Introduction to B2B

1 1
General Information

Scope
- The scope of the training will provide
• Basic understanding on B2B (Business to Business), EDI (Electronic Data
Interchange) and GIS EAI tool.
•  Understanding of the capabilities and development knowledge in GIS.
 
Training Prerequisites
- Knowledge of EAI.
Notes
- Please refer to the notes attached to the slides for detailed explanation and
for Navigations

© 2010, Infosys Technologies Ltd          Confidential

2 2
Course Objectives
• At the end of this course, you would be in a position
– To demonstrate consulting capabilities in B2B, EDI & GIS integration
stack.

© 2010, Infosys Technologies Ltd          Confidential

3 3
Course Agenda
• Unit I - B2B Overview
• Unit II – EDI Overview
• Unit III – GIS Overview
• Unit IV – GIS Hands-on

© 2010, Infosys Technologies Ltd          Confidential

4 4
Unit I – B2B Overview

5 5
Unit Objectives
• At the end of this unit, you would be able
– To showcase basic understanding on B2B

© 2010, Infosys Technologies Ltd          Confidential

6 6
Course Overview
 What is B2B?
 B2B Drivers & Constraints
 B2B Architectural Principles
 Current State and Future State
 B2B Standards
 B2B Communication with partners
 B2B Internal Integration
 Reconciliation
 B2B Security
 B2B Integration as Managed Service

7 7
WHAT IS B2B ?
The term "Business-to-Business" is used to describe the exchange of information between
organisations. B2B were adopted to treat the external partners as special information
exchange points for which specialized B2B services are designed to manage the partner
integration at event level and not at business process level.

However many enterprises are working on to come up with a more advance supply chain
structure that will enable enterprises to focus on their core business and to leverage the
best opportunities available anywhere in the globe for their supply chain requirements.

So B2B in today's term is not mere document exchange mechanism but means through
with enterprise leverage business capability of its partners.

8 8
Various Types of B2B
 e-Marketplace
e-Marketplace is the platform through which the buyers find suppliers and vis-à-vis.
 Information exchange
In this form of B2B the information is exchanged between businesses. News feeds,
stocks etc are the types of information is exchanged in this form of B2B
 Partner collaboration in supply-chain
In this form of B2B enterprise and it's partners participate in business transaction.
OEM (Original equipment Manufacturer) typically collaborate with partners through
this type of B2B. this has two form
 Partner collaboration in a business process management
In this type of B2B, enterprise leverage partner business capability in it's business
process management. In this form of B2B, various business processes across
partners collaborates and forms a virtual business process.

9 9
B2B Service Delivery

Fig. [1]*

Irrespective of the B2B types, when an enterprise decides to collaborate with the partners,
it should consider various dimensions of B2B, such as enterprise capability for B2B,
partner capability, legal requirements etc.

10 10
B2B Integration as Managed Service
To improve the total cost of ownership, B2B organizations are looking for managed
service option for B2B. Benefits of managed service option are -
 Administrative savings, such as:
• Lower transaction costs
• Fewer data errors
• Fewer invoice discrepancies
 Improvements in key performance metrics, such as:
• Reduced out of stocks at customer/retail location
• Increase in perfect order percentage
• Reduced inventory holding costs/lower safety stock requirements
• Faster order to cash cycle time
• Increased customer satisfaction
 

11 11
 Drivers
Increasing concern over untapped potential of B2B investments

Maturity of web systems: reliability, security

Globally distributed business schema

Commoditization of the required basic computing infrastructure

Maturity of enabling technologies

Heterogeneous mix of partner sizes and maturity levels

The key benefits of B2B as managed services are

On-Demand B2B Integration enabling shared services model for integration solutions

Rapid On-Boarding of Trading Partners

Reduced costs of integration on the trading partner side makes integration a better value proposition for smaller
partners.

Amortizing of costs for integrating multiple trading eco-systems through shared service models

Sizeable reduction of lifetime monitoring and exception management costs through centralized remote
monitoring capabilities

12 12
B2B Gateway
B2B Gateway is the platform that enables enterprise systems to integrate with partner
systems.
The difference between B2B and B2B gateway is that B2B is the integration between
businesses and has business focus. On the other hand B2B gateway is a technical
platform that enables B2B integration.
B2B Gateway typically has the following key features
1. Support for payload standards - B2B gateway has the support for various
payload standards like ebXML, Rosettanet, HL7, EDIFACT, SOAP etc.
2. Support for Communication Protocols - B2B Gateway provide supports for
various protocols like HTTP, HTTPS, FTP,SMTP etc.
3. Support for Security - B2B Gateway provides support for security aspects like
authentication, authorization, non repudiation etc.
4. Support for Trading Partner Management - B2B Gateway supports the
maintenance and administration of trading partners.
5. Support for Audit and Reporting - BB Gateway provide supports to the audit
and reporting functionality in order to provide business an insight to the
transactions.

13 13
B2B DRIVERS & CONSTRAINTS
When an enterprise decides its B2B solution, the business drivers, the architecture drivers
and the constraints need to be defined clearly. Without these drivers and the constraints
identified, the B2B initiative in any enterprise will be very difficult.
This section will provide a generic list of business drivers, architecture drivers and the
constraints. Consultants should refer to these drivers and constraints for defining or
validating the drivers and the constraints of an enterprise. Please note that the drivers
and constraints are specific to an enterprise and all these drivers and constraints might
not applicable.

14 14
Business Drivers
Following are the generic business drivers in B2B.

Driver Description

Increased Market To be ahead in the market new products/services need to be launched quickly.
Competition This will achieved by leveraging capability of another business

Enhanced Rapid integration with partners can help deliver innovative products/services
Product/Service faster and cheaper.
Business should provide more efficient lower cost business model and
Lower cost of enterprise processes while increase customer value and experience. Cost will
ownership efficiently managed if business leverage capability of the partners rather than
reinvent the wheel.
To attract and retain customers, seamless and enhanced customer experience
Improved Customer must be provided regardless of who is providing components of the service
Experience along the value chain. This requires end-to-end visibility of provisioning, service
availability and information between partners
Compliance to
Business need to comply with the regulatory authority's requirement. For
Regulatory
example operation separation enforced by EU for Telecom operator.
Requirement
During Merger or acquisitions business process from both businesses needs to
Merger &
collaborate to provide a uniform business process. Both the business should
Acquisition
consider as partner initially and create a plan for business process change.

15 15
Architecture Drivers
Following are the generic architecture drivers in B2B.

Driver Description
Single platform for B2B is a enterprise wide strategic platform through which business will
multiple partner integrate with other businesses. The single platform will provide benefit like
integration reusability, ease in operation etc.

Separate enterprise B2B will provide the separation of concerns of intra organisation interactions
from its partner vs those between organisations.
B2B platform for the enterprise will provide reusability in various level such
as - Partner integration through reusable interface, partner on boarding
Reuse at all levels
process, testing approach, Architecture strategy, release planning, operation,
audit reporting etc.

B2B Gateway a B2B gateway approach will enable the enterprise to leverage the maturity
Approach provided by various B2B gateway products.

16 16
Constraints
Following are the generic architecture constraints in B2B.
Constraint
B2B strategy alignment with
enterprise architecture
strategy
Partner's alignment with
enterprise's B2B strategy
Technology choice for B2B
Gateway
Description
architecture must include B2B as the strategic component in its
building block once an enterprise decides B2B as the mode of
operation.
Sometimes partners are not aligned with the enterprise B2B strategy
such as use of standards, business process alignment, testing process
etc.
B2B Gateway product selection need to be made based on the B2B
architecture requirement. This is very important for the success of B2B
implementation.
17 17
B2B Architectural Principles
Name Business Encapsulation

Business should not be exposed to detailed inner workings of other business. B2B must
Statement
encapsulate the inner details and expose only relevant data to partners.

Exposing or accessing the inner details of a business will complex the business operation.
Rational
Legal requirement might also restrict providing internal data to business.

Internal processes line exceptions have to be filtered in B2B layer before communicating with
partners. At the same time enterprise should not access any exception internal to the partner
Implication
B2B layer should encapsulate internal data model to the partners.
must have the visibility to the relevant business processes of partner.

Name Standard Based

Use standards for protocols such as schema, transport, document standard.
Use standards for platforms such as web service.
Statement
Each partner must agree on handshake processes such as two-way commit, etc.
Exception should be authorized for any usage of non standards.

Rational To increase interoperability and the rapid integration. Partners must use standards.

To operate as partner, every business must adhere to the standard agreed.

Implication For the best result the provider of a service should define the standard of interface and the
consumer should use the standard.

18 18
B2B Architectural principles [contd…]
Name Layered, loosely Coupled, Document Based and Reusable

Divided the architecture into manageable layers

Statement Each Architecture layer should be decoupled through interfaces or services.
Standard document should be used for partner integration.
B2B Architecture should be at least divided into private processes and public processes
in order to shield external parties from changes to enterprise systems.
Complex problems must be broken into smaller layers, implementing a divide-and-
Rational conquer methodology.
The B2B Architecture should support an approach where integration of trading partners’
busniess applications & other B2B components can be done on a messaging
framework rather than programmable function calls.
Failure to breakup the B2B Architecture layer into manageable layers may impact
trading partner business for any change in enterprise business processes.
Implication
Service Level agreements must be defined and considered for all intersystem
dependencies.

19 19
B2B Architectural principles [contd…]
Name Business Process Driven

B2B Architecture must be driven by the virtual business process requirement rather than the
Statement
technology requirement.

Rational B2B environment should be agile enough to accommodate rapid changing business needs.

Sometimes the environment change is required for IT change like upgrade, migration etc. these
Implication
TI changes must not impact business functionality.

Name Apply Security at all levels

Apply data security, transport security, non repudiation. Ensure that only authorize person has
Statement
the access to the data and the environment.

Since B2B deals with external business, so security must be applied to all levels like data,
Rational
communication, operation etc.

The current practice is to have a separate B2B environment secured from internal systems and
external systems.
Implication
Should the B2B data be logged then security mechanism should be in place to ensure that
sensitive data is not viewable.

20 20
B2B Architectural principles [contd…]
Name Semantics – Horizontal XML

Statement Use Horizontal XML frameworks like ebxml always

Horizontal XML frameworks (e.g. ebXML) are shared across multiple verticals necessitating
Rational
the development of cross-domain vocabularies and processes.

As business crosses the boundary of a particular vertical so failure to use horizontal XML
Implication
frameworks will impact the enterprise ability to integrate multiple partners.

Name Supportability –Centralized Management and Monitoring

Statement Centralized Monitoring and management will ensure the management of B2B transaction.

must ensure that the with partners has been met and must deliver the required information to
Rational
partner.

The System must guarantee delivery between partners for B2B transactions.
Centralized monitoring must be supported
Implication Notification of errors or rejections in B2B Layer
B2B must provide the audit reporting facility
Notification only when something doesn’t work in B2B Layer

21 21
Current State And Future State
In the B2B strategy for an enterprise the current state and the future state will be defined.
Consultant can refer to the pain points for the as is analysis of the current state of an
enterprise.
The future state of an enterprise should conform to the future trend of B2B. so the future
trend section will help in defining the future state of the B2B for an enterprise.
Typical Pain point in B2B
 Lack (total or partial) of vendor on-boarding process
 Lack of automation of business processes in B2B
 Lack of support of multiple protocols/connectivity requirements across partners
 Big lead time for vendor on boarding
 Testing cycles of B2B projects is large and very complex leading to expanded time to
market for new business collaborations
 Fragmented B2B infrastructure across lines of business, lack of standardization and
reusability
 Data coming from partners is inaccurate leading to significant exception management
and delay in the process, many times manual

22 22
Typical Pain point in B2B [contd...]
 Lack of effective integration of B2B connection points with enterprise back office
systems
 Lack (partial or total) monitoring for B2B transactions
 Complexity in testing B2B programs due to limited availability or total unavailability
of partner environment for unit/integration testing
 Complex process of coordination across vendors for end-to-end business usecase
testing leading to high cost of testing cycles
 Complexity in coordinating the problem resolution/trouble shooting during test cycles
across environments of the enterprise and vendors
 High cost of testing iterations due to testing errors/failures/mistakes
 Significant effort of data-preparation/set up for B2B scenarios, issues in data quality
that are discovered mostly during test runs
 Higher effort of testing cycles due to manual steps involved in the progression of test
cycles
 Same use-case needs to be tested differently with different vendors/partners due to
different in their technical set up/specifications
 Changes in the requirements (in terms of document specification, rules, process etc)

23 23
Future Trends in B2B
 “Appliance” based as well as “SAAS” based B2B solutions that simplify customer’s
B2B Business Capability delivery will evolve
 B2B and BPM will converge with maturing capabilities and advancements in supply
chain area. B2B will become extended arm of BPM providing cross-enterprise process
integration
 Battle between VAN based B2B delivery vs. Internet based B2B delivery will become
irrelevant with hybrid solutions. Internet based delivery platform will be the
foundation.
 Most of the B2B solutions will involve “self-service portal” platform for trading
partners which will simplify the complexity of vendor on-boarding as well as trading
partnership maintenance process

24 24
 Future Trends in B2B [contd...]

The B2B gateway market continues to evolve as the vendors add more functionality to their
products. This functionality, such as the embedding of service buses and service registries, is
primarily driven by the vendors' need to rapidly upgrade and augment their offerings. For
instance, as new standards are ratified or new protocols mature and are put into production,
a service bus enables these vendors to unobtrusively upgrade their products.
One by-product of this new functionality is that consumers can use their B2B gateways for
inter-enterprise service interactions, including exposing the core functionality of the gateway
— such as business activity monitoring, trading partner management (TPM) and business
process management (BPM) — to trading partners via portals, portlets or directly using SOAP.
However, it is very important that there is no impact on the basic core functionality such as secure communications,
event management, adaptive capabilities, translation, and importantly retaining the TPM
The majority of vendors in this space are leaders or visionaries. They're visionaries because
of the sophistication in their B2B gateway architecture. For example, most of these vendors
embed sophisticated service buses and service registries in their gateways. Some, such as
Oracle and Tibco Software, have sophisticated service buses based on open standards.

25 25
 Future Trends in B2B [contd...]
B2B products are gaining demand from organizations ranging from small to large size, irrespective of industry
expertise. Vendors have improved the functionality of the B2B product suite from primary purpose of centralizing a
company’s B2B communications (irrespective of the size and type of data), to providing some additional internal
integration (which ultimately results in the eventual externalization of the integrated data), and provides an
infrastructure between partners for service interactions between partners.When it becomes difficult to
differentiate the technological capabilities of business-to-business (B2B) gateway provider
offerings, base some of your decisions on the "intangibles" that aren't recognized in the
criteria provided for this Magic Quadrant. These include established relationships (that is, it
isn't unusual for a company to find that it already has some of the vendor's offerings in
production) and a company's current skill sets and resource availability.

26 26
Future Trends in B2B [contd...]
The Market for B2B integration product is more in the form of software as a service sector rather than as
traditional licensed software. For more than 2 decades, vendors offering integration as a service were known as
VAN providers; however, in recent years, this service sector market has grown remarkably. Service Providers of
integration Products as a service now include a diverse range of vendors, such as:
 Internet VAN providers — for example, Hubspan and ICC
 Electronic data interchange (EDI) VAN providers — for example, GXS and Sterling Commerce
 Vendors with a strong industry focus — for example, E2open and Viacore
 Marketplaces and industry consortia — for example, Elemica and Liason
 Specialists — for example, BetweenMarkets and StrikeIron
These types of solution providers were traditionally known as VANs, Internet VANs, Web services networks,
transaction delivery networks, business process networks, business process hubs, business integration networks,
integration service providers, marketplaces and goes on. But as per the definition integration service provider are
vendors that - behave in different role as primary or secondary — and offers custom
integration services, which includes combination of features, such as communication
services, trading partner management services, integration services and application
services

27 27
Message Standards
EDI technology was thought to be the best when dealing with highly structured data that
did not change frequently. However, today’s we require more flexibility, especially when
dealing with rapidly increasing demands for support for process improvement efforts
across the entire process chain. This has forced providers to adopt multiple XML-based
B2B options.

Still EDI continues to dominate B2B space. Earlier studies have projected that more than
one-third of US GDP is directly supported by EDI transaction exchanges in the retail,
manufacturing, financial and capital, healthcare, operations and logistics, food and
beverage, and pharmaceutical sectors.

28 28
 Communication Protocols
New technology has helped B2B integration to evolve from traditional EDI-based integration paving ways for new trends in
B2B communication protocols. There are several B2B communication protocols exists at present, varying in terms of their
purpose, capabilities, cost of implementation, industry acceptance, vendor support, future acceptance, etc.

N Formats,
Earlier,B2B solutions were built for bilateral exchanges between N Networks
COMPANY A COMPANY B
partner
partner companies
companies which
which used
used unique
unique data
data formats
formats developed
developed for
for a
a
specific party. The adjacent figure describes early point to point B2B Process
Process P
P
Process P

Past
interactions between company and two of its suppliers. The figure
shows that different data structure and communication lines were Process Q COMPANY C
needed to order the same spare part .
Process
Process Q
Q

Later, service providers standardized the data formats and

communication links used in B2B and offered them as paid EDI 1 Format, 1
running on VAN's or value added networks .The VAN's made sure Network
COMPANY B
COMPANY A
that valid messages the network and also the messages were EDI
EDI Processor
Processor
transmitted to the recipient only once.VAN also helped in non- Value
Value
EDI Added
Added
repudiation thus making sure that the sender could not claim that N/W
someone else had sent the message. Processor N/W COMPANY C
EDI
EDI Processor
Processor

Now , standard bodies have created new protocols so that benefits

of VAN based B2B interactions are brought to public internet. Most COMPANY B
COMPANY A

Present
prominent
prominent ofof them
them areare Rossetanet(RNET),electronic
Rossetanet(RNET),electronic Data
Data EbXML
EbXML
Interchange-Internet Integration(EDIINT) and e-business
XML(ebXML). These new standards enable companies to Internet
Internet
implement secure ,reliable and non-repudiable e-business EbXML COMPANY C
transactions with inexpensive , non-proprietary internet
technologies-either
technologies-either standard
standard EDI
EDI messages
messages or
or XML
XML documents-as
documents-as EbXML
EbXML
shown in the figure.

29 29
B2B Standards
Various standards have been defined to exchange data between B2B applications. Some
standards are applicable to a particular industry vertical and others are generic enough and
can be used across verticals. The sections below outlines the various data, process and
security standards used in B2B.
Benefit of Using Standards
 Standard based B2B integration promotes re-usability
 Provide easier and consistent on-boarding process (especially if other partners
support standards)
 Provide support multi-partner solution
 Provides a solution when partner is unable or unwilling to support B2B standards
 Reduce dependency on any one supplier

30 30
Message Standards
Apart from EDI, flat files B2B exchanges are now mainly done through XML messages.
There are 2 broad XML categories used in B2B.
Following are the comparison of the XML and EDI form
Issues XML EDI
New Internet based technology, easy to
implement Old, passé electronic standard
E-commerce
Includes standards of multiple complex Time tested and successfully works
Standard frameworks
Can be implemented directly
Not as simple to implement
Expensive
Cheap to implement and deploy over the Internet
Cost of tools are getting cheaper and
Tools and developers still costly
Cost cheaper
Consumer pay for Internet connection
Can be implemented via the Internet
Bandwidth limitations
Requires less bandwidth
Cryptic
Intuitive, easy to read
Once understood, easy and fast to
Data Verbose implement
Representation Implementation requires time Storage requirements are very small
Storage requirements increases gradually Information can be transported using floppy
disk
Well Established companies and
New economy companies
Companies governments
pushing the Consulting companies
Stable global user base
technology
High business risk
Low business risk

31 31
Stateless & Stateful
The XML messages can be classified as
Stateful XML
These are purely XML-based transactions ,
maintaining the state of the transaction
within the confines of a larger business
process. For example, RosettaNet Partner
Interface Processes (PIPs) maintain the state
of transactions until they are completed
using the RosettaNet Information Framework
(RNIF) message format. In such an
environment, purchase orders are executed
within the RosettaNet environment and are
monitored until all individual items in the
order have been received or canceled. The
“state” of each item (fulfilled, backordered,
Rejected etc.) is maintained over time.
Stateful XML transactions will be in demand
for a number of B2B process-oriented
transactions, and they are projected to
exceed the growth of EDI transactions over
the half decade.
Stateless XML
This group consists of XML-based messages that have industry-
defined standards or proprietary standards agreed to by two trading
partners. No state information are maintained and are very similar
to EDI from the point that they do not support any type of
persistence. ACORD, which is in use by the insurance sector, CIDX,
which is in use by the chemicals industry, and PIDX, which is in use
by the petroleum industry, are all good examples of stateless XML
messages. Some other examples of stateless is Universal business
language (UBL), XML-based dialect which is supported by OASIS but
has had little practical uptake.
Current XML based approaches to handling semantic interoperability
in B2B fall into two categories: Vertically focused frameworks, and
horizontal frameworks spanning multiple verticals. Examples of
vertical XML standards include ACORD for Insurance domain, XBRL
for accounting domain etc. OASIS site (www.oasis-open.org)
maintains a comprehensive list of these standards. Horizontal
frameworks are based on the idea of business concepts and data
types being common and hence shared across multiple verticals
necessitating the development of cross-domain vocabularies and
processes so that they can be captured in a domain independent
manner. Examples are X12/EDI, EDIFACT, xCBL, OAGIS BODs, are all
converging onto ebXML, the leading framework for B2B.
32 32
Messaging standards used in B2B
scenarios
Standards Description
This exchange type primary
consists of ANSI X12 and
EDIFACT transactions that
representing various types of
standards business
EDI
documents including
invoices, purchase orders,
advanced shipping notices
(ASNs), healthcare payments,
and electronic payments.
Usage
EDI provides a method of communicating business
information in an efficient and standard manner. It has a
huge install base, with thousands of organizations
conducting business via EDI. Which also includes robust
support for EDI by many third-parties.
EDI is unambiguous, hence can be used by all trading
partners. It reduces the amount of labor-intensive work
required for data exchange. It also enables the data -
sender to control the exchange, and know when the
recipient received the transaction.
EDI’s have same benefits as XML message transfer
benefits: with reduced purchase prices, inventory costs
and procurement, and document delivery time; reduced
lead times along with elimination of clerical tasks and
errors; the customization of forms to meet the needs of
those of the trading partners; communication across
industry sectors using common standard; and including
complete auditing, billing and security functions.
33 33
Messaging standards used in B2B
scenarios [contd...]
Standards Description
It is an open standard and leverages public
standards wherever possible to enable secure
and reliable B2B communication. The ebXML
specification extends the SOAP specification
providing better security and reliability features
required by many e-business applications and
ebXML production enterprise. As an OASIS Open
Message standard, ebMS is a mature specification, which
Service(ebMS) is being supported by a host of commercial and
open source software implementations. The
interoperability of these implementations have
also been demonstrated in a number of ongoing
projects internationally. This makes ebMS a very
strong complement or even a better alternative
to other web service specifications.
34
Usage
Major concerns are about security
and reliability for the widespread
adoption of web service. Security
features in ebMS are provided using
several countermeasure
technologies. XML signatures are
used to digitally sign the
documents. Payload confidentiality
is supported using following: XML
encryption or S/MIME or PGP MIME.
Use of SSL/TLS or IPSEC as the
underlying communication channel
for ebMS provides valuable features
like non-persistent integrity and
authentication.
34
Messaging standards used in B2B
scenarios [contd...]
Standards Description
Rosettanet is a major partner in
information technology, electronic
component and semi-conductor
manufacturing companies which
has developed standards for
electronic commerce. RNIF
provides framework to package
and transport messages to
execute business processes
RosettaNet between partners. There are two
Implementa versions of RNIF in use 1.1 and
tion 2.0. Compared to 1.1, 2.0 is more
Framework open and payload agnostic.
(RNIF)
In order to boost business-to-
business integration in the area of
high-technology and retail sectors
via XML and Web services
standards, the RosettaNet and
Uniform Code Council (UCC) have
agreed to collaborate. In fact,
Rosettanet will operate as a
subsidiary of UCC.
Usage
Comparing between RNIF and ebMS, considering both using
XML for B2B document payload, ebXML does not have any
specific business processes but provides the trading partners
means and tools to customise specify business processes.
The framework defines PIPs, which describe the process flows
between the trading partners in RosettaNet . In ebXML, the
abstraction level is higher: In ebXML framework defines
Business Process Specification Schema (BPSS), that is used to
specify the BPSs. Conceptually, ebXML’s BPSS could be used
to specify processes similar to RosettaNet PIPs.
All general defined security solutions for XML documents can
be applied to both ebXML and RosettaNet . The core of
RosettaNet security scheme is the S/MIME
(Secure/Multipurpose Internet Mail Extensions) specification.
S/MIME includes authentication, message integrity and non-
repudiation of origin (using digital signatures) along with
privacy and data security. ebXML specifications are not a
hindrance to implementers to use any specific security
scheme or protocols. The specifications are more flexible than
in RosettaNet and usually recommend open Internet
standards for security.
35 35
Messaging standards used in B2B
scenarios [contd...]
Standards Description Usage
xCBL support all essential documents
The Common Business Library, or xCBL, is a and transactions for global e-commerce
join set of XML building blocks and document that includes multi-company supply chain
framework which allows the creation of automation, direct and indirect
robust, reusable, XML documents for e- procurement, planning, auctions,
commerce. These building blocks were invoicing and payment in an international
defined based on an extensive research and multi-currency environment. xCBL is an
collaboration by Commerce One and the outcome of extensive research and
leading XML industry initiatives. collaboration between Commerce One
and the leading XML standards
xCBL can help accelerating any partner's XML institutions, e-commerce enterprises,
xCBL efforts by providing these building blocks and hardware and software vendors,
alongwith a document framework. Consistent along with the analysis of existing e-
with its purpose, xCBL is available free of commerce standards which include the
charge in prominent XML repositories. Version likes of Electronic Data Interchange (EDI),
3.0 of xCBL defines a fundamental change in RosettaNet, and Open Buying on the
scope and design goals, giving support for Internet (OBI). Industry leaders Compaq,
direct goods scenarios, ERP integrations, and Microsoft, SAP Markets, and Sun
standards such as RosettaNet and OBI, along Microsystems will leverage xCBL 3.0 as a
with many flavours of industry-standard X12 key standard in the field of development
and UN/EDIFACT EDI. and delivery of business-to-business
solutions.

36 36
Messaging standards used in B2B
scenarios [contd...]
Standard
Description Usage
s
An ANSI standard is followed for exchange of
healthcare specific data between computer
applications. The name comes from "Health Level 7", Hospitals, doctors, and other
that refers to the top layer of the Open Systems healthcare institutes around the
Interconnection (OSI) layer protocol for the health globe require the ability to send
environment. and receive healthcare data,
including patient details. Medical
The HL7 protocol was formerly developed by the data can be extremely complicated
HL7 Health Level 7 Organization, consisting of grammar because of the use of abundance of
and vocabulary that is as per the standard so that clinical terminology, along with the
clinical data can be shared amongst all healthcare structural complexity in the
systems, and easy to understood . Using the HL7 formation of the presented
messaging protocol as a standard, all systems which information. HL7 was developed to
follow the HL7 specifications are able to overcome these difficulties.
communicate with one another, without the need for
information translation.

Factors considered for deciding the message Standards

Reusability: Is an important factor, as in many scenarios the vendors require the same
document
Message Size : Is another major factor considered to decide the Message format.

37 37
Communication Protocols
Standards Description Usage

The FTPS (FTP over SSL) elements offers all the features found in
the FTP program with added ability to encrypt FTP data which will
use SSL (Secure Sockets Layer). The SFTP (FTP over SSH) elements
This protocol is usually used for huge
FTP(s) offers all the features found in the FTP program with added ability to
flat file payloads.
secure all data transferred by using a secure SSH2 channel. Using
the FTPS or SFTP you are assured that your data is protected as it
moves over the Internet.

The design of POP3 and its

procedures supports end-users
SMTP is Internet's standard host-to-host mail transport
with intermittent connections that
protocol and traditionally operated via TCP. SMTP uses a style
allows these users to retrieve e-
of asymmetric request-response protocol popular in the early
mail when connected and then to
1980s, and still observed occasionally, most often in mail
view and format the retrieved
protocols. SMTP is simple, text-based protocol, in which one
messages without being online.
or more recipients of a message are specified (and in most
Although most clients are
E-mail (SMTP cases verified to exist) and then the message text is
provided with an option to leave
and POP3) : transferred. It’s a client-server protocol, in which a client
mail on a server, e-mail clients
transmits an email message to a server. Either an end-user's
using POP3 protocol by generally
email client, also known as MUA (Mail User Agent), or a
connecting, retrieving all
relaying server's MTA (Mail Transfer Agents) can behave as
messages, storing them on the
an SMTP client. SMTP is a "push" protocol which prohibits one
user's computer as new
to "pull" messages from a remote server on demand. Added
messages, deleting them from
to this is a mail client must use POP3 or IMAP.
the server, and finally
disconnecting from the link.

38 38
Communication Protocols [contd...]
Standards Description Usage

HTTP is a standard protocol used for communications in intranets

and the World Wide Web. Though HTTP was original meant to
publish and retrieve hypertext pages. Development of HTTP was
greatly coordinated by W3C (World Wide Web Consortium) and
IETF (Internet Engineering Task Force). HTTP is a request/response
based protocol between a client and a server. The client making a
HTTP request - such as a web browser, spider, or other end-user
Hyper Text tool. The responding server called the origin server is used to
Transfer store or create resources such as HTML files and images . In
Protocol between the user agent and origin server there are many
(HTTP(s)) intermediaries, such as proxies, gateways, and tunnels. HTTP is
not restricted to only using TCP/IP and its supporting layers,
although this is its primary and most popular application on the
Internet.
HTTPs is a combination of normal HTTP interaction with an
encrypted Secure Sockets Layer (SSL) or Transport Layer Security
(TLS) connection. This ensures secured protection from
eavesdroppers and man-in-the-middle attacks.

39 39
Communication Protocols [contd...]
Standards Description Usage

AS1 (Applicability Statement 1) is used as a

specification for Electronic Data Interchange (EDI)
communications between businesses using normal e-
mail protocols. This specification has been largely An Internet connection that
replaced by Applicability Statement 2 (AS2). Both were can be used for sending
created by EDIINT (EDI over the Internet), a working and receiving an e-mail.
Applicability group of the Internet Engineering Task Force for EDI transfer engine, and
Statement 1 developing secure and trusted business digital certificates are
(AS1) communications standards. The AS1 standard provides basically required for data
S/MIME and uses SMTP (Simple Mail Transfer Protocol) exchange using AS1. Any
to transmit data via e-mail. Security, message integrity, type of data can be
privacy and authentication are protected by the use of transmitted through it
encryption and digital signatures. The feature of , non-
repudiation, makes it difficult for the recipient of a
message to deny having received it.

40 40
Communication Protocols [contd...]
Standards Description
AS2 packages data using MIME structures and
transmits it securely over internet using HTTP.
Authentication and data confidentiality are
Applicability obtained by using Cryptographic Message Syntax
Statement 2 with S/MIME. AS2 also provides set of security
(AS2) features such as data confidentiality, data
integrity/authenticity, non-repudiation and security
guidelines to ensure interoperability between B2B
partners.
AS3 is a more recent communication protocol
leveraging all the features from its
predecessors. Primary difference between AS2
and AS3 is that AS2 uses HTTP and AS3 uses
FTP. According to the experts, AS3 has great
benefits that could lead to even wider
Applicability
adoption, in particular among security-
Statement 3
conscious companies in the financial services
(AS3)
industries, healthcare industries and by those
who already rely heavily on FTP to send and
receive transactions. One of the advantages of
AS3 is that it is a "push and pull" technology,
in contrast to AS2, which is a push-only
technology.
41
Usage
Reliable messaging is supported in AS2
through the use of Message Disposition
Notification (MDN). MDN acts as a receipt
and may optionally contain signed
message digest (known as Message
Integrity Check (MIC)) to support non-
repudiation receipt.
There is a widespread support for AS2 by
B2B service providers and product
vendors.
When an XML or EDI transaction is sent
over the Internet using AS3, the two
FTP programs on either side of the
transaction are aware of the
transaction and actively participate in
it. With the HTTP transport used in AS2,
there is a possibility that transactions
can be floating out on the Internet for a
while before landing in the receiving
computer, and even though AS2
transactions are encrypted and secure,
this can violate the security policies of
customers in some industries
41
Process Standards in B2B
There are various standards for defining and managing business processes in B2B. The
table below list these standards.

Standards Brief description Usage

The RNIF (RosettaNet Implementation Framework) provides

with packaging, routing, and transport of RosettaNet PIP
messages (new window) and also with business signals. The
RNIF gives the implementation guidelines for creating
interoperable software applications components that helps to
execute Partner Interface Processes (PIPs). RNIF is mature standard
RNIF are present in two flavours: and can be useful for
RNIF multiple vendor solutions.
RNIF 1.1 – This supports the secure HTTP transport protocol It is very easy in terms of
for delivering business messages between the trading ensuring interoperability
partners. It supports the RosettaNet Object (RNO) format
RNIF 2.0 – This supports multiple transport protocols (such as
secure HTTP and SMTP) for delivering business messages
between trading partners. It supports the multi-purpose
internet mail extensions (MIME) format

42 42
Process Standards [contd...]
Standard
Brief description
s
The RosettaNet Partner
Interface Process (PIP) is
used to define business
processes between
trading partners. PIPs fit
into 7 clusters, or into
groups of core business
processes representing
the backbone of the
PIP
trading network. Every
cluster is broken down
into segments which are
cross-enterprise processes
involving more than one
different type of trading
partner. Within each
segment there are
individual PIPs.
Usage
PIPs require the following:
A definite purposeful business outcome (for example, the
receipt of a purchase order from a trading partner)
A role that can perform at least one single activity (for
example, a buyer role requests a purchase order from a
seller role and a seller role submits a purchase order
acknowledgment to the buyer role)
A measurable unit of work which can be connected to other
PIPs to achieve a larger business outcome (for eg:- one PIP
involves a buyer role that requests and receives a purchase
order from a seller role, while another PIP is coordinated
accurately with the first PIP to send a failure notification
message to a buyer role if a purchase order is not properly
received from the seller role)
Trading partners are in sync on the set of PIPs to be supported
to conduct business. Each partner needs to fulfill their own
specific requirements of the PIP. If one trading partner fails
tofulfill all requirements, then the business transaction is
voided for all participating PIP trading partners.
43 43
Process Standards [contd...]
Standards Brief description Usage

The conceptual model of L3 has five main concepts. A

Send/Receive is the crux of communication. A Send/Receive
transmission has a property id and transmits a Transmission
L3 has a clearly specified
Object, TObject which is being transmitted. From a business
conceptual model,
perspective, it can represent a Purchase Order (PO) or a
architecture and execution
Purchase Order Acknowledgement (POA) which consists of
L3 semantics. The use of L3
an id property. The Partner concept involves the entities in
will also grow
the communication, the origin entity and Target and the
subsequently with the
destination entity. Partner and Tobject have an id property.
growth of web services.
They participate in Send/Receive transmission representing a
certain History i.e. a representation which is explicit of the
state changes of the transmission.

44 44
Process Standards [contd...]
Standards Brief description Usage

eXflow is a Web Services-enabled Business Process Management

System (BPMS). Business Process Management System is fast
becoming a key technology for both EAI and B2Bi industries. The
advantages of adopting business process solution are as follows:
1. Profiting Business Process Reengineering (BPR). With business
eXFlow system
process solution, organizations can separate business policies from
facilitates enterprises
business applications. This facilitates BPR without drilling into the
to streamline in-
business application details.
house and B2B
eXflow 2. Benefiting Application Integration (EAI). A business process processes and also
consists of sequence of activities that involves different kinds of rapid process
Applications. Hence,the BPMS (Business Process prototyping and
enterprise application
Management System) is regarded as an application integration
integration (EAI).
platform, which coordinates and conducts the cooperation among
systems which are heterogenous in nature.
3. It improves process management control by monitoring the
current state and progress of a business process, management can
ascertain proactive actions to minimize the problem.

45 45
Process Standards [contd...]
Standards Brief description Usage

The ebXML Business Process Specification Schema (BPSS

or ebBP) facilitates in collaborating eBusiness processes.
As a part of the original eBusiness eXtensible Markup
Language (XML) [ebXML] framework of specifications, theThe ebBP focuses on an
ebBP monitors collaborative business processes among adaptive and integrated
business partners. The ebBP (ebXML Business Process eBusiness approach. With
ebXML Specification Schema) has defined a standard language this approach, it is possible
Business that configures business systems for executing businessto support contrasting
Process environments, specifically
collaboration between business partners or collaborating
Specification parties. It provides: Small- to Medium-
Enterprises. As with other
Schema Support for modular definitions to complex nested specifications , ebBP can be
activities influencing factor with other
Standard and extensible business transaction patterns ebXML and/or emerging web
services technologies.
Semantic tailoring for business documents and business
processes
Support for use of hybrid, web service and ebXML assets

46 46
Security standards in B2B
Maintaining partner data confidentiality is of key importance. The below tables lists some of
the security standards used in B2B.

Standards Brief description Usage

S/MIME can be used by traditional mail user agents (MUAs) to add

encrypted security services to mail that is to be sent, and to decrypt
security services in mail that is received. However, S/MIME can be
used with any transport mechanism which is used to transport MIME
data, e.g:- HTTP. Also, S/MIME utilizes the object-based features of
Secure Multipurpose MIME thus facilitating the exchange of secure messages in mixed-
SMIME internet mail transport systems. S/MIME can also be used in automated message
extensions transfer agents .These use cryptographic security services which do
not require any human intervention .e.g:-signing of software-
generated documents, encrypted FAX messages sent over the Internet
etc.

47 47
Security standards [contd...]
Standards Brief description
XML digital signature. XML signatures are
digital signatures which are designed to use
in XML transactions. There is a predefined
standard of capturing the results of digital
signature operation applied to arbitrary (but
often XML) data. For example the non-XML-
aware digital signatures (e.g., PKCS), XML
signatures also add data integrity,
authentication, and support for approving
XMLDSig the data that they sign. However, XML
signature has been designed to leverage
Internet and XML which is absent in non-XML
digital signature standards
An XML signature is capable of signing more
than one type of resource. Like a single XML
signature might also cover character-
encoded data (HTML) in addition to binary-
encoded data (a JPG), XML-encoded data,
and a specific section of an XML file as well.
48
Usage
S/MIME can be used by traditional mail user
agents (MUAs) to add encrypted security
services to mail that is to be sent, and to
decrypt security services in mail that is
received. However, S/MIME compatible with
any transport mechanism that transports
MIME data, such as HTTP. Also, S/MIME
utilizes the object-based features of MIME
thus allowing secure messages to be
exchanged in mixed-transport systems.
Further, S/MIME can be used in automated
message transfer agents. These use
cryptographic security services which do not
require any human intervention e.g:-signing
of software-generated documents,
encryption of FAX messages before sending
over the Internet etc.
48
Security standards [contd...]
Standard
Brief description Usage
s
XML encryption. XML Encryption facilitates end-to-end security for
applications that require secure exchange of structured data. XML is the
leading technology for structuring data. Hence, XML-based encryption
is naturally used to handle requirements which might be complex for
security in data interchange applications.
XML Encryption is not intended in any way to supersede or replace
SSL/TLS. But it provides a mechanism for security requirements which
are not covered by SSL. There are two important areas not addressed This feature can be
XML by SSL which are as follows: used to encrypt and
Encrypt decrypt any XML
Encrypting part of the data which is being exchanged
message
Secure sessions between two or more parties
With XML Encryption, each and every party can maintain secure or
insecure states with the communicating parties.Secure and non-secure
data is exchanged in the same document. For example, A secure chat
application with several chat rooms and several people in each room.
Files which are XML-encrypted can be exchanged between two partners
and thus data intended for one partner is not visible to a third person.

49 49
Security standards [contd...]
Standards Brief description Usage
AuthXML is used for specifying information regarding the
authentication and authorization in XML. AuthXML is a AuthXML is used for
transport-independent XML definition which facilitates specifying authentication
AuthXML
security authorities in different organizations to communicate and authorization
about authorization, authentication, user profiles and information in XML.
authenticated user sessions in an open way.
TLS , typically allows the
Transport Layer Security (TLS) is cryptographic protocol that server and client to
provides secure communications on the Internet for authenticate each other
applications such as web browsing, Internet faxing, e-mail, thus negotiating an
instant messaging etc. The TLS protocol allows applications algorithm which is
to communicate across a network preventing eavesdropping, encrypted and
TLS message forgery and tampering. TLS provides endpoint cryptographic keys before
communications privacy and authentication over the Internet the application protocol
using cryptography. Ideally, only the server is authenticated receives or transmits its
and the client is unauthenticated. Thus, the end user first byte of data. Also it is
(whether an individual/entity or an application, like a Web used for encapsulation of
browser) can be sure with whom they are communicating. various higher level
protocols.

50 50
Security standards [contd...]
Standard
Brief description Usage
s

IPsec (IP security) is a protocol to secure Internet Protocol (IP)

communications by authenticating/validating and/or encrypting each
IP packet in a data stream. Also, it includes protocols for
cryptographic key establishment. IPsec can be used for
safegaurding layer 4
IPsec protocols operates on the network layer, layer 3 of the OSI protocols, including
model. Other Internet security protocols like SSL, TLS and SSH, TCP and UDP which
IPSec operates from the transport layer up (OSI layers 4 - 7). This makes are the most
IPsec more flexible. Also, it can be used for safegaurding layer 4 commonly used
protocols, including TCP and UDP which are the most commonly transport layer
used transport layer protocols. It is used for creating VPNs. IPsec is protocols. It is used
advantageous over SSL and other methods that operate at higher for creating VPNs
layers. An application need not be designed to use IPsec, though
the ability to use SSL or other higher-layer protocol must be included
into the design of an application.

51 51
Security standards
[contd...]
Standards Brief description Usage
Security Assertion Markup Language (SAML) is a XML standard for
exchanging authorization and authentication data between security
domains i.e between an identity provider (a producer of assertions) and SAML is used for
a service provider (a consumer of assertions). SAML is a product of the  Distributed
OASIS Security Services Technical Committee. Authorization
The problem that SAML is trying to analyse is the Web Browser Single  Federated Identity
SAML Sign-On (SSO) problem. High amount of Single sign-on solutions are Management
available at the intranet level (e.g:-using cookies) .But ,extending
these solutions beyond the intranet is quite cumbersome and has  Multi-vendor Portals
resulted in the proliferation of non-interoperable proprietary  Web Services Access
technologies. SAML is the standard language underlying many web Control
Single Sign-On solutions in the enterprise identity management
problem space.

Public key infrastructure (PKI) is an arrangement binding public keys

Enterprise PKI systems are
with respective user identities with the help of a certificate authority
tied quite closely to an
(CA). The user identity should be unique for each certificate authority .
enterprise's directory
The binding is established with the help of registration and issuance
scheme, where every
process. Depending on the level of assurance the binding has, it may
PKI employee's public key is
be carried out by software at a Certificate Authority, or may be under
stored , along with other
human supervision. The role which assures this binding is called the
personal details (phone
Registration Authority (RA) . For every user, the public key, the user
number, email address,
identity, binding, validity conditions are unforgeable in public key
location, department, etc...).
certificates which are issued by the CA.

52 52
Security standards
[contd...]
Standards Brief Description Usage

eXtensible Access Control Markup Language (XACML)

XACML is used for describing
provides acute control of authorized activities, effect of
access control policy in XML and a
XACML characteristics of the access requestor, the protocol
process model, describing how to
requesting it, authorization which are dependent on classes
interpret the policies.
of activities as well as content introspection.

eXtensible rights Markup Language (XrML) is a digital rights

language which is designed for securely specifying and
XrML, used for writing license
managing rights and conditions associated with various
XrML policies for web-services or digital
resources that includes digital content and services. It has
rights management.
been developed by Content Guard who contributed to
OASIS as a basis to a digital rights language.

Service Provisioning Markup Language (SPML) is an XML-

SPML facilitates automation of
based framework specification that facilitates exchanging
steps required to manage (setup,
user resource and also service provisioning information.
modify and revoke) user or
SPML The SPML specification has been developed considering the
system access entities or data
following specifications: Active Digital Profile (ADPr),
relative to electronically
Information Technology Markup Language (ITML), and
published services.
eXtensible Resource Provisioning Management (XRPM).

53 53
Security standards [contd...]
Standards Brief Description Usage

Web Services Security (WSS or WS-Security) provides

WS security is used for applying
enhancements to SOAP messaging to facilitate
security for web services. The WSS
quality of protection through message integrity and
WSS protocol has details on the use of
authentication of a single message. These can be
SAML and Kerberos, and also
used to accommodate a wide range of security
certificate formats such as X.509.
models and also encryption technologies.

XCBF is used as an XML schema for

XML Common Biometric Format (XCBF) is a set of securing,, logging, displaying or
secure XML encoding for the formats which are performing database queries using
XCBF
specified in CBEFF, called as Common Biometric biometric information such as DNA,
Exchange File Format. fingerprints, iris scans, hand
geometry, etc.
XML Key Management Specification (XKMS) is a XML
application/protocol specification that facilitates a XKMS is used for secure inter-
XKMS simple client to procure key information (certificates, application communication using
values, and management or trust data) from a Web public key infrastructure (PKI).
Service.

54 54
B2B Communication with partners
In general there are top 3 areas of concerns for B2B during partner engagement. These
are
 Business solution of B2B
that primarily deals with partner processes, contracts, etc
 Technical solution of B2B
that deals with the architecture interoperability
 Delivery and management of B2B programs
that primarily deals with projects management and life-cycle management of B2B.

55 55
B2B Internal Integration
A B2B Gateway can be thought on the lines of pipe, with one end terminating within the
Enterprise, and the other at the partner systems. This section is concerned with the
enterprise end of the gateway - how the B2B gateway integrates with the enterprise.
The services that the B2B Gateway provides to the Enterprise should be aligned with
Enterprise data standards and processes as much as possible. The key challenge here is to
align enterprise process and data with that required by B2B/partner systems.
B2B should be considered as any other Enterprise system (security issues aside), and as
such, integration with the B2B Gateway should follow the same integration standards as
followed by other Enterprise systems. For instance, if the Enterprise utilized the concept of
service delivery via an ESB, then the B2B services should be made available on the bus.

56 56
B2B internal integration [contd...]

Mainframes

B2B ESB
Gateway
Partner
Partner

Packages
Apps

Enterprise
Portal Databases
 Real
Real
Time
Time
Visibility
Visibility
 Transaction
Transaction
StatusStatus
Transaction
 Transaction
Reconciliation
Reconciliation

The B2B gateway integrates enterprise systems and data with trading partners through
Enterprise Integration hub. With emergence of SOA, B2B integrate with enterprise through
ESB.

57 57
B2B internal integration [contd...]
Process management in B2B willB2B Process
ensure Management
that B2B transactions are executed correctly, in
sequence and in accordance with the relevant SLAs.
The B2B Process Management is also apply business rules to validate B2B Business
transaction, B2B Document Delivery transaction management
The B2B Process Management layer does not implement any business logic or functionality.
The B2B gateway will support simple orchestration and workflow functionality only to
support transaction management. All communication through the B2B gateway will be
stateless in that transaction state will not be maintained in memory for the duration of the
transaction. Transactional state identification will be through message and correlation
identifiers.
Following are not the responsibility of B2B Layer
 Orchestration and workflow required to support business workflows will not be
implemented in the B2B gateway.
 The B2B gateway will only manage entry and exit points of the workflow in the gateway.

 The functionality to support complex business orchestration will be hosted and managed
in Shared Operations, as part of the Enterprise Integration domain.

58 58
Data integration
 Use Standards
It is important that the data exposed by B2B services follow the data standards used
by the Enterprise. For example, in the telecomm domain, the eTOM SID is a
commonly used data model. If this is adopted across the Enterprise, then it should
also be employed at the B2B layer.
Where data models employed by partners deviate from that of the Enterprise, then
the B2B Gateway should perform the necessary semantic and/or value translations
as required to bridge the gap. Rules for translation can be maintained and managed
within the Gateway. Note that these rules should not be process level business rules -
these must be managed within the Enterprise.
 Data Cross Referencing
Cross Referencing involves creating and storing mappings between enterprise
entities and the corresponding partner entities. If the trading partner does not
provide services to store foreign entities, B2B Gateway need to store the
relationship between the entities of the enterprise and the partner.

59 59
Data integration [contd...]
The cross reference could be created for two types of data:
Cross Reference for transactional data - The cross reference relationship in this scenario
is created during the transaction processing. An example could be cross reference
relationship between order id's
Cross Reference for reference data - The cross reference relationship in this case is
setup before the transaction processing is initiated. An example could be cross reference
relationship between product codes
Cross Reference Design Principles -

Name Maintain cross reference horizontally

Entities are cross referenced only where there is specific data to be mapped
Statement
between internal systems and partner systems.

B2B layer in an organization has the responsibility to integrate with partner. It

Rational
should not manage the responsibility integrating enterprise systems or data.
For best result B2B Cross referencing must not manage the mapping of entities
within enterprise.
Implication
cross referencing framework infrastructure can be reused for B2B cross
referencing.

60 60
Data integration [contd...]
Cross Reference Design Principles -

Name Maintain current state

The state of the cross reference must represent the “As Is” situation. In other
Statement words, B2B cross referencing should not maintain history and track the status of
relationships over time
Cross referencing is maintained to support current state of business. Any
Rational
historical relationship should not be maintained in cross referencing.
Implement logic to delete or archive the historical cross referencing relationship
Implication regularly.
Sometimes the archival or deletion frequencies are controlled by regulation.

Name Avoid complex mapping

Statement Cross reference should be as simple and small as possible.

Nested or multi level cross referencing mapping should be avoided. In case of

Rational nested cross referencing scenarios, the relationship should be broken into
multiple simple mapping and maintained.

look for opportunities to make use of search/lookups on partner entities in case of

Implication
any complex and nested cross referencing mapping

61 61
Data integration [contd...]
Cross Reference Design Principles -

Name Maintain entities required for cross referencing only

Where information is to be managed about Partner entities, such as products,

Statement
these are generally kept outside the cross reference, i.e. in a separate database.

Partner system external id’s to be used for search/lookup, this may avoid the need
Rational
for a cross reference to be added.

Implication

62 62
Reconciliation
Reconciliation is the key aspect of B2B solution. Architects are expected to refer to the
reconciliation approach to determine the partner on-boarding process.
There are mainly two types of reconciliation done in B2B
 Business Reconciliation:
This mainly involves the reconciliation of the business process between the enterprise
and its trading partners. The business process may involve one or more transaction
with the partner, for example it may start with Purchase order placement followed by a
technical acknowledgement and then a business acknowledgement. The partner may
then send an invoice which may also be followed by a technical acknowledgement and
then a business acknowledgement. The frequency of the reconciliation will depend on
cycle time of the business process. Once the reconciliation is done a process
reconciliation report is produced,.
 Acknowledgement/Delivery reconciliation:
This mainly involves reconciliation at the transaction level to ensure that partner has
received all the transactions. Fox example if the enterprise has triggered 100 invoices,
but has received acknowledgement for only 80 of them. Such discrepancies are brought
out by delivery reconciliation. Delivery Reconciliation report is produced after this
exercise.

63 63
B2B Security
Following are the B2B security requirements for any organization
 Confidentiality :
All sensitive information exchanged between partners must be protected from
being disclosed to unauthorized entities
 Integrity :
The system should detect any unauthorized modification of data being transacted
 Authentication :
All partners need to be uniquely identified and authenticated
 Authorization/Access Control :
B2B system should enforce secure authorization and access control policies so as
to give only required privileges to the authorized partners
 Non-Repudiation :
The system should have the accountability built in such a way the participants
cannot deny their actions performed

64 64
B2B Security [contd...]
The B2B data exchange happens at many levels using different combinations of standards
and protocols as shown below.

User / Data Web

EDI Oracle RosettaNet
/ Content services

Application MQ SQL/Net
HTTP HTTPS FTP SMTP JMS Vitria
Protocol Series Net8

Interface Sockets SSL        

LU6
TCP UDP LU2
Network
IPX SPX Decnet
Protocol IP SNA

VPN
Link Frame-
Ethernet DSL T1 VPN
Relay

Cat5 Coaxial Telephon

Physical Fiber Wireless
Cable Cable e Wires

65 65
B2B Security [contd...]
 Network Physical Layer
Network physical layer security defines the security measures on means of raw bits
transmission. We won’t dwell in details of physical security as this is not in the scope of
this document.

 Network Link Layer

Network Link Layer security defines the security measures on the network level. Due to
the fact that cables are being used in most of the link layer networks, there is an
assurance of security. However in wireless networks also implement a lot of techniques
for as part of the security measure.

66 66
B2B Security [contd...]
 Network Protocol Layer
Above the network link layer, there comes the network protocol layer. This layer
comprises of network protocols such as TCP/IP, IPX & SNA. Most of the network heavily
rely on the security of this layer. To provide the security at Protocol Layer, several
techniques are available , widely used are:

• Router Access Control Lists (ACL)

• Value Added Network (VAN)
• Physically/Logically separated networks
• Virtual Private Networks (VPN)
• Firewalls

67 67
 B2B Security [contd...]
 Application Protocol Layer
The application Protocol Layer defines the security measures at application level. This
layer is the medium for B2B communications which includes protocols like HTTPS,
SMTP, FTP and MQSeries™. These protocols run on top of TCP/IP .

 Protocols ( XML, Data X.12 “EDI”, Web Services )

Application data protocol precedes the network protocol stack. These protocols
typically do not depend on application and network . Application data protocol
specify formats of file or messages which is independent of transmission method.

68 68
 B2B Security [contd...]
 Cryptography (Encryption, Signatures, Hashes)
In Cryptography the term Encryption is the process of transforming data (plain text)
from one format to another using algorithm (cipher text) to make it unreadable.
Decryption is the reversal process, which involves converting cipher text to plain text.
Encryption techniques has got the history from past few centuries to the current
modern computerized times. There are two types of encryption techniques,
symmetric encryption and asymmetric encryption.
Symmetric Encryption: A single key is used for both encryption and decryption.
Some of the common symmetric encryption algorithms are : DES, 3DES, IDEA,
Blowfish, RC2 and RC4.
Asymmetric Encryption: Two keys are used, one is for encryption and the other for
decryption. These keys are termed as public and private keys.
The public key is shared with every one but the private key is kept confidential. The
Key used for Encryption cannot be used for Decryption.

69 69
 B2B Security [contd...]
 Identity and Access Management

The B2B platform and Customer Self Service Portal use an Identity Abstraction Layer to
perform the identity and access management functions. All components of the solution
including Trading Partners and end users through the self service portal will perform
authentication and authorization services by calling this layer.
 The Identity Abstraction Layer will perform following functionalities:
• authenticate the credentials of trading partner
• provides an audit trail of the partner activity
• Encapsulates the security function of the B2B and Customer Self Service Portal
platforms and in effect hides the true location of the Identity Information.
• provides improved operational efficiency in terms of password management and
reduced help desk support

Access and Authorization will be managed through the Access manager. The B2B
Gateway will authorize at the group level of an organization within the identity
store. The Self Service portal will be based on a user authentication and
authorization within that group according to an assigned role.

70 70
 B2B Security [contd...]
Access Manager will provide the following functionalities:
• provide access control to the enterprise services
• provides an audit trail of the access history
• improved customer service and operational efficiency

Authentication is a process used to verify the identity of a person or other entity

requesting access.
The B2B Gateway will support two authentication mechanisms each supporting
separate functions within the B2B gateway.
Username and password—Users and Trading partners use usernames and passwords
as credentials while requesting access. User authentication will be used for
administrative purposes only and strictly NOT for the transfer of Business
Documents.
Digital certificates— Certificates used by trading partners to prove their identity
while transmitting ebXML messages sent to and from the B2B gateway.

These are used while sending data via networks such as Internet to verify the unique
identity of principals and entities. A digital certificate protects the security and
identity of a user or entity, as verified by a trusted third party (also termed as
Certificate Authority), to a specific public key. The public key and the private key
together provides unique identification to the owner of the digital certificate.

71 71
B2B Process - Example

72 72
B2B Process – Example [contd…]
• Virtual Marketplace – Serves as a hub which brings together buyers and sellers.
– Purchase Department of buyer floats a tender providing details of products or services required over the
Virtual Marketplace.
– Sales Department of sellers respond to the tender with their offers over the Virtual Marketplace.
– Purchase Department of buyer receives the offers from sellers and provides those to Management for
Supplier Selection.
• Supplier Selection –
– Management of buyer studies the sales offers of sellers in detail and shortlists a few for further
discussion.
– Face-to-face/telephonic discussions happen between the Management of buyer and Sales Department of
sellers.
– Management of buyer selects the supplier based on the offers of sellers and the discussions with them.
– Suppliers are informed of the buyers’ decisions through Virtual Marketplace.
• Product/Service Delivery –
– Sales Department of selected supplier informs Production/Delivery Department of the orders received.
– Production/Delivery Department of selected supplier manufactures/prepares the products/services as per
the received order.
– Manufactured products/service resources are shipped to buyers’ site by external logistic providers.
– Purchase Department of buyer confirms receive of products/services to Sales Department of supplier.
• Payment –
– Purchase Department of buyer informs Accounts Department of the products/services received from
supplier and instructs to make the corresponding payment as per the contract.
– Accounts Department of buyer sends pay order to bank.
– Bank makes payment to supplier.
– Accounts Department of supplier confirms buyer of the payment received.

73 73
Unit Summary
• In this unit, you have learnt the following on B2B:
– 1. Overview and introduction
– 2. Architecture Principles
– 3. Standards
– 4. Internal Integration
– 5. Security

74 74
Sources of Information

• Content in this presentation have been compiled solely by using

information from following sources:
i. Book - B2B Collaboration: Assessing the ROI of Process Integration –
by Aberdeen Group, Inc., July 2006.

ii. Book - B2B E-Business: The Murky Evolution to Managed Services - by

AMR Research, 2006.

75 75
Thank You

76 76