Kenneth W. Copeland <firstname.lastname@example.org>
U.S. Department of Veterans Affairs
C. Jinshong Hwang <email@example.com>
Southwest Texas State University
This brief paper serves to better introduce the membership of the Internet Society to the concepts of electronic data interchange (EDI) and the effects traditional EDI has had on those businesses using the technology.
Traditional electronic data interchange (EDI) has been evolving for approximately 25 years and has truly become the paperless environment that is so often talked about. EDI is a complicated mixture of three disciplines: business, data processing, and data communications. This paper examines the concepts from the perspectives of each discipline.
Internet standards are excluded from the discussion of communications protocols, since the audience is probably already familiar with SMTP, MIME, and other Internet messaging protocols.
Since EDI is commonly defined as the direct computer-to-computer exchange of standard business forms, it clearly requires a business process. Because the key idea involved is the exchange of documents that allow a business application to take place without human intervention, data processing is clearly necessary for application processing. Data communication is then necessary for the exchange to take place. It is the marrying of these three disciplines that allows the "paperless trading" that comprises EDI technologies.
Besides the three career disciplines that are internal to the organization, three other issues are important for EDI trading to take place: standardization of formats, security, and value-added networks (VANs).
EDI is commonly defined as the direct computer-to-computer exchange of standard business forms. The key idea involved is the exchange of documents that allow a business application to take place without human intervention. The ability to send business documents between machines simplifies and expedites the business process itself. Many businesses choose EDI as a fast, inexpensive, and safe method of sending purchase orders, requests for quotations, quotations, invoices, payments, and other frequently used business documents.
Often today one will see the term EC/electronic data interchange (EC/EDI). This term has evolved from placing EDI under the EC (EC) umbrella, EC being the broad view of electronic trading. EDI is defined as the interprocess (computer application to computer application) communication of business information in a standardized electronic form. EC includes EDI, but recognizes the need for interpersonal (human to human) communications, the transfer of moneys, and the sharing of common databases as additional activities that aid in the efficient conduct of business. By incorporating a wide range of technologies, EC is much broader than EDI. However, the focus of this document in on EDI, not EC.
Similarities exist between EDI and fax in that both use telephones lines and both can travel from computer to computer (Sawabini, 1995). There are distinct differences however. Fax is primarily paper based and requires a human interface. Fax receipts are not generally acceptable to applications. Fax machines accept nonstandard data formats, and anything that can be scanned can be faxed, whereas EDI requires standard message formats between trading partners.
Similarities also exist between e-mail and EDI. Both travel from computer to computer and both use an electronic mailbox. However, three of the four differences listed for EDI vs. fax also apply to EDI vs. e-mail: e-mail message format is not standard, e-mail requires human interface, and e-mail is not acceptable to applications.
One of the technological fields required to implement EDI is data processing. Data processing allows the EDI operation to take information that is resident in a user application and transform that data into a format that is recognizable to all other user applications that have an interest in using the data. In the EDI environment, data processing will handle both outgoing and incoming data, as depicted in figure 1.
Figure 1: Data Processing and EDI
The user-defined files in figure 1 are the flat files that are produced by a business application. These files may or may not be formatted by the user. These are the business files that need to be translated into the X12 format.
The translation software in figure 1 is the software that maps the elements of a user-defined file into the ANSI X12 or EDIFACT standard format. This software is available through commercial retailers on various platforms from PCs to mainframes.
The mapping of the user-defined data elements into the translation software requires some skill in mapping. The mapping itself requires knowledge of both the translation software and the EDI standards being used so new mapping and processing rules can be set up for the translator. If a new trading partner places no new requirements on the translator, the new trading partner is simply set up under existing mapping rules. However, when the trading partner requires that additional or different data fields be sent, a new mapping scheme needs to be identified and associated with that trading partner (Sokol, 1995).
The other technological field that is heavily involved in EDI implementation is data communications. Once the standards have been employed and the required software is in place, the EDI participant still needs to have the ability to communicate with remote trading partners to take advantage of EDI.
Data must be transported across telecommunications lines in order for the trading partners to trade information. Following are some basic concepts that describe mechanisms and methods used in this transport of data:
Direct connect is the term used to indicate that two EDI trading partners trade information directly to each other without a third-party connection service. Direct connects are normally used by large corporations for intracompany EDI transactions and for intercompany transactions with trading partners that have established high-volume rates of exchange of EDI data.
Modems are heavily used by EDI practitioners today. Modem-to-modem connections provide a level of security and reliability that long-time practitioners are reluctant to give up. The standard in the industry, as this paper is written, is transmission by binary synchronous modem or "bisync." This method allows for high-speed continuous transmission in which the sending and receiving modems are controlled by clock pulses. The clock pulses regulate the rate and timing of the data flow.
Routers, although not the primary transport mechanism for EDI transactions today, have the potential to become the de facto standard of transmission for high-volume traffic. Currently, routers are used mainly over leased lines, requiring expensive setups and ongoing data communications transport costs.
EDI transactions can be passed between trading partners using standard transmission protocols. Graphic images, charts, and diagrams must be transmitted using protocols that allow the transfer of binary data. Some of these common standards are SMTP, MIME, X.400, X.435, and X.500. Internet Protocols are excluded from this discussion as the audience is already very familiar with them.
X.400 is an electronic messaging standard that was developed by the Consultative Committee on International Telegraph and Telephone, which is tasked with developing standards to enable incompatible networks and computer systems to exchange data. In this standard, an X.400 header precedes the message itself. The header allows the sender of the message to specify information relating to the transmission and delivery and notice requests.
The architecture of the X.400 standard calls for an outer envelope that is application independent and is used to route the message. Within the outer envelope lies the content header, again application independent, which is used to deliver the message to the recipient. A message transfer agent (MTA) receives the message, discards the outer envelope, and then reads the header to determine the recipient. The message itself is composed of body parts, each body part being an application-specific message.
X.435 is a standard that further enhances the X.400 standard to make it deal more effectively with EDI transmission requirements. X.435 is the specification for the EDI body part that attaches to the X.400 message.
X.500 is an addressing directory containing the names and characteristics of electronic messaging receivers. X.500 facilitates the delivery of X.400 messages, including those that include the X.435 standard. The idea is the production of a global electronic directory and a guide to associated databases so the user can find an e-mail address if it is needed and not known.
Any business application that can be improved through paperless trading in a fast, efficient environment is a good candidate for EDI. EDI is currently widely used by the airline industry, banking industry, credit card industry, and auto industry. The current push in the EDI world comes from companies who wish to trade with each other electronically--buyers and their suppliers--hence the term "trading partners."
The business process examined here to which to apply EDI concepts is the procurement process. This business process was chosen for two reasons. First, within industry itself, new EDI technology is developing fastest in this area. Second, the President has issued an initiative to streamline government procurement through the use of EC. Since the initiative was announced in October 1993, the thrust within the government has been to implement the initiative using EDI technologies. These factors make the procurement process the most relevant business process to examine at this time
The business application depicted in figure 2 is a simple purchasing application.
Figure 2: Business Application and EDI
As shown in figure 2, the procurement process normally begins with the buyer being made aware of a need within the organization to make a purchase. As soon as a need is established and precisely described, the buyer begins the process of selecting the supplier that will be used. Routine items may be purchased using suppliers that have already been contracted with. New items or high-value items may require investigation by the buyer in selecting an appropriate supplier.
The buyer will select a preliminary group of suppliers and then employ the methods of competitive bidding, negotiation, or a combination of the two to secure the final supplier. When competitive bidding is used, the buyer issues an RFQ to the suppliers that the buyer might be willing to do business with. Typically, the RFQ will contain the same basic information that will be included on the purchase order.
When a supplier receives an RFQ that the supplier has an interest in bidding on, the supplier issues a quotation to the buyer. The quotation will contain pricing information so the buyer can do a price comparison between the suppliers. For instance, an RFQ might be issued for 200 gallons of white, latex-based paint. The supplier who is issuing a quotation may quote a price of $xxx.xx.
Once a supplier has been selected, the purchasing department issues a serially numbered purchase order. The purchase order itself becomes a legally binding contract. For this reason the buyer will carefully prepare the purchase order and ensure that the wording is precise and specific. Any drawings, diagrams, or related documentation that is necessary to precisely describe the item being purchased will be incorporated or referenced in the purchase order. Additionally any conditions or sampling plans will be stated precisely.
Normally a list of terms and conditions designed to give legal protection to the buyer on various matters prescribed by law are incorporated in, or attached to, all purchase orders as boilerplate to those orders. These boilerplate terms and conditions cover a wide range of concerns including, contract acceptance, delivery performance and contract termination, shipment rejections, assignment and contracting or the order, patent rights and infringements, warranties, compliance with regulations, and invoicing and payment procedures.
Change orders are required when a company makes a change in the contract after a purchase order has been issued. The buyer will issue the change order and, when accepted by the supplier, the change order either supplements or replaces the original purchase order.
The original copy of the purchase order constitutes a legal offer to buy. The purchase contract then comes into existence when the contract is performed or when formal acknowledgment of acceptance of the offer is made.
Normal business methods suggest that the supplier may not bother to acknowledge the offer if the items are immediately shipped to the buyer. When the items are not immediately shipped, then the supplier should send the acknowledgment back to the buyer.
The supplier may acknowledge the buyer's order accepting the buyer's terms and conditions, or may acknowledge and incorporate the supplier's own terms and conditions in the acknowledgment. If the seller's terms are different than the buyer's, the law allows them to be incorporated into the contract as long as they do not alter the buyer's intent or unless the buyer files a written objection to the inclusion of new terms and conditions. In general, terms and conditions that are in conflict between buyer and seller are excluded from the contract, leaving the settlement to negotiation or suit. For this reason it is imperative that the buyer beware of the terms and conditions in the order acceptance.
EDI involves three very different and distinct disciplines. First, there has to be a business process. If the business process would be improved by being accomplished more quickly and with increased efficiency, then the business process is a candidate for EDI. The business process is the domain of the business functional area. Second, once the business process has been identified, data processing technologies have to be applied to the business process so that the process can be handled using computers. Some type of standard must come into play in the automation process so that paper documents that are the output of the business process can be put into a format that is interchangeable between computers. The automation of the business process is the domain of the data processing discipline. Third, the standardized business form must be transmitted from and received by computers, using data communications technologies. The data communications aspect of EDI is the domain of the data communications discipline.
The marriage of these disciplines allows for the "paperless trading" that comprises EDI technologies. As EDI technologies evolve, the terminology changes.
The traditional document flow for purchasing transactions starts with data entry by the purchaser to create a paper document to send by mail to trading partners. Once the trading partners receive the data, they keystroke the information received into a local application and then perform more data entry by entering a response into a local application. The resultant paper document is then mailed to the purchaser.
The procedure is both time consuming and labor intensive because data from both trading partners has to be entered twice, once at the point of creation and once at the point of entry to the foreign system. In addition, the originator must await a paper response sent by mail.
EDI data is key in only one time, at the original point of entry. The data is then translated into a standard format electronically and sent to the trading partner electronically. At the receiving end, the data fields are mapped into local applications, and the only data entry required is for new data that may be needed to respond to the data received.
Time for transmission is also very fast in comparison to postal mail. Even on a slow modem connection, the time is considerably shorter than through the postal service.
Although communications and document standards are both critical, document standards are the heart of EDI (Kimberly, 1991).
Standards are a necessary part of EDI. Every business has application files that are used to manipulate their data in ways that are familiar to the business. The problem is that most businesses, though using the same types of data, do not use the same application programs or hardware and software platforms. If businesses are to be able to communicate their data to one another, they must have a common ground to meet on to allow the exchange of the information. Standards are the solutions to this problem. All business that conform to specific standards can share data in the formats delineated by those standards.
The American National Standards Institute's Accredited Standards Committee X12 (ANSI ASC X12) is the accepted standard for EDI transactions in the United States. The ANSI ASC X12 committee has the mandate to develop variable-length data formats for standard business transactions. The committee was accredited in 1980, and the X12 standard has been evolving ever since. One of the requirements placed on the committee was and is to keep the standard open to interindustry applications. This requirement makes the standard more complex than an industry-specific standard, but the advantages easily overcome the disadvantage of complexity.
With a single standard, a business has multiple functionality and only has to use one standard for each business function.
The International Standards Organization (ISO), an organization within the United Nations, has developed the EDI standard that is used in Europe. The Electronic Document Interchange for Administration, Commerce, and Transportation (EDIFACT) is the UN standard that the whole world has agreed to eventually adopt. The actual implementation of EDIFACT within the U.S. has been moving at a snail's pace. The standard appears to currently be taking the same route that metric standards have taken. Everyone agrees that EDIFACT is the international standard, but tried and true X12 standards are not abandoned in favor of EDIFACT.
Other document standards are in existence, most notably HL7, which is used by the hospital systems and is ANSI approved.
One of the major roles that is provided by the data communications technology is the ability to apply security to EDI transactions so that the transactions will not be tampered with or observed, depending on the level of security needed. The security modules that are discussed in this section are depicted in figure 3.
Figure 3: Data Communications Security
Confidentiality requires that all communications between parties are restricted to the parties involved in the transaction. This confidentiality is an essential component in user privacy, as well as in protection of proprietary information and as a deterrent to theft of information services. Confidentiality is concerned with the unauthorized viewing of confidential or proprietary data that one or both of the trading partners does not want known by others. Confidentiality is provided by encryption.
Encryption is the scrambling of data so that it indecipherable to anyone except the intended recipient. Encryption prevents snoopers, hackers, and other prying eyes from viewing data that is transmitted over telecommunications channels. There are two basic encryption schemes, private-key and public-key encryption. Encryption, in general, is cumbersome and expensive.
Private-key encryption requires that both sending and receiving parties have the same private-encryption keys. The sender encrypts the data using his key. The receiver then decrypts the message using his identical key. There are several disadvantages to private-key encryption. In order to remain secure, the keys must be changed periodically and the users must be in synch as to the actual keys being used.
Public-key encryption is gaining wide spread acceptance as the preferred encryption technology. With public-key encryption, a message recipient generates a matched set of keys, one public key and one private key. The recipient broadcasts the public key to all senders or to a public location where the key can be easily retrieved. Any sender who needs to send the receiver an encrypted message uses the recipient's public key to encrypt the message. The private key, which is held in private by the recipient is the only key that can decipher messages encrypted with the matched public key. This schema requires that the private key cannot be generated from the public key.
Public key technology is the direction encryption technology is currently headed. With the advent of X.500, databases will be built to store public keys and enhance the technology significantly.
Both parties should feel comfortable that they are communicating with the party with whom they think they are doing business. A normal means of providing authentication is through the use of passwords.
The latest technology to provide authentication is through the use of digital certificates that function much like ID cards. The digital certificate has multiple functions, including browser authentication.
Data sent as part of a transaction should not be modifiable in transit. Similarly, it should not be possible to modify data in storage. Data integrity is a guarantee that what was sent by the sender is actually what is received by the receiver. This is necessary if there is a need to ensure that the data has not been changed either inadvertently or maliciously. However, authentication schemes do not hide data from prying eyes.
Providing data integrity is generally cumbersome and not used unless one of the trading partners requires it. The normal mechanism for acquiring data integrity is for the sender to run an algorithm against the data that is being transmitted and to transmit the result of the algorithm separately from the transmission. Upon receipt of the transmission, the receiver runs the identical algorithm and then compares the results. If the results are identical, then data has not been modified.
Neither party should be able to deny having participated in a transaction after the fact. The current technology ensures this through the use of digital signatures.
Electronic signatures are the computerized version of the signature function. Signatures are needed in some business applications for authorization purposes. For example, a contracting officer may have a specified spending limit, say $25,000. If that contracting officer decides to place an order for $30,000, the seller may not have the authority to fill the order because the signature of the contracting officer's supervisor is needed on all orders over $25,000. The authorization limits normally will have been agreed upon through a trading partner agreement.
A digital signature algorithm can be used to generate digital signatures. The digital signature itself is used to detect unauthorized modification to data and to authenticate the identity of the signature. The digital signature is also useful to the recipient as a nonrepudiation device whereby the recipient can prove to a third party that the signature was in fact generated by the signatory. Thus the signatory cannot repudiate the signature at a later date.
As seen in the previous discussions, setting up to use EDI involves considerable expense. For small businesses and businesses that do low volumes between each other the cost is not always worth the efficiencies achieved. Commercial Value-added networks (VANs) make the burdens of the communications complexities easy by offering their communications services to prospective EDI users (Bort and Bielfeldt, 1996).
VANs establish communications paths between their customers and with other VANs. By using these services a business does not have to worry about the myriad of communications complexities from having trading partners using different hardware, software, and transport mechanisms. The typical buyer-VAN-seller connection is depicted in figure 4.
Figure 4: Value-Added Network Connection
Likewise, EDI software is not inexpensive. A business with an X12 translator still needs personnel on board that understand X12 and can use the software effectively. Value-added services offer the traditional VAN services and add to that the translation services required to create an X12 file. These services allow the typical business to enter the EDI arena at minimal cost and maximum efficiency.
Mailbox software is the most important feature offered by VANs. The electronic mailbox is used for both store-and-retrieve and store-and-forward operations. In both cases, the sender of the EDI message transmits the electronic message to the VAN on its own time schedule. The VAN then acts on the message depending on whether the service is store-and-retrieve or store-and-forward.
Store-and-retrieve service allows the VAN to store the message in the receiver's mail box. The receiver then retrieves its messages based upon the needs and schedules of the receiver. This service enables the sender and receiver to communicate, but at different times of the day, instead of simultaneously.
Store-and-forward service allows the VAN to forward messages to the receiver when the business need is not for immediate or event-driven notification. Event-driven mailbox services can be handled by forwarding of the message to the receiver or by immediate notification from the VAN to the receiver that a message has been stored that meets the prearranged criteria for event-driven notification.
Generally, a VAN provides security at several levels for its mailbox customers. Access control is normally provided by a login and password sequence.
Messages are screened for the individual customer to ensure that they were sent by authorized trading partners of the customer. This service also checks for message types and formats, and ensures they are acceptable to the customer.
Some VANs offer cryptography services. The cryptography is used to authenticate and encrypt messages to ensure confidentiality. This service requires that the encryption be done at the customer site to be of any real value.
One of the features a VAN can offer a customer is a usage accounting data option whereby the VAN reports how much traffic comes to the customer in a given time period. Transmission status reports to clarify status of an individual transaction are also available (Canis, 1995).
Many trading partners require acknowledgment for transactions received, and VANs can provide automatic sending of acknowledgments. The VAN can also track the transaction traffic. If specific transactions need to be tracked, the VAN can provide an audit trail of the requested data.
In the typical EDI implementation, both sender and receiver employ the services of a VAN because it eliminates the need to support different communications configurations between themselves and their trading partners. Using VANs also reduces the cost of communications equipment and staff to support the multiple configurations.
Still, not all trading partners will use the same VANs. This is not an issue because VANs interconnect regularly with each other. The standard VAN interconnection is through bisynchronous modem connections.
Most VANs offer translation services so that customers do not have the need to purchase or maintain translation software. Normally if these services are used, the customer will supply the formats for the data and the VAN will map the data itself.
VANs have the capability to respond to presence of data and can fax or e-mail a notification to the customer if data is in the customer's mailbox.
The benefits associated with EDI often cause overblown expectations. EDI, in and of itself, is just another way to format and transfer data. The real use of EDI and the amount of value to be gained from its implementation depend upon whether or not EDI is integrated into the overall data processing effort of the organization.
The effects of EDI depend greatly on the level of automation within an organization. If the organization is only using EDI to send data in a format required by a trading partner, the effect is much more limited than if EDI is integrated into the back-end processes of the organization. EDI applications that are fed by back-end processes and the databases that support these processes and then, in turn, feed the EDI data received back into the databases and back-end processes have a huge impact on the total level of automation within the organization.
The well-known list of EDI-related benefits--lower costs, higher productivity, and reduced order-cycle times--is attainable. But if the automation level of the organization is not high and is not integrated, the effects of EDI will be lessened considerably.
EDI is well established as effective technology got reducing costs and increasing efficiency. EDI technologies are approximately the same age as Internet technologies. In the past, the technologies have been mutually exclusive, but this is rapidly changing. As the two technological communities begin to merge and as the business community sees the advantages of this merger, EDI and the Internet will eventually become ubiquitous.
EDI users are already seeing dramatic cost savings by moving their traffic from the traditional VAN services to the Internet. As EDI working groups within the Internet Engineering Task Force create interoperability standards for the use of EDI over the Internet and as security issues are addressed, EDI over the Internet will be part of normal business. The EDI working group already has a charter for an interoperability standard for process-to-process EDI. Once that standard is in place, real-time EDI over the Internet will replace normal time-delayed, batch-style interactions.
Bort, R., and Bielfeldt, G. R. Handbook of EDI. Boston, Massachusetts: Warren, Gorham and Lamont.
Canis, R. J., Value-added networks: What to look for now and in the future. Conference Proceedings EDI 2000: EDI, Electronic Commerce, and You; (pp. 141-157).
Kimberley, P. (1991). EDI. New York: McGraw-Hill.
Sawabini, S. (1995). Introduction to EDI. Conference Proceedings EDI 2000: EDI, EC, and You, (pp. 1-36).
Sokol, P. K. (1995). From EDI to EC: A Business Initiative. New York: McGraw-Hill.