[ Changed 13th October 1997 ]
The purpose of EDI is to process business data in an automated way. This used to be handled on a bilateral basis between contracting parties using leased lines etc., but when parties without an initial contract do business over the Internet and/or X.400, it is absolutely vital to secure the interchanges by what we call security services: non-repudiation of origin/receipt and confidentiality are the obvious choices.
Back in the early 90's, the UN Security Joint Working Group came up with a number of proposals for the integration of these services at the EDIFACT syntax level, thus making them independent of the transport mechanism in use. This implied that the EDI translators would handle security, and in an automated fashion. The next step was to bring the supporting public key infrastructure with communicating CAs, LRAs and Directories into play, and a new EDIFACT message, KEYMAN, was designed to handle this.
The EDIFACT certificate thus derived was far more business minded than the original X.509 certificate in its design. The PKI and the underlying business model will be described, and we will explain how to avoid blacklists. We believe this model is the right one to take forward in electronic commerce, and this is exactly what we are doing in large pilots such as SEMPER, BOLERO, DYP, and ELSME.