Electronic Data Interchange-Internet Integration (ediint)

NOTE: This charter is a snapshot of that in effect at the time of the 38th IETF Meeting in Memphis, Tennessee. It may now be out-of-date.

Chair(s): 

Rik Drummond <drummond@onramp.net>

Applications Area Director(s): 

Keith Moore <moore+iesg@cs.utk.edu>
Harald Alvestrand <Harald.T.Alvestrand@uninett.no>

Area Advisor: 

Harald T. Alvestrand <Harald.T.Alvestrand@uninett.no>

Mailing Lists: 

General Discussion: ietf-ediint@imc.org
To Subscribe: ietf-ediint-request@imc.org
In Body: subscribe
Archive: http://www.imc.org/edi/lists/ietf-ediint

Description of Working Group: 

Electronic Data Interchange (EDI) is a set of protocols for conducting highly structured inter-organization exchanges, such as for making purchases or initiating loan requests. The initial RFC1767 defined the method for packaging the EDI X12 and UN/EDIFACT transactions sets in a MIME envelope. However, several additional requirements for obtaining multi-vendor, inter-operable service, over and above how the EDI transactions are packaged, have become known since the effort concluded. These currently revolve around security issues such as EDI transaction integrity, privacy and non-repudiation in various forms. Standards in these and other areas are necessary to ensure inter-operability between EDI packages over Internet. Various technologies already exist for these additional features and the primary requirement is to review and select a common set of components for use by the EDI community when it sends EDI over the Internet. In effect, the effort is to provide an EDI over the Internet Requirements Document. 

Efforts by the working group will focus on a single deliverable: Define the use of security and associated processes for exchanging EDI transactions in MIME in a manner which supports core, functional, transport services requirements. 

Additional Administrative information: -------------------------------------- 

Editor: Chuck Shih <chuck@orville.premenos.com Mats Jansson <mjansson@agathon.com First Readers: Lincoln Yarbrough <lincoln@geis.geis.com Rik Drummond <drummond@onramp.net

Goals and Milestones:

Mar 96 



Submit outline for the informational requirements document.

Jul 96 



Submit informational requirements document as an Internet-Draft.

Oct 96 



Submit both Applicability Statement documents as Internet-Drafts.

Nov 96 



Submit requirements document Internet-Draft to IESG for consideration as an Informational RFC.

Nov 96 



Submit AS Internet-Draft documents to IESG for consideration as Proposed Standards.

Internet-Drafts: 

· Requirements for Inter-operable Internet EDI 

· MIME-based Secure EDI

No Request For Comments 

Current Meeting Report

Minutes of the EDI Over the Internet Minutes (EDIINT) Working Group 

Reported by: Rik Drummond and Chuck Shih

Agenda 

I. Review Requirements Document 

II. Review AS#1 Document

III. Next Step

· Start / Finish Process-to-Process EDI

· Analysis of Inter/Intra Net Security Boundary Issues

· FTP and Security Extensions 

IV. Finish 

1. Review Requirements Document 

Document is clean and will pass to next stage. There are no comments from the floor.

II. Review AS#1 Document 

The only comment was made in regards to what is the status of the draft for the MDN. Harald's answer is that it is almost done. There will be some changes made to the status codes. These will become more atomic values. These changes should not create a big impact on the EDI over the Internet pilot. Once it is clean, it will pass to the next stage.

III. Next step - Process to Process EDI 

Explore the possibility of using ftp to transfer large files, for example, big catalogs or Kmart and WalMart purchase orders. 

Dale Moberg from Sterling suggested that an analysis should be done to explore issues surrounding inter/intra net security. Specifications should be written for processing of EDI once messages cross the firewall. 

John Des Jardins formerly with the DoD suggested looking at TLS 1.0 (Transaction Layer Security 1.0) as a way to implement Process to Process EDI.

Questions from the Floor

1. What is the interaction between MIME based Secure EDI and S/MIME? Harald Alvestrand will address S/MIME in the standards tracks within a few months. MIME based Secure EDI utilizes S/MIME as one of the enveloping specifications. At the moment there are five companies running interoperability testing using X.509 certificates and S/MIME with Multipart Signed within PKCS7 and configurable length RSA keys. There will also be a CommerceNet sponsored pilot using PGP/MIME. 

2. What is the interaction between MIME based Secure EDI and the W3 consortium? There is no existing interaction today. 

3. Are there any plans to incorporate X.435 as part of this effort? After discussing several issues on X.400 and X.435, how federal agencies use them, how they are less popular now in Europe a decision was made to not undertake this effort. 

4. What about ftp and Security extensions? There is an existing working group for this. We should wait until their specifications are ready before using it for EDI. Will put on hold.

Process to Process EDI Effort 

Must break into chunks to make it more achievable. Determine the requirements for Process to Process EDI and start AS#2. Work on the security analysis to determine the security issues. These two can be done in parallel. 

Issues: 

Chuck: opening a new port on the firewall always presents a problem. 

Harald: usage of http to go through a firewall is not a good idea. Firewalls are evil. We should look at AFT (Authenticated Firewall Traverse).

IV. Action Items 

Chuck will be the editor for the requirements and AS#2 documents. Rik and Pedro will be the first readers. 

John Des Jardins (jdesjard@mcom.com) will be the editor for the requirements of security to support EC for inter-organizational exchange. Following is the list of readers/workgroup: 

Paul Ford pfh@uk.ibm.com 

Kenneth Rossen kenr@shl.com 

Dale Moberg dale_moberg@stercomm.com 

David Garver dgarver@fedix.fie.com 

Marc Blanchet marc.blanchet@viagenie.qc.ca

V. Additional Issues Pertaining to Requirements of Security to Support EC for Inter-Organizational Exchange 

· CA trust 

· Transitive trust 

· Policy - usage and security 

· VANs, Dialup, Leased line 

· Export issues 

· Licensing issues 

Slides

None Received Attendees List

Attendees List

TOC