Chapter 13: ebXML


Although not a Web Services technology, ebXML is covered in this book because it also makes use of XML and SOAP to enable electronic business. We will concentrate on those aspects of ebXML that impinge particularly on security.

ebXML

ebXML (or electronic business XML) is a series of standards jointly developed by OASIS and UN/CEFACT, whose stated objective is to provide an open XML-based infrastructure enabling the global use of electronic business information in an interoperable, secure, and consistent manner by all parties.

Historically, it can be regarded as an evolution of Electronic Data Interchange (EDI). Some businesses have been deploying EDI to exchange documents like purchase orders, quotations, and invoices for two decades, but its use thus far has been mainly confined to larger corporations. Some 95 percent of the Fortune 500 companies use EDI, for example, whereas only as few as 20 percent of small or medium enterprises do. The slow take-up of EDI among smaller companies is largely dictated by cost and complexity. EDI systems have proven expensive and burdensome to deploy, and while the expense and trouble can be justified for large organizations, this is not the case for smaller companies where the transaction volume is obviously lower. Another significant barrier to EDI take-up internationally (especially) has been the bifurcation of standards—EDI within North America has adopted the ANSI X12 standards, while the rest of the world generally uses UN/CEFACT standards.

ebXML is intended specifically to address the EDI-related issues discussed above, and enable businesses of any size, anywhere on the planet, to do business electronically. We will explain how ebXML aims to achieve this by very briefly summarizing the major components of the ebXML standards. These components can be divided into the areas discussed in the following sections.

Business Processes

The business process module of the ebXML standards attempts to formalize and standardize business interactions into a series of fundamental models and transactions that can be implemented directly by software.

Collaboration Protocol Profile and Agreement

An ebXML collaboration protocol profile is essentially the mechanism whereby an ebXML-enabled entity announces its capabilities and services to the outside world. A collaboration profile agreement is generated when two potential trading partners investigate each other’s profiles and discover a common set of messages and processes they can usefully deploy to enable e-business between the two parties.

Message Services

This module describes the communications model for ebXML messages. Essentially, this can be summarized as a MIME/multipart message structured as per the SOAP messages with attachment specification, transmitted using HTTP, HTTPS, or SMTP.

Registry Information and Services

The registry is a key concept in ebXML. The registry is a directory, or database, that stores business processes, messages, and company profiles.

Two obvious points present themselves when reviewing the previous list and comparing it to the Web Services standards discussed in the rest of this book. First, there is a significant overlap between the ebXML registry concept and UDDI. Some would argue that UDDI may well end up delivering this functionality for ebXML. Second, the ebXML concept of standard business processes implies that ebXML is almost taking the reverse approach to Web Services, since ebXML is specifying electronic business interaction from a very high-level approach, whereas Web Services just specify a lower-level framework for generic communications.

Having presented a very brief summary of the major components of ebXML, we will now move on to discussing the security implications and risks of ebXML deployment.




Web Services Security
Web Services Security
ISBN: 0072224711
EAN: 2147483647
Year: 2003
Pages: 105
Authors: Mark ONeill

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net