ebMS
The direction of secure Internet communications for interoperable, global business.
ebMS, or ebXML Messaging Service, is the messaging layer of the ebXML framework. ebMS specifies how messages are sent and received over the Internet, including features for security, digital signatures, non-repudiation, and reliability.
ebMS, like EDIINT (EDI over the Internet, specifically AS1, AS2, and AS3), offers the advanced level of security and reliability required for organizations dealing with sensitive information. It addresses the four universally recognized requirements for securing an Internet document exchange referred to by the acronym “PAIN.” Privacy, is achieved through the encryption of the message. Authentication is achieved through the exchange of digital certificates to verify the identity of the sender and receiver. Public and private keys are exchanged to ensure the sender and receiver are who they claim to be (Integrity). Lastly, receipts or acknowledgements provide a legal way to verify that the sender did receive the message. The sender can request a digital signature along with the acknowledgement, ensuring the identity of the recipient. The combination of an acknowledgement and digital signature provides a high level of security and verification known as “Non-repudiation.” For those familiar with the Message Disposition Notifications (MDNs) used in AS1, AS2, and AS3, the acknowledgements used in ebMS are exactly the same.
ebMS is an open standards protocol promoting interoperability. The Drummond Group, an independent testing organization, certifies interoperability among software products. Cleo is an ongoing participant in the certifications. Interoperability makes ebMS attractive to organizations that desire to do business with a wide variety of partners and do not want to be constrained to the limits and expense of a proprietary solution.
How does ebMS differ from EDIINT?
ebMS retains the unique benefits of ebXML in the communications process. It allows companies using ebXML to utilize the intelligent headers that are supported in ebXML (e.g. type of document, where the document should be routed, what action to take, etc). This information is passed to the receiving end for efficient processing. ebMS is a logical choice for companies that employ ebXML in their business.
For companies that do not employ ebXML, and are using EDI or other document formats, ebMS allows for compliance with trading partners that mandate ebXML messages. ebMS creates the message header necessary for compliance. It is important to note that ebMS can transport any data type including EDI, XML, ebXML, and flat files. This flexibility provides businesses with a viable messaging standard when making a transition from EDI to ebXML.
An additional benefit to using ebMS over other secure messaging protocols, is that ebMS can be deployed as part of a web services architecture or as part of the larger ebXML framework. ebMS is essentially an extension of SOAP (web service) messages with attachments. For companies that utilize or are moving to a web-services architecture throughout their organization, ebMS is a logical choice for secure communications.
Lastly, a final key difference of ebMS from EDIINT is the ability to send multiple attachments. With ebMS, a user can send multiple attachments within one message. ebMS packages the attachments as payloads. AS2 is expected to move to multiple attachment support in the near future, however at this time, ebMS is the only certified interoperable, secure protocol with multiple attachment support.
The underlying communication protocol used within ebMS is either HTTP or SMTP, depending on the product. Most applications and products utilize HTTP, which is the protocol Cleo’s ebMS solution supports.
In the most recent round of ebMS testing, three specific profiles were certified: Automotive Retail Profile, XML Encryption Profile, and DSA Signature Algorithm
- Automotive Retail Profile (formerly known as the STAR profile)
The Automotive Retail Profile is a profile test designed specifically for GZIP-based compression. The profile is based on recommendations from the Standards for Technology in Automotive Retail (STAR) consortium. The Automotive Retail Profile is appropriate for cross-industry use where compression of large messages is desired. For more information visit: www.starstandards.org. - XML Encryption Profile (formerly known as the PHIN profile)
The XML Encryption Profile enables XML encryption and SSL client authentication. Initially, it was proposed by and is used by the Centers For Disease Control and Prevention in the CDC's Public Health Information Network. The XML Encryption Profile is appropriate for cross-industry use where message level encryption and client authentication are desired. For more information visit: www.cdc.gov/phin/ - DSA Signature Algorithm
The ebMS 2 specification recommends the use of the DSAwithSHA1 algorithm for digitally signing ebMS messages. Historically this ebMS certification event has used the RSAwithSHA1 algorithm because of its widespread use in the marketplace. However, since the ebMS specification does recommend the use of DSA, this certification event offered an optional test to certify the interoperability of the use of DSAwithSHA1 digital signatures over both HTTP and HTTPS.
Cleo’s VersaLex Suite, VLTrader, a server solution, and LexiCom, a client software, provide an easy way to get started with ebMS. The technology is proven in over 6,000 installations worldwide and our team of experienced professionals is dedicated to your success.
Additional Links