Transport

As we'll see, the specific method we use to transmit documents largely depends on the required level of security. On the other hand, the choice of transport can restrict the security options. However, the choices are often made with security as the primary consideration. Here are the most common options for transport.

• HTTP Post and Get : This is most often used by someone sitting at a computer with a Web browser, uploading and downloading files. However, it can also be done from Perl scripts. Session-based security, in the form of HTTPS, is usually used for HTTP data transfers.

• FTP : This is the common Internet File Transport Protocol. An ftp utility is provided now with nearly every computer shipped. There's also a flavor of FTP known as secure FTP that uses session-based security. Low-cost packages are available for secure FTP. If you use secure FTP you probably won't need to worry about persistent encryption or authentication. If you use plain- vanilla FTP you probably will need to use them.

• SMTP : The Internet's Simple Mail Transfer Protocol, or common e-mail. Documents are usually sent as attachments using the Multipurpose Internet Mail Extensions ( MIME ) protocol, which we'll discuss in the section on packaging. Since most e-mail winds its way through the Internet over unsecured sessions, you'll most likely need to use persistent authentication and encryption measures. However, there are easy ways to do this, as we'll discuss shortly.

Another option may involve one or more of these transports. Some trading communities implement virtual private networks ( VPNs ) to establish secure sessions over the public Internet. In most such implementations connecting to the VPN usually requires an X.509 certificate. When VPN technology first started coming into vogue there was a great deal of interest in establishing these trading community “based VPNs. One example is the ANX network (originally the Automotive Network Exchange) at www.anx.com. However, after the initial surge of interest this type of VPN has generally not grown as fast as internal corporate VPNs. But don't be surprised if you are asked to join a VPN. Many VPN client software packages come with the required file transport and packaging features, so installing and using one shouldn't be overly difficult. Integrating it with your business applications may not be so easy.