B2B Connection Setup Protocol

advertisement
A ‘Connect’ Protocol for B2B
Making B2B Connections as easy as
‘friending’ someone… or easier
Problem
• B2B exchanges are typically privileged, requiring an
initial partner validation/setup
• Analog to social networks: “friending” / “connecting”
• PEPPOL has adopted an open, SMTP-like model… but
this is the exception, not the rule
• Maximizing adoption (especially by SMBs) requires a
B2B setup with social-network-like ease and low cost
• B2B requirements are, however, more complex, e.g.
– Four-corner model (different agents for each party)
Problem, contd.
• Two models, variants of the same problem
– Three-corner: identity federation/setup across networks
– Four-corner: getting beyond “trusted peering”
• “Chain of Trust” issues with multiple governance
domains
Use Cases
• Semi-automated: email invitation
–
–
–
–
Similar to the “social network” invitation scenario
Recipient of invitation clicks to accept/authorize connection
May need to first create/provision an account to do so
BUT, process includes authorization of BOTH parties’
systems to connect on their respective users’ behalf
• Fully-automated: system to system dialog
– Two systems each pre-authorized to manage collaboration
– Fully automated relationship discovery and setup
Semi-Automated
Buyer-Driven Process (Email PO or Invitation)
ERP
POs
4
1
Data/ Process
Identities / Trust
Identities / Trust
4.
SMB Acct’g
Cloud
Platform
Get all emailed invoices
2
3.
Invoice
Data/ Process
POs pre-populate
Supplier Identities
1.
2.
Supplier
Gateway
Buyer
Network/
Gateway
ERP
A/P
Send email invitations
with ‘SMB Accounting’ links
3
Link triggers Auth handshake
Get Connected
Buyer issues POs via Buyer Network, triggering pre-configured, pre-authorized supplier account creation.
On Buyer’s behalf, Buyer Network sends invitation emails for suppliers to get connected (i.e. to complete
activation of a pre-configured account) for exchange of POs, invoices and other business documents.
For an supported Buyer, these emails include a "Connect to SMB Accounting" link, enabling a Supplier to:
a. Authorize Buyer (B2B Network) to activate their account, with Supplier Gateway access permissions
b. Enroll with Supplier Gateway (i.e. authorize Supplier’s SMB Accounting (Cloud) to connect)
c. Authorize the Supplier’s Gateway to connect with the Buyer’s Gateway (invoicing, payment)
Supplier Gateway retrieves all emailed invoices from the Supplier's connected SMB Accounting Cloud account,
and matches recipient email addresses against enrolled Buyer domains/email addresses. If matched, it:
a. Retrieves Supplier Identity Attributes, and syncs as needed to the Buyer Gateway;
b. Transforms the retrieved invoice content in accordance with Buyer Profile Specification;
c. Posts invoice to Buyer Network
Fully Automated
Big / Buyer / Receiver
Small / Seller / Sender
Available
Identities
Enrolled
Identities
Populated by “listening”
to sent document flow:
POs
1 Available
Identities
6
2
3
Enrolled
Identities
7 Invoices
4 Matched?
Target
Partner
Identities
5 Send Request
Matched? 8
Accept Request 9
Target
Partner
Identities
Notes:
• This shows the Buyer-initiated process. Seller-initiated process can also occur, if Buyer supports
• Skip step 5 if small/seller party is already enrolled
Related Issues
• Discovery (SML)
– Email/domain based?
– Chain of trust issues
• Service Profile (CPPA / SMP)
• Trust Frameworks (Inter-Cloud)
References
• OASIS Id-Cloud Use Cases v1.0 Committee Note 01
Use Case 25: Inter-cloud Document Exchange & Collaboration
http://docs.oasis-open.org/id-cloud/IDCloudusecases/v1.0/cn01/IDCloud-usecases-v1.0cn01.html#_Toc324801970
Download