[INET'99] [ Up ][Prev][Next]

Design and Setup of an EDI Clearinghouse

Nikolaos A. KYRLOGLOU <nikoky@acci.gr>
Athens Chamber of Commerce and Industry
Greece

Abstract

This paper describes a prototype clearinghouse that is being designed and set up at the Athens Chamber of Commerce and Industry premises in Athens, Greece. The purpose of this clearinghouse is to provide electronic data interchange (EDI) messaging services for small and medium-sized enterprises whose transaction volume does not warrant investment in dedicated network connections. The services to be provided by the system include EDI messaging services as well as World Wide Web-based Lite-EDI services. In addition, fax-to-EDI and/or e-mail-to-EDI services and vice versa will be provided. Trusted third-party services are also set up to ensure the authenticity and integrity of all transactions. The system runs on high-availability SUN clusters using hardware fault tolerant disk arrays. Pilot operation is currently under way and full operation is expected to begin in January 2000.

Contents

Introduction

In 1997 a project started at the Athens Chamber of Commerce and Industry (ACCI), Greece, that will develop an access "gateway" for electronic data interchange (EDI) transactions between companies and between companies and the public sector. It provides facilities of connection through the website to other value-added networks for those companies whose transaction volume does not warrant investment in dedicated network connections. The project also sets up a pilot (10 companies initially) "electronic marketplace" to allow small and medium-sized enterprises (SMEs) to advertise their company and their products and to perform electronic trading within a secure transaction system. A complete environment will be set up on the Internet, which will allow SMEs easy access for the exchange of commercial documents with other companies (e.g., invoices, orders) and with public authorities (e.g., value-added tax and income tax declarations). Trusted third parties will be involved to permit secure electronic signing and cryptography of documents.

This project fits into the general ACCI strategy to provide services to its members, for which there is interest and which are not currently provided (or are provided at a high cost) by the private sector because of low needs. The project aims at setting up a prototype center for the development and advancement of electronic commerce in the country, which will provide low-cost services mainly to SMEs in the area of informatics-telecom services. Immediate benefits include:

This project aims to create the critical mass of EDI users that will promote the advance of electronic commerce in the country. The user group for this project is the large number of SMEs, who are required by bigger companies to interact using EDI messages only a few times per year, or who wish to experiment with a new technology and be persuaded of its merits before adopting it. Interchange mechanisms from fax to EDI and vice versa will also be provided for companies not possessing data connections. The system will be open to all members of ACCI (70,000+) as well as to other companies wishing to register with it. The service will be free of charge during the pilot phase and then will charge at minimum levels to cover for its expenses.

Organization profile

ACCI is a public law legal entity, having as members the commercial and industrial enterprises of the Greater Athens area in Greece. A 61-person board, elected every four years, governs it through a 5-person board of directors. ACCI promotes the interests of commerce, industry, and services to the benefit of the private enterprise and of the national economy.

ACCI is an official government advisor on economic issues; it negotiates with government on behalf of its member-enterprises and mediates between them. At the same time it informs its members and provides services to them.

It facilitates dialogue between the state and private enterprises; it comments on different drafts of law and on economic policy issues; and it recommends solutions on various economic issues for the benefit of the national economy.

It has an extensive activity in Greece and abroad participating in and leading projects for the advancement of trade. It is also a member of the international Carnet ATA chain.

Technical description

With the increase of competition and the catalytic technological changes within the united Europe, electronic commerce seems to provide immense possibilities to companies and to be necessary for their survival. The slogan "EDI or DIE" becomes today more important than ever, especially for the SMEs, who form the backbone of ACCI members.

The technical solution installed takes into account the fact that most companies are SMEs and provides for the EDI solution Web forms and Web EDI, that are easily installed and managed by such companies.

The installed system consists of a messaging backbone (X.400-SMTP), the EDI server, the trusted third-party (TTP) server, and the X.500 directory for those users using EDI services over X.400. The fax server with the document management system offers mail-to-fax and EDI-to-fax services and vice versa. Finally, Lite-EDI offers EDI services to Internet users through hypertext transfer protocol (HTTP). Figure 1 depicts the general system architecture.

Messaging backbone

For the messaging backbone an X.400 messaging system was installed on a SUN Enterprise 450 application server with a message store and a multipurpose Internet mail extension (MIME)-enabled simple mail transfer protocol (SMTP) gateway for SUN Solaris.

This system is a X.400 message transfer agent (MTA) with a message store compatible with the International Telecommunications Union Telecommunications (ITU-T) (former CCITT) X.400 recommendations of 1984, 1988, and 1992, that has the ability to route interpersonal messages (IPMs) and EDI messages (ITU-T X.435). In addition, it supports T.61 and ISO8859-7 (Greek) characters.

It also supports protocols P1 for MTA-to-MTA communication, P3 for MTA-to-user-agent (UA) or MTA-to-mobile-station (MS) communication, and P7 for MS-to-remote-user-agent (RUA) communication.

The MIME-enabled SMTP gateway is compatible with the MIXER protocol (RFC 987, 1327, 1495) and converts P2/22 messages to SMTP and vive versa, taking care of the correct correspondence between X.400 body-parts and MIME types.

Taking into account that at ACCI there already existed an SMTP server providing Internet mail services to its members, the installed MTA system together with this SMTP server make up the messaging backbone of the total system.

User access to this backbone can be provided in two ways:

  1. Access to the Internet mailboxes of the mail server using SMTP to send messages and POP3 or IMAP4 to retrieve them (transmission control protocol/Internet protocol; TCP/IP). The user has to use an Internet mailer.
  2. Access to the message store (X.400 mailboxes) of the X.400 server using OSI protocol P7 (RFC 1006 over TCP/IP) according to ITU-T X.413 recommendation.

    In this case the user will have to use either:

    1. An RUA (such as Maxware or Net Tel RUA) so that the user has the ability to create or send interpersonal messages (P2/P22), or
    2. An EDI user agent (EDI-RUA) so that the user has the ability to create and send EDI messages (P35, Pedi X.435).

Every X.400 user gets a virtual Internet address so that he or she can exchange P2/P22 messages with Internet users through the SMTP gateway.

Thus, ACCI has the ability to offer to its members:

Regarding the connections to the messaging backbone, the following possibilities are offered:

  1. EDI server connection, for those customers wishing EDI services
  2. Fax server connection, for the fax-to-mail and mail-to-fax service
  3. Directory server connection
  4. International connection
    1. The ACCI Internet node already possesses an international 2-megabit connection that is incorporated in the new system and it continues to provide SMTP message exchange
    2. For servicing the MIME gateway, a domain naming system (DNS) subdomain is created (X.400.acci.gr)
    3. An X.400 private management domain (PRMD=ACCI) is created, connected through a P1 connection to an administration management domain (ADMD) system (C=GR/ADMD=ERMIS400) that is an X.400 ADMD system or to any other value-added network (VAN) (e.g., IBM/IGN through X.400). Thus, ACCI is connected to all X.400 networks in a national and international level to which the ADMD is connected and to other VANs.

Directory server (X.500 DSA)

For the directory server, an X.500 directory system has been installed (Solaris version) running on a SUN Enterprise 450 application server. This system is a directory system agent (DSA) compatible with ITU-T X.500 recommendations of 1988, 1992, and 1993. It supports directory system protocol and directory information shadowing protocol for DSA-to-DSA communication, and directory access protocol (DAP) for DSA-to-directory-user-agent (DUA) communication.

The system contains also a lightweight directory access protocol (LDAP) server for the servicing of the LDAP clients and an ADMIN-DUA (Win95/NT) tool for the management of the DSA through LDAP and an LDAP directory browser.

The system supports X.509 objects and is used for the storage of the certificates of the local TTP users in the user directory. This system is also used for the storage of the X.400 certificates of ACCI customers and is available to them through:

The directory server provides connections to:

Trusted third-party service

The ACCI TTP service is used to provide security services for the transactions performed by ACCI users through the use of digital certificates. The TTP service consists of the following operational parts:

  1. Registration authority (RA): used for collecting the certificate applications, checking their validity, and forwarding the correct ones to the certification authority
  2. Certification authority (CA): the main operations of this service are:
    1. Certificate generation
    2. Certificate distribution
    3. Certificate revocation
    4. Confirmation of a certificate's validity
  3. Directory services (X.500): used for the publishing of the certificates and the other publicly available information of the TTP users
  4. Time-stamping authority (TA): used to certify the date and time of the exchange of messages between users and the TTP
  5. Information repository services (IR): used to store messages exchanged for legal, auditory, backup, or other information retrieval reasons
  6. Nonrepudiation services (NRS): messages exchanged between users pass through this service to provide certification for the exchange

The installed solution has been developed within the European Union and thus is not subject to the export control restrictions of the U.S. government concerning the key length of the encryption services. The key lengths supported are 512, 768, 1024, and 2048 bits. The toolkit is also crypto-agnostic and can use any additional algorithm compatible with PKCS#10.

EDI server

The software installed (SUN Solaris version) is a communication gateway based on the UNIX operating system and it offers connection to the X.400 MTA. Connection is provided via protocol P3 and it accepts IPM and EDI messages. The EDI server consists of various modules that have been developed and are described below:

Within this setup three messages were developed both in ANSI X.12 and in UN/EDIFACT. These messages are "invoice," "order," and "dispatch note."

EDI client

The EDI client software provides for the translation of the user messages to EDIFACT and ANSI X.12 and the inclusion of recipient data information. It allows for communication with the message-handling system and the changing of its password. Furthermore, it provides for the storage and modification of the address profile of the user partners and for the provision of information regarding the sent and received messages.

Most parts of the software are MS-DOS programs or procedures to be used from MS-DOS command line. They are incorporated to the various existing information systems through function keys or by using the relevant command options.

LITE EDI applications

Although the Internet is regarded as being untrustworthy compared with the VANs, the very reasons for its untrustworthiness make it very attractive for large-scale transactions and a special EDI partner:

Through a WWW browser, the user can add, present, or modify data by using data entry forms. The actual operation on the data entered is done by the submission of the form to the WWW server for processing. This processing can be from a simple storage of the data in a database to the encoding of the data into an in-house EDI message to be translated to an EDIFACT message and transmitted over a data network. The method implemented uses the Java language and provides for a graphical user-friendly interface that implements three EDI messages: order, invoice, and dispatch note. The data transmission to the central processing system supports the security requirements with the secure sockets layer (SSL) protocol. Manuals provide user support both over the WWW through hypertext markup language (HTML) as well as through the Microsoft HTML Help hypertext environment.

Fax server-data management system

The electronic data management system manages all incoming and outgoing ACCI documents. These documents are on fax, letter, or e-mail from the subscribers asking for a certain service. The system is installed on the fax server and together with its software it routes the faxes (after performing optical character recognition) and e-mails to the ACCI operators through X.400 or SMTP to be treated accordingly (EDI-to-fax, e-mail-to-fax). The system foresees services for the immediate routing of messages to be sent after the sender and the service are recognized, or the return of a fax or e-mail to the sender if the delivery of the message was unsuccessful for any reason. In addition, all messages are stored for retrieval at a later time if required.

Other software modules

ACCI maintains a complete database of its members containing official documents for the establishment of the companies, their official representatives, and so on. This database has been ported to the new system so that there is a homogeneous environment for the services, as many of them use data stored in the original database. In addition, to protect the internal network from intrusions, an effective firewall has been installed.

Hardware

The whole system runs on two SUN Enterprise clusters. Each of the clusters consists of 2 identical SUN Enterprise 450 nodes connected together in a high-availability setup with a common disk system. These are high availability clusters (over 99.999%, downtime less than 0.01hours/year) offering expandability and computing power. For storage the SUN Storage A1000 is used, a self-contained disk array, based on hardware fault tolerant controller offering RAID-0, 1, 3, and 5 performance. The first pair of servers covers the EDI X.400/X.500 needs (application server), while the other operates as a database server.

The application servers consist of two E450, with two central processing units (CPUs) each (300 MHz, 2 MB cache), 2x9 GB internal disks and two A1000 connected to each of the E450. Each A1000 will initially have 36 GB hard disk capacity. For the cluster interconnection there are two 100 Mbps fast Ethernet interfaces in each server. The database servers have a similar setup; the only difference is that the CPUs are running at 400 MHz and have a 4 MB cache.

Conclusions

Currently, the above-described system is being set up. It is estimated that the set-up will be completed by the end of May; then the testing period will commence. In the testing (pilot) period 10 companies will participate and exchange information over the system as well as messages for transactions. The TTP services will also be extensively tested by issuing digital certificates not only to the companies participating in the pilot phase, but also to all dial-up users of ACCI; ACCI operates as an Internet service provider for its members and currently has 3,500 dial-up users connected to the Internet.

All the above tests will run for approximately 6 months and will be concluded by the end of 1999 (including any needed modifications and redesigns). ACCI wishes to commence full operation of the system in January 2000 for the service of its members and of the national economy.

[INET'99] [ Up ][Prev][Next]