"The parties shall use those versions of the UN/EDIFACT Standards identified in the Technical Annex."
The parties should agree upon the version release of the UN/EDIFACT standards which they intend to use. Parties may also wish to specify the manner in which they will consider for use new version releases of the UN/EDIFACT standards.
The parties should also designate in practical detail the necessary related technical specifications and details. Items which should be considered include identifying directories, code lists, message implementation guidelines and other items directly connection with specified standards and the related versions.
2.2. System Operations
"Each party shall test and maintain their respective equipment, software and services necessary to effectively and reliably transmit and receive Messages."
The parties should describe the methods and procedures for testing their system operations, the effectiveness and the reliability of the message interchange processes, the times when such testing should occur and the intended results that need to be obtained. The parties should adopt a method for clearly indicating the availability of their EDT systems for transmitting and receiving Messages.
2.4. Communications
"The parties shall specify in the Technical Annex the methods of communication, including the requirements for telecommunication or the use of third party providers.
The details and specifications with regard to the method of communication should describe:
- the chosen communication method(s);
- the applicable communication protocols which the parties will use, in addition to the UN/EDIFACT standards (such as X.25 or X.400, etc.);
- where required, the information details relating to third party(ies) provider(s) to be used, including the appropriate address and contact information and other related details.
Parties may also consider specifying recovery procedures to either retrieve Messages in case of loss or failure or to provide alternate routing and procedures in case of a failure of the selected method of communication.
2.5. Security Procedures and Services
"Each party shall implement and maintain security procedures and services, including any specified in the Technical Annex, to protect Messages and their records against untoward events or misuse including improper access, alteration or loss." Parties may elect to specify in detail the security procedures and services which they may require to be implemented in connection with their use of EDT. Different means exist for improving the reliability of EDT interchanges between business partners; the general objective is to get as many messages effectively and correctly transmitted and processed as possible, without increasing the cost to an unreasonable level.
The selection and use of safety/security measures are typically based on an evaluation of the threats and - not the least - legal implications. This may result in the implementation of various safety measures, which are all independent of the UN/EDIFACT message structure, but nevertheless may contribute to the legal confidence arising from the records.
Trading partners utilizing UN/EDIFACT may select among a variety of security procedures and services, some of which are available within UN/EDIFACT and others which are generally available.
Security Services in UN/EDIFACT. Trading partners may elect security services which consist of some of the security services available within UN/EDIFACT, as listed below, in order to meet the legal requirements or thwart the identified threats. Each of these security services requires the use of cryptographic techniques. Thus any message (which is nothing but a sequence of digits) transferred from one computer to another can be protected by calculating digital mathematical functions (known as cryptographic techniques) on the message, before and after the transmission. This provides the tools to detect any unintended change not only during transit, but also during storage at either end, thus achieving the desired security service.
The UN/EDIFACT documents identified in the listing following this Technical Annex Checklist include specific materials explaining the security services and key management techniques mentioned below in detail, and should be consulted by a user searching for information.
Message content integrity protects against the modification of data in a message of any kind. This may further be extended to message sequence integrity, which establishes the order in which the messages appeared. Message integrity in itself is typically not achieved unless some key is involved to generate what is known as a Message Authentication Code (MAC). This is a cryptographic fingerprint of the message, which is created by means of a secret key. Normally, anyone in possession of that secret key may generate the MAC-value, unless specially protected hardware is used.
If there is a further need to distinguish between the sender of the message and the recipient (e.g. for legal purposes), the correct security service to apply is non-repudiation of origin, which requires appending time stamps for timeliness and subsequently the calculation of digital signatures based on public key algorithms.
