Customers and partners need access to your systems. Roger Sullivan says XML can provide the security to make it happen.
In the current business-to-business (B2B) marketplace, the lines among manufacturer, supplier and customer are blurring. Thanks to advances in information technology and extensible markup language (see boxout, What is XML, below) in particular, suppliers are now able to monitor inventory levels, ship just-in-time goods to manufacturers and reap some significant efficiencies in the process. As disparate organizations begin to act together as a seamless whole, the issue of security rears up. How close is too close?
Many organizations have embraced a firewall mentality: either their customers are allowed 'in' or they are kept 'out.' As more customers are allowed in, they often have access to much more than an organization ever intended. That is why, in a more intimate electronic trading environment, user access must be segregated and isolated.
It is a classic 'push/pull' situation. Organizations are pulling towards each other to achieve efficiencies, but at the same time they must push private data away from each other. The good news is that checks and balances can be built into aggressive B2B business models.
Leverage existing systems
In a new XML-based environment, it makes no sense for one repository to include all trading partner identity and authentication data. The reality is that user identities and information are usually spread across different data bases. The challenge is to link these existing data sources and use the information to create authentication profiles. In this environment, trading solutions must be flexible to accommodate interaction with multiple data sources. That's why companies are turning to XML, security assertions mark-up language (SAML) and the standards being set forth by Liberty Alliance.
Use current business models
Within an organization, people naturally draw upon multiple data sources throughout the course of the day, and sometimes what they pull up on their screens may have no relevance to the transaction at hand. For example, let us say a parts company calls the human resources department of a trading partner to check and see if Joe Smith is employed and authorized to purchase 'Y' amount of components.
The HR representative on the phone may pull up Joe Smith on the computer and access key records about Joe. But that representative has no reason to disclose the fact that Joe recently had an operation and makes $75,000 a year. That is private information and it would not be shared with a vendor.
The same process must be replicated electronically, where XML determines what information or data field can be accessed and released.
Authentication and risk
XML also enables a more equitable balance when it comes to authentication management. For example, an employer gives all the organization's employees access to a credit union. The credit union has a list of employees, but not key information about whether they are currently employed, etc.
The credit union, therefore, is assuming liability for what people do when they come to the credit union's site. If that credit union requires some sort of authentication about the users before they are linked to the site, the responsibility for authenticating them is shared and security is dramatically improved. There's more of a balance. XML and new XML-based standards enable this.
By segregating access and knowing exactly who has access to what, an organization can have a higher degree of confidence that the right information is being disclosed to the right people. Without conducting a security review, no one can be sure who is accessing their systems and changing numbers.
The critical element is security. Organizations unable to guarantee the security of their data will be prevented from participating in new markets and relationships. As in any relationship, the boundaries are critical.
Roger Sullivan is president of Phaos Technology Corp. (www.phaos.com).
Steps to building trust
With XML, an organization can map its internal business practices to the way it interacts with its business partners and move to a truly networked trading environment. In order to realize the promise of XML, organizations must begin looking at the issues of trust in new ways. The following steps will help an organization begin to move to a more networked, trusted, XML-based trading environment.
What is XML?
The specification for eXtensible Markup Language was developed by the W3C.
XML is an abbreviated version of standard generalized markup language (SGML), which is large and complex. It is used for describing every type of document in all the varied areas of human activity.
XML makes it easier for organizations, groups or individuals to create their own customized mark-up tags for exchanging information, as it omits the more complex parts of SGML. So, it is easier to write applications for documents created with XML, and it is easier to understand. It is also more suited for delivery and interoperability over the internet, although it allows for storage and transmission of data off the web too. HTML is one of many XML applications, but the one most frequently found on the internet.