Documente Academic
Documente Profesional
Documente Cultură
1 1
General Information
Scope
- The scope of the training will provide
• Basic understanding on B2B (Business to Business), EDI (Electronic Data
Interchange) and GIS EAI tool.
• Understanding of the capabilities and development knowledge in GIS.
Training Prerequisites
- Knowledge of EAI.
Notes
- Please refer to the notes attached to the slides for detailed explanation and
for Navigations
5 5
Unit Objectives
• At the end of this unit, you would be able
– To showcase basic understanding on B2B
7 7
WHAT IS B2B ?
The term "Business-to-Business" is used to describe the exchange of information between
organisations. B2B were adopted to treat the external partners as special information
exchange points for which specialized B2B services are designed to manage the partner
integration at event level and not at business process level.
However many enterprises are working on to come up with a more advance supply chain
structure that will enable enterprises to focus on their core business and to leverage the
best opportunities available anywhere in the globe for their supply chain requirements.
So B2B in today's term is not mere document exchange mechanism but means through
with enterprise leverage business capability of its partners.
8 8
Various Types of B2B
e-Marketplace
e-Marketplace is the platform through which the buyers find suppliers and vis-à-vis.
Information exchange
In this form of B2B the information is exchanged between businesses. News feeds,
stocks etc are the types of information is exchanged in this form of B2B
Partner collaboration in supply-chain
In this form of B2B enterprise and it's partners participate in business transaction.
OEM (Original equipment Manufacturer) typically collaborate with partners through
this type of B2B. this has two form
Partner collaboration in a business process management
In this type of B2B, enterprise leverage partner business capability in it's business
process management. In this form of B2B, various business processes across
partners collaborates and forms a virtual business process.
9 9
B2B Service Delivery
Fig. [1]*
Irrespective of the B2B types, when an enterprise decides to collaborate with the partners,
it should consider various dimensions of B2B, such as enterprise capability for B2B,
partner capability, legal requirements etc.
10 10
B2B Integration as Managed Service
To improve the total cost of ownership, B2B organizations are looking for managed
service option for B2B. Benefits of managed service option are -
Administrative savings, such as:
• Lower transaction costs
• Fewer data errors
• Fewer invoice discrepancies
Improvements in key performance metrics, such as:
• Reduced out of stocks at customer/retail location
• Increase in perfect order percentage
• Reduced inventory holding costs/lower safety stock requirements
• Faster order to cash cycle time
• Increased customer satisfaction
11 11
Drivers
Increasing concern over untapped potential of B2B investments
Amortizing of costs for integrating multiple trading eco-systems through shared service models
Sizeable reduction of lifetime monitoring and exception management costs through centralized remote
monitoring capabilities
12 12
B2B Gateway
B2B Gateway is the platform that enables enterprise systems to integrate with partner
systems.
The difference between B2B and B2B gateway is that B2B is the integration between
businesses and has business focus. On the other hand B2B gateway is a technical
platform that enables B2B integration.
B2B Gateway typically has the following key features
1. Support for payload standards - B2B gateway has the support for various
payload standards like ebXML, Rosettanet, HL7, EDIFACT, SOAP etc.
2. Support for Communication Protocols - B2B Gateway provide supports for
various protocols like HTTP, HTTPS, FTP,SMTP etc.
3. Support for Security - B2B Gateway provides support for security aspects like
authentication, authorization, non repudiation etc.
4. Support for Trading Partner Management - B2B Gateway supports the
maintenance and administration of trading partners.
5. Support for Audit and Reporting - BB Gateway provide supports to the audit
and reporting functionality in order to provide business an insight to the
transactions.
13 13
B2B DRIVERS & CONSTRAINTS
When an enterprise decides its B2B solution, the business drivers, the architecture drivers
and the constraints need to be defined clearly. Without these drivers and the constraints
identified, the B2B initiative in any enterprise will be very difficult.
This section will provide a generic list of business drivers, architecture drivers and the
constraints. Consultants should refer to these drivers and constraints for defining or
validating the drivers and the constraints of an enterprise. Please note that the drivers
and constraints are specific to an enterprise and all these drivers and constraints might
not applicable.
14 14
Business Drivers
Following are the generic business drivers in B2B.
Driver Description
Increased Market To be ahead in the market new products/services need to be launched quickly.
Competition This will achieved by leveraging capability of another business
Enhanced Rapid integration with partners can help deliver innovative products/services
Product/Service faster and cheaper.
Business should provide more efficient lower cost business model and
Lower cost of enterprise processes while increase customer value and experience. Cost will
ownership efficiently managed if business leverage capability of the partners rather than
reinvent the wheel.
To attract and retain customers, seamless and enhanced customer experience
Improved Customer must be provided regardless of who is providing components of the service
Experience along the value chain. This requires end-to-end visibility of provisioning, service
availability and information between partners
Compliance to
Business need to comply with the regulatory authority's requirement. For
Regulatory
example operation separation enforced by EU for Telecom operator.
Requirement
During Merger or acquisitions business process from both businesses needs to
Merger &
collaborate to provide a uniform business process. Both the business should
Acquisition
consider as partner initially and create a plan for business process change.
15 15
Architecture Drivers
Following are the generic architecture drivers in B2B.
Driver Description
Single platform for B2B is a enterprise wide strategic platform through which business will
multiple partner integrate with other businesses. The single platform will provide benefit like
integration reusability, ease in operation etc.
Separate enterprise B2B will provide the separation of concerns of intra organisation interactions
from its partner vs those between organisations.
B2B platform for the enterprise will provide reusability in various level such
as - Partner integration through reusable interface, partner on boarding
Reuse at all levels
process, testing approach, Architecture strategy, release planning, operation,
audit reporting etc.
B2B Gateway a B2B gateway approach will enable the enterprise to leverage the maturity
Approach provided by various B2B gateway products.
16 16
Constraints
Following are the generic architecture constraints in B2B.
Constraint Description
B2B strategy alignment with architecture must include B2B as the strategic component in its
enterprise architecture building block once an enterprise decides B2B as the mode of
strategy operation.
Sometimes partners are not aligned with the enterprise B2B strategy
Partner's alignment with
such as use of standards, business process alignment, testing process
enterprise's B2B strategy
etc.
B2B Gateway product selection need to be made based on the B2B
Technology choice for B2B
architecture requirement. This is very important for the success of B2B
Gateway
implementation.
17 17
B2B Architectural Principles
Name Business Encapsulation
Business should not be exposed to detailed inner workings of other business. B2B must
Statement
encapsulate the inner details and expose only relevant data to partners.
Exposing or accessing the inner details of a business will complex the business operation.
Rational
Legal requirement might also restrict providing internal data to business.
Internal processes line exceptions have to be filtered in B2B layer before communicating with
partners. At the same time enterprise should not access any exception internal to the partner
Implication
B2B layer should encapsulate internal data model to the partners.
must have the visibility to the relevant business processes of partner.
Rational To increase interoperability and the rapid integration. Partners must use standards.
18 18
B2B Architectural principles [contd…]
Name Layered, loosely Coupled, Document Based and Reusable
19 19
B2B Architectural principles [contd…]
Name Business Process Driven
B2B Architecture must be driven by the virtual business process requirement rather than the
Statement
technology requirement.
Rational B2B environment should be agile enough to accommodate rapid changing business needs.
Sometimes the environment change is required for IT change like upgrade, migration etc. these
Implication
TI changes must not impact business functionality.
Apply data security, transport security, non repudiation. Ensure that only authorize person has
Statement
the access to the data and the environment.
Since B2B deals with external business, so security must be applied to all levels like data,
Rational
communication, operation etc.
The current practice is to have a separate B2B environment secured from internal systems and
external systems.
Implication
Should the B2B data be logged then security mechanism should be in place to ensure that
sensitive data is not viewable.
20 20
B2B Architectural principles [contd…]
Name Semantics – Horizontal XML
Horizontal XML frameworks (e.g. ebXML) are shared across multiple verticals necessitating
Rational
the development of cross-domain vocabularies and processes.
As business crosses the boundary of a particular vertical so failure to use horizontal XML
Implication
frameworks will impact the enterprise ability to integrate multiple partners.
Statement Centralized Monitoring and management will ensure the management of B2B transaction.
must ensure that the with partners has been met and must deliver the required information to
Rational
partner.
The System must guarantee delivery between partners for B2B transactions.
Centralized monitoring must be supported
Implication Notification of errors or rejections in B2B Layer
B2B must provide the audit reporting facility
Notification only when something doesn’t work in B2B Layer
21 21
Current State And Future State
In the B2B strategy for an enterprise the current state and the future state will be defined.
Consultant can refer to the pain points for the as is analysis of the current state of an
enterprise.
The future state of an enterprise should conform to the future trend of B2B. so the future
trend section will help in defining the future state of the B2B for an enterprise.
Typical Pain point in B2B
Lack (total or partial) of vendor on-boarding process
Lack of automation of business processes in B2B
Lack of support of multiple protocols/connectivity requirements across partners
Big lead time for vendor on boarding
Testing cycles of B2B projects is large and very complex leading to expanded time to
market for new business collaborations
Fragmented B2B infrastructure across lines of business, lack of standardization and
reusability
Data coming from partners is inaccurate leading to significant exception management
and delay in the process, many times manual
22 22
Typical Pain point in B2B [contd...]
Lack of effective integration of B2B connection points with enterprise back office
systems
Lack (partial or total) monitoring for B2B transactions
Complexity in testing B2B programs due to limited availability or total unavailability
of partner environment for unit/integration testing
Complex process of coordination across vendors for end-to-end business usecase
testing leading to high cost of testing cycles
Complexity in coordinating the problem resolution/trouble shooting during test cycles
across environments of the enterprise and vendors
High cost of testing iterations due to testing errors/failures/mistakes
Significant effort of data-preparation/set up for B2B scenarios, issues in data quality
that are discovered mostly during test runs
Higher effort of testing cycles due to manual steps involved in the progression of test
cycles
Same use-case needs to be tested differently with different vendors/partners due to
different in their technical set up/specifications
Changes in the requirements (in terms of document specification, rules, process etc)
23 23
Future Trends in B2B
“Appliance” based as well as “SAAS” based B2B solutions that simplify customer’s
B2B Business Capability delivery will evolve
B2B and BPM will converge with maturing capabilities and advancements in supply
chain area. B2B will become extended arm of BPM providing cross-enterprise process
integration
Battle between VAN based B2B delivery vs. Internet based B2B delivery will become
irrelevant with hybrid solutions. Internet based delivery platform will be the
foundation.
Most of the B2B solutions will involve “self-service portal” platform for trading
partners which will simplify the complexity of vendor on-boarding as well as trading
partnership maintenance process
24 24
Future Trends in B2B [contd...]
The B2B gateway market continues to evolve as the vendors add more functionality to their
products. This functionality, such as the embedding of service buses and service registries, is
primarily driven by the vendors' need to rapidly upgrade and augment their offerings. For
instance, as new standards are ratified or new protocols mature and are put into production,
a service bus enables these vendors to unobtrusively upgrade their products.
One by-product of this new functionality is that consumers can use their B2B gateways for
inter-enterprise service interactions, including exposing the core functionality of the gateway
— such as business activity monitoring, trading partner management (TPM) and business
process management (BPM) — to trading partners via portals, portlets or directly using SOAP.
However, it is very important that there is no impact on the basic core functionality such as secure communications,
event management, adaptive capabilities, translation, and importantly retaining the TPM
The majority of vendors in this space are leaders or visionaries. They're visionaries because
of the sophistication in their B2B gateway architecture. For example, most of these vendors
embed sophisticated service buses and service registries in their gateways. Some, such as
Oracle and Tibco Software, have sophisticated service buses based on open standards.
25 25
Future Trends in B2B [contd...]
B2B products are gaining demand from organizations ranging from small to large size, irrespective of industry
expertise. Vendors have improved the functionality of the B2B product suite from primary purpose of centralizing a
company’s B2B communications (irrespective of the size and type of data), to providing some additional internal
integration (which ultimately results in the eventual externalization of the integrated data), and provides an
infrastructure between partners for service interactions between partners.When it becomes difficult to
differentiate the technological capabilities of business-to-business (B2B) gateway provider
offerings, base some of your decisions on the "intangibles" that aren't recognized in the
criteria provided for this Magic Quadrant. These include established relationships (that is, it
isn't unusual for a company to find that it already has some of the vendor's offerings in
production) and a company's current skill sets and resource availability.
26 26
Future Trends in B2B [contd...]
The Market for B2B integration product is more in the form of software as a service sector rather than as
traditional licensed software. For more than 2 decades, vendors offering integration as a service were known as
VAN providers; however, in recent years, this service sector market has grown remarkably. Service Providers of
integration Products as a service now include a diverse range of vendors, such as:
Internet VAN providers — for example, Hubspan and ICC
Electronic data interchange (EDI) VAN providers — for example, GXS and Sterling Commerce
Vendors with a strong industry focus — for example, E2open and Viacore
Marketplaces and industry consortia — for example, Elemica and Liason
Specialists — for example, BetweenMarkets and StrikeIron
These types of solution providers were traditionally known as VANs, Internet VANs, Web services networks,
transaction delivery networks, business process networks, business process hubs, business integration networks,
integration service providers, marketplaces and goes on. But as per the definition integration service provider are
vendors that - behave in different role as primary or secondary — and offers custom
integration services, which includes combination of features, such as communication
services, trading partner management services, integration services and application
services
27 27
Message Standards
EDI technology was thought to be the best when dealing with highly structured data that
did not change frequently. However, today’s we require more flexibility, especially when
dealing with rapidly increasing demands for support for process improvement efforts
across the entire process chain. This has forced providers to adopt multiple XML-based
B2B options.
Still EDI continues to dominate B2B space. Earlier studies have projected that more than
one-third of US GDP is directly supported by EDI transaction exchanges in the retail,
manufacturing, financial and capital, healthcare, operations and logistics, food and
beverage, and pharmaceutical sectors.
28 28
Communication Protocols
New technology has helped B2B integration to evolve from traditional EDI-based integration paving ways for new trends in
B2B communication protocols. There are several B2B communication protocols exists at present, varying in terms of their
purpose, capabilities, cost of implementation, industry acceptance, vendor support, future acceptance, etc.
N Formats,
Earlier,B2B solutions were built for bilateral exchanges between N Networks
COMPANY A COMPANY B
partner
partner companies
companies which
which used
used unique
unique data
data formats
formats developed
developed for
for a
a
specific party. The adjacent figure describes early point to point B2B Process
Process P
P
Process P
Past
interactions between company and two of its suppliers. The figure
shows that different data structure and communication lines were Process Q COMPANY C
needed to order the same spare part .
Process
Process Q
Q
Present
prominent
prominent ofof them
them areare Rossetanet(RNET),electronic
Rossetanet(RNET),electronic Data
Data EbXML
EbXML
Interchange-Internet Integration(EDIINT) and e-business
XML(ebXML). These new standards enable companies to Internet
Internet
implement secure ,reliable and non-repudiable e-business EbXML COMPANY C
transactions with inexpensive , non-proprietary internet
technologies-either
technologies-either standard
standard EDI
EDI messages
messages or
or XML
XML documents-as
documents-as EbXML
EbXML
shown in the figure.
29 29
B2B Standards
Various standards have been defined to exchange data between B2B applications. Some
standards are applicable to a particular industry vertical and others are generic enough and
can be used across verticals. The sections below outlines the various data, process and
security standards used in B2B.
Benefit of Using Standards
Standard based B2B integration promotes re-usability
Provide easier and consistent on-boarding process (especially if other partners
support standards)
Provide support multi-partner solution
Provides a solution when partner is unable or unwilling to support B2B standards
Reduce dependency on any one supplier
30 30
Message Standards
Apart from EDI, flat files B2B exchanges are now mainly done through XML messages.
There are 2 broad XML categories used in B2B.
Following are the comparison of the XML and EDI form
Issues XML EDI
New Internet based technology, easy to
implement Old, passé electronic standard
E-commerce
Includes standards of multiple complex Time tested and successfully works
Standard frameworks
Can be implemented directly
Not as simple to implement
Expensive
Cheap to implement and deploy over the Internet
Cost of tools are getting cheaper and
Tools and developers still costly
Cost cheaper
Consumer pay for Internet connection
Can be implemented via the Internet
Bandwidth limitations
Requires less bandwidth
Cryptic
Intuitive, easy to read
Once understood, easy and fast to
Data Verbose implement
Representation Implementation requires time Storage requirements are very small
Storage requirements increases gradually Information can be transported using floppy
disk
Well Established companies and
New economy companies
Companies governments
pushing the Consulting companies
Stable global user base
technology
High business risk
Low business risk
31 31
Stateless & Stateful
The XML messages can be classified as
32 32
Messaging standards used in B2B
scenarios
Standards Description Usage
33 33
Messaging standards used in B2B
scenarios [contd...]
Standards Description Usage
It is an open standard and leverages public Major concerns are about security
standards wherever possible to enable secure and reliability for the widespread
and reliable B2B communication. The ebXML adoption of web service. Security
specification extends the SOAP specification features in ebMS are provided using
providing better security and reliability features several countermeasure
required by many e-business applications and technologies. XML signatures are
ebXML production enterprise. As an OASIS Open used to digitally sign the
Message standard, ebMS is a mature specification, which documents. Payload confidentiality
Service(ebMS) is being supported by a host of commercial and is supported using following: XML
open source software implementations. The encryption or S/MIME or PGP MIME.
interoperability of these implementations have Use of SSL/TLS or IPSEC as the
also been demonstrated in a number of ongoing underlying communication channel
projects internationally. This makes ebMS a very for ebMS provides valuable features
strong complement or even a better alternative like non-persistent integrity and
to other web service specifications. authentication.
34 34
Messaging standards used in B2B
scenarios [contd...]
Standards Description Usage
Rosettanet is a major partner in Comparing between RNIF and ebMS, considering both using
information technology, electronic XML for B2B document payload, ebXML does not have any
component and semi-conductor specific business processes but provides the trading partners
manufacturing companies which means and tools to customise specify business processes.
has developed standards for
electronic commerce. RNIF The framework defines PIPs, which describe the process flows
provides framework to package between the trading partners in RosettaNet . In ebXML, the
and transport messages to abstraction level is higher: In ebXML framework defines
execute business processes Business Process Specification Schema (BPSS), that is used to
RosettaNet between partners. There are two specify the BPSs. Conceptually, ebXML’s BPSS could be used
Implementa versions of RNIF in use 1.1 and to specify processes similar to RosettaNet PIPs.
tion 2.0. Compared to 1.1, 2.0 is more All general defined security solutions for XML documents can
Framework open and payload agnostic.
be applied to both ebXML and RosettaNet . The core of
(RNIF)
In order to boost business-to- RosettaNet security scheme is the S/MIME
business integration in the area of (Secure/Multipurpose Internet Mail Extensions) specification.
high-technology and retail sectors S/MIME includes authentication, message integrity and non-
via XML and Web services repudiation of origin (using digital signatures) along with
standards, the RosettaNet and privacy and data security. ebXML specifications are not a
Uniform Code Council (UCC) have hindrance to implementers to use any specific security
agreed to collaborate. In fact, scheme or protocols. The specifications are more flexible than
Rosettanet will operate as a in RosettaNet and usually recommend open Internet
subsidiary of UCC. standards for security.
35 35
Messaging standards used in B2B
scenarios [contd...]
Standards Description Usage
xCBL support all essential documents
The Common Business Library, or xCBL, is a and transactions for global e-commerce
join set of XML building blocks and document that includes multi-company supply chain
framework which allows the creation of automation, direct and indirect
robust, reusable, XML documents for e- procurement, planning, auctions,
commerce. These building blocks were invoicing and payment in an international
defined based on an extensive research and multi-currency environment. xCBL is an
collaboration by Commerce One and the outcome of extensive research and
leading XML industry initiatives. collaboration between Commerce One
and the leading XML standards
xCBL can help accelerating any partner's XML institutions, e-commerce enterprises,
xCBL efforts by providing these building blocks and hardware and software vendors,
alongwith a document framework. Consistent along with the analysis of existing e-
with its purpose, xCBL is available free of commerce standards which include the
charge in prominent XML repositories. Version likes of Electronic Data Interchange (EDI),
3.0 of xCBL defines a fundamental change in RosettaNet, and Open Buying on the
scope and design goals, giving support for Internet (OBI). Industry leaders Compaq,
direct goods scenarios, ERP integrations, and Microsoft, SAP Markets, and Sun
standards such as RosettaNet and OBI, along Microsystems will leverage xCBL 3.0 as a
with many flavours of industry-standard X12 key standard in the field of development
and UN/EDIFACT EDI. and delivery of business-to-business
solutions.
36 36
Messaging standards used in B2B
scenarios [contd...]
Standard
Description Usage
s
An ANSI standard is followed for exchange of
healthcare specific data between computer
applications. The name comes from "Health Level 7", Hospitals, doctors, and other
that refers to the top layer of the Open Systems healthcare institutes around the
Interconnection (OSI) layer protocol for the health globe require the ability to send
environment. and receive healthcare data,
including patient details. Medical
The HL7 protocol was formerly developed by the data can be extremely complicated
HL7 Health Level 7 Organization, consisting of grammar because of the use of abundance of
and vocabulary that is as per the standard so that clinical terminology, along with the
clinical data can be shared amongst all healthcare structural complexity in the
systems, and easy to understood . Using the HL7 formation of the presented
messaging protocol as a standard, all systems which information. HL7 was developed to
follow the HL7 specifications are able to overcome these difficulties.
communicate with one another, without the need for
information translation.
37 37
Communication Protocols
Standards Description Usage
The FTPS (FTP over SSL) elements offers all the features found in
the FTP program with added ability to encrypt FTP data which will
use SSL (Secure Sockets Layer). The SFTP (FTP over SSH) elements
This protocol is usually used for huge
FTP(s) offers all the features found in the FTP program with added ability to
flat file payloads.
secure all data transferred by using a secure SSH2 channel. Using
the FTPS or SFTP you are assured that your data is protected as it
moves over the Internet.
38 38
Communication Protocols [contd...]
Standards Description Usage
39 39
Communication Protocols [contd...]
Standards Description Usage
40 40
Communication Protocols [contd...]
Standards Description Usage
Reliable messaging is supported in AS2
AS2 packages data using MIME structures and through the use of Message Disposition
transmits it securely over internet using HTTP. Notification (MDN). MDN acts as a receipt
Authentication and data confidentiality are and may optionally contain signed
Applicability obtained by using Cryptographic Message Syntax message digest (known as Message
Statement 2 with S/MIME. AS2 also provides set of security Integrity Check (MIC)) to support non-
(AS2) features such as data confidentiality, data repudiation receipt.
integrity/authenticity, non-repudiation and security
guidelines to ensure interoperability between B2B There is a widespread support for AS2 by
partners. B2B service providers and product
vendors.
AS3 is a more recent communication protocol
When an XML or EDI transaction is sent
leveraging all the features from its
over the Internet using AS3, the two
predecessors. Primary difference between AS2
FTP programs on either side of the
and AS3 is that AS2 uses HTTP and AS3 uses
transaction are aware of the
FTP. According to the experts, AS3 has great
transaction and actively participate in
benefits that could lead to even wider
Applicability it. With the HTTP transport used in AS2,
adoption, in particular among security-
Statement 3 there is a possibility that transactions
conscious companies in the financial services
(AS3) can be floating out on the Internet for a
industries, healthcare industries and by those
while before landing in the receiving
who already rely heavily on FTP to send and
computer, and even though AS2
receive transactions. One of the advantages of
transactions are encrypted and secure,
AS3 is that it is a "push and pull" technology,
this can violate the security policies of
in contrast to AS2, which is a push-only
customers in some industries
technology.
41 41
Process Standards in B2B
There are various standards for defining and managing business processes in B2B. The
table below list these standards.
42 42
Process Standards [contd...]
Standard
Brief description Usage
s
PIPs require the following:
The RosettaNet Partner A definite purposeful business outcome (for example, the
Interface Process (PIP) is receipt of a purchase order from a trading partner)
used to define business
A role that can perform at least one single activity (for
processes between
example, a buyer role requests a purchase order from a
trading partners. PIPs fit
seller role and a seller role submits a purchase order
into 7 clusters, or into
acknowledgment to the buyer role)
groups of core business
processes representing A measurable unit of work which can be connected to other
the backbone of the PIPs to achieve a larger business outcome (for eg:- one PIP
PIP
trading network. Every involves a buyer role that requests and receives a purchase
cluster is broken down order from a seller role, while another PIP is coordinated
into segments which are accurately with the first PIP to send a failure notification
cross-enterprise processes message to a buyer role if a purchase order is not properly
involving more than one received from the seller role)
different type of trading Trading partners are in sync on the set of PIPs to be supported
partner. Within each to conduct business. Each partner needs to fulfill their own
segment there are specific requirements of the PIP. If one trading partner fails
individual PIPs. tofulfill all requirements, then the business transaction is
voided for all participating PIP trading partners.
43 43
Process Standards [contd...]
Standards Brief description Usage
44 44
Process Standards [contd...]
Standards Brief description Usage
45 45
Process Standards [contd...]
Standards Brief description Usage
46 46
Security standards in B2B
Maintaining partner data confidentiality is of key importance. The below tables lists some of
the security standards used in B2B.
47 47
Security standards [contd...]
Standards Brief description Usage
XML digital signature. XML signatures are S/MIME can be used by traditional mail user
digital signatures which are designed to use agents (MUAs) to add encrypted security
in XML transactions. There is a predefined services to mail that is to be sent, and to
standard of capturing the results of digital decrypt security services in mail that is
signature operation applied to arbitrary (but
received. However, S/MIME compatible with
often XML) data. For example the non-XML-
aware digital signatures (e.g., PKCS), XML any transport mechanism that transports
signatures also add data integrity, MIME data, such as HTTP. Also, S/MIME
authentication, and support for approving utilizes the object-based features of MIME
XMLDSig the data that they sign. However, XML thus allowing secure messages to be
signature has been designed to leverage exchanged in mixed-transport systems.
Internet and XML which is absent in non-XML Further, S/MIME can be used in automated
digital signature standards
message transfer agents. These use
An XML signature is capable of signing more
than one type of resource. Like a single XML cryptographic security services which do not
signature might also cover character- require any human intervention e.g:-signing
encoded data (HTML) in addition to binary- of software-generated documents,
encoded data (a JPG), XML-encoded data, encryption of FAX messages before sending
and a specific section of an XML file as well. over the Internet etc.
48 48
Security standards [contd...]
Standard
Brief description Usage
s
XML encryption. XML Encryption facilitates end-to-end security for
applications that require secure exchange of structured data. XML is the
leading technology for structuring data. Hence, XML-based encryption
is naturally used to handle requirements which might be complex for
security in data interchange applications.
XML Encryption is not intended in any way to supersede or replace
SSL/TLS. But it provides a mechanism for security requirements which
are not covered by SSL. There are two important areas not addressed This feature can be
XML by SSL which are as follows: used to encrypt and
Encrypt decrypt any XML
Encrypting part of the data which is being exchanged
message
Secure sessions between two or more parties
With XML Encryption, each and every party can maintain secure or
insecure states with the communicating parties.Secure and non-secure
data is exchanged in the same document. For example, A secure chat
application with several chat rooms and several people in each room.
Files which are XML-encrypted can be exchanged between two partners
and thus data intended for one partner is not visible to a third person.
49 49
Security standards [contd...]
Standards Brief description Usage
AuthXML is used for specifying information regarding the
authentication and authorization in XML. AuthXML is a AuthXML is used for
transport-independent XML definition which facilitates specifying authentication
AuthXML
security authorities in different organizations to communicate and authorization
about authorization, authentication, user profiles and information in XML.
authenticated user sessions in an open way.
TLS , typically allows the
Transport Layer Security (TLS) is cryptographic protocol that server and client to
provides secure communications on the Internet for authenticate each other
applications such as web browsing, Internet faxing, e-mail, thus negotiating an
instant messaging etc. The TLS protocol allows applications algorithm which is
to communicate across a network preventing eavesdropping, encrypted and
TLS message forgery and tampering. TLS provides endpoint cryptographic keys before
communications privacy and authentication over the Internet the application protocol
using cryptography. Ideally, only the server is authenticated receives or transmits its
and the client is unauthenticated. Thus, the end user first byte of data. Also it is
(whether an individual/entity or an application, like a Web used for encapsulation of
browser) can be sure with whom they are communicating. various higher level
protocols.
50 50
Security standards [contd...]
Standard
Brief description Usage
s
51 51
Security standards
[contd...]
Standards Brief description Usage
Security Assertion Markup Language (SAML) is a XML standard for
exchanging authorization and authentication data between security
domains i.e between an identity provider (a producer of assertions) and SAML is used for
a service provider (a consumer of assertions). SAML is a product of the Distributed
OASIS Security Services Technical Committee. Authorization
The problem that SAML is trying to analyse is the Web Browser Single Federated Identity
SAML Sign-On (SSO) problem. High amount of Single sign-on solutions are Management
available at the intranet level (e.g:-using cookies) .But ,extending
these solutions beyond the intranet is quite cumbersome and has Multi-vendor Portals
resulted in the proliferation of non-interoperable proprietary Web Services Access
technologies. SAML is the standard language underlying many web Control
Single Sign-On solutions in the enterprise identity management
problem space.
52 52
Security standards
[contd...]
Standards Brief Description Usage
53 53
Security standards [contd...]
Standards Brief Description Usage
54 54
B2B Communication with partners
In general there are top 3 areas of concerns for B2B during partner engagement. These
are
Business solution of B2B
that primarily deals with partner processes, contracts, etc
Technical solution of B2B
that deals with the architecture interoperability
Delivery and management of B2B programs
that primarily deals with projects management and life-cycle management of B2B.
55 55
B2B Internal Integration
A B2B Gateway can be thought on the lines of pipe, with one end terminating within the
Enterprise, and the other at the partner systems. This section is concerned with the
enterprise end of the gateway - how the B2B gateway integrates with the enterprise.
The services that the B2B Gateway provides to the Enterprise should be aligned with
Enterprise data standards and processes as much as possible. The key challenge here is to
align enterprise process and data with that required by B2B/partner systems.
B2B should be considered as any other Enterprise system (security issues aside), and as
such, integration with the B2B Gateway should follow the same integration standards as
followed by other Enterprise systems. For instance, if the Enterprise utilized the concept of
service delivery via an ESB, then the B2B services should be made available on the bus.
56 56
B2B internal integration [contd...]
Mainframes
B2B ESB
Gateway
Partner
Partner
Packages
Apps
Enterprise
Portal Databases
Real
Real
Time
Time
Visibility
Visibility
Transaction
Transaction
StatusStatus
Transaction
Transaction
Reconciliation
Reconciliation
The B2B gateway integrates enterprise systems and data with trading partners through
Enterprise Integration hub. With emergence of SOA, B2B integrate with enterprise through
ESB.
57 57
B2B internal integration [contd...]
Process management in B2B willB2B Process
ensure Management
that B2B transactions are executed correctly, in
sequence and in accordance with the relevant SLAs.
The B2B Process Management is also apply business rules to validate B2B Business
transaction, B2B Document Delivery transaction management
The B2B Process Management layer does not implement any business logic or functionality.
The B2B gateway will support simple orchestration and workflow functionality only to
support transaction management. All communication through the B2B gateway will be
stateless in that transaction state will not be maintained in memory for the duration of the
transaction. Transactional state identification will be through message and correlation
identifiers.
Following are not the responsibility of B2B Layer
Orchestration and workflow required to support business workflows will not be
implemented in the B2B gateway.
The B2B gateway will only manage entry and exit points of the workflow in the gateway.
The functionality to support complex business orchestration will be hosted and managed
in Shared Operations, as part of the Enterprise Integration domain.
58 58
Data integration
Use Standards
It is important that the data exposed by B2B services follow the data standards used
by the Enterprise. For example, in the telecomm domain, the eTOM SID is a
commonly used data model. If this is adopted across the Enterprise, then it should
also be employed at the B2B layer.
Where data models employed by partners deviate from that of the Enterprise, then
the B2B Gateway should perform the necessary semantic and/or value translations
as required to bridge the gap. Rules for translation can be maintained and managed
within the Gateway. Note that these rules should not be process level business rules -
these must be managed within the Enterprise.
Data Cross Referencing
Cross Referencing involves creating and storing mappings between enterprise
entities and the corresponding partner entities. If the trading partner does not
provide services to store foreign entities, B2B Gateway need to store the
relationship between the entities of the enterprise and the partner.
59 59
Data integration [contd...]
The cross reference could be created for two types of data:
Cross Reference for transactional data - The cross reference relationship in this scenario
is created during the transaction processing. An example could be cross reference
relationship between order id's
Cross Reference for reference data - The cross reference relationship in this case is
setup before the transaction processing is initiated. An example could be cross reference
relationship between product codes
Cross Reference Design Principles -
60 60
Data integration [contd...]
Cross Reference Design Principles -
61 61
Data integration [contd...]
Cross Reference Design Principles -
Partner system external id’s to be used for search/lookup, this may avoid the need
Rational
for a cross reference to be added.
Implication
62 62
Reconciliation
Reconciliation is the key aspect of B2B solution. Architects are expected to refer to the
reconciliation approach to determine the partner on-boarding process.
There are mainly two types of reconciliation done in B2B
Business Reconciliation:
This mainly involves the reconciliation of the business process between the enterprise
and its trading partners. The business process may involve one or more transaction
with the partner, for example it may start with Purchase order placement followed by a
technical acknowledgement and then a business acknowledgement. The partner may
then send an invoice which may also be followed by a technical acknowledgement and
then a business acknowledgement. The frequency of the reconciliation will depend on
cycle time of the business process. Once the reconciliation is done a process
reconciliation report is produced,.
Acknowledgement/Delivery reconciliation:
This mainly involves reconciliation at the transaction level to ensure that partner has
received all the transactions. Fox example if the enterprise has triggered 100 invoices,
but has received acknowledgement for only 80 of them. Such discrepancies are brought
out by delivery reconciliation. Delivery Reconciliation report is produced after this
exercise.
63 63
B2B Security
Following are the B2B security requirements for any organization
Confidentiality :
All sensitive information exchanged between partners must be protected from
being disclosed to unauthorized entities
Integrity :
The system should detect any unauthorized modification of data being transacted
Authentication :
All partners need to be uniquely identified and authenticated
Authorization/Access Control :
B2B system should enforce secure authorization and access control policies so as
to give only required privileges to the authorized partners
Non-Repudiation :
The system should have the accountability built in such a way the participants
cannot deny their actions performed
64 64
B2B Security [contd...]
The B2B data exchange happens at many levels using different combinations of standards
and protocols as shown below.
Application MQ SQL/Net
HTTP HTTPS FTP SMTP JMS Vitria
Protocol Series Net8
VPN
Link Frame-
Ethernet DSL T1 VPN
Relay
65 65
B2B Security [contd...]
Network Physical Layer
Network physical layer security defines the security measures on means of raw bits
transmission. We won’t dwell in details of physical security as this is not in the scope of
this document.
66 66
B2B Security [contd...]
Network Protocol Layer
Above the network link layer, there comes the network protocol layer. This layer
comprises of network protocols such as TCP/IP, IPX & SNA. Most of the network heavily
rely on the security of this layer. To provide the security at Protocol Layer, several
techniques are available , widely used are:
67 67
B2B Security [contd...]
Application Protocol Layer
The application Protocol Layer defines the security measures at application level. This
layer is the medium for B2B communications which includes protocols like HTTPS,
SMTP, FTP and MQSeries™. These protocols run on top of TCP/IP .
Application data protocol precedes the network protocol stack. These protocols
typically do not depend on application and network . Application data protocol
specify formats of file or messages which is independent of transmission method.
68 68
B2B Security [contd...]
Cryptography (Encryption, Signatures, Hashes)
In Cryptography the term Encryption is the process of transforming data (plain text)
from one format to another using algorithm (cipher text) to make it unreadable.
Decryption is the reversal process, which involves converting cipher text to plain text.
Encryption techniques has got the history from past few centuries to the current
modern computerized times. There are two types of encryption techniques,
symmetric encryption and asymmetric encryption.
Symmetric Encryption: A single key is used for both encryption and decryption.
Some of the common symmetric encryption algorithms are : DES, 3DES, IDEA,
Blowfish, RC2 and RC4.
Asymmetric Encryption: Two keys are used, one is for encryption and the other for
decryption. These keys are termed as public and private keys.
The public key is shared with every one but the private key is kept confidential. The
Key used for Encryption cannot be used for Decryption.
69 69
B2B Security [contd...]
Identity and Access Management
The B2B platform and Customer Self Service Portal use an Identity Abstraction Layer to
perform the identity and access management functions. All components of the solution
including Trading Partners and end users through the self service portal will perform
authentication and authorization services by calling this layer.
The Identity Abstraction Layer will perform following functionalities:
• authenticate the credentials of trading partner
• provides an audit trail of the partner activity
• Encapsulates the security function of the B2B and Customer Self Service Portal
platforms and in effect hides the true location of the Identity Information.
• provides improved operational efficiency in terms of password management and
reduced help desk support
Access and Authorization will be managed through the Access manager. The B2B
Gateway will authorize at the group level of an organization within the identity
store. The Self Service portal will be based on a user authentication and
authorization within that group according to an assigned role.
70 70
B2B Security [contd...]
Access Manager will provide the following functionalities:
• provide access control to the enterprise services
• provides an audit trail of the access history
• improved customer service and operational efficiency
These are used while sending data via networks such as Internet to verify the unique
identity of principals and entities. A digital certificate protects the security and
identity of a user or entity, as verified by a trusted third party (also termed as
Certificate Authority), to a specific public key. The public key and the private key
together provides unique identification to the owner of the digital certificate.
71 71
B2B Process - Example
72 72
B2B Process – Example [contd…]
• Virtual Marketplace – Serves as a hub which brings together buyers and sellers.
– Purchase Department of buyer floats a tender providing details of products or services required over the
Virtual Marketplace.
– Sales Department of sellers respond to the tender with their offers over the Virtual Marketplace.
– Purchase Department of buyer receives the offers from sellers and provides those to Management for
Supplier Selection.
• Supplier Selection –
– Management of buyer studies the sales offers of sellers in detail and shortlists a few for further
discussion.
– Face-to-face/telephonic discussions happen between the Management of buyer and Sales Department of
sellers.
– Management of buyer selects the supplier based on the offers of sellers and the discussions with them.
– Suppliers are informed of the buyers’ decisions through Virtual Marketplace.
• Product/Service Delivery –
– Sales Department of selected supplier informs Production/Delivery Department of the orders received.
– Production/Delivery Department of selected supplier manufactures/prepares the products/services as per
the received order.
– Manufactured products/service resources are shipped to buyers’ site by external logistic providers.
– Purchase Department of buyer confirms receive of products/services to Sales Department of supplier.
• Payment –
– Purchase Department of buyer informs Accounts Department of the products/services received from
supplier and instructs to make the corresponding payment as per the contract.
– Accounts Department of buyer sends pay order to bank.
– Bank makes payment to supplier.
– Accounts Department of supplier confirms buyer of the payment received.
73 73
Unit Summary
• In this unit, you have learnt the following on B2B:
– 1. Overview and introduction
– 2. Architecture Principles
– 3. Standards
– 4. Internal Integration
– 5. Security
74 74
Sources of Information
75 75
Thank You
76 76