Sun ONE logo     Previous      Contents      Index      Next     
Sun ONE Integration Server, Secure Trading Agent 1.0 User's Guide



Chapter 1   Secure Trading Agent Overview

Sun ONE Integration Server, Secure Trading Agent implements a standards-based, secure, reliable system that provides for the exchange of business documents between trading partners, according to an agreement between the trading partners. This support for electronic business transactions is based on emerging ebXML standards, which are geared toward helping small to medium-sized companies use the Internet for conducting business transactions with their trading partners.

This chapter provides an overview of ebXML and Secure Trading Agent. All Secure Trading Agent users should read this chapter.

About ebXML

ebXML (Electronic Business using eXtensible Markup Language) is a modular suite of specifications that enables enterprises of any size to conduct business over the Internet. ebXML provides a standard way to exchange business messages and documents, and allows companies to automate business transactions with their trading partners according to negotiated agreements.

ebXML specifications allow trading partners to create trading agreements that specify the types of messages that will be exchanged and how the exchange will occur over the Internet. Business documents can be attached to the messages. The types of business documents that can be attached and a workflow for the messages can be correlated to an ebXML business process specification or can be specified according to internally defined procedures.

ebXML specifications also provide options to support an audit trail for messages exchanged, standards for messaging reliability, and other provisions to ensure the integrity of messages and their contents.

ebXML Agreements

A Collaboration-Protocol Agreement (CPA) is an agreement between trading partners containing specific information about how the partners can conduct electronic business transactions.

ebXML agreements specify the following:

  • A unique CPA Id to identify the agreement

  • The status of the agreement, which can be Proposed, Agreed, or Signed

    • Initially an agreement has a Proposed status. The trading partners exchange and modify the proposed version as they negotiate the details. When both parties agree on the details, the status is changed to Agreed. When an agreement has a status of Agreed, it is similar to a contract between the trading partners. A status of Signed means that the agreement has been encrypted with a digital signature. This release of Secure Trading Agent does not support signed agreements.

  • The identity of the trading partners

    • Trading partners are referred to as parties within the agreement, and have Party Ids that are unique within an installation of Secure Trading Agent.

  • The endpoints for each party

    • An endpoint is a URL specifying the location of a message service that receives incoming ebXML messages.

  • For each party, the CPA roles that are authorized to conduct business

    • Each role is authorized for specific actions. For example, a "Buyer" role could have the authority to engage in purchasing actions and an "Accounting" role could have the authority to send invoices. This Beta release of Secure Trading Agent supports roles in agreements, but does not support role-based authorization.

  • For each role, the actions that are allowed

    • An action is a message sent from one party to the other and is either a Send or Receive action. Each Send action for a party is paired with a corresponding Receive action for the other party.

    Each action specifies its transport, security, messaging, and packaging information. The packaging information specifies the number and type of business documents that are sent or received with the message. The information specified for each Send/Receive action pair must be compatible.

Figure 1-1 provides a conceptual view of an agreement. The CPA in Figure 1-1 shows summary information for each party and depicts Send actions only.

Figure 1-1    Conceptual Outline of a CPA
Figure showing a sample PurchaseSupplies CPA.

[D]

Business Processes and Conversations

A series of related actions in a CPA represents a business process between the partners. For example, a business process can be something as simple as the actions outlined in Figure 1-2 for a "Purchasing Process."

Figure 1-2    Purchasing Process
Figure enumerating the steps in a purchasing process between a retail company and a wholesale company.

[D]

The process starts when someone in the Buyer role from Company A requests a price quote. An Estimator from Company B sends the quote back to the Buyer from Company A. The two companies continue to exchange messages with relevant documents until the process is complete. This exchange of messages is called a conversation.

The same business process can be completed multiple times as separate conversations, each conversation with its own unique conversation Id. For example, the Purchasing Process illustrated in Figure 1-2 could be completed on a weekly basis to ensure a steady supply of materials. It could also be executed concurrently multiple times if Company A initiates the process several times before any one purchase order is fulfilled.


Note

A business process can be a formally specified ebXML Business Process Specification (BPS). However, a business process can also be an informal process agreed upon by the two parties.

Secure Trading Agent currently does not interoperate with a BPS and cannot enforce business processes.

Secure Trading

An ebXML agreement specifies measures for secure trading between the parties to the agreement. This Beta release of Secure Trading Agent enforces the following security measures specified in an ebXML agreement:

  • Transport Security

    • Security measures for the transport of ebXML messages, including business documents attached to the message. Transport security can be implemented using a combination of secure transport protocols (such as SSL), digital certificates, and digital signatures.

  • Document Security

    • The encryption and digital signing of messages with attached business documents, providing measures for verification, authentication, data integrity, and confidentiality.

  • Authorization

    • Verification by Secure Trading Agent that persons acting in roles for parties are authorized to perform those roles. Authorization of user roles is not implemented in the Beta release of Secure Trading Agent.

  • Nonrepudiation

    • A guarantee that a message arrives and also a guarantee of the contents of the message. Nonrepudiation includes being able to provide a history of transactions for auditing purposes and proof of delivery for each transaction.

Using Secure Trading Agent

Secure Trading Agent provides the Communications Center, a web-based application that allows all users to view agreements and exchange messages based on those agreements. The Communications Center also provides administrators interfaces for authoring, editing, deploying, and administering trading agreements. For more information on administrator and regular user privileges, refer to "Secure Trading Agent Administration".

Typically, you perform the following tasks to begin trading with Secure Trading Agent:

  1. Create and edit an agreement (administrator)

  2. Negotiate the agreement with your trading partner (administrator)

  3. Deploy the agreement (administrator)

  4. Exchange messages based on the deployed agreement (regular users)

  5. Manage conversations (regular users)

  6. Manage the agreement (administrator)

For information on starting the Communications Center, refer to Chapter 2, "Secure Trading Agent Communications Center".

Creating and Editing Agreements

The Secure Trading Agent Agreement Editor is available from the Communications Center to create and edit agreements.

Figure 1-3    Secure Trading Agent Agreement Editor
Screen capture showing the Agreement Editor displaying Agreement Information for a sample CPA.

In the Agreement Editor, you specify information about the parties to the agreement, the actions each party takes to exchange messages and business documents, the communication protocols to use, and the security measures to employ.

The status of an agreement is "Proposed" until both parties ratify the agreement, as indicated in the following section, "Negotiating Agreements." For more information on creating and editing agreements, refer to Chapter 5, "ebXML Agreements" and Chapter 6, "Editing ebXML Agreements".

Negotiating Agreements

After creating an agreement, your Secure Trading Agent administrator distributes the agreement to your trading partner for review. If the agreement implements security measures, the administrator must also provide public key certificates to the trading partner.

The trading partner edits the agreement to provide information not available to your administrator, such as the partner's endpoints and certificate information. The trading partner returns the agreement to your administrator with the status changed to "Agreed," and also provides any required public key certificates. At this point, both partners can deploy the agreement.

Deploying Agreements

When an agreement is ratified (status changed to "Agreed"), each party deploys the agreement to indicate that they are "open for business." Only Secure Trading Agent administrators can deploy agreements.

Once the agreement is deployed the parties can begin exchanging messages. Administrators use the Communications Center to deploy agreements.

Figure 1-4    Secure Trading Agent Communications Center
Screen capture showing the Communications Center displaying the page for deploying agreements.

For information on deploying agreements, refer to Chapter 5, "ebXML Agreements".

Exchanging Messages

Once an agreement is deployed, you can engage in conversations with your business partner by sending and receiving messages according to actions specified in the agreement. Any Secure Trading Agent user can exchange messages. Use the Communications Center to send and receive messages.

Figure 1-5    Secure Trading Agent Communications Center
Screen capture showing the Communications Center displaying the page for sending a message.

For information on sending and receiving messages, refer to Chapter 3, "Sending and Receiving Messages".

Secure Trading Example

Figure 1-6 illustrates the steps to create an agreement, negotiate the agreement with a trading partner, deploy the agreement, and begin exchanging messages as outlined in the agreement.

Figure 1-6    Negotiating an Agreement
Figure illustrating the steps that Company B, a wholesaler, and company A, a retailer, take to create, negotiate, and deploy an agreement.

Here are the details for the negotiation steps outlined in Figure 1-6:

  1. An administrator from Company B creates a new agreement using the Agreement Editor.

    2. At this point the agreement contains the following details:

    • Party information for Company B, including endpoints and certificate information.

    • Action information, representing the business process between Company B and Company A.

    • Agreement status of "Proposed."

  2. Company B administrator uses the Agreement Editor to export the agreement to the file system and sends the agreement to Company A.

    3. Company B administrator also sends any public key certificates required to implement security features in the agreement. The exchange of the agreement certificates between trading partners is outside the scope of Secure Trading Agent. You and your partner determine the best way to implement this exchange.

  3. An administrator from Company A uses the Agreement Editor to import and edit the agreement, changing the status to "Agreed."

    4. Now the agreement is complete, containing the following additional details:

    • Complete party information for Company A, including endpoints and certificate information.

    • Agreement status of "Agreed."

  4. Company A administrator sends a copy of the agreement with status Agreed to Company B.

    5. As in Step 2, the Company A administrator exports the agreement to the file system before sending a copy of the agreement to Company B. Company A also sends any required public key certificates to Company B.

  5. Both Company A and Company B deploy identical copies of the agreement using the Communications Center.

    6. At this point the negotiation is complete. After deploying the agreement, the two parties can begin exchanging messages, as described in the agreement.

  6. A person in the Buyer role starts a conversation.

    7. This is the first step in the conversation representing a purchase process, described in "Business Processes and Conversations".

Managing Agreements

There are various management tasks associated with an ebXML agreement. Some of these tasks, such as adding local party identifiers, must be done before the agreement is created or imported for deployment. Some tasks require Secure Trading Agent administration privileges. For information on Secure Trading Agent administration, refer to "Secure Trading Agent Administration".

The Communications Center allows you to perform the following management tasks:

  • Add or remove local party identifiers

    • An agreement describes the trading capabilities of the two parties to the agreement. The agreement does not specify which party is the local party. However, the perspective of a local party is necessary when creating and editing an agreement or importing and deploying an agreement. Secure Trading Agent maintains a list of party identifiers that are local parties to an installation. This allows you to create, edit, import, and deploy agreements from the perspective of a local party. You must be a Secure Trading Agent administrator to manage local party identifiers.

  • Take agreements out of service

    • Agreements can be taken out of service either because the end date specified for the agreement has expired, or simply because the two parties have decided to cancel the agreement. Undeploying an agreement takes the agreement out of service. You must be a Secure Trading Agent administrator to take agreements out of service.

  • Close conversations

    • A conversation is a series of related actions specified in an agreement. Once the actions in a conversation have been complete, the conversation can be closed. It is advisable to close conversations when they are complete to clear inactive conversations from the display and to improve overall system performance.

Secure Trading Agent Administration

Secure Trading Agent recognizes two type of users, a Secure Trading Agent administrator and a Secure Trading Agent regular user. An administrator has configuration and administrative privileges not available to regular users.

When you install Secure Trading Agent, you designate one user on your system as the Secure Trading Agent administrator. A Secure Trading Agent administrator cannot grant administrator privileges to other users. Use the Secure Trading Agent Control Panel to change the Secure Trading Agent administrator. For more information, refer to the Secure Trading Agent Installation Guide and to the section "Configuring Secure Trading Agent".

The following table summarizes the privileges of regular users and administrators.

Table 1-1    User Privileges  

User

Privileges

Secure Trading Agent regular user

  • Send and receive messages to start and continue a conversation

  • Close a conversation

  • Review a conversation history

Secure Trading Agent administrator

All regular user privileges plus:

  • Install and configure Secure Trading Agent

  • Start and stop the ebXML messaging service

  • Monitor the ebXML messaging service

  • Add and remove local party identifiers

  • Create and edit agreements

  • Install and delete security certificates and keystores

  • Import, deploy, and undeploy agreements

For more information on Secure Trading Agent regular user tasks, refer to Chapter 3, "Sending and Receiving Messages".

For more information on Secure Trading Agent administrator functions, refer to Chapter 7, "Secure Trading Agent Administration".

Previous      Contents      Index      Next     
Copyright 2003 Sun Microsystems, Inc. All rights reserved.