Ian,
As any of us who have been in marketing and sales know, any good
salesrep knows extremely fast (within days if not hours) what his
customer is paying for his competitor's products. This knowledge
acquisition has been going on for years and pre-dates electronic
information exchanges, whether over the Internet or via some other
transport mechanism.
However, that's not to say that concerns about data confidentiality
are bogus; they're not. But, as we all know, data is most vulnerable
when at rest and not when flying around cyberspace. Thus, the need for
rigorous controls and procedures, which are enforced, is much more
critical when the data is stored within each respective company's
systems.
Nonetheless, the ebXML message services specification will provide for
the use of comprehensive security techniques, from digital signatures
to encryption, etc. This ebXML message services specifications will be
approved at the Tokyo meeting the week of November 6th. Many leading
Internet companies have already committed to rapidly adopting,
implementing and deploying systems which will use the ebXML message
services specifications.
Rachel
<snip>
> Why do you care about someone else's purchase orders or
> invoices anyway? - it's a red herring. Avoiding EDI over the
Internet
> because of security concerns is ridiculous.
>
> --
> Richard Druckenmiller
> [EMAIL PROTECTED]
>
I disagree, it's not a red herring, it's a big nasty shark waiting in
the wings to bite you due to the basic principle that 'information is
power'.
If company A and B buy goods from me but I give company A a massive
discount, I don't particularly want company B to find out by sniffing
around my invoices that I send insecurely over the internet and start
applying even more price pressure on me.
If I buy goods/services from supplier X and have negotiated a good
discount with them, I don't necessarily want my customers or
competitors finding out where I've sourced such a good deal or any
special terms I've negotiated that may be on my orders that I send
insecurely over the internet.
This kind of sniffing may not be profitable at the moment but if
'everyone' started sending all their current paper transactions via
the internet insecurely, you can bet your bottom dollar that a whole
industry would spring up offering to tell you what your customers,
suppliers and competitors are doing with other organisations.
With the paper-based system we trust our national postal services not
to pry and sell on information and physical envelopes have signs of
tampering. With the internet we need to have a similar if not better
feeling of confidence about the data we send to the outside world. Of
course there will always be people/companies who are happy to either
do things insecurely over the internet or to develop bespoke security
solutions - that's their choice/risk. However, for this whole B2B
e-commerce 'thing' to take off big-time we MUST have secure
transmissions even for basic business transactions not just the high
risk, high value financial transactions.
I'm not being unrealistic about the level of protection for the data -
it will always be possible to decrypt a file given enough time and
computing power. It just has to be appropriate for that specific type
of business transaction to make it not worth anyone's effort to
decrypt it and, no doubt these 'appropriate' levels will increase over
time.
I repeat, internet security concerns are not red herrings.
Kind Regards,
Ian Williams
EDI Consultant
Email: [EMAIL PROTECTED]
Phone: +44 (0)1293 778364
"This email and any files transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom they
are addressed. This communication represents the originator's personal
views and opinions, which do not necessarily reflect those of Canada
Maritime. If you are not the intended recipient or the person
responsible for delivering the email to the intended recipient, be
advised that you have received this email in error, and that any use,
dissemination, forward, printing, or copying of this email is strictly
prohibited. If you received this email in error, please immediately
notify the Canada Maritime Help Desk on +44 (0) 1293 778225"
======================================================================
=
To signoff the EDI-L list, mailto:[EMAIL PROTECTED]
To subscribe,
mailto:[EMAIL PROTECTED]
To contact the list owner: mailto:[EMAIL PROTECTED]
Archives at http://www.mail-archive.com/edi-l%40listserv.ucop.edu/
=======================================================================
To signoff the EDI-L list, mailto:[EMAIL PROTECTED]
To subscribe, mailto:[EMAIL PROTECTED]
To contact the list owner: mailto:[EMAIL PROTECTED]
Archives at http://www.mail-archive.com/edi-l%40listserv.ucop.edu/
