie. + +                Subject:  whois <search string> + +           Therefore, to find information on the Internic Registration +           Service, the subject should contain: whois internic + +           Moreover, to obtain help information on this service you can +           send two separate email with the following in their subject +           line, respectively: + + + + + +Houser, et al                Informational                     [Page 11] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +                             help +                             whois help + +3.4.  What methods exist to broadcast information across the Internet? + +   There are also some usual methods to broadcast messages to multiple +   recipients as described below: + +   a) Usenet News + +      Usenet news is a cooperative broadcast of messages to all +      participants.  Messages are organized into categories called +      newsgroups, and there are over 10,000 newsgroups carried by the +      major ISPs.  Individual customers typically subscribe to some +      subset of these which is of interest to the organization. +      Messages are typically held for a week or two, then either +      archived or discarded.  Some newsgroups are free form, i.e. anyone +      can post a message, while others are "moderated", i.e. require +      approval prior to posting. + +      Though not currently used for any type of EDI, Usenet news could +      be used to broadcast RFQs. For example, comp.newprod is used to +      announce new products, and misc.jobs.wanted is used to announce +      job openings. + +   b) Mailing Lists + +      If the interest is limited, a mailing list may be used in lieu of +      a newsgroup.  These are typically used for discussion groups or +      announcements of a particular nature.  Mailing lists are typically +      open, i.e. anyone can "subscribe" by sending an email message to a +      server. For discussion groups, anyone can send a message to the +      server which is then rebroadcast to all subscribers.  Since +      Internet email is extremely inexpensive, there is normally no +      charge for use of a mailing list, except for the content of +      e-magazines, etc.  Sponsors of an email list typically provide the +      list as a public service. + +      For example, a mailing list could be used to broadcast EDI RFQs, +      etc.  Vendors might subscribe to various lists related to their +      product or service in order to receive messages sent by potential +      customers. Mailing lists could be provided by large companies for +      internal use, by industry organizations, or VANs.  For example, a +      firm or government agency could sponsor various mailing lists for +      EDI RFQ's, new product announcements, etc. related to procurement. +      The organization could easily allow other potential customers to +      use the same mailing lists to contact vendors.  All parties would +      benefit, and the improved access to vendors from an open mailing + + + +Houser, et al                Informational                     [Page 12] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +      list would more than offset the cost to support the mailing list +      server. Thus service might be available for free. + +3.5.  What are the ways to connect to the Internet ? + +   The following provides a general overview of connectivity options now +   available: + +   a) Dedicated Connection + +      Typically a leased telephone line is used to connect a gateway +      computer or Typically a leased telephone line is used to connect a +      gateway computer or bridge/router of a corporate LAN/WAN to the +      router of the Internet Service Provider's (ISP) Point-Of-Presence +      (POP, not to be confused with the Post Office Protocol). The +      connection may be of various types and speeds, e.g.  modem, ISDN, +      DS0, or DS1 line. + +      With a dedicated connection, the SMTP protocol is typically used +      to deliver email directly to a trading partners system. Also, +      real-time client server applications can be run directly with a +      trading partners system, including information transferred using +      the FTP and HTTP protocols. + +      Some ISPs provide optional services even with dedicated +      connections.  For example, store and forward email on an ISP +      server can be used as a backup for a direct SMTP server operated +      by a trading partner.  The ISP may offer disk space on their FTP +      and HTTP servers with a high speed connection to the Internet. +      For example, a trading partner might use a 14.4Kb modem for +      dedicated email transfers and use a 1.5Mb connection operated by +      the ISP to distribute FTP and HTTP information. + +   b) On-demand Connection + +      An on-demand connection operates like a dedicated connection, +      except a dialup ISDN or modem connection is used. If the link +      remains idle for a certain period of time, the connection is +      dropped.  Some ISPs offer dial-out capability so any inbound or +      outbound traffic can reestablish the link. However, many ISPs +      require their customers to dial-in, so only outbound traffic and +      regular polling will establish the link. In the latter case, store +      and forward would likely be used for email, and the ISP servers +      would be used for FTP and HTTP information. + + + + + + + +Houser, et al                Informational                     [Page 13] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   c) Part-time Polled Connection + +      The Unix-to-Unix Copy (UUCP) protocol is typically used for email, +      news, and (rarely) file transfers.  A client organization +      periodically dials the ISP and transfers email and Usenet news for +      the organization, then disconnects.  Typically, the client polls +      the ISP at regular intervals, e.g. every 20 minutes, though some +      ISPs dial out when a message is to be delivered.  Outgoing email +      can be sent immediately, or queued for transmission with a +      specified maximum delay. + +      A UUCP connection may be used to transfer messages to an arbitrary +      number of people or automated mail processing programs.  A single +      UUCP connection may also route messages to other systems, e.g. +      divisions within a corporation.  UUCP and store-and-forward are +      synonymous. + +      Since UUCP is only used to transfer mail and news messages, +      interactive internet client-server applications like FTP and HTTP +      are not available, except using a server provided by an ISP. Thus +      a separate dialup account might be needed to retrieve information +      from other FTP or HTTP servers. UUCP might be used for automated +      email transfer, and a on-demand dialup connection would be used +      for interactive internet client applications. + +      Though UUCP accounts imply a delay (up to the polling interval) in +      processing a message, many ISPs allow a customer supplied script +      to process messages immediately on the ISP's machine.  Though UUCP +      can be used to transfer files directly, usually files are +      transferred by encoding them within an email message. +      Transmission within internet email messages is much more widely +      supported and can be gatewayed into proprietary systems. + +   d) Dial-up Shell Account + +      With a dial-up account, a single user with a personal computer +      running a terminal emulator connects to the ISP's computer.  Mail +      readers, news readers, HTTP browsers, etc. can be run on the ISP +      machine. Data on the ISP machine can be transferred to the +      personal computer manually using a protocol like X-Modem, Z-Modem, +      or Kermit. + +      The ISP's host computer may run one of the usual UNIX command line +      (shell) programs, or may use a custom BBS or other menu driven +      user interface. A proprietary client-server program may be used in +      lieu of a terminal emulator to provide a graphic user interface. +      Some of the proprietary GUI clients provide access to selected +      internet applications, e.g. gopher. + + + +Houser, et al                Informational                     [Page 14] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +      A dialup ISP typically has a direct internet connection, however +      very low cost providers might only have a UUCP connection to the +      Internet. Some large proprietary networks such as CompuServe do +      not offer a direct internet connection, and only support UUCP +      email and, sometimes, Usenet news gateways to the Internet. + +   d) Personal Serial Line Internet Protocol (SLIP) or Point to Point +      Protocol (PPP) Account + +      A SLIP/PPP account is also available as a cross between the on +      demand and dial- up. Like the on-demand account, a single user can +      connect to an ISP and run mail reader, news reader, FTP, HTTP +      browser, etc. client applications directly from a personal +      computer.  Unlike the on-demand account, the dial-out computer +      functions as a client only and not a server, and would be used by +      a single user rather than as a gateway to a LAN. + +      With a SLIP/PPP account, the POP (Post-Office-Protocol) protocol +      is used for a user's mail reader client to retrieve messages +      stored in the ISP's server.  Unlike, UUCP, the POP servers hold +      mail for a single user (i.e. individual email address). + +      With a SLIP/PPP connection any standard TCP/IP application is tied +      directly into the internet.  Thus unlike the proprietary GUI +      software supplied by the ISP, any TCP/IP client application can be +      used. + +      A program such as TIA (The Internet Adapter) can be run on a shell +      account which allows a standard UNIX shell account to function as +      a SLIP/PPP account.  However, some ISPs do not support TIA as they +      charge extra for SLIP. + +4. Organizational Issues + +4.1.  Why is the way we currently do EDI so limiting to its growth? + +   There is a tendency for each organization to establish is own rules +   and administrative policies, leading to rising costs of dealing with +   multiple trading partners, each in turn with its own requirements and +   procedures.  However, new technologies and business practices are +   necessary if EDI is to move beyond the 30 to 40,000 organizations +   presently using EDI.  According to Department of Labor and Internal +   Revenue Service statistics, there are about 6.2 million entities with +   employees and about 14 million other "business" entities.  A business +   that wants to sell chairs, for example, would have to check with many +   different customers to see if they had any requirements.  By making +   it possible for a business to use a common method to look for +   customers, the barriers entering to the electronic marketplace are + + + +Houser, et al                Informational                     [Page 15] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   greatly eased.  This does not mean that there is only one source that +   everyone goes to for a list of current business opportunities. +   Rather, a prospective supplier only needs to go to a single +   electronic marketplace.  To communicate with each other, the various +   participants in electronic commerce need to harmonize their +   procedures and processes.  Examples include common trading partner +   registration and the adoption of standard implementation conventions +   for EDI messages. + +4.2.  My organization has an internal automated system for processing +      requisitions and issuing purchase orders, but it does not create +      the X12 formatted EDI transactions; what should we do ? + +   You could enhance your existing system, for example, by adding EDI +   translation software.  VANs often offer EDI "translation" +   capabilities that convert flat text files into EDI X12 or EDIFACT +   format.  This translation software may be designed with a particular +   technical solution in mind; carefully consider how the software would +   be used and what applications and telecommunications software would +   need to interact with it.  You don't want to inadvertently lock +   yourself into using only one supplier. + +4.3.  My organization already has a dial-in bulletin board service +      (BBS) where we post transactions; should we keep it? + +   Yes, but that puts you in the role of being your own VAN.  By acting +   independently, organizations have established their own dial-up +   electronic bulletin board system with their own unique, but +   functionally equivalent, operating rules.  Your BBS will be a little +   different that the next organization's, making it difficult for +   suppliers to access.  By getting transactions from the VANs who +   specialize in moving information, your organization will get the +   widest circulation possible.  You will be able to reach trading +   partners you may not even know existed, resulting in more competitive +   bids.  Because of their idiosyncratic nature, BBS are not consistent +   with the idea of a "single face to industry" espoused by the Federal +   Government. + +4.4.  My organization currently has a Trading Partner Agreement +      with each trading partner we're currently doing business with. +      Can we keep them ? + +   In the short run you may want to keep some Agreements in place to +   cover unique circumstances.  But be careful not to create conflicting +   agreements and directions for your trading partners.  Follow the +   procedures common to your particular line of business.  In the long +   run, less is better.  Hopefully, the introduction of EDI into common +   commercial practice will eliminate the need for EDI-specific + + + +Houser, et al                Informational                     [Page 16] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   agreements. + +4.5.  It would be nice to get more trading partners and/or more +      competition, but I'm worried about getting too many transactions +      to be able to handle them.  Has this been a problem ? + +   The answers to this and related questions presupposes a willingness +   to participate in the open bidding process.  While this process is a +   legal requirement for government agencies, many private organizations +   choose not to adopt the practice.  The technology of the Internet +   facilitates competition, but the cost of putting these practices in +   place limit their value.  This is a business decision, not a +   technical one.  Will companies competitively procure critical +   supplies absent a long term relationship with the supplier? For +   essential inputs that will make or break customer satisfaction and +   productivity, the benefits of competition may not be worth the risks. + +   Many organizations experience some increase in the number of +   transactions; for competitive procurements, the winning bid should be +   significantly better than those received prior to using the +   electronic system.  The impact of an increase in volume needs to be +   evaluated on a situation by situation basis.  For example, your +   acquisition support system may need to be re-engineered to quickly +   handle bids by ranking and presenting them to your buyers in low to +   high order.  Your new or enhanced system should make it easy to +   receive and reply to any inter-personal messages that are sent and +   linked to a bid (that is, an SMTP/MIME message or the EDI X12.864 +   text message transaction set). + +4.6.  Does this mean that I'll receive more messages ? + +   There is a strong likelihood the number of messages will increase as +   There is a strong likelihood the number of messages will increase as +   you reach more and more trading partners.  After a reasonable trial +   period, your EDI trading partners should be relying on EDI and +   disinclined to use alternative forms of communication that don't fit +   EDI/EC.  Once you use EDI/EC to communicate with a trading partner, +   you should consider discouraging the use of telephone calls or fax +   messages or other non-EDI/EC messages by pointing out the fact that +   telephone or fax messages are processed more slowly.  By using +   electronic messaging, you can establish a written and dated audit +   trail.  Your application system can route the message to the buyer +   and "attach" it to a "case file".  However, if your organization does +   not use automated systems, you will want to adjust your approach to +   dealing with non-EDI messages. + + + + + + +Houser, et al                Informational                     [Page 17] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +4.7.  If we see a transaction posted on VAN, how do we respond in +      electronic format ? + +   This function is typically handled by applications software, not by +   the Internet.  For example, a vendor that wishes to bid on a +   particular Request For Quotation (RFQ) would prepare a bid (X12-843) +   and send it via their VAN of choice.  The identification information +   in the interchange control header (ISA) and functional group header +   (GS) will be interpreted by your VAN and forwarded to the buyer's VAN +   or to the buyer directly, depending on the reply address.  VANs may +   reject messages from unregistered sources; otherwise they are +   forwarded to (or otherwise made available to) the buyer.  If a buyer +   is using dial-up access to a VAN, then they will have to call-in for +   their messages. + +4.8.  My organization has an established bilateral relationship +      (such as an existing contract.  Can we send these transaction +      via the Internet ? + +   Yes, the Internet can be used to send transaction sets to existing +   trading partners via SMTP or FTP messages.  VANs were typically used +   for bilateral relationships between companies, whereas the Internet +   is useful for establishing multilateral relationships.  These +   bilateral relationships are usually quite stable, but both parties +   had to agree to share the same VAN or get their VANs to interconnect. +   Multilateral relationships are between organizations that don't +   necessarily have existing relationships and may be rather ephemeral. +   The Internet is suited to dynamic multilateral relationships that may +   later evolve into static bilateral relationships between companies +   using VANs.  Therefore, the issues concerning the Internet (security, +   availability, etc.) are manageable in the early stages of forming a +   relationship.  If your current VAN is not capable of using the +   Internet, you may need an alternative route for those messages. +   Later, as the business relationship matures, the use of VANs may be +   appropriate as the level of communication becomes more important. +   For example, unless your system has a directory of all registered +   trading partners, you lack the capabilities to screen and validate +   transactions that arrive at your site. + +5. The Role Of Value Added Networks + +5.1.  What is a VAN? + +   The use of EDI over the Internet is in the early stages, although the +   technology and services are developing remarkably rapidly.  In the +   past, organizations doing EDI typically have relied on specialized +   firms called Value Added Networks (VANs) for technical assistance. +   Many of these organizations will look to their VAN for assistance in + + + +Houser, et al                Informational                     [Page 18] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   using the Internet.  VANs specializing in EDI applications provide +   technical support, help desk and troubleshooting for EDI and +   telecommunications problems.  They assist in configuration of +   software, upgrades to telecommunications connectivity, data and +   computer security, auditing and tracing of transactions, recovery of +   lost data, service reliability and availability.  Some EDI specific +   services can include broadcasting an RFQ to a collection of vendors, +   or storage of EDI information for later search and retrieval. + +5.2.  What is an Internet Service Provider (ISP)? + +   VAN services have typically used proprietary network or a network +   gatewayed with a specific set of other proprietary networks.  In +   contrast an Internet Service Provider (ISP) offers generic network +   access (i.e. not specific to EDI) for all computers connected to the +   internet. A direct internet connection permits real time computer- +   computer communication for client-server applications. +   Alternatively, a part time internet connection can be used to access +   internet servers using an on-demand basis, or access another system +   via email which includes a store and forward method.  Internet email +   may be used as a gateway to proprietary networks if the proprietary +   network has an email gateway. + +5.3.  How might an ISP be used for EDI? + +   Internet email can be configured for a dedicated connection with +   real-time transfers, or a store and forward method (like traditional +   VANs), or a combination of the two, e.g. where a direct delivery to a +   trading partners system is used when a link is operational, and a +   store and forward from an ISP is used as a backup. + +   A large organization can connect their network to the Internet at an +   internet exchange point, however, most use a commercial ISP, either a +   major backbone provider, or local resellers of service off one or +   more backbones. The ISP provides technical assistance and access to +   local telecommunications links. + +5.4.  Doesn't EDI presume the services of companies called +      Value Added Networks (VANs)? + +   EDI only specifies a format for business information; the +   transmission of the information is covered under other standards. A +   real world analog is sending a business form from one company to +   another. The "form" could be sent via US mail, US Registered mail, +   via private carrier (UPS/FEDEX) or simply faxed between the +   companies.  EDI only requires that the trading partners follow the +   content standards. + + + + +Houser, et al                Informational                     [Page 19] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +5.5.  If I can use X12 protocol and my VAN to send transactions, +      what is the benefit of using the Internet? + +   The Internet E-mail standards have hierarchical address spaces that +   are defined and updated in what the Internet calls "domain name +   servers."  Unfortunately, X12 has a flat address space.  So, when you +   send an interchange (not via the Internet) to a partner who is on a +   different VAN, your VAN must do a table look up to figure out what +   VAN the receiving party is on.  If you use only X12 without the +   Internet, before you can send a message to this partner, you must +   first contact the recipient's VAN and have them add you as an entry +   to his VAN's table.  If the ISA contained the VAN ID of the +   recipient, then you could (in theory) send interchanges to partners +   via the VAN interconnects without having to notify the recipient's +   VAN first.  However, this theory needs to be worked out in practice. +   In contrast, thanks to the domain name service, Internet e-mail users +   (and Postal users) don't have to call up their service provider +   before sending a message across an "interconnect" to another service +   provider. + +5.6.  Can we expect VANs to offer connections to other VANs via the +      Internet? + +   All VANs connected to the Internet are connected to one another, thus +   avoiding most of the problems of interconnecting proprietary +   networks.  VANs can then focus on services to their customers such as +   automatic bid submission, market and business opportunity analysis, +   and translation software. + +5.7.  How can I use the Internet directly for exchanging EDI messages +      without going through a VAN? + +   You and your trading partner must agree on one of the Internet +   protocols for exchanging messages and then agree upon some details +   with the exchange. + +   a) Email based messaging + +      The simplest and most widely supported means of exchanging +      messages is via internet email. Typically, the IETF-MIME +      encapsulation specification would be used to enclose the EDI +      data within the email message, and the trading partners would +      need to agree upon an encryption method for secure email, +      typically PEM or PGP (see question 8.4). + +      The trading partners would then exchange: +          1. The internet email address for EDI messages +          2. An internet email address for personal communications + + + +Houser, et al                Informational                     [Page 20] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +             related to EDI +          3. Agreement on the encryption and digital signature +             protocols, including email acknowledgment, e.g. +             support for the "Return-Receipt-To:" email header, +             or X.400 extended email header fields. +          4. Public Keys for PEM or PGP encryption and digital +             signatures.  (or private keys for DES encryption) +          5. Agreement on the format of the message, e.g. IETF MIME/EDI. + +      A convention for naming email addresses might be +      established, e.g. edi@edi.xyzcorp.com for messages, +      ediinfo@xyzcorp.com for an automated response for human readable +      information on establishing internet EDI, and +      edisupport@xyzcorp.com for a personal contact. + +   b) FTP based messaging + +      To exchange EDI messages via FTP, some setup information must be +      included in the trading partner agreement. Typically, an account +      would be created for each trading partner for a FTP login, +      including a password. Typically, each X12 or EDIFACT message +      would be stored in a file, and the trading partner agreement would +      define the conventions for naming files and directories for +      the messages. + +      The trading partner agreement would include: +          1. FTP login name and password +          2. Machine(s) from which the login will be accepted +          3. Additional security protocols, e.g. Kerberos[?] +          4. Directory and file naming conventions +          5. File encryption protocols and keys +          6. Wrappers around EDI data, e.g. MIME/EDI headers, +             PEM/PGP wrappers, etc. + +   There are several compression routines and utilities available for +   virtually any computer system that uses the Internet.  Many of these +   utilities will convert across platforms (say UNIX to Mac, UNIX to PC, +   and vise versa) and are available for free from one of several ftp +   archive servers.  Use of these compression routines should be used +   with care when one is employing an encryption technique such as PEM +   or PGP. + +5.8.  Can the ISA 06 or 08 identify any entity other than the +      'end' Trading Partners (i.e. a routing entity) ? + +   Yes, although the ISA06 and ISA08 elements are supposed to be used to +   identify the sender and receiver of the interchange, the receiver of +   the interchange could be a clearinghouse (as well as a VAN) that + + + +Houser, et al                Informational                     [Page 21] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   processes the interchange and then forwards the data to the ultimate +   recipient.  In this case, you could put the receiver ID of the +   clearinghouse into the ISA08. The clearinghouse would probably have +   to determine the ultimate recipient of the message by looking inside +   the transaction set (or perhaps by using the GS03).  Alternatively, +   you could put the receiver ID of the ultimate recipient into the +   ISA08 and the clearinghouse would route the interchange based on the +   ISA08 value (just as a VAN does). + +5.9.  Can we specify both the recipient's address and their VAN +      address in the ISA ? + +   There was an X12 DM (data maintenance) request proposed to the X12 +   standards committee for a change to the ISA segment (X12 header +   information) that would allow users to specify the recipient's VAN, +   in addition to the recipient's ID.  The intent was to provide a +   hierarchical address in the ISA.  The top level would be the VAN ID, +   and the next level would be the recipient ID.  To date, this DM has +   not been approved. + +5.10.  Are there other options for routing EDI X12 messages ? + +   Yes, the GS02 and GS03 data elements can be used for a second level +   of routing.  The GS03 is the application receiver's code.  Some EDI +   users use the GS03 for routing a functional group to a particular +   department or application within the receiver's corporation.  For +   example, you could use the ISA08 to identify the receiver as "Acme +   Corporation" and use the GS03 to identify the receiving application +   as the "Purchasing department (within Acme Corporation)".  Many EDI +   users simply put the same value in the ISA06 and the GS02, and put +   the same value in the ISA08 and the GS03.  Interestingly, there are +   VANs that will broadcast a message.  Other VANs will map the value of +   the ISA08 into a distribution list VAN mailbox ids maintained by the +   VAN.  Thus, each recipient receives the exact same copy of the +   interchange and the value of the ISA08 is not changed by the VAN. + +6. US Federal Involvement + +6.1.  What is the commitment of the US Federal Government to EDI ? + +   In the Federal Information Processing Standard (FIPS) 161-1 for +   Electronic Data Interchange[2], the US Government committed to using +   EDI X12 and EDIFACT standards in the exchange of business information +   with trading partners already using EDI.  On October 26, 1993, +   President Clinton signed an Executive memorandum requiring Federal +   agencies to implement the use of electronic commerce in Federal +   purchases as quickly as possible.  As the initial step the +   President's Management Council (PMC) Electronic Commerce Task Force + + + +Houser, et al                Informational                     [Page 22] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   (ECTF), chaired by the Administrator, Office of Federal Procurement +   Policy (OFPP), chartered the Federal Electronic Commerce Acquisition +   Team (ECAT) memorandum.  The PMC gave ECAT the task of defining the +   architecture for the government-wide electronic commerce acquisition +   system and identifying the executive departments or agencies +   responsible for developing, implementing, operating, and maintaining +   the Federal electronic system. + +   ECAT has become the Federal Electronic Commerce Program Management +   Office (ECA-PMO).  The National Institute or Science and Technology +   (NIST) maintains an HTML home page for the ECA-PMO: + +              http://snad.ncsl.nist.gov/dartg/edi/fededi.html + +6.2.  What is the timetable for the Federal effort ? + +To implement EC and to achieve his objectives for EC, the President +set forth the following four milestones: + +      1)  By March 1994, define the architecture for the +          government-wide EC acquisition system and identify +          executive departments or agencies responsible for +          developing, implementing, operating, and maintaining +          the Federal electronic system.  The ECAT identified +          the architecture and recommend actions that each agency +          should take.  These documents are available via ftp at +          ds.internic.net in the directory /pub/ecat.library. + +                 ftp://ds.internic.net/pub/ecat.library/ + +      2)  By September 1994, establish an initial EC capability +          to enable the Federal government and private suppliers +          to exchange standardized requests for quotations (RFQs), +          quotes, purchase orders, and notice of awards and begin +          government-wide implementation. + +      3)  By July 1995, implement a full-scale Federal EC system +          that expands initial capabilities to include electronic +          payments, document interchange, and supporting data bases. + +      4)  By January 1997, complete government-wide implementation +          of EC for appropriate Federal purchases, to the maximum +          extent possible. + +6.3.  Will the US Government use the Internet to send EDI transactions ? + +   According to the ECAT, achieving the following objectives are +   essential for a successful ubiquitous government EDI capability: + + + +Houser, et al                Informational                     [Page 23] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +      1)  E-mail systems may be used as the transport medium for EDI +          transactions. + +      2)  FTP, FTAM, SMTP, X.400, or X.400 compatible substitutes +          are the preferable transport methods for EDI. + +      3)  EDI functionality must be supported such that the user can +          choose between the Internet Protocol Suite (IPS) and Open +          Systems Interconnection (OSI) protocol support. + +      4)  Directory services will be provided through the X.500 model +          as services become available. + +      5)  Initial implementation of X.400 shall support the user agent +          services defined in P2 and P22 protocols. + +      6)  By 1996, the X.400 implementations shall contain the +          services defined in the X.435 specification. + +      7)  The Internet network may be used for EDI transactions when +          it is capable of providing the essential reliability, +          security, and privacy needed for business transactions. + +6.4.  I heard the US Government prohibited commercial use of the +      Internet? + +   The Internet contains many Internet Service Providers (ISPs), each +   with its own internal policies governing the conduct of its +   customers. One of the largest ISPs is the National Science +   Foundation.  At one time, NSF adopted what is called the Acceptable +   Use Policy of the National Science Foundation (NSF) was intended to +   prevent commercial uses of the original NSF-sponsored Internet +   telecommunications backbone.  However, the growing number of +   commercial providers and backbones now part of the Internet have made +   this policy obsolescent.  NSF is currently reducing its direct +   support in favor of subsidies to universities and other NSF sponsored +   organizations. Today the US Government is actively encouraging +   commercial uses of the Internet. + +6.5.  The US Government is using both Internet and OSI E-mail +      protocols.  What should one consider when choosing which to use ? + +   For more than a decade, Federal policy has been to promote the Open +   Systems Interconnection (OSI) telecommunications protocols developed +   by international standards bodies.  Despite this policy, Government +   agencies, like the private sector, have invested far more in Internet +   than OSI compliant products.  Marshall T. Rose's "The Internet +   Message"[3] compares the two alternative protocol suites and finds + + + +Houser, et al                Informational                     [Page 24] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   clearly in favor of the IPS for messaging in general.  For EDI +   specifically, the advantages of the IPS are its simplicity, wide +   availability, and security provided by Privacy Enhanced Mail (PEM, +   see below).  IPS lacks a number of desirable features and incurs +   something of an efficiency penalty for binary transfers.  On the +   other hand, the OSI standard for messaging handling service (X.400) +   promises a complete solution for EDI; the X.435 protocol includes +   responsibility notifications, X.500 directory support, EDI-specific +   addressing, message store support, message security, and other EDI- +   specific services.  Unfortunately, only a handful of X.435 products +   have actually reached the market, their interoperability is not +   assured, and their prices are substantially greater than for their +   IPS counterparts.  X.400 addressing tends to lock the customer into +   the domain of the service provider, whereas SMTP/MIME addresses are +   independent of the provider, permitting the customer to take his/her +   business elsewhere relatively easily.  The bottom line is that a lot +   more organizations do EDI via the Internet than via OSI. + +6.6.  How is the US Government using VANs to distribute business +      opportunities? + +   Presently, VANs make EDI request for quotation (RFQ) transactions +   available to their subscribers (along with other services).  For +   example, a VAN client may ask that all RFQs for chairs be forwarded +   immediately to them but the client is not interested in being +   notified about RFQs for paper products.  When a VAN sends an RFQ to a +   specific client mailbox, the VAN modifies the "to address" to that of +   the client.  In this way, a vendor need only subscribe to a VAN that +   is certified to receive and post the RFQs.  The vendor then sees a +   single source for all RFQs of interest, regardless of which buying +   organization originated them.  The screening and filtering process +   performed by the VANs prevents the spread of electronic "junk" mail. +   However, a trading partner could use an email filtering program to +   filter and sort email, saving on VAN charges. + +6.7.  How would use of the Internet for Federal procurement change +      this RFQ process? + +   Initially, very few changes may be apparent.  New and existing VANs +   will use the Internet to collect and disseminate EDI transactions; +   trading partners may be totally unaware of the change in technology. +   Prices may fall as VANs share telecommunications resources through +   Internet Protocols rather than maintain their own costly proprietary +   telecommunications services.  Instead of competing with VANs, the +   ubiquitous connectivity of the Internet offers VANs even greater +   business opportunities.  General purpose Internet Service Providers +   (ISPs) do not typically offer EDI specific services, but they can +   provide an alternative means to transfer EDI messages at a small + + + +Houser, et al                Informational                     [Page 25] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   fraction of the cost of typical EDI VANs. + +   The impact of an organization's moving EDI onto the Internet, +   independent of a VAN, is more difficult to assess.  In the view of +   some, the introduction of the Internet in the near term (1-5 years) +   adds additional interfaces and complexity to the organization's +   existing EDI environment.  This may in the short term increase costs +   and raise new costs.  But a corporate commitment to an open systems +   environment through the use of Internet Protocols offers the +   potential for a greater interoperability, integration of application +   systems, and therefore the promise of higher performance and lower +   costs.  Some organizations will be able to get to these benefits +   others will pay for a set of largely incompatible services.  The +   return on investment largely depends on one's ability to consider EDI +   on the Internet as a part of the organization's overall information +   systems strategy and the organization's plans for a presence on the +   Internet. + +7. EDI Resources On The Internet + +7.1.  Are EDI Standards available on the Internet ? + +   The Data Interchange Standards Association (DISA)  has a World Wide +   Web server at "http://www.disa.org/"  This Web server has +   considerable information, including a list of new standards, a list +   of all the X12 transaction sets, meeting minutes, calendar of events, +   and lists of courses.  Unfortunately, as of this date, the X12 +   standards are not available electronically.  [soap ...] Hopefully +   that will be added soon.  [...soap].  DISA has also set up a gopher +   server (gopher.disa.org) and an FTP server (ftp.disa.org). + +   The principle documents regarding ANSI ASC X12's planned alignment +   with EDIFACT are available on the World Wide Web.  The alignment plan +   adopted by a mail ballot of X12 in December 1994/January 1995 is at + +                   http:/www.disa.org/info/alinplan.html + +   The "floor motion" adopted at the X12 meeting in February 1995 is at: + +                 http:/www.disa.org/meetings/alinmotn.html + +   The following mail lists and exploders support X12 and EDIFACT +   standards development work. + + + + + + + + +Houser, et al                Informational                     [Page 26] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   ------------------ +   X12G Mailing list: +   ------------------ + +      This is a fully open exploder set up to support X12G. + +      To subscribe send an e-mail message to: + +                       x12g-request@snad.ncsl.nist.gov + +      The text of the message should only contain the following: + +                                subscribe x12g + +      After you subscribe, you can broadcast your messages to the +      participants (who have subscribed) via the address + +                           x12g@snad.ncsl.nist.gov. + +   --------------------- +   FED-REG Mailing list: +   --------------------- + +      This new exploder is concerned with the federal EDI Registry and +      the implementation of IMPDEF within the registry, the  EDI Viewers +      and Editors, and the use of IMPDEF to upgrade EDI products.  The +      nature of this mailist calls for informal discussion focusing on +      pragmatic issues. + +      To subscribe send an e-mail message to: + +                      fed-reg-request@snad.ncsl.nist.gov + +      The text of the message should only contain the following: + +                              subscribe fed-reg + +      Messages intended for the fed-reg list should be sent to: + +                          fed-reg@snad.ncsl.nist.gov + +   ------------------------- +   X12C-IMPDEF Mailing list: +   ------------------------- + +      This exploder deals with formal discussion in the context of X12 +      regarding the evolution of IMPDEF. If would expect that +      discussions in the context of the "fed-reg" exploder result in + + + +Houser, et al                Informational                     [Page 27] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +      formal DMRs submitted to "x12c-impdef" and X12C.  Anyway, the +      process will be defined and controlled by the appropriate X12C +      authority. + +      To subscribe send an e-mail message to: + +                    x12c-impdef-request@snad.ncsl.nist.gov + +      The text of the message should only contain the following: + +                            subscribe x12c-impdef + +      Messages intended for the fed-reg list should be sent to: + +                        x12c-impdef@snad.ncsl.nist.gov + +      See section 7.7 for additional EDI related mailing lists. + +7.2.  Are EDIFACT Standards available on the Internet ? + +   You can access the EDIFACT standards via GOPHER from the +   International Telecommunications Union (gopher://info.itu.ch).  Here +   are the general directions in getting to the standards. + +          1. Launch the gopher client as gopher info.itu.ch +          2. Select entry 11 (UN and international organizations) +          3. Select entry 1 (UN EDITRANS, UN/EDIFACT (EDICORE)) +          4. Select entry 3 (UN-EDIFACT Standards Database (EDICORE)) +          5. Select entry 1, Publications. + +   If you want the actual standards, select 1, Drafts. You will get + +           D93A (which becomes the standard S94a) +           D94A (which will be next year's standard). + +   If you want the UNTDED, select 2.  If you want the UNTDID, select 3. +   When you get to the lowest level directory in which ever path you +   choose, press D (i.e.  upper case D) to download. Choose the protocol +   that suits and you are the proud owner of an EDIFACT Standards +   Directory. + +   For electronic mail retrieval, send your message to itudoc@itu.ch +   with no subject and the following message body: + +   START +   GET ITU-1900 +   END + + + + +Houser, et al                Informational                     [Page 28] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +7.3.  The EDI X12 standards are quite complex.  How do we decide what +      X12 transactions to implement and how ? + +   There are a number of generic implementation conventions (ICs) or +   guidelines; most ICs are prepared on an industry-by-industry basis. +   Be sure that both you and your current trading partners are working +   from the same set.  The Federal Electronic Commerce for Acquisition +   Program Management Office has been promoting the 3040 version +   throughout the government and the private sector.  Older versions may +   be used in accordance with the ASC X12 rules.  Certain ICs are +   published by the Data Interchange Standards Association (DISA); +   contact DISA at the address above for information about ICs for your +   applications.  Certain ICs as well as the X12 standards may be +   obtained through: + +                   Washington Publishing Company +                   c/o EDI Support Services +                   P.O. Box 203 +                   Chardon, OH 44024-0203 + +                   US Phone     (800) 334-4912 +                   Non-US Phone (216) 974-7650 +                   Fax          (216) 974-7655 + +7.4.  What Implementation Conventions (ICs) are available over the +      Internet ? + +   The US. Federal Implementation Guidelines for Electronic Commerce for +   Acquisition are available for free via FTP at ds.internic.net.  These +   cover X12 transaction sets 810, 820, 824, 836, 838, 840, 843, 850, +   855, 864, and 997.  The path is pub/ecat.library/fed.ic/xxx where xxx +   can be acrobat.pdf, postscript or ascii file formats. + +              ftp://ds.internic.net/pub/ecat.library/fed.ic/ + +   The SPEEDE/ExPRESS Project, funded by the National Center for +   Education Statistics of the U.S. Dept. of Ed., publishes an +   Implementation Guide for X12 transaction sets 130, 131, 146, 147, and +   997.  The July 1994 versions (each in WordPerfect and in Postscript) +   may be retrieved by anonymous FTP at admissions.carleton.ca.  The +   WordPerfect 5.1 files are found in /pub/wp_speede_2 while the +   Postscript files are found in /pub/ps_guide_2. + +               ftp://admissions.carleton.ca/pub/wp_speede_2/ +                ftp://admissions.carleton.ca/pub/psguide_2/ + +   Complete directions for retrieving these files can be found in the +   AACRAO gopher at AACRAO-DEC.NCHE.EDU.  Choose the SPEEDE/ ExPRESS + + + +Houser, et al                Informational                     [Page 29] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   menu item, then Publications, and then select a version of the +   Implementation Guide.  Note that guidelines are sometimes referred to +   by the release/version designation (currently 3040). + +   The Defense Information Systems Agency (DISA) Center for Standards is +   the designated configuration manager for DoD Electronic +   Commerce/Electronic Data Interchange (EC/EDI) standards.  The DoD +   EC/EDI Standards repository system, available via anonymous FTP from +   ftp.sterling.com in the /edi/DoD-edi/ directory, contains DoD EDI ICs +   separated into two categories, User and Test. + +                    ftp://ftp.sterling.com/edi/DoD-edi/ + +   Test conventions are identical to User, except that the condition +   designator for all applicable transaction sets, data segments and +   data elements used by that convention are designated as Mandatory for +   test purposes.  Implementation convention files, both user and test +   versions, can be downloaded either individually or all together in +   compressed self-extracting files.  All the implementation files are +   available, when decompressed, in both WordPerfect 5.1/5.2 (.WP) file +   format and Standard Exchange Format (SEF) test files which are for +   use with EDISIM software or any other EDI software that conforms with +   the EDISIM .SEF file format. + +   The /DoD-edi/2003_User & _Test directories contain draft DoD +   Implementation Conventions based on ANSI X12 Version 2 Release 3 +   (2003): + +        840  Request for Quotation +        843  Response to Request for Quotation +        850  Purchase Order +        997  Functional Acknowledgement + +   The /DoD-edi/3010_User & _Test directories contain draft DoD +   Implementation Conventions based on ANSI X12 Version 3 Release 1 +   (3010): + +        810  Invoice: +        810  Commercial +        810  Progress Payment +        810  Public Voucher +        840  Request for Quotation +        843  Response to Request for Quotation +        850  Purchase Order +        997  Functional Acknowledgement + +   Additional 2003 and 3010 based conventions may be added in the near +   future.  3010 based conventions will never progress to approved + + + +Houser, et al                Informational                     [Page 30] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   status but will be used temporarily by various DoD agencies to +   implement phase I of the DoD Electronic Commerce (EC)/Electronic Data +   Interchange (EDI) in Contracting Report. + +   The /DoD-edi/3050_User directory contains draft DoD Implementation +   Conventions based on ANSI X12 Version 3 Release 5 (3050): + +        840  Request for Quotation +        843  Response to Request for Quotation +        850  Purchase Order +        855  Purchase Order Acknowledgement +        860  Purchase Order Change Request - Buyer Initiated +        865  Purchase Order Change Acknowledgement/Request - Seller +             Initiated + +   Note that the ICs in the /DoD-edi/3050_USER directory were developed +   as a means to express DOD requirements for an ANSI X12 3050 based +   transaction set.  They are not approved for implementation.  They +   have been submitted to the Federal IC configuration management +   process for adoption throughout the federal government.  Since they +   are subject to Federal review and are based upon a standard not yet +   released, changes can be anticipated.  (See ECA PMO above) + +7.5  How can a trading partner keep up with all these implementation +     conventions (ICs) and revisions in X12 and EDIFACT? + +   The US government is trying to standardize electronic communications +   internally and with it's 300,000 plus suppliers.  This requires +   standardization of the standards process and cross communication +   between programs.  The IMPDEF message and the NIST Federal IC +   Registry will place electronic versions of all its ICs on the +   Registry - both full federal ICs and individual agency ICs - so that +   any trading partner can download and use them.  In combination with +   message data compliance checking as well, smaller firms should be +   able to get into EDI and start benefitting both themselves and the +   government. + +7.6.  Where can I get information on EDI translation software ? + +   Several commercial trade magazines publish periodic guides to EDI +   translation software.  Under commission by the US Government, the +   Logistics Management Institute (LMI) of McLean, Va. published "A +   Guide to EDI Translation Software, 1994 Edition."  The guide +   describes the features and characteristics of EDI software offered by +   more than 60 vendors.  Commercial organizations can get copies for +   $20 each by sending a check made out to the Logistics Management +   nstitute.  Federal agencies may have up to five free copies by +   sending requests to + + + +Houser, et al                Informational                     [Page 31] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +                   Logistics Management Institute +                   Attn. Library +                   2000 Corporate Ridge +                   McLean, Virginia, 22102-7805 + +   You can fax a typed request to the LMI library at (703) 917-7597 or +   send a request to library@lmi.org.  Requests for hard copies of the +   Guide must include the requester's name, organization, address, +   telephone number, and number of copies desired.  All requests should +   cite Report IR421RD1.  If you have questions about the Guide, you can +   contact the author, Harold Frohman, at (703) 917-7286 or send him an +   Internet message at hfrohman@lmi.org.   A somewhat older LMI report +   (1992), but still quite relevant, is EDI Planning and Implementation +   Guide (DL204RD1, August 1992). + +7.7.  How do I keep in touch with others pursuing EDI and Electronic +      Commerce on the Internet ? + +   There are several EDI related mailing lists on (and off) the +   Internet.  Information on subscription follows below. + +   ---------------------- +   IETF-EDI Mailing list: +   ---------------------- + +      The IETF-EDI list has been established as a forum for discussing +      methods of operating EDI transactions over the Internet, and for +      discussing specifications which permit such operation.  This list +      is therefore focused on the technology of Internet usage of EDI, +      rather than on more general aspects of EDI technology or use. + +      To subscribe, send an e-mail message to: + +                             LISTSERV@BYU.EDU. + +      The text of the message should only contain the following: + +                           sub ietf-edi <your-name> + +      Messages intended for the ietf-edi list should be sent to: + +                              IETF-EDI@BYU.EDU. + + + + + + + + + +Houser, et al                Informational                     [Page 32] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   ------------------- +   EDI-L Mailing list: +   ------------------- + +      The EDI-L list is target towards more general EDI discussions. +      The edi-l mailing list is also gatewayed to the USENET newsgroup +      bit.listserv.edi-l. + +      To subscribe, send an e-mail message to: + +                           listserv@uccvma.ucop.edu + + +      The text of the message should only contain the following: + +                         subscribe edi-l <your-name> + +      Messages intended for the edi-l list should be sent to: + +                            EDI-l@uccvma.ucop.edu + + +   --------------------- +   EDI-NEW Mailing list: +   --------------------- + +      This list complements ietf-edi in the sense that it promotes +      discussion of new approaches to edi and the extension of edi +      beyond its traditional domains. + +      To subscribe, send an e-mail message to: + +                      edi-new-request@tegsun.harvard.edu + +      The text of the message should only contain the following: + +                        subscribe edi-new <your-name> + +      Messages intended for the edi-new list should be sent to: + +                          edi-new@tegsun.harvard.edu + + + + + + + + + + +Houser, et al                Informational                     [Page 33] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   ---------------------- +   SPEEDE-L Mailing list: +   ---------------------- + +      The main purpose of this list is for discussions of Educational +      EDI Standards. + +      To subscribe, send an e-mail message to: + +                           listserv@vtvm1.cc.vt.edu + +      The text of the message should only contain the following: + +                    SUBSCRIBE SPEEDE-L firstname lastname + +      Messages intended for the speede-l list should be sent to: + +                           speede-l@vtvm1.cc.vt.edu + +   ---------------------- +   OPEN-EDI Mailing list: +   ---------------------- + +      The main purpose of this list is for UN/EDIFACT users to review +      the work of JTC1/SC30. + +      To subscribe, send an e-mail message to: + +                          majordomo@utu.premenos.com + +      The text of the message should only contain the following: + +                              subscribe open-edi + +      Messages intended for the open-edi list should be sent to: + +                          OPEN-EDI@utu.premenos.com + + +   ------------------ +   ECAT Mailing list: +   ------------------ + +      The Federal Electronic Commerce for Acquisition Team (ECAT) has +      established an open mail list for those interested in ECAT +      activities. + + + + + +Houser, et al                Informational                     [Page 34] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +      Information sent to the forum address is automatically distributed +      to all forum members. This forum is available 24 hours a day, 7 +      days a week. Currently, only ASCII text messages up to 250kb are +      supported.  For best results when sending messages to this forum, +      each line should be limited 70 characters followed by a carriage +      return.  Also, your name and email address should be included in +      the body of messages sent. + +      To subscribe, send an e-mail message to: + +                           listserv@forums.fed.gov + +      The text of the message should only contain the following: + +                      subscribe ecat firstname lastname + +      Messages intended for the ECAT list should be sent to: + +                             ECAT@forums.fed.gov. + +7.8.  Can I get messages that have been previously posted to the EDI +      mailing lists ? + +   Yes.  Messages that have appeared on the ecat, edi-l, edi-new, fed- +   reg, x12c-impdef and ietf-edi list are available via FTP from + +                     ftp://ftp.sterling.com/edi/lists/ + +7.9.  I have EDI related material I'd like to make available to the +      Internet community.  How do I do that ? + +   If you have an existing Internet connected site, you can make the +   information available via FTP or WWW.  If you do not wish to go to +   the effort, send mail to Kent Landfield at + +                         edi-archive@sterling.com + +   Sterling Software is making the archive publicly available to the +   community.  Anyone who wants to distribute EDI related documents may +   contact Sterling to make your documents publicly available on +   ftp.sterling.com.  For example, the Department of Veterans Affairs +   has posted numerous studies and training materials on EDI which are +   available to the public at ftp.sterling.com/edi/va/. + +7.10.  Where are EDI Archives on the Internet ? + +   Some have been discussed previously while others have not.  Here is a +   very incomplete list of sites that archive EDI related material and + + + +Houser, et al                Informational                     [Page 35] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   make that information publicly available. + +          o  ftp://admissions.carleton.ca/pub/ +          o  ftp://ds.internic.net/ietf/edi/ +          o  ftp://ds.internic.net/pub/ecat.library/ +          o  ftp://ftp.sterling.com/edi/ +          o  ftp://ftp.swin.edu.au/pub/edi/ +          o  ftp://prospero.isi.edu/pub/papers/security/ +          o  ftp://turiel.cs.mu.oz.au/pub/edi/ + +          o  http://snad.ncsl.nist.gov/dartg/edi/fededi.html +          o  http://waltz.ncsl.nist.gov/ECIF/ecif.html +          o  http://www.disa.org/ +          o  http://www.acq.osd.mil/ec/ +          o  http://www.ietf.cnri.reston.va.us/ +          o  http://www.premenos.com/standards/EDIStandards.html + +8. Security Considerations + +8.1.  What security measures are needed to connect to the Internet ? + +   Internet security measures can be placed in two broad categories: +   protecting your system from intruders and protecting the content and +   integrity of your messages.  With respect to the latter, EC/EDI +   transactions of nominal value and sensitivity do not require special +   security requirements.  However, if the information has any sensitive +   aspects, you will need to take measures discussed below.  Competitors +   might intercept your bids and undercut your proposal.  Or they could +   monitor your purchases and shipping notices to determine your firm's +   production capacity.  To ensure confidentiality of the message, your +   e-mail system should offer some means of encrypting the message in a +   manner only the intended recipient can read.  Trading partners are +   responsible for satisfying existing rules and regulations relating to +   computer security and privacy.  For example, bid data received by +   government systems is subject to the appropriate controls.  Trading +   partner financial account data is likewise subject to disclosure +   restrictions.  To thwart those who might tamper with a message to +   divert delivery by changing the "ship-to" address, digital signatures +   can attest to the integrity of the message.  Digital signatures can +   also authenticate messages, preventing pranksters or rivals from +   submitting false orders. + +8.2.  How do we go about protecting our system ? + +   The weakest link in most systems are people and passwords; your +   current practices for managing both will apply to use of the +   Internet.  Steps you can take include: + + + + +Houser, et al                Informational                     [Page 36] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +      o  Obtain, study, implement, and enforce the NIST FIPS (112) on +         passwords.  Make the practice of safe computing a condition of +         continued employment and let your staff know it. + +      o  Conduct a risk assessment as described in Appendix M of the +         Federal Electronic Commerce for Acquisition Team report +         Streamlining Procurement Through Electronic Commerce.  This +         documents is available via ftp at ds.internic.net in the +         directory /pub/ecat.library. + +      o  Apply the recommendations from NIST Special Publication 800-9, +         Good Security Practices for Electronic Commerce, Including +         Electronic Data Interchange as appropriate. + +      o  Establish necessary internal and external "Firewalls."  See +         John Wack and Lisa Carnahan, "Keeping Your Site Comfortably +         Secure: An Introduction to Internet Firewalls," NIST Special +         Publication 800-10, undated. + +      o  Review RFC 1281[4] Guidelines for the Secure Operation of +         the Internet and RFC 1244 Holbrook and Reynolds "Site Security +         Handbook" + +      o  Review Cheswick and Bellovin's "Firewalls and Internet +         Security - Repelling the Wily Hacker," Addison-Wesley [5] + +      o  Consider implementing active countermeasures in your firewalls. +         See "There Be Dragons" by S. Bellovin, Proceedings of the Third +         Usenix UNIX Security Symposium, September 1992[6].  You can +         contact Bellovin at smb@ulysses.att.com. + +8.3.  Is there good publicly available software I can use? + +   These are several free, publicly available, security tools one can +   obtain via ftp from one of many good archives.  If your company uses +   UNIX systems to connect to the Internet or has UNIX systems connected +   to the Internet get and use the following tools: + +     1.  The Purdue University COAST - Security Archive (Computer +         Operations, Audit, and Security Tools, run by Gene Spafford) +         is located at coast.cs.purdue.edu and mirrored in a few places, +         including ftp.sterling.com. +     2.  COPS available from ftp.cert.org in /pub/tools +     3.  TIGER available from net.tamu.edu in pub/ + +   These tools are a series of scripts and programs that will alert you +   to many well-know problems and holes in UNIX systems and how to fix +   them. + + + +Houser, et al                Informational                     [Page 37] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   The Computer Emergency Response Team (CERT) at Carnegie Mellon +   University can assist with computer break-ins as well as provide +   notices of security activity on the Internet.  The US Department of +   Energy's Computer Incident Advisory Capability (CIAC), located at +   Lawrence Livermore National Laboratory, can provide assistance at +   ciac@llnl.gov or at 510-422-8193.  CIAC offers software and documents +   on their anonymous ftp server at ciac.llnl.gov.  Both CERT and CIAC +   are members of the Forum of Incident Response and Security Teams +   (FIRST), a global organization to foster cooperation and coordination +   among computer security teams worldwide. + +8.4.  How good are electronic or digital signatures ? Can they be used +      in court ? + +   Properly used, these signature systems are better than existing paper +   based authentication and forgery detection technology.  You will find +   a clear and concise description of how these signatures work in Gary +   Ratterree's RIPEM Beginner's Guide; contact Ratterree at +   grayr@cs.tamu.edu.   Other references include: + +                ftp://ftp.tis.com/pub/PEM/    for Privacy Enhanced Mail +                ftp://ftp.rsa.com/            for PEM +                ftp net-dist.mit.edu:/pub/PGP for Pretty Good Privacy +                                              (PGP) + +   An "infrastructure" for public keys is not required to use public key +   encryption or digital signatures. In the absence of such an +   infrastructure, the encryption protocol and the public keys would +   need to be exchanged bilaterally, such as part of the trading partner +   agreement.  A public key infrastructure would provide a secure means +   to obtain a public key without a need for a manual key exchange. + +   But digital techniques will become more convenient with the arrival +   of additional infrastructure and support systems.  The US government +   is taking steps to ensure the admissibility in court of such systems. +   We anticipate that the necessary regulatory and legal infrastructure +   will be in place about the same time as the necessary directory and +   certificate services and other supporting systems come on-line.  We +   expect to see expansion of several government pilot programs in the +   later half of 1994.  NIST recently published a report on the Public +   Key Infrastructure (PKI) and related policy issues; for information +   contact the NIST Computer Security Division at 301-975-2934. + +8.5.  Are there other US government standards publications I should +      be aware of? + +   Yes.  Here is a sample of those you will often hear mentioned. + + + + +Houser, et al                Informational                     [Page 38] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +      1. Federal Information Processing Standard (FIPS) Publication +         46-1, Data Encryption Standard, January 1988. + +      2. FIPS Publication 65, Guideline for Automated Data Processing +         Risk Analysis, August 1979. + +      3. FIPS Publication 113, Computer Data Authentication, May 1985. + +      4. FIPS Publication 180, Secure Hash Standard - (SHS), May 1993. + +      5. FIPS Publication 186,  Digital Signature Standard - (DSS), +         May 1994. + +      6. NIST Special Publication 800-9, Good Security Practices for +         Electronic Commerce Including Electronic Data Interchange, +         December 1993. + +   The FIPS standards may be ordered from the + +              U.S. Department of Commerce +              National Technical Information Service +              Springfield, VA 22161. + +9. References + +   [1] UN/EDIFACT (Electronic Data Interchange for Administration, +       Commerce and Transport) Syntax Rules (ISO 9735), March 1993, +       United Nations Economic Commission for Europe (UN/ECE), Working +       Party for the Facilitation of International Trade Procedures +       (WP.4) + +   [2] FIPS Publication 161-1, Electronic Data Interchange (EDI), +       National Institute of Standards and Technology, April 1993. + +   [3] The Internet Message: Closing the book with electronic mail, +       Marshal T. Rose., Prentice Hall, Englewood Cliffs, New Jersey, +       1993. + +   [4] Pethia, R., Crocker, S., and B. Fraser, "Guidelines for the +       Secure Operation of the Internet", RFC 1281, Software +       Engineering Institute, Trusted Information Systems, Inc., +       Software Engineering Institute, November 1991 + +   [5] Firewalls and Internet Security - Repelling the Wily Hacker, +       by Cheswick and Bellovin, Addison-Wesley, 1994, +       ISBN 0-201-63357-4 + + + + + +Houser, et al                Informational                     [Page 39] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +   [6] There Be Dragons, S. Bellovin, Proceedings of the Third +       Usenix UNIX Security Symposium, Baltimore, Maryland, September +       1992.  USENIX Association, ISBN 1-880446-46-4 + +10. Credits + +   James A.(Artch) Griffin <artch@AGRIFFIN.CPCUG.ORG> is credited with +   co-authorship as he prepared the ECAT FAQ which I used (or perhaps +   abused) as the base document.  Artch was judicious and patient as he +   watched his original text being rewritten over and over. + +   Carl Hage contributed detailed explanations and clarifications of the +   various Internet protocols and services and how EDI can employ them. + +   I would like to thank the following people for their comments and +   specific contributions: Kent Landfield, Mike Bauer, Kit Lueder, Eric +   Christ, Betsy Bainbridge, Bob Lyons, Kirby Spencer, Sally Hambridge, +   Ed Levinson, Warren Smith, Steve Bass, Jerry Johnson, Randy +   VandenBrink, John Pillay, Jim W.C.  Smith, Mark Charles, Jean- +   Philippe Favreau.  I apologize if I omitted any one of the many folks +   who responded to my many calls for comments. + +   I greatly appreciate Kent Landfield for his editorial assistance +   during final preparation of this document.  Sterling Software +   graciously hosted the work in progress for ftp access and review, +   saving many bits of Internet SMTP traffic. + +   Finally, I am grateful for the patient cooperation of the IETF +   Working Group and the participants of the IETF-EDI and EDI-L lists. +   It's a nice cyberplace to work! + +      WRH, Washington, DC. + + + + + + + + + + + + + + + + + + + +Houser, et al                Informational                     [Page 40] + +RFC 1865                 EDI Meets the Internet             January 1996 + + +11. Authors' Addresses + +   Walter Houser +   Department of Veterans Affairs +   810 Vermont Avenue +   Washington DC, 20240 + +   Phone: 202-786-9572 +   EMail: houser.walt@forum.va.gov +          houser@cpcug.org +   http://www.va.gov/ + + +   James A. (Artch) Griffin +   President, Athena Associates +   18924 High Point Drive +   Gaithersburg, Maryland 20879 + +   Phone: 301-972-2502 +   EMail: agriffin@cpcug.org + + +   Carl Hage +   C. Hage Associates +   1180 Reed Ave #51 +   Sunnyvale, CA 94086 + +   EMail: carl@chage.com +   http://www.chage.com/chage/ + + + + + + + + + + + + + + + + + + + + + + +Houser, et al                Informational                     [Page 41] + |