http://www.dmst.aueb.gr/dds/pubs/conf/2005-eChallenge-Praxis/html/AKGSC05.html This is an HTML rendering of a working paper draft that led to a publication. The publication should always be cited in preference to this draft using the following reference:
|
Building an e-Business Platform: An Experience Report
Stephanos Androutsellis-Theotokis1,
Vassilios Karakoidas1, Georgios Gousios1, Diomidis
Spinellis1 and Yannis Charalambidis2
1Athens University of Economics and Business, 76 Patission Str., Athens,
10434, Greece
Tel:
+30 210 8203370, Fax: +30 2108203664,
Email: {stheotok, bkarak, gousiosg, dds}@aueb.gr
2Singular Software S.A., 23rd
Km Athens-Lamia Road, Ag. Stefanos, 14565, Greece
Tel:
+30 210 6267400, Fax: + 30 210 6267410, Email: yannisx@singular.gr
Abstract: The PRAXIS project has been designed to facilitate the interchange of data between government and business entities through direct enterprise application interconnection. The system architecture has been entirely based on emerging technologies, including web services and XML, allowing independent client systems to operate asynchronously with a central server orchestrating and controlling the workflow. An original business document exchange protocol has been developed from the ground up in order to address the specific needs of business to government transactions in the Greek business sector. This paper elaborates on the methodologies and tools used for the development of the project’s coordination point (the server) and its clients, and present the experiences gained during the system’s design, as well as results obtained from the preliminary integration and testing phases.
In recent years, significant technological advances
have been made in the field of e-business, both at the European and
international level. The penetration of such technologies in the business
world, however, has been limited, especially in countries where the majority of
businesses are small or medium. At the same time, the greater part of the
effort to adopt e-business technologies and solutions has targeted the end
consumer (Business-to-Consumer / B2C), and more rarely takes into account real
application to application interconnection (A2A), a field that is bound to make
an impact in terms of speed, security and accuracy of business transactions,
and will ultimately boost the adoption of e-business solutions.
Despite the rising pace at which Information Technology means are being deployed, the majority of several millions of daily transactions among the above entities are still carried out in the traditional manner: typically sending the various transaction documents through mail or fax, manually inserting data in Enterprise Resource Planning (ERP) or Customer Relationship Management (CRM) applications or, at best, manually filling in on-line web pages offered by Banks or Governmental Agencies. Based on the above inadequacy and on the absence of enlightening new approaches at the SME level, most of the companies waste significant effort and resources while not entrusting the Internet and current B2B (or even B2C) applications for their transactions.
It took the entire industry several years of development (and a crisis) to achieve reliable, secure, convenient, and efficient B2C transactions through the Web. Business application interconnection is a far more difficult task; how can different, mostly proprietary, internal systems for accounting, order processing, and supply-chain management be modified to exchange data through the Web reliably, securely, and in a standard, open way so that a custom solution for each business relationship is not required?
To
address these issues, and in many ways the market needs whether present or
future, we present the PRAXIS project [3,4], a
research project aiming to develop a standardised way of doing transactions
safely and efficiently between business entities and also interconnect them
with government information systems. The main innovation of our approach lies
in the study and comparison of existing standards for B2B transactions and the
proposal of a new, adaptable and compatible one, and the design of a system
that covers the needs of large enterprises as well SMEs with minimal IT
infrastructure.
PRAXIS aims at the research, development and pilot
deployment of the necessary methodologies, technologies, infrastructures,
business processes and setups that will allow the average European SME to carry
out a significant portion of its business transactions over the internet,
through the interconnection of Enterprise Resource Planning (ERP) applications
between enterprises, banking institutions and the public sector.
More specifically, the general PRAXIS aims are:
·
The design and development of an easily adoptable
and financially attractive solution for the average Greek or European small and
medium enterprise, by hiding the complexity of the system from the regular
user, and developing a low cost product.
·
The study of and emphasis on the particularly
important issue of data and transaction security, as well as the protection of
interchanging parties through modern security infrastructures.
· The adoption of the current statutory and legislator framework, and the interaction with it in the form of proposals and insight directed towards the responsible authorities. This is particularly important, as PRAXIS will be one of the very few complete integrated solutions in the area of B2B/A2S e-business.
A consortium of SME’s, university research centres
and public sector institutions forms the backbone of the PRAXIS project. Several other companies and institutions are
participating in the prototype implementation of the system:
· Three commercial private companies are adapting their information systems to include the PRAXIS client in order to perform business transactions, such as VAT payments and order placement, with financial organizations and the public sector. These companies provide valuable know-how and experience, while also participating as users of the system.
· One of the major banks of Greece is connected to the PRAXIS server to carry out financial transactions with the SMEs and the public sector. The bank provides consulting services regarding the types and details of transactions carried out between banks and enterprises, and also participates as a user of the system.
· The General Secretariat of Information Systems of the Greek Ministry of Finance provides a web services interface to the country’s taxing information system. They dictate the B2G transactions initially supported by the system.
Central to the design of the PRAXIS
B2B transaction processing system, was the decision on what document and
process description standard should be adopted. A survey of the currently used
(typically XML-based) B2B standards was carried out.
Table 1 provides a list of the dominant B2B standards.
UN / EDIFACT [5] |
Based on the EDI
(Electronic Data Interchange) protocols, EDIFACT is the result of a series of
attempts to reduce the number of different variations of the EDI standard in
use. EDIFACT includes complete syntax rules for the formation of business
messages. Other variations of the EDI standard include the UN/GTDI, ANSI X12
EDI, and TRADACOMS |
UN / CEFACT [6] |
UN/CEFACT is the United Nation’s body responsible for the international
policies and technological advances in eCommerce. In an attempt to modernise
the EDI standard, they proposed an XML based
version, which uses the ebXML standard for the description of the
document exchange methods. |
ebis-XML [8] |
ebis-XML is the standard developed by BASDA (the Business and
Accountantcy Software Developers’ Association), and international body
representing 370 of the worlds largest business software developers, based in
the United Kingdom. ebis-XML allows the exchange of various business
documents, and supports communication through the internet or email. The
structure of the ebis-XML messages is based on the W3C XML standard. |
ebXML [9,11] |
ebXML is an international
initiative originating from the UN/CEFACT and OASIS organizations. ebXML
define a set of specifications that allow enterprises to perform business
transactions through the internet, by using standardized processes for
exchanging business messages and defining business processes. ebXML is targeted
towards all business sizes, including SMEs. |
RosettaNet [12] |
RosettaNet is a non-profit
organization with over 500 member companies, whose aim is to propose methods
for document exchange and process specification for eBusiness transactions.
It supports a mode of operation for direct interactions between the
transacting parties, as well as an indirect, server-mediated mode, which is
however not encouraged. The message communication is based on technologies
such as HTTP (or HTTPS), SMTP, SSL, and S/MIME encoding. |
xCBL [13] |
The xCBL standard is the
result of the cooperation of companies including Microsoft, SAP, and Commerce
One, and essentially consists of a basic collection of electronic documents
for business transactions. It does not focus particularly on the definition
of processes for document exchanges or business transactions. |
XBRL [15] |
XMRL (eXtensible Business
Reporting Language) aims at the definition of a standard that will allow
companies to create, exchange and compare company data, including financial
information. It is an extension of the XFRML (eXtensible Financial Reporting Markup
Language), and focuses on the development of tools for business and
accounting transactions. It only concerns the representation of information,
and not ways of exchanging it. |
GCI [16] |
GCI (the Global Commerce Initiative) was formed in
1999 by a coalition of manufacturing and trading companies and professional
bodies, in an attempt to provide solutions to the supply chain management
practices through standards for interoperability and business transactions.
Their proposed standards mainly focused on the description of documents for
business transactions, but also proposed business process model guidelines. |
OAGIS [17] |
The Open Applications Group Integration Specification
(OAGIS) is an open, XML-based attempt to define “Business Object Documents”
(BODs, e-business transaction messages) as well as business process
scenarios, based on integrating information between different types of
enterprises. Currently more than 200 BODs and 60 business process scenarios
are defined. OAGIS encourages the use of other technological standards (such
as ebXML) for the interchange of information between companies. |
UBL [18] |
The Universal Business Language (UBL) is an attempt
to define a library of XML-based electronic business documents. UBS is open
and designed so as to be easily integrated in current business IT
infrastructures, focusing exclusively on the description of documents. UBL is
developed by and property of the OASIS organization. |
Table 1 : Dominant B2B
Standards
Our analysis of the above standards was based
on the ISO/IEC 9126-1 Software Product
Quality model [19, 20] which we adapted to a set of criteria specific to
B2B transaction processing systems, which were in turn derived during the
research and design stages of the PRAXIS project. Figure 1 shows the relation between the generic software
quality indices identified and described in [19], and the case-specific
criteria that we assembled for ebusiness transaction processing systems, and in
particular the PRAXIS system.
Figure 1: Comparison criteria
for B2B standards. The columns of the table correspond to generic software
quality indices (see [19]) that are used to evaluate software products. The
rows of the table correspond to specific criteria that apply to B2B transaction
processing systems. These are the criteria by which the various B2B standards
were evaluated and compared. The dark cells in the table indicate the way in
which the generic criteria relate to the case-specific ones, and thus provide
the mapping between our original comparison work and the (generally accepted)
IEEE Software Quality Model.
The details of the comparison and analysis
are available in the deliverables of the PRAXIS project[1]
(see also [3]). The conclusions reached were that the standards more
appropriate to the goals of the PRAXIS system were: (1) UN / CEFACT, (2) UN/
EDIFACT, (3) xCBL and (4) ebis-XML.
The above standards mainly focus
on documents, rather than processes. EDIFACT was however rejected due its
outdated underlying technological basis and CEFACT because it is still
considered immature.
While xCBL and ebis-XML were both very good candidates, of the processes the PRAXIS system is required to support very few are actually covered by these standards in a complete way. It was therefore ultimately decided to define an original standard for the PRAXIS system, closely based on them, and with care to allow the potential of collaboration between them, through the implementation of simple filters or translators.
Figure 2 illustrates the PRAXIS Server architecture.
Figure 2 : The PRAXIS Architecture
The PRAXIS Server consists of three distinct modules:
There are two types of clients in the current system:
·
Web (thin) Client: A web application
that only provides a limited set of the PRAXIS system functions. The user can
send and receive messages, search for potential customers, print, export or
import business related data. These services can be very useful to
organizations that are relatively small and do not have an ERP system.
·
PRAXIS Enabled Application: The PRAXIS consortium offers the
possibility to 3rd party organizations to integrate the PRAXIS
system services to it. To do so, a shared library (the Universal Praxis
Connector (UPC)) is provided, which exports this functionality. In our typical
scenarios (Figure 2), an organization modifies its ERP server and client
software to provide access to the PRAXIS system.
Interoperability was
a very important issue in the design of the PRAXIS system, and it was taken it
into consideration during the very early stages of our design and requirements
analysis. We based our analysis into the IEEE related Standard for software
requirements and specifications [14].
The PRAXIS server is based on the .NET
platform and the PRAXIS Basic Protocol is based on SOAP. At the transport
layer, the HTTPS protocol is used and mutual server and client authentication
is performed through certificates. The PRAXIS server stores its data into a
relational database, which is deployed on an SQL server.
We didn’t select to implement our system
in the J2EE platform due to performance reasons. We also tested other B2B implementation
frameworks, such as BizTalk etc, but we rejected them in order to avoid royalties
and other licensing issues. We have to note that in order to choose the base
platform we performed a research upon candidate technologies based on a series
of criteria, which are detailed listed in our project deliverables.
The UPC shared library is a COM Object which
currently is tightly bounded to the Windows platform. In the future, a Java
version will be implemented.
The web client was implemented into using
ASP.NET with the IIS in the role of the HTTP server. For authentication and key
management we used Microsoft’s Certificate Server.
Figure 3: PRAXIS Test Bed Topology and Technologies
Other partners of our consortium developed or are currently
developing various solutions to provide interoperability with the PRAXIS
system, resulting to an ecosystem of distinct solutions exchanging business
data. In detail:
·
Business-to-Business: For each SME we developed an ERP-level
integration using the UPC shared library. In addition, the project coordinator,
who is one of the biggest software vendors in Greece, is developing a PRAXIS
enabled version of their commercial ERP system. Most of our participants SME’s
are using version of it for testing, while other are developing custom based
UPC based application for integration with their systems.
·
Business-to-Government: The General Secretariat of Information Systems
(GSIS) uses J2EE based applications with Oracle as their database. Their client
chose to override the UPC and re-implement an implementation of their SOAP
based client in Java.
·
Business-to-Financial institutions: Our financial institution is a Bank. They
already have deployed a range of e-Banking services, and the consortium is
currently trying to implement a bridge with their authentication system and the
PRAXIS authentication service. Their services are exposed as Web Services and
are implemented in Java. In order to join the PRAXIS network, the Bank will
implement a PRAXIS client using the UPC.
The initial testing
of the PRAXIS system was performed on a setup including the PRAXIS server and
various web-based clients (Figure 3). A tool was developed to automatically produce the
web-based client forms based on the corresponding document schemata.
A Public Key Infrastructure approach was used to implement security [7]. To simplify the prototype implementation, the certificate authority was chosen to be the server itself. A certificate is issued per client, who also contains the client’s PRAXIS identification number (PraxisID), and the client’s public key is stored on the PRAXIS server. The secure socket layer (SSL) protocol is used to maintain the integrity and confidentiality of the communication channel, while the client certificate is used for authentication purposes.
The
server itself was implemented as a web service, which exports its functionality
to authenticated clients. For the test setup, a web browser client was used to
hit the web service. The messages exchanged included both system-level message
containers (envelopes) and invoicing, ordering and packing-slip messages. The
server software was installed on a single workstation machine, which also runs
the database server.
The tests that were run were mainly
proof-of-concept tests, since only a small part of the server was implemented
by the time of write-up of this paper. Nevertheless, the initial results are
very encouraging; the system was able to sustain a significant number of
concurrent transactions coming from a network of clients operated by human
users.
The first conclusions from the operation of the PRAXIS system suggest that the adoption of an open and flexible standard for modelling the B2B documents and processes is essential, as it allowed the seamless integration of new types of transactions. The store-and-forward architecture, coupled with the web client feature, allowed small enterprises, including personal enterprises or accountants with minimal or indeed no IT infrastructure to utilise some of the facilities provided by the system. Finally the use of the UPC (Universal Praxis Connector) module allowed the relatively straight-forward integration of large, in some cases legacy ERP and other systems into the PRAXIS network.
It is our impression that these are the main characteristics upon which the future adoption and success of the PRAXIS system relies.
It was also an interesting finding that, of all the B2B standards currently available, very few are actually in a position to provide the required support for a system targeting a horizontal cross-domain solution.
The PRAXIS system is currently in the process of being deployed. A market validation study is being carried out, and different exploitation models are being studied. Due to the open and extendible architecture of the system, it is expected that deployment in other countries or for other types of transactions will be straight-forward.
The PRAXIS system design, just as all currently implemented and deployed on-line business transaction processing systems, is based on centralized n-tier architecture. Our team is already in the process of investigating alternative approaches. It is our firm belief–and it has also been recognized by the research and industrial community that such systems may also be based on the constantly evolving decentralized peer-to-peer architectures [10]. Based on our experiences with the PRAXIS system, we are working on such a detailed requirements definition and analysis [2], pertaining to the phase preceding the actual transactions (such as support for discovery of services, merchandise or trading parties, authentication and access control, and negotiation of transaction parameters); requirements referring to the actual transaction phases (such as support for workflow and collaboration orchestration, logging and non-repudiation); and requirements following the transaction (such as user ranking and reputation management).
Furthermore, the experience gained in the design of the PRAXIS project is used as a case to explore the potential of applying Model Driven Architecture approaches for enterprise application interoperability [1].
Based on the findings of our initial experiments, we are also planning to elaborate on the system’s design in order to efficiently address important non-functional requirements, mainly security and availability.
[1] |
Vassilios Karakoidas, Stephanos Androutsellis-Theotokis, Diomidis Spinellis, and Yannis Charalabidis. Applying MDA in Enterprise Application Interoperability: The PRAXIS project. In 5th International Conference on Practical Aspects of Knowledge Management (PAKM 04). The Association of European Operational Research Societies, December 2004. |
[2] |
Stephanos Androutsellis-Theotokis, Diomidis Spinellis, and Vassilios Karakoidas. Performing peer-to-peer e-business transactions: A requirements analysis and preliminary design proposal. In IADIS International e-Commerce 2004 Conference, December 2004. |
Yannis Charalabidis, Vassilios Karakoidas, Stephanos Androutsellis-Theotokis, and Diomidis Spinellis. Enabling B2B transactions over the internet through application interconnection: The PRAXIS project. In Proceedings of the e-Challenges Conference, October 2004. |
|
[4] |
Diomidis Spinellis, Yannis Charalabidis and Vassilios Karakoidas. Application interconnection and execution of Business to Business transactions over the Internet. In 20th European Conference on Operational Research (EURO-XX). The Association of European Operational Research Societies, July 2004. Poster. |
[5] |
United Nations Electronic Commision for Europe. UN / EDIFACT: United Nations directories for Electronic Data Interchange for administration, commerce and transport.Available online at http://www.unece.org/trade/untdid/texts/d100_d.html |
[6] |
UN / CEFACT: United Nations centre for trade facilitation and electronic business. Available online at http://www.unece.org/cefact/ |
[7] |
Dimitrios Lekkas, Sokratis
K. Katsikas, Diomidis Spinellis, Pavel Gladychev, and Ahmed Patel. User
requirements of trusted third parties in Europe. In Simone
Fisher-Hübner, Gerald Quirchmayr, and Louise Yngström, editors,
User Identification & Privacy Protection: Applications in Public Administration
& Electronic Commerce, pages 229–242. IFIP WG 8.5 and WS 9.6, June 1999 |
[8] |
BASDA, eBIS-XML. Available online at http://www.basda.org/pub_img/uploads/BASDA\%20eBIS.ppt |
[9] |
ebXML web site. Available online at http://www.ebxml.org/ |
[10] |
Stephanos
Androutsellis-Theotokis and Diomidis Spinellis. A survey of peer-to-peer
content distribution technologies. ACM Computing Surveys, 36(4):335–371,
December 2004 |
[11] |
Mathew MacKenzie. ebXML messaging services specification v2.1. Draft, ebXML, March 2004. Available online
at http://www.oasis-open.org/committees/download.php/6130/wd-ebMS-2_1-04.pdf |
[12] |
Rosetta Implementation Framework (RNIF): Core specification. Technical report, RosettaNet, March
2002. Available online at http://www.rosettanet.org/
|
[13] |
XCBL (XML Common Business Language). Available online at http://www.xcbl.org/xcbl40/xcbl40.html |
[14] |
IEEE Guide for Developing System
Requirements Specifications Std 1233,
IEEE Standards Software Engineering: Volume One Customer and Terminology
standards 1999 Edition |
[15] |
Phillip Engel, Walter Hamscher, Geoffrey Shuetrim, David vun Kannon, and
Hugh Wallis. Extensible business reporting language v2.1. Draft, XBRL, December 2003. Available
online at http://www.xbrl.org/ |
[16] |
Global Commerce Initiative (GCI) ,EAN·UCC
– The Global Language of Business, |
[17] |
The OAGIS web site: http://www.openapplications.org/ |
[18] |
Universal Business Language 1.0,
cd-UBL-1.0. Available online at |
[19] |
International Organization for
Standardization, Geneva, Switzerland. Software Engineering — Product
Quality — Part 1:Quality Model, 2001. ISO/IEC 9126-1:2001(E) |
[20] |
Ho-Won Jung, Seung-Gweon Kim, and
Chang-Sin Chung. Measuring software product quality: A survey of ISO/IEC
9126. IEEE Software, 21(5):10–13, September/October 2004 |