Definitions of Key Terms in Interoperability

Compliance Testing focuses on demonstrating that products are written in a manner that implements the specification. Usually, there are degrees of compliance. Sometimes the specification defines these degrees, and other times the testing suite defines these degrees of compliance. Complete compliance testing to a specification document may be quite arduous and time-consuming depending upon how the specification was written, and how complex the described interactions happen to be. Since there are ranges and degrees of compliance from basic to complete, compliance with a specification often does not guarantee interoperability.

Interoperability Testing can validate that two products work together and yet neither may be in compliance with the specification. This often happens when sets of two products are tested in a pair-wise manner but the sets are not tested with other standards compliant products. This situation occurs for various reasons - foremost being the lack of universal test cases and unclear testing procedures. The principal risk in this sort of testing is that pair-wise subsets of the product may be interoperable, yet the overall set of products fails to communicate properly.

Certification provides a higher level of assurance because a third party organization has put its stamp of approval on the outcome and has certified that the products meet the conditions of the test suite.

Test suites may take various forms. There are very basic test suites, only testing basic functionality, as well as complete test suites testing every option and error condition. The former is usually insufficient to give a reliable degree of interoperability. The latter, while guaranteeing interoperability, is a great deal of work for each participant. Usually the best course is a test suite somewhere between very basic and complete, but nearer the complete suite. Constructing complete test suites, and then choosing a subset of the complete suite as the basis for testing interoperability, may accomplish this goal. This method gives the benefit of identifying what the product must support as it is developed, yet only tests the predominant, most important interoperability conditions.

Frequently Used Terms in DGI Testing

Automotive Retail Profile (also known as STAR Profile)- an Optional Profile adding gZIP compression functionality to ebMS2.0.

B2B - Business to Business electronic commerce

B2C - Business to Consumer electronic commerce

CEM - Certificate Exchange Messaging is an AS2 Optional profile

CSOS - Controlled Substance Ordering System

Data Pool - A data pool is a centralized data base, where all necessary information to perform business transactions between trading partners, is stored. This pertains to GDSN testing

Drummond Certified® - A Drummond Group Inc. branded testing and certification program

DSA - Digital Signature Algorithm is a US Government standard for digital signatures

EC - Electronic Commerce

EDI - Electronic Data Interchange

FIPS - Federal Information Processing Standards

FN - Filename Preservation is an AS2 Optional Profile

FN MDN - Filename Preservation with MDN is an AS2 Optional Profile

GS1 Global Registry - the global registry for communicating master data (Catalogue Item and Party) between trading partners in the GDSN network of Data Pools

HTTP - Hypertext Transfer Protocol (Internet Standard)

InSitu® - patented technology developed by DGI for conducting automated interoperability testing among multiple parties

Large File Tests- For AS3, Optional Large File tests exchange 500MB and 1G files size messages. For AS2, 50MB is a required part of the test.

MA - Multiple Attachments is an AS2 Optional Profile

MDN - Message Disposition Notifications

MIME - Multipart Internet Message Extensions

Non-repudiation of Receipt (NRR) - NRR is the basis of a "legal event" between sending & receiving parties that occurs when the original sender of an EDI/EC interchange has verified the signed receipt coming back from the receiver. NRR IS NOT a functional or a technical message.

Optional Profiles (DGI terminology)- additional functionality building upon an existing technical specification and/or or clarifying exact steps defining functionality mentioned in a technical specification.

PGP - Pretty Good Privacy

PGPMIME - Digital envelope security based on the Pretty Good Privacy (PGP) standard (Zimmerman), integrated with MIME Security Multiparts.

PKCS - Public Key Cryptography Standards, a series of documents published by RSA Data Security.

Reliability -Reliability is an AS2 Optional Profile

Receipt - The functional message that is sent from a receiver to a sender to acknowledge receipt of an EDI/EC interchange.

RFC - Request For Comments is a series of documents published by the Internet Society covering a wide range of Internet issues, especially Internet protocols and standards.

S/MIME - A format and protocol for adding Cryptographic signature and/or encryption services to Internet MIME messages.

Signed Receipt - Same as above, but with a digital signature applied.

SAML - Security Assertion Markup Language

SSL - Secure Sockets Layer is an encryption protocol, developed by Netscape, for transmitting documents securely over the Internet. It allows for authenticated and encrypted communication between browsers and servers, or between different servers.

TLS - Transport Layer Security - Internet Standard similar to SSLv3

URI - Uniform Resource Identifier - URIs have been known by many names: WWW addresses, Universal Document Identifiers, Universal Resource Identifiers, and finally the combination of Uniform Resource Locators (URL) and Names (URN). As far as HTTP is concerned, Uniform Resource Identifiers are simply formatted strings that identify - via name, location, or any other characteristic - a resource.

URL - Uniform Resource Locator - standard naming convention on the Internet

XML Encryption Profile (formerly known as the PHIN profile) - is an ebMS Optional profile providing XML encryption and SSL client authentication functionality