NOTE: This charter is a snapshot of that in effect at the time of the 38th IETF Meeting in Memphis, Tennessee. It may now be out-of-date.
Rik Drummond <firstname.lastname@example.org>
Applications Area Director(s):
Keith Moore <email@example.com>
Harald Alvestrand <Harald.T.Alvestrand@uninett.no>
Harald T. Alvestrand <Harald.T.Alvestrand@uninett.no>
General Discussion: firstname.lastname@example.org
To Subscribe: email@example.com
In Body: subscribe
Description of Working Group:
Electronic Data Interchange (EDI) is a set of protocols for conducting highly structured inter-organization exchanges, such as for making purchases or initiating loan requests. The initial RFC1767 defined the method for packaging the EDI X12 and UN/EDIFACT transactions sets in a MIME envelope. However, several additional requirements for obtaining multi-vendor, inter-operable service, over and above how the EDI transactions are packaged, have become known since the effort concluded. These currently revolve around security issues such as EDI transaction integrity, privacy and non-repudiation in various forms. Standards in these and other areas are necessary to ensure inter-operability between EDI packages over Internet. Various technologies already exist for these additional features and the primary requirement is to review and select a common set of components for use by the EDI community when it sends EDI over the Internet. In effect, the effort is to provide an EDI over the Internet Requirements Document.
Efforts by the working group will focus on a single deliverable: Define the use of security and associated processes for exchanging EDI transactions in MIME in a manner which supports core, functional, transport services requirements.
Additional Administrative information: --------------------------------------
Editor: Chuck Shih <firstname.lastname@example.org Mats Jansson <email@example.com First Readers: Lincoln Yarbrough <firstname.lastname@example.org Rik Drummond <email@example.com
Goals and Milestones:
Submit outline for the informational requirements document.
Submit informational requirements document as an Internet-Draft.
Submit both Applicability Statement documents as Internet-Drafts.
Submit requirements document Internet-Draft to IESG for consideration as an Informational RFC.
Submit AS Internet-Draft documents to IESG for consideration as Proposed Standards.
· Requirements for Inter-operable Internet EDI
· MIME-based Secure EDI
No Request For Comments
Minutes of the EDI Over the Internet Minutes (EDIINT) Working Group
Reported by: Rik Drummond and Chuck Shih
I. Review Requirements Document
II. Review AS#1 Document
III. Next Step
· Start / Finish Process-to-Process EDI
· Analysis of Inter/Intra Net Security Boundary Issues
· FTP and Security Extensions
1. Review Requirements Document
Document is clean and will pass to next stage. There are no comments from the floor.
II. Review AS#1 Document
The only comment was made in regards to what is the status of the draft for the MDN. Harald's answer is that it is almost done. There will be some changes made to the status codes. These will become more atomic values. These changes should not create a big impact on the EDI over the Internet pilot. Once it is clean, it will pass to the next stage.
III. Next step - Process to Process EDI
Explore the possibility of using ftp to transfer large files, for example, big catalogs or Kmart and WalMart purchase orders.
Dale Moberg from Sterling suggested that an analysis should be done to explore issues surrounding inter/intra net security. Specifications should be written for processing of EDI once messages cross the firewall.
John Des Jardins formerly with the DoD suggested looking at TLS 1.0 (Transaction Layer Security 1.0) as a way to implement Process to Process EDI.
Questions from the Floor
1. What is the interaction between MIME based Secure EDI and S/MIME? Harald Alvestrand will address S/MIME in the standards tracks within a few months. MIME based Secure EDI utilizes S/MIME as one of the enveloping specifications. At the moment there are five companies running interoperability testing using X.509 certificates and S/MIME with Multipart Signed within PKCS7 and configurable length RSA keys. There will also be a CommerceNet sponsored pilot using PGP/MIME.
2. What is the interaction between MIME based Secure EDI and the W3 consortium? There is no existing interaction today.
3. Are there any plans to incorporate X.435 as part of this effort? After discussing several issues on X.400 and X.435, how federal agencies use them, how they are less popular now in Europe a decision was made to not undertake this effort.
4. What about ftp and Security extensions? There is an existing working group for this. We should wait until their specifications are ready before using it for EDI. Will put on hold.
Process to Process EDI Effort
Must break into chunks to make it more achievable. Determine the requirements for Process to Process EDI and start AS#2. Work on the security analysis to determine the security issues. These two can be done in parallel.
Chuck: opening a new port on the firewall always presents a problem.
Harald: usage of http to go through a firewall is not a good idea. Firewalls are evil. We should look at AFT (Authenticated Firewall Traverse).
IV. Action Items
Chuck will be the editor for the requirements and AS#2 documents. Rik and Pedro will be the first readers.
John Des Jardins (firstname.lastname@example.org) will be the editor for the requirements of security to support EC for inter-organizational exchange. Following is the list of readers/workgroup:
Paul Ford email@example.com
Kenneth Rossen firstname.lastname@example.org
Dale Moberg email@example.com
David Garver firstname.lastname@example.org
Marc Blanchet email@example.com
V. Additional Issues Pertaining to Requirements of Security to Support EC for Inter-Organizational Exchange
· CA trust
· Transitive trust
· Policy - usage and security
· VANs, Dialup, Leased line
· Export issues
· Licensing issues