1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
|
Network Working Group W. Houser
Request for Comments: 1865 Dept. of Veterans Affairs
Category: Informational J. Griffin
Athena Associates
C. Hage
C. Hage Associates
January 1996
EDI Meets the Internet
Frequently Asked Questions about
Electronic Data Interchange (EDI) on the Internet
Status of this Memo
This memo provides information for the Internet community. This memo
does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
Abstract
This memo is targeted towards the EDI community that is unfamiliar
with the Internet, including EDI software developers, users, and
service providers. The memo introduces the Internet and assumes a
basic knowledge of EDI.
Table of Contents
1. Introduction ................................................ 4
1.1. What is this document .................................... 4
1.2. What do you mean by electronic data interchange (EDI) ? . 4
1.3. What are the X12 Standards that I should be aware of ? .. 4
1.4. To whom do I send comments and suggestions ? ............. 5
1.5. How can I get a copy of this document? ................... 5
2. General Information ......................................... 6
2.1. What is the Internet ? .................................. 6
2.2. Is there a difference between EDI and
electronic commerce (EC) ? ............................... 6
2.3. What makes the Internet useful for EDI ? ................ 6
2.4. Does this means we will now have to coordinate our
EC/EDI activities with the Internet? .................... 7
2.5. How do I find the addresses of other Trading partners
on the Internet if I don't have to coordinate my EDI
activities with a central organization or VAN? .......... 7
2.6. How fast is the Internet? ............................... 7
2.7. What about reliability of the Internet? ................. 7
2.8. What are RFCs and where can I get them ? ................ 8
Houser, et al Informational [Page 1]
^L
RFC 1865 EDI Meets the Internet January 1996
2.9. Where can I get general information about the Internet? . 8
3. Getting Connected To The Internet ........................... 9
3.1. What do I need to get to use the Internet? .............. 9
3.2. What software is used to support electronic mail? ....... 9
3.3. What types of client-server or server-server
protocols exist on the Internet? ........................ 10
3.4. What methods exist to broadcast information across
the Internet? ........................................... 12
3.5. What are the ways to connect to the Internet ? .......... 13
4. Organizational Issues ....................................... 15
4.1. Why is the way we currently do EDI so limiting to its
growth? .................................................. 15
4.2. My organization has an internal automated system for
processing requisitions and issuing purchase orders, but it
does not create the X12 formatted EDI transactions; what
should we do ? ........................................... 16
4.3. My organization already has a dial-in bulletin board
service (BBS) where we post transactions; should we
keep it? .................................................. 16
4.4. My organization currently has a Trading Partner
Agreement with each trading partner we're currently
doing business with. Can we keep them ? .................. 16
4.5. It would be nice to get more trading partners and/or
more competition, but I'm worried about getting too many
transactions to be able to handle them. Has this been a
problem ? ................................................ 17
4.6. Does this mean that I'll receive more messages ? ......... 17
4.7. If we see a transaction posted on VAN, how do we
respond in electronic format ? ........................... 18
4.8. My organization has an established bilateral
relationship (such as an existing contract. Can we
send these transactions via the Internet ? ............... 18
5. The Role Of Value Added Networks ............................ 18
5.1. What is a VAN? ................... ....................... 18
5.2. What is an Internet Service Provider (ISP)? .............. 19
5.3. How might an ISP be used for EDI? ........................ 19
5.4. Doesn't EDI presume the services of companies called
Value Added Networks (VANs)? ............................. 19
5.5. If I can use X12 protocol and my VAN to send
transactions, what is the benefit of using
the Internet? ............................................ 20
5.6. Can we expect VANs to offer connections to other VANs
via the Internet? ........................................ 20
5.7. How can I use the Internet directly for exchanging EDI
messages without going through a VAN? .................... 20
5.8. Can the ISA 06 or 08 identify any entity other than the
'end' Trading Partners (i.e. a routing entity) ? ......... 21
Houser, et al Informational [Page 2]
^L
RFC 1865 EDI Meets the Internet January 1996
5.9. Can we specify both the recipient's address and their
VAN address in the ISA ? ................................ 22
5.10. Are there other options for routing EDI X12
messages ? ............................................... 22
6. US Federal Involvement ...................................... 22
6.1. What is the commitment of the US Federal Government
to EDI ? ................................................ 22
6.2. What is the timetable for the Federal effort ? .......... 23
6.3. Will the US Government use the Internet to send
EDI transactions ? ...................................... 23
6.4. I heard the US Government prohibited commercial use
of the Internet? ........................................ 24
6.5. The US Government is using both Internet and OSI
E-mail protocols. What should one consider when
choosing which to use ? ................................. 24
6.6. How is the US Government using VANs to distribute
business opportunities? ................................. 25
6.7. How would use of the Internet for Federal procurement
change this RFQ process? ................................ 25
7. EDI Resources On The Internet ............................... 26
7.1. Are EDI Standards available on the Internet ? ........... 26
7.2. Are EDIFACT Standards available on the Internet ? ....... 28
7.3. The EDI X12 standards are quite complex. How do we
decide what X12 transactions to implement and how ? ..... 29
7.4. What Implementation Conventions (ICs) are available
over the Internet ? ..................................... 29
7.5. How can a trading partner keep up with all these
implementation conventions (ICs) and revisions in
X12 and EDIFACT? ......................................... 31
7.6 Where can I get information on EDI translation
software ? ............................................... 31
7.7. How do I keep in touch with others pursuing EDI and
Electronic Commerce on the Internet ? .................... 32
7.8. Can I get messages that have been previously posted
to the EDI mailing lists ? ............................... 35
7.9. How do I make EDI related material available
to the Internet community ? .............................. 35
7.10. Where are EDI Archives on the Internet ? ................. 35
8. Security Considerations ..................................... 36
8.1. What security measures are needed to connect to the
Internet ? ............................................... 36
8.2. How do we go about protecting our system ? ............... 36
8.3. Is there good publicly available software I can use? ..... 37
8.4. How good are electronic or digital signatures ?
Can they be used in court ? .............................. 38
8.5. Are there other US government standards publications
I should be aware of? .................................... 38
Houser, et al Informational [Page 3]
^L
RFC 1865 EDI Meets the Internet January 1996
9. References .................................................. 39
10. Credits .................................................... 40
11. Authors' Addresses ......................................... 41
1. Introduction
1.1. What is this document
This document is informational in nature and attempts to answer
frequently asked questions concerning the use of the Internet for
Electronic Data Interchange (EDI). The primary audience is the EDI
community that is unfamiliar with the Internet, including software
developers, users, and service providers. The reader needs some
understanding of EDI. Informational RFCs are prepared by the
Internet Engineering Task Force (IETF) to improve understanding and
effectiveness in the use of the Internet.
1.2. What do you mean by electronic data interchange (EDI) ?
Except as noted, the document refers to EDI as the use of the
1) X12 standard developed by the ANSI Accredited Standards
Committee X12 or
2) EDIFACT[1] standard United Nations Economic Commission for
Europe (UN/ECE), Working Party for the Facilitation of
International Trade Procedures (WP.4).
The differences between these standards is beyond the scope of this
FAQ. Both standards activities are managed in the US by:
Data Interchange Standards Association, Inc,
1800 Diagonal Road, Suite 200
Alexandria, Virginia, 22314-2852
Voice: 703-548-7005
FAX: 703-548-5738
There are numerous other standards one could use for EDI, but
discussion of them is not in the scope of this document.
1.3. What are the X12 Standards that I should be aware of ?
ACCREDITED STANDARDS COMMITTEE (ASC) X12 Standards are available from
DISA at the address specified in Question 1. The following is a good
starting set of X12 standards.
1. ASC X12S/94-172, An Introduction to Electronic
Data Interchange, DISA 1994 Publications Catalog
Houser, et al Informational [Page 4]
^L
RFC 1865 EDI Meets the Internet January 1996
2. ASC X12.3 Data Element Dictionary
3. ASC X12.5 Interchange Control Structure
4. ASC X12.6 Application Control Structure
5. ASC X12.22 Segment Directory
6. ASC X12.58 Security Structures
1.4. To whom do I send comments and suggestions ?
Readers are invited to add questions; please include an answer if you
know or want to suggest one. Of course corrections and comments are
welcome; send them to the IETF-EDI mail list by subscribing as
described in question 7.6. Or a send your comment to
houser.walt@forum.va.gov.
1.5. How can I get a copy of this document?
Request for Comments documents (RFC) are available by anonymous FTP.
Login with the username "anonymous" and a password of your e-mail
address. After logging in, type "cd rfc" and then
"get rfc1865.txt".
A Web address for the RFC is:
ftp://ds.internic.net/rfc/rfc1865.txt
RFC directories are located at:
o Africa at: ftp.is.co.za (196.4.160.2)
o Europe: nic.nordu.net (192.36.148.17)
o Pacific Rim: munnari.oz.au (128.250.1.21)
o US East Coast: ds.internic.net (198.49.45.10)
o US West Coast: ftp.isi.edu (128.9.0.32)
RFCs are also available by mail. Send a message to:
mailserv@ds.internic.net. In the body type:
"FILE /rfc/rfc1865.txt"
NOTE: The mail server at ds.internic.net can return the document in
MIME-encoded form by using the "mpack" utility. To use this feature,
insert the command "ENCODING mime" before the "FILE" command. To
decode the response(s), you will need "munpack" or a MIME-compliant
mail reader. Different MIME-compliant mail readers exhibit different
behavior, especially when dealing with "multipart" MIME messages
(i.e., documents which have been split up into multiple messages), so
check your local documentation on how to manipulate these messages.
Houser, et al Informational [Page 5]
^L
RFC 1865 EDI Meets the Internet January 1996
2. General Information
2.1. What is the Internet ?
It is the inter-working of existing corporate and government networks
using commonly used telecommunications standards. It is not a new
physical network, although some new facilities may be needed.
Rather, it is based on mutual interests of users to communicate more
effectively via electronic message and file transfers. Internet
communications may be interpersonal (person-to-person) E-Mail or
process-to-process like EDI. Messages may be inquiries to shared
databases and responses. Messages may be entire files.
2.2. Is there a difference between EDI and electronic commerce (EC) ?
Electronic Data Interchange (EDI) is defined as the inter-process
(computer application to computer application) communication of
business information in a standardized electronic form. Electronic
Commerce includes EDI, but recognizes the need for inter-personal
(human to human) communications, the transfer of moneys, and the
sharing of common data bases as additional activities that aid in the
efficient conduct of business. By incorporating a wide range of
technologies, EC is much broader than EDI. However, the focus of
this document in on EDI, not electronic commerce.
2.3. What makes the Internet useful for EDI ?
The greatest benefits will derive from:
o Adoption of common standards and proven inter-operable systems,
o Adoption and deployment of a distributed Directory Service
capability, so that one can readily contact electronically any
other organization in the world.
o Explicit commitment by participating organizations to
cooperatively route traffic, work to resolve addresses, and
meet required standards.
o Ubiquitous network coverage from many service providers. This
allows the customer to choose the level of service needed.
o Layering of applications (such as EDI) over existing, proven,
applications.
o A standards process with reference implementations which
all vendors have equal access. (a.k.a. a level playing field).
Houser, et al Informational [Page 6]
^L
RFC 1865 EDI Meets the Internet January 1996
o Widely available public domain software including but not
limited to applications, protocol/transports and multiple
platform development tools.
2.4. Does this means we will now have to coordinate our EC/EDI
activities with the Internet?
The Internet is not an organization or government agency. You use
the Internet to do business like you would use the telephone. The
same Internet connection your organization uses to send electronic
mail would be the one you use to send EDI transactions. Software
developers write EDI translators, packages or templates for your e-
mail system so that you can handle your own EDI transactions. Your
EDI activities do not need to be coordinated, but your connection to
the Internet does.
2.5. How do I find the addresses of other Trading partners on the
Internet if I don't have to coordinate my EDI activities with
a central organization or VAN?
The Internet works by assigning names or "domains" to
networks/companies/machines. This is called the Domain Name Service
(DNS). It works from a distributed tree structure. The Internet
requires registration of your Internet Protocol (IP) address and
Domain Name in the Domain Name Service (DNS). Your internet service
provider can do this for you or assist you in contacting the right
people to get your assigned addresses and domain names.
2.6. How fast is the Internet?
For a modest amount of data with a dedicated connection, a message
transmission would occur in a matter of seconds, unless the ISP
selected one of the trading partners is overloaded. The maximum
delay over the internet backbones is at most a few seconds. Like the
interstate highway system, speed depends on how close you and your
trading partner are to Internet backbones. Unfortunately, some areas
may lack the capacity or "bandwidth" to handle the workload your
organization requires. Contact your local Internet Service Provider
for details on service in your area. Also, the more you are willing
to spend, the better the service. The Internet is inexpensive, but
(contrary to popular mythology) it is not free.
2.7. What about reliability of the Internet?
For high reliability mission critical applications, redundant ISPs
may be used (with separate backbones), and redundant mail servers at
separate locations can be used. A single internet email or server
address can be used to transparently route to any of the redundant
Houser, et al Informational [Page 7]
^L
RFC 1865 EDI Meets the Internet January 1996
servers or network connections.
If a dedicated Internet connection is used to transmit information,
e.g., via SMTP (see questions 3.2 and 3.5), then the message is
delivered directly to the trading partner's system and delivery is
assured. If a part time store and forward connection is used, then
the integrity of the message depends on the ISP or other computers
used in the forwarding of a message.
2.8. What are RFCs and where can I get them ?
RFC stands for Request For Comments. The RFC series of notes covers
a broad range of topics related to computer communications. The core
topics are the Internet and the TCP/IP protocol suite. There are
three categories of RFCs today, Standards Track, Informational, or
Experimental. Many of the RFCs describe de-facto standards in the
Internet Community. Copies of RFCs are often posted to the USENET
newsgroup comp.doc and obtainable from archive sites such as
ds.internic.net.
ftp://ds.internic.net/rfc/
2.9. Where can I get general information about the Internet?
Your local bookstore probably has one of the many recent introductory
publications on the Internet. In addition, look for (or have someone
get you) the following bibliographies for free:
RFC 1175
Bowers, K., LaQuey, T., Reynolds, J., Roubicek, K.,
Stahl, M., and A. Yuan, "FYI on Where to Start -
A Bibliography of Internetworking Information",
08/16/1990 (FYI 3)
ftp://ds.internic.net/rfc/rfc1175.txt
RFC 1463
Hoffman, E., and L. Jackson, "FYI on Introducing the
Internet -- A Short Bibliography of Introductory
Internetworking Readings for the Network Novice",
05/27/93 (FYI 19)
ftp://ds.internic.net/rfc/rfc1463.txt
The reader may want to look at the Frequently Asked Questions (FAQ)
document for the newsgroup alt.internet.services. This FAQ, as well
as all Usenet FAQs, can be retrieved via ftp from rtfm.mit.edu in the
directory /pub/usenet/news.answers. These FAQs are also available
Houser, et al Informational [Page 8]
^L
RFC 1865 EDI Meets the Internet January 1996
from ftp.sterling.com in the directory /usenet/news.answers.
3. Getting Connected To The Internet
3.1. What do I need to get to use the Internet?
You need to know your existing telecommunications connectivity,
address resolution, and routing capabilities. Then you need to
establish and operate an Electronic Mail gateway and/or other
application gateway, e.g., for the file transfer protocol (FTP).
Larger organizations may supply their trading partners with the
TCP/IP software and X12 translator interfaced to E-mail or FTP.
3.2. What software is used to support electronic mail?
a) Simple Mail Transfer Protocol (SMTP) Servers
A dedicated internet connection usually uses SMTP software to send
and receive messages. The SMTP server may transfer messages to the
"spool" area for incoming email in the file system, may queue the
messages for transmission via UUCP, may hold mail in a POP server,
or may transfer the message to a proprietary email system.
b) Unix-to-Unix Copy (UUCP) Servers
A UUCP server is used to transfer messages when a store and
forward is used, either between machines within a WAN, or to
another machine with a dialup link.
c) Post Office Protocol (POP) mail Servers
A POP server holds email which can later be retrieved by a client
application run by the user, typically on a PC which might not be
running 24 hours a day. The TCP/IP protocol is used either over a
LAN or dialup SLIP connection to retrieve messages.
d) Mail User Agents (Mail Readers)
Uses or applications employ client programs to retrieve and
display email messages from the file system mail spool area, or
from another server computer using POP or some other proprietary
protocol (e.g. Microsoft-Mail). This mail user agent (UA) software
is also used to compose and send email via a POP server or system
email.
The mail user agent may also process attached files using a
proprietary format within a mail message, using one of the common
de-facto standards, or using the Multipurpose Internet Mail
Houser, et al Informational [Page 9]
^L
RFC 1865 EDI Meets the Internet January 1996
Extensions (MIME) internet standard. Among other things, MIME
permits the identification and concatenation of message parts
(called "body parts") into a single message that can traverse the
Internet using the SMTP protocol. The Work in Progress, "EDI in
MIME" provides the necessary standards for MIME compliant user
agents to identify EDI body parts. A MIME compliant mail reader
can process the contents of the messages and dispatch data to
external software. For example, files can be dragged to file
system directories, images can be displayed, and audio data can be
played. In the case of EDI, a message formatted according to the
MIME-EDI specification could be automatically transferred to an
EDI processing program.
e) Automated Mail Processing
A typical Mail User Agents is an interactive application. However
there are automated email message processing programs which can
sort incoming mail, process forms returned by others, or in the
case of EDI data, transfer the message contents to the EDI system.
Messages formatted according to the MIME EDI specification can be
properly recognized by any MIME compliant mail processing program.
3.3. What types of client-server or server-server protocols exist on
the Internet?
Internet email is typically used for two party messaging. The FTP,
gopher, and HTTP protocols allow many users, possibly anonymous, to
retrieve data from a central source. For example, corporate catalogs
can be restricted by potential customers.
a) File Transfer Protocol (FTP)
Companies with existing connectivity to the Internet may use FTP
to transfer files to one-another or to their VAN. This solution
employs the same TCP/IP used for SMTP. Furthermore, Internet
documents such as EDI in MIME Work in Progress are available via
FTP on the FTP server "ds.internic.net."
b) gopher service protocol.
Gopher service is a way of organizing selected documents and files
on an Internet server in a simple tree menu, so that users on
other Internet computers can find them easily. Most gopher menus
are also linked to other gopher menus elsewhere, so that users can
easily jump from one Internet server to another. There are
thousands of gopher servers in operation worldwide.
Houser, et al Informational [Page 10]
^L
RFC 1865 EDI Meets the Internet January 1996
c) The Hypertext Transfer Protocol (HTTP)
HTTP defines http-server and http-clients that comprise the World
Wide Web (WWW). WWW was developed by the European Laboratory for
Particle Physics (CERN) as a tool for exchanging multimedia data
between researchers. Although there is also no specification for
graphics in HTTP, most web browsers are graphical in nature.
Mosaic, available free from the National Center for Supercomputer
Applications (NCSA), provides a Graphical User Interface (GUI)
that facilitates user access to information on the Internet.
Mosaic interprets hypertext based information on the WWW, as well
as to other linked Index/Directory services such as Archie, FTP,
Gopher, and X.500 Directory information. Mosaic also supports on
line Graphic Interchange Format (GIF), Joint Photographic Experts
Group (JPEG), Motion Picture Experts Group (MPEG), QuickTime, and
other document, image, and audio types. Vendors have developed
product catalogues using Mosaic servers.
d) WHOIS
WHOIS servers generally offer information about the organization
to which they belong. There are many WHOIS servers scattered
throughout the Internet. To obtain a list of registered WHOIS
servers, anonymous FTP to rtfm.mit.edu and get the file
/pub/whois/whois-servers.list. You can:
o run a client program on your own machine to access the
WHOIS server,
o telnet to a site which hosts the server, eg: telnet to
whois.internic.net and type help to access the full online
help
o send an email message to retrieve information from the
database. eg: send email to mailserv@internic.net with
a command in the Subject field. Any information in the
body part of message will be ignored. ie.
Subject: whois <search string>
Therefore, to find information on the Internic Registration
Service, the subject should contain: whois internic
Moreover, to obtain help information on this service you can
send two separate email with the following in their subject
line, respectively:
Houser, et al Informational [Page 11]
^L
RFC 1865 EDI Meets the Internet January 1996
help
whois help
3.4. What methods exist to broadcast information across the Internet?
There are also some usual methods to broadcast messages to multiple
recipients as described below:
a) Usenet News
Usenet news is a cooperative broadcast of messages to all
participants. Messages are organized into categories called
newsgroups, and there are over 10,000 newsgroups carried by the
major ISPs. Individual customers typically subscribe to some
subset of these which is of interest to the organization.
Messages are typically held for a week or two, then either
archived or discarded. Some newsgroups are free form, i.e. anyone
can post a message, while others are "moderated", i.e. require
approval prior to posting.
Though not currently used for any type of EDI, Usenet news could
be used to broadcast RFQs. For example, comp.newprod is used to
announce new products, and misc.jobs.wanted is used to announce
job openings.
b) Mailing Lists
If the interest is limited, a mailing list may be used in lieu of
a newsgroup. These are typically used for discussion groups or
announcements of a particular nature. Mailing lists are typically
open, i.e. anyone can "subscribe" by sending an email message to a
server. For discussion groups, anyone can send a message to the
server which is then rebroadcast to all subscribers. Since
Internet email is extremely inexpensive, there is normally no
charge for use of a mailing list, except for the content of
e-magazines, etc. Sponsors of an email list typically provide the
list as a public service.
For example, a mailing list could be used to broadcast EDI RFQs,
etc. Vendors might subscribe to various lists related to their
product or service in order to receive messages sent by potential
customers. Mailing lists could be provided by large companies for
internal use, by industry organizations, or VANs. For example, a
firm or government agency could sponsor various mailing lists for
EDI RFQ's, new product announcements, etc. related to procurement.
The organization could easily allow other potential customers to
use the same mailing lists to contact vendors. All parties would
benefit, and the improved access to vendors from an open mailing
Houser, et al Informational [Page 12]
^L
RFC 1865 EDI Meets the Internet January 1996
list would more than offset the cost to support the mailing list
server. Thus service might be available for free.
3.5. What are the ways to connect to the Internet ?
The following provides a general overview of connectivity options now
available:
a) Dedicated Connection
Typically a leased telephone line is used to connect a gateway
computer or Typically a leased telephone line is used to connect a
gateway computer or bridge/router of a corporate LAN/WAN to the
router of the Internet Service Provider's (ISP) Point-Of-Presence
(POP, not to be confused with the Post Office Protocol). The
connection may be of various types and speeds, e.g. modem, ISDN,
DS0, or DS1 line.
With a dedicated connection, the SMTP protocol is typically used
to deliver email directly to a trading partners system. Also,
real-time client server applications can be run directly with a
trading partners system, including information transferred using
the FTP and HTTP protocols.
Some ISPs provide optional services even with dedicated
connections. For example, store and forward email on an ISP
server can be used as a backup for a direct SMTP server operated
by a trading partner. The ISP may offer disk space on their FTP
and HTTP servers with a high speed connection to the Internet.
For example, a trading partner might use a 14.4Kb modem for
dedicated email transfers and use a 1.5Mb connection operated by
the ISP to distribute FTP and HTTP information.
b) On-demand Connection
An on-demand connection operates like a dedicated connection,
except a dialup ISDN or modem connection is used. If the link
remains idle for a certain period of time, the connection is
dropped. Some ISPs offer dial-out capability so any inbound or
outbound traffic can reestablish the link. However, many ISPs
require their customers to dial-in, so only outbound traffic and
regular polling will establish the link. In the latter case, store
and forward would likely be used for email, and the ISP servers
would be used for FTP and HTTP information.
Houser, et al Informational [Page 13]
^L
RFC 1865 EDI Meets the Internet January 1996
c) Part-time Polled Connection
The Unix-to-Unix Copy (UUCP) protocol is typically used for email,
news, and (rarely) file transfers. A client organization
periodically dials the ISP and transfers email and Usenet news for
the organization, then disconnects. Typically, the client polls
the ISP at regular intervals, e.g. every 20 minutes, though some
ISPs dial out when a message is to be delivered. Outgoing email
can be sent immediately, or queued for transmission with a
specified maximum delay.
A UUCP connection may be used to transfer messages to an arbitrary
number of people or automated mail processing programs. A single
UUCP connection may also route messages to other systems, e.g.
divisions within a corporation. UUCP and store-and-forward are
synonymous.
Since UUCP is only used to transfer mail and news messages,
interactive internet client-server applications like FTP and HTTP
are not available, except using a server provided by an ISP. Thus
a separate dialup account might be needed to retrieve information
from other FTP or HTTP servers. UUCP might be used for automated
email transfer, and a on-demand dialup connection would be used
for interactive internet client applications.
Though UUCP accounts imply a delay (up to the polling interval) in
processing a message, many ISPs allow a customer supplied script
to process messages immediately on the ISP's machine. Though UUCP
can be used to transfer files directly, usually files are
transferred by encoding them within an email message.
Transmission within internet email messages is much more widely
supported and can be gatewayed into proprietary systems.
d) Dial-up Shell Account
With a dial-up account, a single user with a personal computer
running a terminal emulator connects to the ISP's computer. Mail
readers, news readers, HTTP browsers, etc. can be run on the ISP
machine. Data on the ISP machine can be transferred to the
personal computer manually using a protocol like X-Modem, Z-Modem,
or Kermit.
The ISP's host computer may run one of the usual UNIX command line
(shell) programs, or may use a custom BBS or other menu driven
user interface. A proprietary client-server program may be used in
lieu of a terminal emulator to provide a graphic user interface.
Some of the proprietary GUI clients provide access to selected
internet applications, e.g. gopher.
Houser, et al Informational [Page 14]
^L
RFC 1865 EDI Meets the Internet January 1996
A dialup ISP typically has a direct internet connection, however
very low cost providers might only have a UUCP connection to the
Internet. Some large proprietary networks such as CompuServe do
not offer a direct internet connection, and only support UUCP
email and, sometimes, Usenet news gateways to the Internet.
d) Personal Serial Line Internet Protocol (SLIP) or Point to Point
Protocol (PPP) Account
A SLIP/PPP account is also available as a cross between the on
demand and dial- up. Like the on-demand account, a single user can
connect to an ISP and run mail reader, news reader, FTP, HTTP
browser, etc. client applications directly from a personal
computer. Unlike the on-demand account, the dial-out computer
functions as a client only and not a server, and would be used by
a single user rather than as a gateway to a LAN.
With a SLIP/PPP account, the POP (Post-Office-Protocol) protocol
is used for a user's mail reader client to retrieve messages
stored in the ISP's server. Unlike, UUCP, the POP servers hold
mail for a single user (i.e. individual email address).
With a SLIP/PPP connection any standard TCP/IP application is tied
directly into the internet. Thus unlike the proprietary GUI
software supplied by the ISP, any TCP/IP client application can be
used.
A program such as TIA (The Internet Adapter) can be run on a shell
account which allows a standard UNIX shell account to function as
a SLIP/PPP account. However, some ISPs do not support TIA as they
charge extra for SLIP.
4. Organizational Issues
4.1. Why is the way we currently do EDI so limiting to its growth?
There is a tendency for each organization to establish is own rules
and administrative policies, leading to rising costs of dealing with
multiple trading partners, each in turn with its own requirements and
procedures. However, new technologies and business practices are
necessary if EDI is to move beyond the 30 to 40,000 organizations
presently using EDI. According to Department of Labor and Internal
Revenue Service statistics, there are about 6.2 million entities with
employees and about 14 million other "business" entities. A business
that wants to sell chairs, for example, would have to check with many
different customers to see if they had any requirements. By making
it possible for a business to use a common method to look for
customers, the barriers entering to the electronic marketplace are
Houser, et al Informational [Page 15]
^L
RFC 1865 EDI Meets the Internet January 1996
greatly eased. This does not mean that there is only one source that
everyone goes to for a list of current business opportunities.
Rather, a prospective supplier only needs to go to a single
electronic marketplace. To communicate with each other, the various
participants in electronic commerce need to harmonize their
procedures and processes. Examples include common trading partner
registration and the adoption of standard implementation conventions
for EDI messages.
4.2. My organization has an internal automated system for processing
requisitions and issuing purchase orders, but it does not create
the X12 formatted EDI transactions; what should we do ?
You could enhance your existing system, for example, by adding EDI
translation software. VANs often offer EDI "translation"
capabilities that convert flat text files into EDI X12 or EDIFACT
format. This translation software may be designed with a particular
technical solution in mind; carefully consider how the software would
be used and what applications and telecommunications software would
need to interact with it. You don't want to inadvertently lock
yourself into using only one supplier.
4.3. My organization already has a dial-in bulletin board service
(BBS) where we post transactions; should we keep it?
Yes, but that puts you in the role of being your own VAN. By acting
independently, organizations have established their own dial-up
electronic bulletin board system with their own unique, but
functionally equivalent, operating rules. Your BBS will be a little
different that the next organization's, making it difficult for
suppliers to access. By getting transactions from the VANs who
specialize in moving information, your organization will get the
widest circulation possible. You will be able to reach trading
partners you may not even know existed, resulting in more competitive
bids. Because of their idiosyncratic nature, BBS are not consistent
with the idea of a "single face to industry" espoused by the Federal
Government.
4.4. My organization currently has a Trading Partner Agreement
with each trading partner we're currently doing business with.
Can we keep them ?
In the short run you may want to keep some Agreements in place to
cover unique circumstances. But be careful not to create conflicting
agreements and directions for your trading partners. Follow the
procedures common to your particular line of business. In the long
run, less is better. Hopefully, the introduction of EDI into common
commercial practice will eliminate the need for EDI-specific
Houser, et al Informational [Page 16]
^L
RFC 1865 EDI Meets the Internet January 1996
agreements.
4.5. It would be nice to get more trading partners and/or more
competition, but I'm worried about getting too many transactions
to be able to handle them. Has this been a problem ?
The answers to this and related questions presupposes a willingness
to participate in the open bidding process. While this process is a
legal requirement for government agencies, many private organizations
choose not to adopt the practice. The technology of the Internet
facilitates competition, but the cost of putting these practices in
place limit their value. This is a business decision, not a
technical one. Will companies competitively procure critical
supplies absent a long term relationship with the supplier? For
essential inputs that will make or break customer satisfaction and
productivity, the benefits of competition may not be worth the risks.
Many organizations experience some increase in the number of
transactions; for competitive procurements, the winning bid should be
significantly better than those received prior to using the
electronic system. The impact of an increase in volume needs to be
evaluated on a situation by situation basis. For example, your
acquisition support system may need to be re-engineered to quickly
handle bids by ranking and presenting them to your buyers in low to
high order. Your new or enhanced system should make it easy to
receive and reply to any inter-personal messages that are sent and
linked to a bid (that is, an SMTP/MIME message or the EDI X12.864
text message transaction set).
4.6. Does this mean that I'll receive more messages ?
There is a strong likelihood the number of messages will increase as
There is a strong likelihood the number of messages will increase as
you reach more and more trading partners. After a reasonable trial
period, your EDI trading partners should be relying on EDI and
disinclined to use alternative forms of communication that don't fit
EDI/EC. Once you use EDI/EC to communicate with a trading partner,
you should consider discouraging the use of telephone calls or fax
messages or other non-EDI/EC messages by pointing out the fact that
telephone or fax messages are processed more slowly. By using
electronic messaging, you can establish a written and dated audit
trail. Your application system can route the message to the buyer
and "attach" it to a "case file". However, if your organization does
not use automated systems, you will want to adjust your approach to
dealing with non-EDI messages.
Houser, et al Informational [Page 17]
^L
RFC 1865 EDI Meets the Internet January 1996
4.7. If we see a transaction posted on VAN, how do we respond in
electronic format ?
This function is typically handled by applications software, not by
the Internet. For example, a vendor that wishes to bid on a
particular Request For Quotation (RFQ) would prepare a bid (X12-843)
and send it via their VAN of choice. The identification information
in the interchange control header (ISA) and functional group header
(GS) will be interpreted by your VAN and forwarded to the buyer's VAN
or to the buyer directly, depending on the reply address. VANs may
reject messages from unregistered sources; otherwise they are
forwarded to (or otherwise made available to) the buyer. If a buyer
is using dial-up access to a VAN, then they will have to call-in for
their messages.
4.8. My organization has an established bilateral relationship
(such as an existing contract. Can we send these transaction
via the Internet ?
Yes, the Internet can be used to send transaction sets to existing
trading partners via SMTP or FTP messages. VANs were typically used
for bilateral relationships between companies, whereas the Internet
is useful for establishing multilateral relationships. These
bilateral relationships are usually quite stable, but both parties
had to agree to share the same VAN or get their VANs to interconnect.
Multilateral relationships are between organizations that don't
necessarily have existing relationships and may be rather ephemeral.
The Internet is suited to dynamic multilateral relationships that may
later evolve into static bilateral relationships between companies
using VANs. Therefore, the issues concerning the Internet (security,
availability, etc.) are manageable in the early stages of forming a
relationship. If your current VAN is not capable of using the
Internet, you may need an alternative route for those messages.
Later, as the business relationship matures, the use of VANs may be
appropriate as the level of communication becomes more important.
For example, unless your system has a directory of all registered
trading partners, you lack the capabilities to screen and validate
transactions that arrive at your site.
5. The Role Of Value Added Networks
5.1. What is a VAN?
The use of EDI over the Internet is in the early stages, although the
technology and services are developing remarkably rapidly. In the
past, organizations doing EDI typically have relied on specialized
firms called Value Added Networks (VANs) for technical assistance.
Many of these organizations will look to their VAN for assistance in
Houser, et al Informational [Page 18]
^L
RFC 1865 EDI Meets the Internet January 1996
using the Internet. VANs specializing in EDI applications provide
technical support, help desk and troubleshooting for EDI and
telecommunications problems. They assist in configuration of
software, upgrades to telecommunications connectivity, data and
computer security, auditing and tracing of transactions, recovery of
lost data, service reliability and availability. Some EDI specific
services can include broadcasting an RFQ to a collection of vendors,
or storage of EDI information for later search and retrieval.
5.2. What is an Internet Service Provider (ISP)?
VAN services have typically used proprietary network or a network
gatewayed with a specific set of other proprietary networks. In
contrast an Internet Service Provider (ISP) offers generic network
access (i.e. not specific to EDI) for all computers connected to the
internet. A direct internet connection permits real time computer-
computer communication for client-server applications.
Alternatively, a part time internet connection can be used to access
internet servers using an on-demand basis, or access another system
via email which includes a store and forward method. Internet email
may be used as a gateway to proprietary networks if the proprietary
network has an email gateway.
5.3. How might an ISP be used for EDI?
Internet email can be configured for a dedicated connection with
real-time transfers, or a store and forward method (like traditional
VANs), or a combination of the two, e.g. where a direct delivery to a
trading partners system is used when a link is operational, and a
store and forward from an ISP is used as a backup.
A large organization can connect their network to the Internet at an
internet exchange point, however, most use a commercial ISP, either a
major backbone provider, or local resellers of service off one or
more backbones. The ISP provides technical assistance and access to
local telecommunications links.
5.4. Doesn't EDI presume the services of companies called
Value Added Networks (VANs)?
EDI only specifies a format for business information; the
transmission of the information is covered under other standards. A
real world analog is sending a business form from one company to
another. The "form" could be sent via US mail, US Registered mail,
via private carrier (UPS/FEDEX) or simply faxed between the
companies. EDI only requires that the trading partners follow the
content standards.
Houser, et al Informational [Page 19]
^L
RFC 1865 EDI Meets the Internet January 1996
5.5. If I can use X12 protocol and my VAN to send transactions,
what is the benefit of using the Internet?
The Internet E-mail standards have hierarchical address spaces that
are defined and updated in what the Internet calls "domain name
servers." Unfortunately, X12 has a flat address space. So, when you
send an interchange (not via the Internet) to a partner who is on a
different VAN, your VAN must do a table look up to figure out what
VAN the receiving party is on. If you use only X12 without the
Internet, before you can send a message to this partner, you must
first contact the recipient's VAN and have them add you as an entry
to his VAN's table. If the ISA contained the VAN ID of the
recipient, then you could (in theory) send interchanges to partners
via the VAN interconnects without having to notify the recipient's
VAN first. However, this theory needs to be worked out in practice.
In contrast, thanks to the domain name service, Internet e-mail users
(and Postal users) don't have to call up their service provider
before sending a message across an "interconnect" to another service
provider.
5.6. Can we expect VANs to offer connections to other VANs via the
Internet?
All VANs connected to the Internet are connected to one another, thus
avoiding most of the problems of interconnecting proprietary
networks. VANs can then focus on services to their customers such as
automatic bid submission, market and business opportunity analysis,
and translation software.
5.7. How can I use the Internet directly for exchanging EDI messages
without going through a VAN?
You and your trading partner must agree on one of the Internet
protocols for exchanging messages and then agree upon some details
with the exchange.
a) Email based messaging
The simplest and most widely supported means of exchanging
messages is via internet email. Typically, the IETF-MIME
encapsulation specification would be used to enclose the EDI
data within the email message, and the trading partners would
need to agree upon an encryption method for secure email,
typically PEM or PGP (see question 8.4).
The trading partners would then exchange:
1. The internet email address for EDI messages
2. An internet email address for personal communications
Houser, et al Informational [Page 20]
^L
RFC 1865 EDI Meets the Internet January 1996
related to EDI
3. Agreement on the encryption and digital signature
protocols, including email acknowledgment, e.g.
support for the "Return-Receipt-To:" email header,
or X.400 extended email header fields.
4. Public Keys for PEM or PGP encryption and digital
signatures. (or private keys for DES encryption)
5. Agreement on the format of the message, e.g. IETF MIME/EDI.
A convention for naming email addresses might be
established, e.g. edi@edi.xyzcorp.com for messages,
ediinfo@xyzcorp.com for an automated response for human readable
information on establishing internet EDI, and
edisupport@xyzcorp.com for a personal contact.
b) FTP based messaging
To exchange EDI messages via FTP, some setup information must be
included in the trading partner agreement. Typically, an account
would be created for each trading partner for a FTP login,
including a password. Typically, each X12 or EDIFACT message
would be stored in a file, and the trading partner agreement would
define the conventions for naming files and directories for
the messages.
The trading partner agreement would include:
1. FTP login name and password
2. Machine(s) from which the login will be accepted
3. Additional security protocols, e.g. Kerberos[?]
4. Directory and file naming conventions
5. File encryption protocols and keys
6. Wrappers around EDI data, e.g. MIME/EDI headers,
PEM/PGP wrappers, etc.
There are several compression routines and utilities available for
virtually any computer system that uses the Internet. Many of these
utilities will convert across platforms (say UNIX to Mac, UNIX to PC,
and vise versa) and are available for free from one of several ftp
archive servers. Use of these compression routines should be used
with care when one is employing an encryption technique such as PEM
or PGP.
5.8. Can the ISA 06 or 08 identify any entity other than the
'end' Trading Partners (i.e. a routing entity) ?
Yes, although the ISA06 and ISA08 elements are supposed to be used to
identify the sender and receiver of the interchange, the receiver of
the interchange could be a clearinghouse (as well as a VAN) that
Houser, et al Informational [Page 21]
^L
RFC 1865 EDI Meets the Internet January 1996
processes the interchange and then forwards the data to the ultimate
recipient. In this case, you could put the receiver ID of the
clearinghouse into the ISA08. The clearinghouse would probably have
to determine the ultimate recipient of the message by looking inside
the transaction set (or perhaps by using the GS03). Alternatively,
you could put the receiver ID of the ultimate recipient into the
ISA08 and the clearinghouse would route the interchange based on the
ISA08 value (just as a VAN does).
5.9. Can we specify both the recipient's address and their VAN
address in the ISA ?
There was an X12 DM (data maintenance) request proposed to the X12
standards committee for a change to the ISA segment (X12 header
information) that would allow users to specify the recipient's VAN,
in addition to the recipient's ID. The intent was to provide a
hierarchical address in the ISA. The top level would be the VAN ID,
and the next level would be the recipient ID. To date, this DM has
not been approved.
5.10. Are there other options for routing EDI X12 messages ?
Yes, the GS02 and GS03 data elements can be used for a second level
of routing. The GS03 is the application receiver's code. Some EDI
users use the GS03 for routing a functional group to a particular
department or application within the receiver's corporation. For
example, you could use the ISA08 to identify the receiver as "Acme
Corporation" and use the GS03 to identify the receiving application
as the "Purchasing department (within Acme Corporation)". Many EDI
users simply put the same value in the ISA06 and the GS02, and put
the same value in the ISA08 and the GS03. Interestingly, there are
VANs that will broadcast a message. Other VANs will map the value of
the ISA08 into a distribution list VAN mailbox ids maintained by the
VAN. Thus, each recipient receives the exact same copy of the
interchange and the value of the ISA08 is not changed by the VAN.
6. US Federal Involvement
6.1. What is the commitment of the US Federal Government to EDI ?
In the Federal Information Processing Standard (FIPS) 161-1 for
Electronic Data Interchange[2], the US Government committed to using
EDI X12 and EDIFACT standards in the exchange of business information
with trading partners already using EDI. On October 26, 1993,
President Clinton signed an Executive memorandum requiring Federal
agencies to implement the use of electronic commerce in Federal
purchases as quickly as possible. As the initial step the
President's Management Council (PMC) Electronic Commerce Task Force
Houser, et al Informational [Page 22]
^L
RFC 1865 EDI Meets the Internet January 1996
(ECTF), chaired by the Administrator, Office of Federal Procurement
Policy (OFPP), chartered the Federal Electronic Commerce Acquisition
Team (ECAT) memorandum. The PMC gave ECAT the task of defining the
architecture for the government-wide electronic commerce acquisition
system and identifying the executive departments or agencies
responsible for developing, implementing, operating, and maintaining
the Federal electronic system.
ECAT has become the Federal Electronic Commerce Program Management
Office (ECA-PMO). The National Institute or Science and Technology
(NIST) maintains an HTML home page for the ECA-PMO:
http://snad.ncsl.nist.gov/dartg/edi/fededi.html
6.2. What is the timetable for the Federal effort ?
To implement EC and to achieve his objectives for EC, the President
set forth the following four milestones:
1) By March 1994, define the architecture for the
government-wide EC acquisition system and identify
executive departments or agencies responsible for
developing, implementing, operating, and maintaining
the Federal electronic system. The ECAT identified
the architecture and recommend actions that each agency
should take. These documents are available via ftp at
ds.internic.net in the directory /pub/ecat.library.
ftp://ds.internic.net/pub/ecat.library/
2) By September 1994, establish an initial EC capability
to enable the Federal government and private suppliers
to exchange standardized requests for quotations (RFQs),
quotes, purchase orders, and notice of awards and begin
government-wide implementation.
3) By July 1995, implement a full-scale Federal EC system
that expands initial capabilities to include electronic
payments, document interchange, and supporting data bases.
4) By January 1997, complete government-wide implementation
of EC for appropriate Federal purchases, to the maximum
extent possible.
6.3. Will the US Government use the Internet to send EDI transactions ?
According to the ECAT, achieving the following objectives are
essential for a successful ubiquitous government EDI capability:
Houser, et al Informational [Page 23]
^L
RFC 1865 EDI Meets the Internet January 1996
1) E-mail systems may be used as the transport medium for EDI
transactions.
2) FTP, FTAM, SMTP, X.400, or X.400 compatible substitutes
are the preferable transport methods for EDI.
3) EDI functionality must be supported such that the user can
choose between the Internet Protocol Suite (IPS) and Open
Systems Interconnection (OSI) protocol support.
4) Directory services will be provided through the X.500 model
as services become available.
5) Initial implementation of X.400 shall support the user agent
services defined in P2 and P22 protocols.
6) By 1996, the X.400 implementations shall contain the
services defined in the X.435 specification.
7) The Internet network may be used for EDI transactions when
it is capable of providing the essential reliability,
security, and privacy needed for business transactions.
6.4. I heard the US Government prohibited commercial use of the
Internet?
The Internet contains many Internet Service Providers (ISPs), each
with its own internal policies governing the conduct of its
customers. One of the largest ISPs is the National Science
Foundation. At one time, NSF adopted what is called the Acceptable
Use Policy of the National Science Foundation (NSF) was intended to
prevent commercial uses of the original NSF-sponsored Internet
telecommunications backbone. However, the growing number of
commercial providers and backbones now part of the Internet have made
this policy obsolescent. NSF is currently reducing its direct
support in favor of subsidies to universities and other NSF sponsored
organizations. Today the US Government is actively encouraging
commercial uses of the Internet.
6.5. The US Government is using both Internet and OSI E-mail
protocols. What should one consider when choosing which to use ?
For more than a decade, Federal policy has been to promote the Open
Systems Interconnection (OSI) telecommunications protocols developed
by international standards bodies. Despite this policy, Government
agencies, like the private sector, have invested far more in Internet
than OSI compliant products. Marshall T. Rose's "The Internet
Message"[3] compares the two alternative protocol suites and finds
Houser, et al Informational [Page 24]
^L
RFC 1865 EDI Meets the Internet January 1996
clearly in favor of the IPS for messaging in general. For EDI
specifically, the advantages of the IPS are its simplicity, wide
availability, and security provided by Privacy Enhanced Mail (PEM,
see below). IPS lacks a number of desirable features and incurs
something of an efficiency penalty for binary transfers. On the
other hand, the OSI standard for messaging handling service (X.400)
promises a complete solution for EDI; the X.435 protocol includes
responsibility notifications, X.500 directory support, EDI-specific
addressing, message store support, message security, and other EDI-
specific services. Unfortunately, only a handful of X.435 products
have actually reached the market, their interoperability is not
assured, and their prices are substantially greater than for their
IPS counterparts. X.400 addressing tends to lock the customer into
the domain of the service provider, whereas SMTP/MIME addresses are
independent of the provider, permitting the customer to take his/her
business elsewhere relatively easily. The bottom line is that a lot
more organizations do EDI via the Internet than via OSI.
6.6. How is the US Government using VANs to distribute business
opportunities?
Presently, VANs make EDI request for quotation (RFQ) transactions
available to their subscribers (along with other services). For
example, a VAN client may ask that all RFQs for chairs be forwarded
immediately to them but the client is not interested in being
notified about RFQs for paper products. When a VAN sends an RFQ to a
specific client mailbox, the VAN modifies the "to address" to that of
the client. In this way, a vendor need only subscribe to a VAN that
is certified to receive and post the RFQs. The vendor then sees a
single source for all RFQs of interest, regardless of which buying
organization originated them. The screening and filtering process
performed by the VANs prevents the spread of electronic "junk" mail.
However, a trading partner could use an email filtering program to
filter and sort email, saving on VAN charges.
6.7. How would use of the Internet for Federal procurement change
this RFQ process?
Initially, very few changes may be apparent. New and existing VANs
will use the Internet to collect and disseminate EDI transactions;
trading partners may be totally unaware of the change in technology.
Prices may fall as VANs share telecommunications resources through
Internet Protocols rather than maintain their own costly proprietary
telecommunications services. Instead of competing with VANs, the
ubiquitous connectivity of the Internet offers VANs even greater
business opportunities. General purpose Internet Service Providers
(ISPs) do not typically offer EDI specific services, but they can
provide an alternative means to transfer EDI messages at a small
Houser, et al Informational [Page 25]
^L
RFC 1865 EDI Meets the Internet January 1996
fraction of the cost of typical EDI VANs.
The impact of an organization's moving EDI onto the Internet,
independent of a VAN, is more difficult to assess. In the view of
some, the introduction of the Internet in the near term (1-5 years)
adds additional interfaces and complexity to the organization's
existing EDI environment. This may in the short term increase costs
and raise new costs. But a corporate commitment to an open systems
environment through the use of Internet Protocols offers the
potential for a greater interoperability, integration of application
systems, and therefore the promise of higher performance and lower
costs. Some organizations will be able to get to these benefits
others will pay for a set of largely incompatible services. The
return on investment largely depends on one's ability to consider EDI
on the Internet as a part of the organization's overall information
systems strategy and the organization's plans for a presence on the
Internet.
7. EDI Resources On The Internet
7.1. Are EDI Standards available on the Internet ?
The Data Interchange Standards Association (DISA) has a World Wide
Web server at "http://www.disa.org/" This Web server has
considerable information, including a list of new standards, a list
of all the X12 transaction sets, meeting minutes, calendar of events,
and lists of courses. Unfortunately, as of this date, the X12
standards are not available electronically. [soap ...] Hopefully
that will be added soon. [...soap]. DISA has also set up a gopher
server (gopher.disa.org) and an FTP server (ftp.disa.org).
The principle documents regarding ANSI ASC X12's planned alignment
with EDIFACT are available on the World Wide Web. The alignment plan
adopted by a mail ballot of X12 in December 1994/January 1995 is at
http:/www.disa.org/info/alinplan.html
The "floor motion" adopted at the X12 meeting in February 1995 is at:
http:/www.disa.org/meetings/alinmotn.html
The following mail lists and exploders support X12 and EDIFACT
standards development work.
Houser, et al Informational [Page 26]
^L
RFC 1865 EDI Meets the Internet January 1996
------------------
X12G Mailing list:
------------------
This is a fully open exploder set up to support X12G.
To subscribe send an e-mail message to:
x12g-request@snad.ncsl.nist.gov
The text of the message should only contain the following:
subscribe x12g
After you subscribe, you can broadcast your messages to the
participants (who have subscribed) via the address
x12g@snad.ncsl.nist.gov.
---------------------
FED-REG Mailing list:
---------------------
This new exploder is concerned with the federal EDI Registry and
the implementation of IMPDEF within the registry, the EDI Viewers
and Editors, and the use of IMPDEF to upgrade EDI products. The
nature of this mailist calls for informal discussion focusing on
pragmatic issues.
To subscribe send an e-mail message to:
fed-reg-request@snad.ncsl.nist.gov
The text of the message should only contain the following:
subscribe fed-reg
Messages intended for the fed-reg list should be sent to:
fed-reg@snad.ncsl.nist.gov
-------------------------
X12C-IMPDEF Mailing list:
-------------------------
This exploder deals with formal discussion in the context of X12
regarding the evolution of IMPDEF. If would expect that
discussions in the context of the "fed-reg" exploder result in
Houser, et al Informational [Page 27]
^L
RFC 1865 EDI Meets the Internet January 1996
formal DMRs submitted to "x12c-impdef" and X12C. Anyway, the
process will be defined and controlled by the appropriate X12C
authority.
To subscribe send an e-mail message to:
x12c-impdef-request@snad.ncsl.nist.gov
The text of the message should only contain the following:
subscribe x12c-impdef
Messages intended for the fed-reg list should be sent to:
x12c-impdef@snad.ncsl.nist.gov
See section 7.7 for additional EDI related mailing lists.
7.2. Are EDIFACT Standards available on the Internet ?
You can access the EDIFACT standards via GOPHER from the
International Telecommunications Union (gopher://info.itu.ch). Here
are the general directions in getting to the standards.
1. Launch the gopher client as gopher info.itu.ch
2. Select entry 11 (UN and international organizations)
3. Select entry 1 (UN EDITRANS, UN/EDIFACT (EDICORE))
4. Select entry 3 (UN-EDIFACT Standards Database (EDICORE))
5. Select entry 1, Publications.
If you want the actual standards, select 1, Drafts. You will get
D93A (which becomes the standard S94a)
D94A (which will be next year's standard).
If you want the UNTDED, select 2. If you want the UNTDID, select 3.
When you get to the lowest level directory in which ever path you
choose, press D (i.e. upper case D) to download. Choose the protocol
that suits and you are the proud owner of an EDIFACT Standards
Directory.
For electronic mail retrieval, send your message to itudoc@itu.ch
with no subject and the following message body:
START
GET ITU-1900
END
Houser, et al Informational [Page 28]
^L
RFC 1865 EDI Meets the Internet January 1996
7.3. The EDI X12 standards are quite complex. How do we decide what
X12 transactions to implement and how ?
There are a number of generic implementation conventions (ICs) or
guidelines; most ICs are prepared on an industry-by-industry basis.
Be sure that both you and your current trading partners are working
from the same set. The Federal Electronic Commerce for Acquisition
Program Management Office has been promoting the 3040 version
throughout the government and the private sector. Older versions may
be used in accordance with the ASC X12 rules. Certain ICs are
published by the Data Interchange Standards Association (DISA);
contact DISA at the address above for information about ICs for your
applications. Certain ICs as well as the X12 standards may be
obtained through:
Washington Publishing Company
c/o EDI Support Services
P.O. Box 203
Chardon, OH 44024-0203
US Phone (800) 334-4912
Non-US Phone (216) 974-7650
Fax (216) 974-7655
7.4. What Implementation Conventions (ICs) are available over the
Internet ?
The US. Federal Implementation Guidelines for Electronic Commerce for
Acquisition are available for free via FTP at ds.internic.net. These
cover X12 transaction sets 810, 820, 824, 836, 838, 840, 843, 850,
855, 864, and 997. The path is pub/ecat.library/fed.ic/xxx where xxx
can be acrobat.pdf, postscript or ascii file formats.
ftp://ds.internic.net/pub/ecat.library/fed.ic/
The SPEEDE/ExPRESS Project, funded by the National Center for
Education Statistics of the U.S. Dept. of Ed., publishes an
Implementation Guide for X12 transaction sets 130, 131, 146, 147, and
997. The July 1994 versions (each in WordPerfect and in Postscript)
may be retrieved by anonymous FTP at admissions.carleton.ca. The
WordPerfect 5.1 files are found in /pub/wp_speede_2 while the
Postscript files are found in /pub/ps_guide_2.
ftp://admissions.carleton.ca/pub/wp_speede_2/
ftp://admissions.carleton.ca/pub/psguide_2/
Complete directions for retrieving these files can be found in the
AACRAO gopher at AACRAO-DEC.NCHE.EDU. Choose the SPEEDE/ ExPRESS
Houser, et al Informational [Page 29]
^L
RFC 1865 EDI Meets the Internet January 1996
menu item, then Publications, and then select a version of the
Implementation Guide. Note that guidelines are sometimes referred to
by the release/version designation (currently 3040).
The Defense Information Systems Agency (DISA) Center for Standards is
the designated configuration manager for DoD Electronic
Commerce/Electronic Data Interchange (EC/EDI) standards. The DoD
EC/EDI Standards repository system, available via anonymous FTP from
ftp.sterling.com in the /edi/DoD-edi/ directory, contains DoD EDI ICs
separated into two categories, User and Test.
ftp://ftp.sterling.com/edi/DoD-edi/
Test conventions are identical to User, except that the condition
designator for all applicable transaction sets, data segments and
data elements used by that convention are designated as Mandatory for
test purposes. Implementation convention files, both user and test
versions, can be downloaded either individually or all together in
compressed self-extracting files. All the implementation files are
available, when decompressed, in both WordPerfect 5.1/5.2 (.WP) file
format and Standard Exchange Format (SEF) test files which are for
use with EDISIM software or any other EDI software that conforms with
the EDISIM .SEF file format.
The /DoD-edi/2003_User & _Test directories contain draft DoD
Implementation Conventions based on ANSI X12 Version 2 Release 3
(2003):
840 Request for Quotation
843 Response to Request for Quotation
850 Purchase Order
997 Functional Acknowledgement
The /DoD-edi/3010_User & _Test directories contain draft DoD
Implementation Conventions based on ANSI X12 Version 3 Release 1
(3010):
810 Invoice:
810 Commercial
810 Progress Payment
810 Public Voucher
840 Request for Quotation
843 Response to Request for Quotation
850 Purchase Order
997 Functional Acknowledgement
Additional 2003 and 3010 based conventions may be added in the near
future. 3010 based conventions will never progress to approved
Houser, et al Informational [Page 30]
^L
RFC 1865 EDI Meets the Internet January 1996
status but will be used temporarily by various DoD agencies to
implement phase I of the DoD Electronic Commerce (EC)/Electronic Data
Interchange (EDI) in Contracting Report.
The /DoD-edi/3050_User directory contains draft DoD Implementation
Conventions based on ANSI X12 Version 3 Release 5 (3050):
840 Request for Quotation
843 Response to Request for Quotation
850 Purchase Order
855 Purchase Order Acknowledgement
860 Purchase Order Change Request - Buyer Initiated
865 Purchase Order Change Acknowledgement/Request - Seller
Initiated
Note that the ICs in the /DoD-edi/3050_USER directory were developed
as a means to express DOD requirements for an ANSI X12 3050 based
transaction set. They are not approved for implementation. They
have been submitted to the Federal IC configuration management
process for adoption throughout the federal government. Since they
are subject to Federal review and are based upon a standard not yet
released, changes can be anticipated. (See ECA PMO above)
7.5 How can a trading partner keep up with all these implementation
conventions (ICs) and revisions in X12 and EDIFACT?
The US government is trying to standardize electronic communications
internally and with it's 300,000 plus suppliers. This requires
standardization of the standards process and cross communication
between programs. The IMPDEF message and the NIST Federal IC
Registry will place electronic versions of all its ICs on the
Registry - both full federal ICs and individual agency ICs - so that
any trading partner can download and use them. In combination with
message data compliance checking as well, smaller firms should be
able to get into EDI and start benefitting both themselves and the
government.
7.6. Where can I get information on EDI translation software ?
Several commercial trade magazines publish periodic guides to EDI
translation software. Under commission by the US Government, the
Logistics Management Institute (LMI) of McLean, Va. published "A
Guide to EDI Translation Software, 1994 Edition." The guide
describes the features and characteristics of EDI software offered by
more than 60 vendors. Commercial organizations can get copies for
$20 each by sending a check made out to the Logistics Management
nstitute. Federal agencies may have up to five free copies by
sending requests to
Houser, et al Informational [Page 31]
^L
RFC 1865 EDI Meets the Internet January 1996
Logistics Management Institute
Attn. Library
2000 Corporate Ridge
McLean, Virginia, 22102-7805
You can fax a typed request to the LMI library at (703) 917-7597 or
send a request to library@lmi.org. Requests for hard copies of the
Guide must include the requester's name, organization, address,
telephone number, and number of copies desired. All requests should
cite Report IR421RD1. If you have questions about the Guide, you can
contact the author, Harold Frohman, at (703) 917-7286 or send him an
Internet message at hfrohman@lmi.org. A somewhat older LMI report
(1992), but still quite relevant, is EDI Planning and Implementation
Guide (DL204RD1, August 1992).
7.7. How do I keep in touch with others pursuing EDI and Electronic
Commerce on the Internet ?
There are several EDI related mailing lists on (and off) the
Internet. Information on subscription follows below.
----------------------
IETF-EDI Mailing list:
----------------------
The IETF-EDI list has been established as a forum for discussing
methods of operating EDI transactions over the Internet, and for
discussing specifications which permit such operation. This list
is therefore focused on the technology of Internet usage of EDI,
rather than on more general aspects of EDI technology or use.
To subscribe, send an e-mail message to:
LISTSERV@BYU.EDU.
The text of the message should only contain the following:
sub ietf-edi <your-name>
Messages intended for the ietf-edi list should be sent to:
IETF-EDI@BYU.EDU.
Houser, et al Informational [Page 32]
^L
RFC 1865 EDI Meets the Internet January 1996
-------------------
EDI-L Mailing list:
-------------------
The EDI-L list is target towards more general EDI discussions.
The edi-l mailing list is also gatewayed to the USENET newsgroup
bit.listserv.edi-l.
To subscribe, send an e-mail message to:
listserv@uccvma.ucop.edu
The text of the message should only contain the following:
subscribe edi-l <your-name>
Messages intended for the edi-l list should be sent to:
EDI-l@uccvma.ucop.edu
---------------------
EDI-NEW Mailing list:
---------------------
This list complements ietf-edi in the sense that it promotes
discussion of new approaches to edi and the extension of edi
beyond its traditional domains.
To subscribe, send an e-mail message to:
edi-new-request@tegsun.harvard.edu
The text of the message should only contain the following:
subscribe edi-new <your-name>
Messages intended for the edi-new list should be sent to:
edi-new@tegsun.harvard.edu
Houser, et al Informational [Page 33]
^L
RFC 1865 EDI Meets the Internet January 1996
----------------------
SPEEDE-L Mailing list:
----------------------
The main purpose of this list is for discussions of Educational
EDI Standards.
To subscribe, send an e-mail message to:
listserv@vtvm1.cc.vt.edu
The text of the message should only contain the following:
SUBSCRIBE SPEEDE-L firstname lastname
Messages intended for the speede-l list should be sent to:
speede-l@vtvm1.cc.vt.edu
----------------------
OPEN-EDI Mailing list:
----------------------
The main purpose of this list is for UN/EDIFACT users to review
the work of JTC1/SC30.
To subscribe, send an e-mail message to:
majordomo@utu.premenos.com
The text of the message should only contain the following:
subscribe open-edi
Messages intended for the open-edi list should be sent to:
OPEN-EDI@utu.premenos.com
------------------
ECAT Mailing list:
------------------
The Federal Electronic Commerce for Acquisition Team (ECAT) has
established an open mail list for those interested in ECAT
activities.
Houser, et al Informational [Page 34]
^L
RFC 1865 EDI Meets the Internet January 1996
Information sent to the forum address is automatically distributed
to all forum members. This forum is available 24 hours a day, 7
days a week. Currently, only ASCII text messages up to 250kb are
supported. For best results when sending messages to this forum,
each line should be limited 70 characters followed by a carriage
return. Also, your name and email address should be included in
the body of messages sent.
To subscribe, send an e-mail message to:
listserv@forums.fed.gov
The text of the message should only contain the following:
subscribe ecat firstname lastname
Messages intended for the ECAT list should be sent to:
ECAT@forums.fed.gov.
7.8. Can I get messages that have been previously posted to the EDI
mailing lists ?
Yes. Messages that have appeared on the ecat, edi-l, edi-new, fed-
reg, x12c-impdef and ietf-edi list are available via FTP from
ftp://ftp.sterling.com/edi/lists/
7.9. I have EDI related material I'd like to make available to the
Internet community. How do I do that ?
If you have an existing Internet connected site, you can make the
information available via FTP or WWW. If you do not wish to go to
the effort, send mail to Kent Landfield at
edi-archive@sterling.com
Sterling Software is making the archive publicly available to the
community. Anyone who wants to distribute EDI related documents may
contact Sterling to make your documents publicly available on
ftp.sterling.com. For example, the Department of Veterans Affairs
has posted numerous studies and training materials on EDI which are
available to the public at ftp.sterling.com/edi/va/.
7.10. Where are EDI Archives on the Internet ?
Some have been discussed previously while others have not. Here is a
very incomplete list of sites that archive EDI related material and
Houser, et al Informational [Page 35]
^L
RFC 1865 EDI Meets the Internet January 1996
make that information publicly available.
o ftp://admissions.carleton.ca/pub/
o ftp://ds.internic.net/ietf/edi/
o ftp://ds.internic.net/pub/ecat.library/
o ftp://ftp.sterling.com/edi/
o ftp://ftp.swin.edu.au/pub/edi/
o ftp://prospero.isi.edu/pub/papers/security/
o ftp://turiel.cs.mu.oz.au/pub/edi/
o http://snad.ncsl.nist.gov/dartg/edi/fededi.html
o http://waltz.ncsl.nist.gov/ECIF/ecif.html
o http://www.disa.org/
o http://www.acq.osd.mil/ec/
o http://www.ietf.cnri.reston.va.us/
o http://www.premenos.com/standards/EDIStandards.html
8. Security Considerations
8.1. What security measures are needed to connect to the Internet ?
Internet security measures can be placed in two broad categories:
protecting your system from intruders and protecting the content and
integrity of your messages. With respect to the latter, EC/EDI
transactions of nominal value and sensitivity do not require special
security requirements. However, if the information has any sensitive
aspects, you will need to take measures discussed below. Competitors
might intercept your bids and undercut your proposal. Or they could
monitor your purchases and shipping notices to determine your firm's
production capacity. To ensure confidentiality of the message, your
e-mail system should offer some means of encrypting the message in a
manner only the intended recipient can read. Trading partners are
responsible for satisfying existing rules and regulations relating to
computer security and privacy. For example, bid data received by
government systems is subject to the appropriate controls. Trading
partner financial account data is likewise subject to disclosure
restrictions. To thwart those who might tamper with a message to
divert delivery by changing the "ship-to" address, digital signatures
can attest to the integrity of the message. Digital signatures can
also authenticate messages, preventing pranksters or rivals from
submitting false orders.
8.2. How do we go about protecting our system ?
The weakest link in most systems are people and passwords; your
current practices for managing both will apply to use of the
Internet. Steps you can take include:
Houser, et al Informational [Page 36]
^L
RFC 1865 EDI Meets the Internet January 1996
o Obtain, study, implement, and enforce the NIST FIPS (112) on
passwords. Make the practice of safe computing a condition of
continued employment and let your staff know it.
o Conduct a risk assessment as described in Appendix M of the
Federal Electronic Commerce for Acquisition Team report
Streamlining Procurement Through Electronic Commerce. This
documents is available via ftp at ds.internic.net in the
directory /pub/ecat.library.
o Apply the recommendations from NIST Special Publication 800-9,
Good Security Practices for Electronic Commerce, Including
Electronic Data Interchange as appropriate.
o Establish necessary internal and external "Firewalls." See
John Wack and Lisa Carnahan, "Keeping Your Site Comfortably
Secure: An Introduction to Internet Firewalls," NIST Special
Publication 800-10, undated.
o Review RFC 1281[4] Guidelines for the Secure Operation of
the Internet and RFC 1244 Holbrook and Reynolds "Site Security
Handbook"
o Review Cheswick and Bellovin's "Firewalls and Internet
Security - Repelling the Wily Hacker," Addison-Wesley [5]
o Consider implementing active countermeasures in your firewalls.
See "There Be Dragons" by S. Bellovin, Proceedings of the Third
Usenix UNIX Security Symposium, September 1992[6]. You can
contact Bellovin at smb@ulysses.att.com.
8.3. Is there good publicly available software I can use?
These are several free, publicly available, security tools one can
obtain via ftp from one of many good archives. If your company uses
UNIX systems to connect to the Internet or has UNIX systems connected
to the Internet get and use the following tools:
1. The Purdue University COAST - Security Archive (Computer
Operations, Audit, and Security Tools, run by Gene Spafford)
is located at coast.cs.purdue.edu and mirrored in a few places,
including ftp.sterling.com.
2. COPS available from ftp.cert.org in /pub/tools
3. TIGER available from net.tamu.edu in pub/
These tools are a series of scripts and programs that will alert you
to many well-know problems and holes in UNIX systems and how to fix
them.
Houser, et al Informational [Page 37]
^L
RFC 1865 EDI Meets the Internet January 1996
The Computer Emergency Response Team (CERT) at Carnegie Mellon
University can assist with computer break-ins as well as provide
notices of security activity on the Internet. The US Department of
Energy's Computer Incident Advisory Capability (CIAC), located at
Lawrence Livermore National Laboratory, can provide assistance at
ciac@llnl.gov or at 510-422-8193. CIAC offers software and documents
on their anonymous ftp server at ciac.llnl.gov. Both CERT and CIAC
are members of the Forum of Incident Response and Security Teams
(FIRST), a global organization to foster cooperation and coordination
among computer security teams worldwide.
8.4. How good are electronic or digital signatures ? Can they be used
in court ?
Properly used, these signature systems are better than existing paper
based authentication and forgery detection technology. You will find
a clear and concise description of how these signatures work in Gary
Ratterree's RIPEM Beginner's Guide; contact Ratterree at
grayr@cs.tamu.edu. Other references include:
ftp://ftp.tis.com/pub/PEM/ for Privacy Enhanced Mail
ftp://ftp.rsa.com/ for PEM
ftp net-dist.mit.edu:/pub/PGP for Pretty Good Privacy
(PGP)
An "infrastructure" for public keys is not required to use public key
encryption or digital signatures. In the absence of such an
infrastructure, the encryption protocol and the public keys would
need to be exchanged bilaterally, such as part of the trading partner
agreement. A public key infrastructure would provide a secure means
to obtain a public key without a need for a manual key exchange.
But digital techniques will become more convenient with the arrival
of additional infrastructure and support systems. The US government
is taking steps to ensure the admissibility in court of such systems.
We anticipate that the necessary regulatory and legal infrastructure
will be in place about the same time as the necessary directory and
certificate services and other supporting systems come on-line. We
expect to see expansion of several government pilot programs in the
later half of 1994. NIST recently published a report on the Public
Key Infrastructure (PKI) and related policy issues; for information
contact the NIST Computer Security Division at 301-975-2934.
8.5. Are there other US government standards publications I should
be aware of?
Yes. Here is a sample of those you will often hear mentioned.
Houser, et al Informational [Page 38]
^L
RFC 1865 EDI Meets the Internet January 1996
1. Federal Information Processing Standard (FIPS) Publication
46-1, Data Encryption Standard, January 1988.
2. FIPS Publication 65, Guideline for Automated Data Processing
Risk Analysis, August 1979.
3. FIPS Publication 113, Computer Data Authentication, May 1985.
4. FIPS Publication 180, Secure Hash Standard - (SHS), May 1993.
5. FIPS Publication 186, Digital Signature Standard - (DSS),
May 1994.
6. NIST Special Publication 800-9, Good Security Practices for
Electronic Commerce Including Electronic Data Interchange,
December 1993.
The FIPS standards may be ordered from the
U.S. Department of Commerce
National Technical Information Service
Springfield, VA 22161.
9. References
[1] UN/EDIFACT (Electronic Data Interchange for Administration,
Commerce and Transport) Syntax Rules (ISO 9735), March 1993,
United Nations Economic Commission for Europe (UN/ECE), Working
Party for the Facilitation of International Trade Procedures
(WP.4)
[2] FIPS Publication 161-1, Electronic Data Interchange (EDI),
National Institute of Standards and Technology, April 1993.
[3] The Internet Message: Closing the book with electronic mail,
Marshal T. Rose., Prentice Hall, Englewood Cliffs, New Jersey,
1993.
[4] Pethia, R., Crocker, S., and B. Fraser, "Guidelines for the
Secure Operation of the Internet", RFC 1281, Software
Engineering Institute, Trusted Information Systems, Inc.,
Software Engineering Institute, November 1991
[5] Firewalls and Internet Security - Repelling the Wily Hacker,
by Cheswick and Bellovin, Addison-Wesley, 1994,
ISBN 0-201-63357-4
Houser, et al Informational [Page 39]
^L
RFC 1865 EDI Meets the Internet January 1996
[6] There Be Dragons, S. Bellovin, Proceedings of the Third
Usenix UNIX Security Symposium, Baltimore, Maryland, September
1992. USENIX Association, ISBN 1-880446-46-4
10. Credits
James A.(Artch) Griffin <artch@AGRIFFIN.CPCUG.ORG> is credited with
co-authorship as he prepared the ECAT FAQ which I used (or perhaps
abused) as the base document. Artch was judicious and patient as he
watched his original text being rewritten over and over.
Carl Hage contributed detailed explanations and clarifications of the
various Internet protocols and services and how EDI can employ them.
I would like to thank the following people for their comments and
specific contributions: Kent Landfield, Mike Bauer, Kit Lueder, Eric
Christ, Betsy Bainbridge, Bob Lyons, Kirby Spencer, Sally Hambridge,
Ed Levinson, Warren Smith, Steve Bass, Jerry Johnson, Randy
VandenBrink, John Pillay, Jim W.C. Smith, Mark Charles, Jean-
Philippe Favreau. I apologize if I omitted any one of the many folks
who responded to my many calls for comments.
I greatly appreciate Kent Landfield for his editorial assistance
during final preparation of this document. Sterling Software
graciously hosted the work in progress for ftp access and review,
saving many bits of Internet SMTP traffic.
Finally, I am grateful for the patient cooperation of the IETF
Working Group and the participants of the IETF-EDI and EDI-L lists.
It's a nice cyberplace to work!
WRH, Washington, DC.
Houser, et al Informational [Page 40]
^L
RFC 1865 EDI Meets the Internet January 1996
11. Authors' Addresses
Walter Houser
Department of Veterans Affairs
810 Vermont Avenue
Washington DC, 20240
Phone: 202-786-9572
EMail: houser.walt@forum.va.gov
houser@cpcug.org
http://www.va.gov/
James A. (Artch) Griffin
President, Athena Associates
18924 High Point Drive
Gaithersburg, Maryland 20879
Phone: 301-972-2502
EMail: agriffin@cpcug.org
Carl Hage
C. Hage Associates
1180 Reed Ave #51
Sunnyvale, CA 94086
EMail: carl@chage.com
http://www.chage.com/chage/
Houser, et al Informational [Page 41]
^L
|