The issue of security in e-business has gone from an arcane technical concern to a basic issue in exchanging data among companies and individuals. In 1999, many online businesses adopted a voluntary set of guidelines and best practices called the Standard for Internet Commerce (www.gii.com/standard/) that includes several provisions for addressing these concerns.The driving motivation for developing this standard was the continued viability of electronic business over the Internet.The standard meets five basic needs:[13]
Because many potential customers have had to overcome security fears before making online purchases, individual businesses have also taken the issue seriously and built in the necessary precautions . A November 2000 survey by ePublicEye, a rating service for online businesses, found the proportion of Internet merchants that use secure transaction processing rose from 85% in 1999 to 93% in 2000, and about 9 in 10 online companies also reported having privacy policies published on their sites.[14] The need for security in the exchange of data will range from one business scenario to another. In some cases, such as quick lookups of public information, will have little or no security attached to the process. But in most instances, even for the most routine exchanges of data, trading partners will want to protect the transactions. The messaging services specifications noted the need for ebXML to support security for individual electronic business documents, as well as continuous network sessions, where a number of interactions can occur. The use of session-based security is important for scenarios in which trading partners may have many interactions over a limited period of time. The session-based security model also supports business relationships in which one party monitors in real time the systems of another, such as vendor-managed inventories. The requirements discuss several individual aspects of security that ebXML needs to address. While these requirements apply to business systems in general, business needs will dictate the extent to which these requirements are implemented from one business system to another.
Digital SignaturesThe specifications include a separate section on digital signatures and note their legal and security implications for identifying the parties in electronic business interactions, and thus their impact on -ebXML's authentication requirements discussed earlier. UN/CEFACT, one of the sponsors of ebXML, identified the need for authentication of trade documents through means other than the traditional physical signature as early as 1979.[16] Digital signatures have now been enacted in law in North America, Europe, and Asia, so as to have the same legal standing as the traditional pen-and-ink variety, and the specifications cite a 1999 California statute (1999 CA SB 1124) that provides an extended definition of a digital signature:[17]
Digital signatures have since become part of U.S. federal law. On 30 June 2000, the U.S. Congress passed and President Clinton signed into law the Millennium Digital Commerce Act (Public Law No. 106-229). Title I of the act affirms the validity of electronic signatures and prohibits their denial of legal standing in many business interactions. Title II directs the Department of Commerce to promote the acceptance and use of digital signatures in interstate and foreign trade, as well as to study the potential barriers to their acceptance within and outside the United States. Title III amends the Securities and Exchange Act of 1934 to reflect this law, but still require manual signatures if needed to deter fraud.[18] While we can expect to see more software that fully integrates data from businesses into end- user applications, we will have plenty of human hands entering data as well. Legal RequirementsThe specifications identified a few other legal requirements related to security and digital issues. These requirements include full audit capability, a mechanism to ensure completeness of a transaction, versioning control to help reconstruct the full semantic meaning of transactions, and compliance with the 1979 UN/CEFACT recommendations that identified the need for authentication methods other than traditional signatures.[19] |