A ‘Connect’ Protocol for B2B Making B2B Connections as easy as ‘friending’ someone… or easier Problem • B2B exchanges are typically privileged, requiring an initial partner validation/setup • Analog to social networks: “friending” / “connecting” • PEPPOL has adopted an open, SMTP-like model… but this is the exception, not the rule • Maximizing adoption (especially by SMBs) requires a B2B setup with social-network-like ease and low cost • B2B requirements are, however, more complex, e.g. – Four-corner model (different agents for each party) Problem, contd. • Two models, variants of the same problem – Three-corner: identity federation/setup across networks – Four-corner: getting beyond “trusted peering” • “Chain of Trust” issues with multiple governance domains Use Cases • Semi-automated: email invitation – – – – Similar to the “social network” invitation scenario Recipient of invitation clicks to accept/authorize connection May need to first create/provision an account to do so BUT, process includes authorization of BOTH parties’ systems to connect on their respective users’ behalf • Fully-automated: system to system dialog – Two systems each pre-authorized to manage collaboration – Fully automated relationship discovery and setup Semi-Automated Buyer-Driven Process (Email PO or Invitation) ERP POs 4 1 Data/ Process Identities / Trust Identities / Trust 4. SMB Acct’g Cloud Platform Get all emailed invoices 2 3. Invoice Data/ Process POs pre-populate Supplier Identities 1. 2. Supplier Gateway Buyer Network/ Gateway ERP A/P Send email invitations with ‘SMB Accounting’ links 3 Link triggers Auth handshake Get Connected Buyer issues POs via Buyer Network, triggering pre-configured, pre-authorized supplier account creation. On Buyer’s behalf, Buyer Network sends invitation emails for suppliers to get connected (i.e. to complete activation of a pre-configured account) for exchange of POs, invoices and other business documents. For an supported Buyer, these emails include a "Connect to SMB Accounting" link, enabling a Supplier to: a. Authorize Buyer (B2B Network) to activate their account, with Supplier Gateway access permissions b. Enroll with Supplier Gateway (i.e. authorize Supplier’s SMB Accounting (Cloud) to connect) c. Authorize the Supplier’s Gateway to connect with the Buyer’s Gateway (invoicing, payment) Supplier Gateway retrieves all emailed invoices from the Supplier's connected SMB Accounting Cloud account, and matches recipient email addresses against enrolled Buyer domains/email addresses. If matched, it: a. Retrieves Supplier Identity Attributes, and syncs as needed to the Buyer Gateway; b. Transforms the retrieved invoice content in accordance with Buyer Profile Specification; c. Posts invoice to Buyer Network Fully Automated Big / Buyer / Receiver Small / Seller / Sender Available Identities Enrolled Identities Populated by “listening” to sent document flow: POs 1 Available Identities 6 2 3 Enrolled Identities 7 Invoices 4 Matched? Target Partner Identities 5 Send Request Matched? 8 Accept Request 9 Target Partner Identities Notes: • This shows the Buyer-initiated process. Seller-initiated process can also occur, if Buyer supports • Skip step 5 if small/seller party is already enrolled Related Issues • Discovery (SML) – Email/domain based? – Chain of trust issues • Service Profile (CPPA / SMP) • Trust Frameworks (Inter-Cloud) References • OASIS Id-Cloud Use Cases v1.0 Committee Note 01 Use Case 25: Inter-cloud Document Exchange & Collaboration http://docs.oasis-open.org/id-cloud/IDCloudusecases/v1.0/cn01/IDCloud-usecases-v1.0cn01.html#_Toc324801970