Upload
exterminatorx
View
350
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Drummond Group AS4 webinar slides
Citation preview
Copyright (c) 2009, Drummond Group
AS4: Secure B2B Document Exchange Using Web Services
By Timothy Bennett, Drummond Group
615.337.6087
Copyright (c) 2009, Drummond Group
Introduction
Rik Drummond, CEO and CTODrummond Group, Inc.
Opening Remarks
Copyright (c) 2009, Drummond Group
Why AS4? AS4 does not replace AS2
AS4 is a Web services based protocol
The complexity of Web services has not been addressed nor has interoperability been achieved
AS4 brings AS2 simplicity to Web services
AS4 brings interoperability to Web services through comprehensive interop testing by DGI
Organizations that are heavily invested in AS2 will continue to use AS2
AS4 will help organizations that are heavily investing in Web Services but need simplicity and interoperability
Provides B2B vendors an on-ramp to Web services based B2B solutions that have otherwise resisted
Copyright (c) 2009, Drummond Group
Value of Drummond Certified™ Interoperability
Interoperability Certification drives standards adoption
Interoperability Certification offers assurances to end users that products will work with other products, a base of interoperable products are available, and that the standard is being implemented and is viable
Interoperability Certification drives software product sales
Copyright (c) 2009, Drummond Group
Overview What is AS4 and what are the benefits of this new B2B
messaging protocol
The birth of AS4 and its continuing evolutionary process towards a B2B messaging standard
Some technical highlights of the AS4 profile
The DGI Interoperability Certification Test
Where we are in the process and what you can do
Copyright (c) 2009, Drummond Group
What is AS4?
An open standard for the secure and payload-agnostic exchange of B2B documents using Web services
Maps the AS2 functional requirements onto the WS-* stack using ebMS 3.0 as a leverage point
Constrains the ebMS v3.0 specification (and its underlying specifications) for message packaging, transport, security, exchange patterns, and business non-repudiation
Copyright (c) 2009, Drummond Group
Purpose of AS4
Provides an entry-level on-ramp for Web services B2B messaging by embracing “elegant simplicity”
Promotes the adoption of Web services
Extends the use of SOA deployments for inter-business communication
Copyright (c) 2009, Drummond Group
Elegant Simplicity The success of AS2 rests in its “just enough” approach to secure
B2B messaging
AS4 eliminates WSDL complexity by avoiding the pitfalls of mapping document types and business process to SOAP operations and actions
Out-of-the-box support for only the most common message exchange patterns and security options
Payload-agnostic and just enough reliable messaging
Copyright (c) 2009, Drummond Group
Benefits Summary Web services landscape lacks a B2B messaging specification
that has the simplicity and elegance of AS2
Simplification of Web services for B2B breeds an environment whereby the likelihood for interoperability become achievable
As SOA and Web services deployments becomes more pervasive, the opportunity for B2B communication on these platforms will increase
New markets that are Web services centric can benefit from the AS2 success story
Copyright (c) 2009, Drummond Group
Origins of AS4 DGI facilitated a series of technical discussions with a group of interested
vendors in 2007
The group arrived at a high level consensus of the functional requirements for the WS-* stack
The consensus was characterized by a simple approach to Web services messaging that focused on secure, payload-agnostic document exchange – in fact, similar to the AS2 functional requirements
It was important to the group that the requirements be captured in an open standard instead of a proprietary and closed document
Copyright (c) 2009, Drummond Group
Looking for a Home EDIINT at IETF was first considered because of the history with
AS1, AS2, and AS3
OASIS seemed like a more natural fit because of its focus on the WS-* stack
At OASIS, the recently published ebMS 3.0 specification already contained a good portion of what AS4 needed
A subcommittee of the OASIS ebXML MS TC was formed to develop a profile of the ebMS 3.0 specification
Copyright (c) 2009, Drummond Group
AS4 Profile Highlights
Message security governed by WS-Security specification along with support for payload compression
Support for both document push and pull message exchange choreographies
Support for an AS2-like business Non-Repudiation Receipt
Reception Awareness – Just enough reliable messaging
Copyright (c) 2009, Drummond Group
AS4 Message Security
Support for payload compression and must occur prior to attaching the document(s) and prior to any message-level security
Support for message-level security including various combinations of XML Digital Signature and/or XML Encryption as governed by WS-Security
X.509 security tokens for signing/encryption; additional support for username/password tokens for access to message pull channels
Copyright (c) 2009, Drummond Group
AS4 Document Push/Pull Support for AS2's synchronous and asynchronous document push
choreographies
Support for the ebMS v3 document pull choreography which is not available with AS2
Important for markets where 24x7 Internet connectivity and IP addressability is not available
Clients can access multiple document pull channels (priority, document types, etc)
AS4 defines a “Light Client” for deployment to IT and cost challenged endpoints
Copyright (c) 2009, Drummond Group
AS4 Non-Repudiation of Receipt (NRR)
Support for business non-repudiation receipts similar to AS2's RFC3798 (MDN)
The MDN is specified by the ebXML BPSS in the form of an XML schema and returned as special signal message
AS4 defaults to requiring message recipients to return a signed receipt and contain digests necessary for NRR
Receipt may contain error information if the Recipient could not process the Sender's message
Copyright (c) 2009, Drummond Group
AS4 Reception Awareness
Makes use of the message receipt as the signal to the message sender that the recipient received the business payload – similar to AS2 Reliability
Support for Duplicate Detection at the message Recipient
Support for Message Retry if the Sender does not receive a receipt.
Copyright (c) 2009, Drummond Group
Future Profile Development
Certificate Exchange and Identity-related concerns
Advanced Quality of Service (Reliable Messaging) concerns
Very Large Message exchange
More complex message exchange choreographies
Copyright (c) 2009, Drummond Group
Where Are We?
ebMS TC has approved a draft profile document that has been submitted to OASIS for public review
AS4 Profile expected to be released as a Committee Specification in April 2009
DGI interoperability certification event to follow starting September 2009
Copyright (c) 2009, Drummond Group
What Can You Do? Review the draft AS4 Profile during the OASIS public review
process and provide feedback as appropriate
Commit to implementing the AS4 profile as an early adopter
Participate in DGI's interoperability certification program
Consider AS4 as a Web services based communication platform for your business domain
Consider having your user group endorse AS4 as its Web services B2B messaging choice
Copyright (c) 2009, Drummond Group
Q&A
Comments? Questions?Feedback?