btrade

No resource would be complete without a comprehensive glossary of terms. We've compiled a list of terms and their definitions to better help you navigate.  Download the pdf here.

A |  B |  C |  D |  E |  F |  G |  H |  I |  J |  K |  L |  M |  N |  O |  P |  Q |  R |  S |  T |  U |  V |  W |  X |  Y |  Z

2005 GTIN Sunrise An industry-wide initiative of North American retailers and trading partners to upgrade their bar code scanning and processing systems to support the new 14-digit GTIN by January 1, 2005

A2A Application-to-application integration is a euphemism for enterprise application integration.Two or more applications, usually but not exclusively within the same organization, are linked at an intimate message or data level.

Acknowledgement In contrast to the notification function, the acknowledgement is a response to a command (e.g., add, change) returned to the originator of the command. Every command needs a response and is handled according to the agreement between the parties involved (e.g., source data pool, final recipient exchange). In the interoperable network, acknowledgement messages are standardised and may contain the following information: Confirmation of message receipt, Success/failure of processing (syntax and content) and Reason for failure, with a code assigned to each failure.

AES Advanced Encryption Standard is a new Federal Information Processing Standard (FIPS) that specifies an encryption algorithm(s) capable of protecting sensitive government information well into the twentyfirst century. The U.S. Government will use this algorithm and the private sector will use it on a voluntary basis.

Algorithm A clearly specified mathematical computation process; a set of rules that gives a prescribed result.

ANSI X.509 Public key cryptography The ITU-T (International Telecommunications Union-T) standard for certificates. X.509 v3 refers to certificates containing or capable of containing extensions.

API Application Program Interface is a popular element of programs that enable inter-program communications.

APPC Advanced Program-to-Program Communication is IBM's program-to-program communication, distributed transaction processing and remote data access protocol suite across the IBM software product line.

AS1 Applicability Statement 1 - an international standard for EDI over the Internet where the transport protocol is Simple Mail Transport Protocol. Limited market acceptance since SMTP is lossy, so neither party really knows that the message was delivered. Advantage is that most firewall and enterprise security procedures do not need to change.

AS2 Applicability Statement 2 - an international standard for EDI over the Internet where the transport protocol is the HyperText Transport Protocol. Gaining market acceptance since confirmed delivery is required for http service. Disadvantage is that most firewall and enterprise security procedures need to be changed.

ASP Application Service Providers operated data centers and high speed Internet connections with a business model purporting to rent business applications on a time-sharing or monthly rental basis over the Internet. Assumed that large-enterprise applications for ERP, SFA or CRM could be partitioned cost-effectively for usage-based fees and that customers would rather rent than run their own SAP/Oracle/Siebel system, or if they were a small business, just buy the small/mid-sized business application. Customer demand never materialized, so VC investments backing these companies dried up by the end of 2000.

Asymmetric encyption An algorithm that uses two mathematically related, yet different key values to encrypt and decrypt data. One value is designated as the private key and is kept secret by the owner. The other value is designated as the public key and is shared with the owner's trading partners. The two keys are related such that when one key is used to encrypt data, the other key must be used for decryption. See public key and private key.

Async Asynchronous communications is a form of communication by which two applications communicate independently, without requiring both to be simultaneous available for communications. A process sends a request and may or may not be idle while waiting for a response. It is a popular non-blocking communications style. Most popular data communications protocols (IP, ATM, Frame Relay, etc) rely on asynchronous methods.

Authentication The verification of the source (identity), uniqueness, and integrity (unaltered contents) of a message.

Authorization The final recipient communicates with the data source, expressing intent to regularly integrate new information into its back-end system ("agreement to synchronise"). For case items, it expresses the intent to trade the item. Note: Authorization works on the basis of GTIN level and GLN of information provider and target market and is sent once for each GTIN. The buyer can use any level in the GLN hierarchy according to the business need (e.g., DSD - store level). This function will be further documented during the detailed specifications phase.

B2B Business-to-Business refers to electronic commerce conducted between companies and almost exclusively involves system-to-system interactions. In contrast, business-to-consumer is typically system-person interactions. B2B includes products, services and systems such as eMarketplaces, supply chains and EDI products and services.

B2C Business-to-Consumer was made popular through the enormous visibility of companies such as amazon.com, eToys, eBay and others. B2C involves system-person interactions typically through a browser connected to a web site. Many of the products built for this market were also used in early B2B implementations, however the lack of back office integration allowing system-to-system interaction between companies has became the bane of this technology set. See B2B above.

Backbone Most network designs, whether local, metropolitan or wide-area have a system of interconnected hubs where spokes reaching out to lower speed hubs which have spokes that reach out to users (or even lower speed hubs that have spokes that reach out to users, etc). The backbone refers to the series of hub-to-hub connections and the network devices that connect them to form the major communications pathways within a network.

Bandwidth The maximum amount of data that can be sent through a connection; usually measured in bits per second.

Binding The process whereby a server application and its client are joined across a network through a simple proprietary protocol that typically acknowledges the presence of the other, performing rudimentary security and version control, for example.

BizTalk A Microsoft-sponsored set of guidelines for publishing XML schemas and using XML messaging to integrate enterprise software programs. BizTalk is part of that company's current thrust around dot-Net technologies. May be 'dead-on-arrival' because its success requires applications vendors to adopt BizTalk technologies that had been developed without their participation, something Oracle, SAP and Siebel, for example, have been loathe to do in the past.

Blocking Communications A synchronous messaging process whereby the requestor of a service must wait until a response is received. See async.

Buffered Queue A message queue that resides in memory.

Business Process Management BPM is the function of correctly directing a flow of work items through a systematic multi-step process. The items are identified and tracked as they move through each step, with either specific people or applications processing the information within an allotted time. Typical BPM models includes timeouts, escalations and rework. The process flow is determined by independent process logic where the applications, processes or people play virtually no role in determining where the process outputs are sent next. See Web Services.

Business Process Router A specialized networking device that automates the execution of specific business process(es) and appropriate routing and or transformation algorithm(s), given a business document.

CA Certifying Authority or Certificate Authority refers to a secure server that signs end-user certificates and publishes revocation data. Before issuing a certificate, the CA follows published policies to verify the identity of the trading partner that submitted the certificate request. Once issued, other trading partners can trust the certificate based upon the trust placed in the CA and its published verification policy. See certificate.

Catalog A catalog is like the telephone yellow pages, only it is electronic and includes much more explicit detail on products and services offered by suppliers. With a simple click of a mouse, a buyer can access a catalogue and obtain a global list of suppliers and their products. The catalogue is divided into several different layers of data ranging from category and product type to length and width details. A buyer can look for product information on a catalogue search engine similar to the Internet's Yahoo or Netscape Navigator. Once the buyer types in the key words, moments later he or she has a comprehensive listing of suppliers, categories and product data.

Category A classification assigned to an item that indicates the higher level grouping to which the item belongs. Items are put into logical like groupings to facilitate the management of a diverse number of items. Category Hierarchy: The classification of products by department, category and subcategory; for example, "Bakery, Bakery Snacks, Cakes."

Category Scheme Structured grouping of category levels used to organise and assign products. Collaboration Arrangement: The process in which a seller and a buyer form a collaborative partnership. The collaboration arrangement establishes each party's expectations and what actions and resources are necessary for success.

Certificate Refers to a public key certificate. Certificates are issued by a certification authority (CA), which includes adding the CA's distinguished name, a serial number and starting and ending validity dates to the original request. The CA then adds its digital signature to complete the certificate. See CA and digital signature.

Certificate Request An uncertified public key created by a trading partner as part of the Rivest Shamir Adleman (RSA) key-pair generation. The certificate request must be approved by a certification authority (CA), which issues a certificate, before it can be used to secure data. See CA, public key, RSA, trading partner, and uncertified public key.

COM Component Object Model - Microsoft's standard for distributed objects. Com is an object encapsulation technology that specifies interfaces between component objects within a single application or between applications. It separates the interface from the implementation and provides APIs for dynamically locating objects and for loading and invoking them.

Common Key Some systems of cryptographic hardware require arming through a secret-sharing process and require that the last of these shares remain physically attached to the hardware in order for it to stay armed. In this case, "common key" refers to this last share. It is not assumed secure, as it is not continually in an individual's possession.

Communications Middleware Software that provides inter-application connectivity based on communication styles such as message queuing, ORBs and publish/subscribe. IBMÕs MQseries is a Message-Oriented Middleware (MOM) product.

Communications Protocol A formally defined system for controlling the exchange of information over a network.

Connectionless Communications Connectionless communications do not require a dedicated connection between applications. The Internet and the US Postal System are both connectionless systems. Packets of information or envelopes are inserted in one end of the system. Each packet has a destination address which is read by network devices that in turn forward the packet closer to its destination. Packets can be lost, received out of sequence or easily duplicated. The receiving application must have the intelligence to check sequence, eliminate duplications and request missing packets. Network resources are consumed only for the duration of the packet processing. In contrast, the telephone network is a connection-oriented system. Both ends of the phone call must be available for communications at the time of the session and network resources are consumed for the duration of the call.

Content switching Content switches are a nominal improvement over Routing Switches which are a nominal improvement over IP routers. Routing Switches can inspect packet addressing details through functionality imbedded in silicon, operating at many times the speed of equivalent general purpose, multi-protocol IP routers. As an extension to routing switches, content switches can inspect packet headers to determine protocol used http or https for example. Https packets require more processing since they need to be decrypted and typically involve purchasing transactions. Being able to switch traffic across a group of servers addresses a particular problem in server farms where a content switch can balance the load, improving customer satisfaction.

Context-Inspired Component Architecture The ANSI ASC X12 standards body has defined the CICA (pronounced "see-saw") as a method for creating syntax-neutral business messages. Business messages can be broken down into constituent components which can be reused in a variety of different formats - X12, EDIFACT or RosettaNet for example.

Context switching Going beyond the framework of content switching, it is increasingly important to know the context of a document. Knowing that this document is an invoice related to that purchase order, for example, is at the heart of what inter-business process management systems need to address. Furthermore, being able to apply routing algorithms that vary based on information contained within the document goes far beyond the traditional routing and even the more modern content routing paradigms.

CORBACommon Object Request Broker Architecture - a standard maintained by the OMG.

Country Catalogue GTIN and/or GLN catalogue administered by an EAN Member Organisation. Commonly referred to as country data pools.

CPFR The Collaborative Planning, Forecasting and Replenishment (CPFR) offering will enable collaboration among all supply-chain-related activities. This collaboration will include setting common cross-enterprise goals and performance measures, creating category/item goals across partners and collaborating on sales and order forecasts. Performance will be monitored as collaborative activities are executed providing participants with the ability to evaluate partners. (www.cpfr.org)

CPI-C Common Programming Interface-Communications IBM's SNA peer-to-peer API that can run over SNA and TCP/IP. It masks the complexity of APPC.

Customer Relationship Management (CRM) Customer Relationship Management (CRM) is the function of integrating systems that relate to the customer quite literally everything from marketing through sales to accounts receivable, bill collection and customer support call center systems into a single business system. Siebel successfully transformed (through acquisition and good marketing) their sales force automation market leadership into CRM system leadership. Many CRM projects gave rise to the requirement for EAI products.

Cryptography, Public Key Crpytography The mathematical science used to secure the confidentiality and authentication of data by replacing it with a transformed version that can be reconverted to reveal the original data only by someone holding the proper cryptographic algorithm and key.

Data authentication Refers either to data integrity alone or to both integrity and origin authentication (although data origin authentication is dependent upon data integrity.)

Data integrity Verifies that data has not been altered. One of two data authentication components.

Data Level Integration A form of EAI that integrates the different applications' data stores to allow the sharing of information among applications. It requires the loading of data directly into the databases via their native interfaces and does not allow for changes in business logic.

Data Loading A data source sends a full data set to its home data pool. The data loaded can be published only after validation by the data pool and registration in the global registry. This function covers:

Data Pool A data pool is a repository of GCI/GDAS data where trading partners can obtain, maintain and exchange information on items and parties in a standard format through electronic means. Multiple trading partners use data pools in order to align/synchronise their internal master databases (GCI GDS definition).

Data Source Party that provides a community of trading partners with master data. The data source is officially recognised as the owner of this data. For a given item or party, the source of data is responsible for permanent updates of the information that is under its responsibility (GCI definition). A data source is also known as ÒPublisher.Ó Examples of data sources: manufacturers, publishers and suppliers.

Data Transformation Transformation is a key function of any EAI or inter-application system. There are two basic kinds: syntactic translation changes one data set into another (such as different date or number formats), while semantic transformation changes data based on the underlying data definitions or meaning.

Database Middleware Database middleware allows clients to invoke services across multiple databases for communications between the data stores of applications. This middleware is defined by standards such as ODBC, DRDA, RDA, etc.

DCE Distributed Computing Environment from the Open Software Foundation, DCE provides key distributed technologies such as RPC, distributed naming service, time synchronization service, distributed file system and network security.

Decryption The process of transforming cyphertext into plaintext.

DES Digital Encryption Standard. A standard, U.S. Government symmetric encryption algorithm that is endorsed by the U.S. military for encrypting unclassified, yet sensitive information. The Data Encryption Standard is a block cipher, symmetrical algorithm (extremely fast) that uses the same private 64-bit key for encryption and decrypting. This is a 56- bit DES-CBC with an Explicit Initialization Vector (IV). Cipher Block Chaining (CBC) requires an initialization vector to start encryption. The IV is explicitly given in the IPSec packet. See triple DES, and symmetric algorithm.

Digital signature An electronic signature that can be applied to any electronic document. An asymmetric encryption algorithm, such as the Rivest Shamir Adleman (RSA) algorithm, is required to produce a digital signature. The signature involves hashing the document and then encrypting the result with the sender's private key. Any trading partner can verify the signature by decrypting it with the sender's public key, recomputing the hash of the document, and comparing the two hash values for equality. See hash function, private key, public key, and RSA.

Direct Store Delivery (DSD) A method of delivering product from a distributor directly to the retail store, bypassing a retailer's warehouse. The vendor manages the product from order to shelf. Major DSD categories include greeting cards, beverages, baked goods, snacks, pharmaceuticals, etc.

Distinguished name A set of data that identifies a real-world entity, such as a person in a computer-based context.

DOM Document Object Model an internal-to-the-application, platform-neutral and language-neutral interface allowing programs and scripts to dynamically access and update the content, structure and style of documents. Typically, XML parsers decompose XML documents into a DOM tree that the application can use to transform or process the data.

DRDA IBM's Distributed Relational Database Architecture.

EAI Enterprise Application Integration is a set of technologies that allows the movement and exchange of information between different applications. Typically, products from vendors such as Vitria, Tibco, WebMethods and CrossWorlds (acquired by IBM) address this market space with software integration products that require a significant systems integration effort to implement. Because of the cost and complexity of using EAI technologies, they are not generally used to form trading networks of more than just a few independent companies.

EAN-UCC EAN and UCC co-manage the EAN-UCC System - the global language of business.

EAN International EAN International is the worldwide leader in identification and e-commerce. It manages and provides standards for the unique and non-ambiguous identification and communication of products, transport units, assets and locations. The EAN-UCC system offers multi-sectoral solutions to improve business efficiency and productivity. EAN International has representatives in 97 countries. The system is used by more than 850,000 user companies. (www.ean-int.org)

EAN-UCC System The EAN-UCC System offers multisector solutions to improve business efficiency and productivity. The system is co-managed by EAN International and the Uniform Code Council (UCC).

E-Business Also known as "E-Biz" or "eBusiness" and is used to describe the use of Internet technologies and the Web in particular, for the conduct of business. Applied in internal-facing, external-facing, applications, networking and systems to describe the broad trend of using the combination of IP networks and applications to reduce costs, automate processes and improve customer service.

EbXML an emerging standard for inter-business process definition for exchanging business data. Leverages much of the semantic knowledge and information in the EDI community.

EDI Electronic Data Interchange. The computer-to-computer transmission of information between partners in the supply chain. The data is usually organised into specific standards for the case of transmission and validation.

EDIINT Electronic Data Interchange over the INTernet (see AS1 and AS2).

Efficient Consumer Response (ECR) Initiative between retailers and suppliers to reduce existing barriers by focussing on processes, methods and techniques to optimise the supply chain. Currently, ECR has three primary focus areas: supply side (e.g., efficient replenishment), demand side (e.g., efficient assortment, efficient promotion, efficient product introduction) and enabling technologies (e.g., common data and communication standards, cost/ profit and value measurement). The overall goal of ECR is to fulfil consumer wishes better, faster and at less cost.

Electronic Commerce The conduct of business communications and management through electronic methods, such as electronic data interchange and automated data collection systems.

Encyption The process of transforming plaintext into an unintelligible form (ciphertext) such that the original data either cannot be recovered (one-way encryption) or cannot be recovered without using an inverse decrypting process (two-way encryption).

E-Procurement Unlike the typical procurement system, e-Procurement uses the Internet to perform the procurement function.

Event An event refers to a change of state in the system such as new or changed information regarding item, party, rights, permissions, profiles, notification, etc. Completion of tasks such as subscription, notification, data distribution, data distribution set-up, etc. Arrival or forwarding of messages.

Exchange In the Global Data Synchronisation context, it is a provider of value-added services for distribution, access and use of master data. Organisations that provide exchanges can provide data pool function as well.

Extranet A network that links an enterprise to its various business partners over a secure Internet-based environment. In this way, it has the security advantages of a private network at the shared cost of a public one. See VPN.

Final Data Recipient Party that is authorised to view, use, download a set of master data provided by a data source. A final data recipient is not authorised to update any piece of master data provided by a data source in a public data pool (GCI definition). Final data recipient is also known as "Subscriber."

Gateway Gateway is a hardware and/or software device that performs translations between two or more disparate protocols or networks.

GCI The Global Commerce Initiative (GCI) is a voluntary body created in October 1999 to improve the performance of the international supply chain for consumer goods through the collaborative development and endorsement of recommended standards and key business processes. (www.globalcommercerinitiative.org)

GDAS Global Data Alignment Service

Global Data Dictionary The GDD is a global list of data items where:

1. The structure of attributes includes aggregate information entities (master data for party and item and transactional data)
2. Neutral and relationship-dependent data, core and extension groups and transaction oriented data
3. Definition of master data includes:
   1. Neutral data: relationship independent, general valid data
   2. Relationship-dependent data: depending on bilateral partner agreements
   3. Core: irrespective of the sector and country
   4. Extension: sector specific, country specific
4. Definition of transactional (process-dependent) data includes neutral and relationship-dependent as well as core and extension

Global Location Number (GLN) A 13-digit non-significant reference number used to identify legal entities (e.g., registered companies), functional entities (e.g., specific department within a legal entity) or physical entities (e.g., a door of a warehouse).

Global Registry A registry is a global directory for the registration of items and parties. It can only contain data certified GCI compliant. It federates the GCI/GDAS-compliant data pools and acts as a pointer to the data pools where master data has been originally and physically stored. From the conception viewpoint, the registry function is supported by one logical registry, which could be physically distributed.

Global Trade Item Number (GTIN) An "umbrella" term used to describe the entire family of EAN/UCC data structures for trade items (products and services) identification. The family of data structures includes: EAN/UCC- 8, UCC-12, EAN/UCC-13 and EAN/UCC-14. Products at every level of product configuration (consumer selling unit, case level, inner pack level, pallet, shipper, etc.) require a unique GTIN. GTIN is a new term, not a standards change.

Groupware Groupware refers to a collection of applications that center around collaborative human activities. Originally coined as the product category for Lotus Notes, it is a model for client-server computing based on five foundation technologies: multimedia document management, workflow, email, conferencing and scheduling.

Heterogeneity A typical enterprise information system today includes many types of computer technology, from PCs to mainframes. These include a wide variety of different operating systems, application software and in-house developed applications. EAI solves the complex problem of making a heterogeneous infrastructure more coherent.

HTML HyperText Markup Language, derived from the Standardized General Markup Language and managed by the W3C is a presentation-layer technology for displaying content in a web browser. The markup tags instructs the web browser how to display a web page.

Home Data Pool The home data pool is the preferred data pool of a data source or a data recipient. A data source publishes its data in its home data pool, which makes it available to final data recipients. A final data recipient accesses master data through its home data pool. A home data pool could be a national, regional or private GCI/GDAS-compliant data pool. The home data pool is the key aspect of the single point of entry concept.

IIOP Internet Inter-ORB Protocol - a standard that ensures interoperability for objects in a multi-vendor ORB environment operating over the Internet.

Integrity In a client-server environment, integrity means that the server code and server data are centrally maintained and therefore secure and reliable.

Interoperability Data pools and the global registry are connected so that they constitute one logical data pool, which makes available to users, all required master data in a standardised and transparent way.

Intranet An internal Internet. An intranet is a network based on TCP/IP protocols and belonging to an organization, usually a corporation. An intranet is accessible only by the organization's members, employees, or other authorized users. An intranet's web sites look and act just like any other web site but the firewall surrounding an intranet fends off unauthorized access. Secure intranets are now the fastest-growing segment of the Internet because they are much less expensive to build and manage than private networks based on proprietary protocols.

Invasive Integration An implementation approach that requires changes or additions to existing applications.

Item An item is any product or service on which there is a need to retrieve pre-defined information and that may be priced, ordered or invoiced at any point in any supply chain (EAN/UCC GDAS definition). An item is uniquely identified by an EAN/UCC Global Trade Item Number (GTIN).

Just-in-time Binding bTrade Process Routers have a unique just-in-time binding which binds the most current partner capability to the process at the moment it is required. This allows very large scale networks to deal with churn among partner capabilities such as addresses, names, protocols and business processes.

Key generation The trustworthy process of creating a private key/public key pair. The public key is supplied to an issuing authority during the certificate application process.

Key generator (1) An algorithm that uses mathematical or heuristic rules to deterministically produce a pseudo-random sequence of cryptographic key values. (2) An encryption device that incorporates a key generation mechanism and applies the key to plaintext (for example, by Boolean exclusive ORing the key bit string with the plain text bit string) to produce ciphertext.

Key interval The period for which a cryptographic key remains active.

Key pair A private key and its corresponding public key. The public key can verify a digital signature created by using the corresponding private key. See private key and public key.

Load Balancing Automatic balancing of requests among replicated servers to ensure that no server is overloaded.

Mapping The process of relating information in one domain to another domain. Used here in the context of relating information from an EDI format to one used within application systems.

Market Group In UCCnet Item Sync service, a Market Group is a list of retailers or other trading partners, that the manufacturer communicates the same product, pricing, logistical and other relevant standard or extended item data attributes.

Master Data Master data is a data set describing the specifications and structures of each item and party involved in supply chain processes. Each set of data is uniquely identified by a Global Trade Item Number (GTIN) for items and a Global Location Number (GLN) for party details. Master data can be divided into neutral and relationship- dependent data. Master data is the foundation of business information systems.

Master Data Synchronisation It is the timely and 'auditable' distribution of certified standardised master data from a data source to a final data recipient of this information. The synchronisation process is well known as 'Master Data Alignment' process. The master data synchronisation process is a prerequisite to the Simple E-Business concept (Simple_EB). Successful master data synchronisation is achieved via the use of EAN/UCC coding specifications throughout the supply chain. The synchronisation process is completed when an acknowledgement is provided to a data source certifying that the data recipient has accepted the data distributed. In the master data synchronisation process, data sources and final data recipients are linked via a network of interoperable data pools and global registry. Such an interoperable network is the GCI-Global Data Synchronisation Network.

Message Delivery Notification (MDN) A document, typically digitally signed, acknowledging receipt of data from the sender.

Message Broker A key component of EAI, a message broker is a software intermediary that directs the flow of messages between applications. Message brokers provide a very flexible communications mechanism providing such services as data transformation, message routing and message warehousing, but require application intimacy to function properly. Not suitable for inter-business interactions between independent partners where security concerns may exclude message brokering as a potential solution.

MIME Multipurpose Internet Mail Extension is an extension to the original Internet e-mail protocol that lets people exchange different kinds of data files on the Internet: audio, video, images, application programs, and other kinds, as well as the ASCII handled in the original protocol, the Simple Mail Transport Protocol (SMTP). Servers insert the MIME header at the beginning of any Web transmission. Clients use this header to select an appropriate "player" application for the type of data the header indicates. Some of these players are built into the Web client or browser (for example, all browser come with GIF and JPEG image players as well as the ability to handle HTML files); other players may need to be downloaded. New MIME data types are registered with the Internet Assigned Numbers Authority MIME as specified in detail in Internet RFC-1521 and RFC-1522.

MOM Message-Oriented Middleware is a set of products that connects applications running on different systems by sending and receiving application data as messages. Examples are RPC, CPI-C and message queuing.

Message Queuing A form of communication between programs. Application data is combined with a header (information about the data) to form a message. Messages are stored in queues, which can be buffered or persistent (see Buffered Queue and Persistent Queue). It is an asynchronous communications style and provides a loosely coupled exchange across multiple operating systems.

Message Routing A super-application process where messages are routed to applications based on business rules. A particular message may be directed based on its subject or actual content.

Middleware Middleware describes a group of software products that facilitate the communications between two applications or two layers of an application. It provides an API through which applications invoke services and it controls the transmission of the data exchange over networks. There are three basic types: communications middleware, database middleware and systems middleware.

Neutral Master Data It is master data that is generally shared among multiple parties and that is relationship independent (e.g., GTIN, item description, measurements, catalogues prices, standard terms, GLN, addresses) (GDAS definition). Most of the existing data pools facilitate the exchange of neutral master data.

Non-Blocking Communications An asynchronous messaging process whereby the requestor of a service does not have to wait until a response is received from another application.

Non-Invasive Integration This is an EAI implementation that does not require changes or additions to existing applications.

Non-repudiation Provides proof of the origin or delivery of data in order to protect the sender against a false denial by the recipient that the data has been received or to protect the recipient against false denial by the sender that the data has been sent.

Notification The data source, through its home data pool/solution provider, sends an electronic notice to a subscriber when a valid event occurs. This is based on the subscription profile. Events that can trigger notifications are:

• Publication of new data/change of publication (visibility granted, deleted)
• Change of published item/party/partner profile
• Change of owner, rights
• Subscription (generic, detailed)
• Authorisation/non-authorisation/rejection
• Positive search response

Notifications are not sent in the following cases since data are not yet public and validated information:

• Data load (add, change, etc.)
• Data validation
• Registration of new item/party/partner profile The data distribution, which is the movement of data from one entity to another, is handled through a specific notification type.

OPL The Object Processing Language is a simple user-friendly process description language, based on XML that is used to provide processing instructions to a bTrade Business Process Router. Certain aspects of OPL are patent-pending.

Oplet A unit of executable software, written in OPL used to provide processing instructions to bTrade Business Process Routers. Oplets provide the logic for business document processing, transformation and routing algorithms. Oplet is a trademark of bTrade Inc.

Oplet Registry A data store of oplets retained either in local storage or in remote storage share by multiple process routers.

ORB The Object Request Broker is a software process that allows objects to dynamically discover each other and interact across machines, operating systems and networks.

Party A party (or) location is any legal, functional or physical entity involved at any point in any supply chain and upon which there is a need to retrieve pre-defined information (GDAS definition). A party is uniquely identified by a EAN/UCC Global Location Number (GLN).

Persistent Queue In contrast to perishable queues, persistence refers to a message queue that resides on a permanent device, such as a disk, and can be recovered in case of system failure or relatively (from a computer processing cycle perspective) long process or idle duration.

PGP Pretty Good Privacy is a security system used to encrypt and decrypt e-mail over the Internet. It can also be used to send an encrypted digital signature that lets the receiver verify the sender's identity and know that the message was not changed en route.

PKI Public Key Infrastructure. A system of CAs, RAs, directories, client applications, and servers that model trust. The Internet Engineering Task Force (IETF)'s X.509 standard is the de-facto standard by which public keys can be managed on a secure basis. See CA and RA.

Plaintext Unencrypted data; intelligible data that can be directly acted upon without decryption.

Point-of-Sale (POS) Place where the purchase is made at the checkstand or scanning terminals in a retail store. The acronym 'POS' frequently is used to describe the sales data generated at checkout scanners. The relief of inventory and computation of sales data at a time and place of sale, generally through the use of bar coding or magnetic media equipment.

Private key The mathematical value of an asymmetric key pair that is not shared with trading partners. The private key works in conjunction with the public key to encrypt and decrypt data. For example, when the private key is used to encrypt data, only the public key can successfully decrypt that data. See secret-key.

Process Router A specialized networking device that automates the execution of specific business process(es) and appropriate routing and or transformation algorithm(s), given a business document.

Public key The mathematical value of an asymmetric key pair that is shared with trading partners. The public key works in conjunction with the private key to encrypt and decrypt data. For example, when the public key is used to encrypt data, only the private key can successfully decrypt that data.

Public key encryption Encryption that uses a key pair of mathematically related encryption keys. The public key can be made available to anyone who wishes to use it and can encrypt information or verify a digital signature; the private key is kept secret by its holder and can decrypt information or generate a digital signature. This permits users to verify each other's messages without having to securely exchange secret keys.

Publication The data source grants visibility of item, party and partner profiles, including party capabilities data to a given list of parties (identified by their GLNs) or to all parties in a given market.

Publish-Subscribe Pub-Sub is a style of inter-application communications. Publishers are able to broadcast data to a community of information users or subscribers, which have issued the type of information they wish to receive (normally defining topics or subjects of interest). An application or user can be both a publisher and subscriber. The Process Router to Trading Network Agent interaction can be considered as a pub-sub form of communications where the agent registers the subscriber and the process router is the publisher.

Query A data source or a final data recipient triggers an inquiry, a subscription and gives a status on a particular event or information element. In this function, all the acknowledgements and audit trails are covered.

RDA Remote Data Access, usually to an RDBMS via SQL.

RDBMS Relational Database Management System.

Registration Registration is the process that references all items and parties published in all GCI/GDAS-compliant data pools and on which there is a need to synchronise/ retrieve information. This is supported by data storage in accordance with the registry data scope and rules.

Relationship-Dependent Master Data Globally, it is master data that concerns all terms bilaterally agreed and communicated between trading partners such as marketing conditions, prices and discounts, logistics agreements, etc. (EAN/UCC GDAS definition).

Repository A storage mechanism for finalised DTDs and other XML components. In this context a repository is the wrapping of potential business library components into information that can be used in an implementation.

Repudiation The denial or attempted denial by an entity involved in a communication of having participated in all or part of the communication.

RosettaNet RosettaNet is a consortium of major Information Technology, Electronic Components and Semiconductor Manufacturing companies working to create and implement industry-wide, open e-business process standards. These standards form a common e-business language, aligning processes between supply chain partners on a global basis.

Router Routers are a special-purpose networking device responsible for managing the connection of two or more networks. Today, IP routers check the destination address of the packets and decide the appropriate route to send them. However, 15-years ago, IP routing functionality was provided only by UNIX workstations. Two Stanford professors developed IP routers that abstracted the routing functionality to form Cisco Systems. These specialized devices have enabled the construction of scalable and adaptive IP networks including the Internet, a feat that could not be achieved by general purpose workstations. Similarly, Business Process Routers provide functionality that is in many ways provided by various applications.

RPC Remote Procedure Call is a form of application-to-application communication that is a tightly coupled synchronous process.

Scalability Scalability refers to the ability of a system to support large implementations or to be easily upgradeable as the scale dimension grows. For trading networks, the dimension refers to large number of partners - 1000s. Process routers have high scalability because they can support thousands of partners and protocols, while an integration appliance can only support a few at once.

Search/Browse This provides data visibility according to userÕs permissions and certain criteria such as categories, GTIN, GLN, target market, etc. The home data pool provides this visibility in the framework of the GCI interoperable network.

Secret key The value used in a symmetric encryption algorithm to encrypt and decrypt data. Only the trading partners authorized to access the encrypted data must know secret keys.

Serial Shipping Container Code (SSCC) The EAN-UCC number comprising 18 digits for identifying uniquely a logistic unit (licence plate concept). Standard: A specification for hardware, software or data that is either widely used and accepted (de facto) or is sanctioned by a standards organization (de jure). A "protocol" is an example of a "standard."

Server Generically, a server is any computer providing services. In client-server systems, the server provides specific capabilities to client software running on other computers. Usually, the server typically interacts with many clients at a time, while the client may interact with only one server.

SHA-1 Secure Hash Algorithm is a hash algorithm. HMAC is a keyed hash variant used to authenticate data. See Hash function.

S/MIME Secure/Multipurpose Internet Mail Extensions. An Internet protocol [R2633, June 1999] to provide encryption and digital signatures for Internet mail messages.

SNA System Network Architecture.

SCM Supply Chain Management is that function or set of skills and disciplines which involve the logistics and processes of creating a product from its original constituent elements that may be manufactured by sub-contractors or other divisions to its ultimate delivery to the buyer.

SOAP Simple Object Access Protocol. An emerging standard that enables distributed software components to exchange data as XML pages.

Sockets Sockets describe the software methods invoked to correctly form an IP packet on the processor to physical communications interface. Aka President Clinton's cat.

SSL Secure Sockets Layer. A program layer created by Netscape for managing the security of message transmissions in a network. Netscape's idea is that the programming for keeping your messages confidential ought to be contained in a program layer between an application (such as your Web browser or HTTP) and the Internet's TCP/IP layers. The SSL upper layer provides asymmetric cryptography for server authentication (verifying the server's identity to the client) and optional client authentication (verifying the client's identity to the server), and enables them to negotiate a symmetric encryption algorithm and secret session key (to use for data confidentiality) before the application protocol transmits or receives data. A keyed hash provides data integrity service for encapsulated data.

Stored Procedure A program that creates a named collection of SQL or other procedural statements and logic that is compiled, verified and stored in a server database.

STP Straight Through Processing occurs when a transaction, once entered into a system, passes through its entire life cycle without any manual intervention. STP is an example of a Zero Latency Process, but one specific to the finance industry which has many proprietary networks and messaging formats.

Subscription A data recipient requests that it receive a 'notification' when a specific event occurs that meets the recipient's criteria (selective on sources, categories, etc.). This is subject to the recipient's access to information as controlled by the data source through its home data pool. There are two kinds of subscriptions:

• Generic subscriptions - to generic types of data (item or party that is part of a specific category).
• Detailed subscriptions - to a specific party (identified by its GLN) or specific item (identified by its GTIN)

With the set-up of a detailed subscription, a data recipient sets a profile to receive ongoing updates of the specific item, party or partner profile. The detailed subscription is also used to indicate an 'Authorisation'.

Supply Chain The supply chain links supplier and user organizations and includes all activities involved in the production and delivery of goods and services, including planning and forecasting, procurement, production/operations, distribution, transportation, order management, and customer service.

Symmetric algorithm An encryption algorithm that uses the same key for encryption and decryption.

Synchronous Communications

Sync is a form of communication that requires both applications to run concurrently during the communications process. A process issues a call and idles, performing no other function, until it receives a response.

TCP/IP Transmission Control Protocol/Internet Protocol is the IETF-defined suite of the network protocols used in the Internet that runs on virtually every operating system. IP is the network layer and TCP is the transport layer.

TLS Transport Layer Security (IETF euphemism for SSL) has been endorsed and included in the Transport Layer Security protocol promoted with the Internet Engineering Task Force (IETF) by several major data communications technology corporations, such as IBM.

Trade Item Any item (product or service) on which there is a need to retrieve pre-defined information and that may be priced or ordered or invoiced at any point in any supply chain.

Trading Network A network of business partners who trade, transact, and execute external business processes with each other.

Trigger A trigger is a stored procedure that is automatically invoked on the basis of data-related events.

Triple DES A security enhancement to Digital Encryption Standard (DES) encryption that employs three-successive single- DES block operations. Using two or three unique DES keys, this increases resistance to known cryptographic attacks by increasing the effective key length. See DES.

Two-Phase Commit A mechanism to synchronize updates on different machines or platforms so that they all fail or all succeed together. The decision to commit is centralized, but each participant has the right to veto. This is a key process in real time transaction-based environments.

UCCnet www.uccnet.org

UDDI Universal Description, Discovery and Integration. UDDI is a project to design open standard specifications and implementations for an Internet service architecture capable of registering and discovering information about businesses and their products and servicesÉÉa web based business directory.

Uniform Code Council (UCC) The Uniform Code Council (UCC), based in the United States, is a membership organisation that jointly manages the EAN-UCC System with EAN International. The UCC administers the EAN-UCC System in the United States and Canada.

Universal Product Code (U.P.C.) UCC-12 data structure. One-digit number system character with 10-digit EAN-UCC Company prefix and item reference with one check digit. One of four data structures used in the Global Trade Identification Number (GTIN).

URL Uniform Resource Locator, the global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use and the second part specifies the IP address or the domain name where the resource is located.

Validation Validation is compliance checking of new or changed data versus GCI/GDAS Data Standards, principles and rules. The validation consists of ensuring as a minimum:

• Syntax (e.g., format of fields)
• Mandatory, dependent data (completeness of data)
• Semantic (e.g., can't make a change before add, allocation rules for GTINs and GLNs)
• Check of classification
• Uniqueness of the item/party/partner profile (checked by registry)

Value-Added Network (VAN) A third-party EDI service provider that provides a communication link between companies to enable electronic exchange of business data/documents.

VAN Value Added Networks have been serving the EDI user for nearly 30 years. They provide network connections, receipt messages, aggregation services, access control and mailboxing services. EDIINT promises to eliminate

VCML Value Chain Markup Language is a set of XML-based vocabularies (words and meanings) and documents used by some firms, in certain industries for the conduct of business over the Internet. VCML is a marketing initiative of Vitria Technologies.

Verify (digital signature) In relation to a given digital signature, message, and public key, to determine accurately that (1) the digital signature was created during the operational period of a valid certificate by the private key corresponding to the public key contained in the certificate and (2) the associated message has not been altered since the digital signature was created.

VPN Virtual Private Networks are logical networks built over a physical network. VPN is used by enterprises to link its customers and business partners via secure Internet connections. The network controls access to the VPN (hence the private aspect) yet shares the core transmission resources with other VPNs or other Internet users. In the Internet world, this is accomplished by using security methods such as packet encryption or packet encapsulation (the VPN packets refer to an addressing scheme for example that are imbedded in the IP packets of the larger, physical network). In long distance VPNs companies had specific dial plans with access control elements. In both cases, however, the company had a network with the security features of a private network and the shared economics of a public network.

Work List In automated inter-business processes, such as UCCnet Item Sync service, the work list defines those tasks requiring human intervention to complete one or more process steps.

Workflow Workflow refers to the process of routing events or work-items from one person to another. Workflow is synonymous with process flow, although is more often used in the context of person-to-person document flows.

WSDL Web Services Description Language is an XML-based language used to define Web services and describe how to access them.

X12 An international standard for EDI messages, developed by the Accredited Standards Committee (ASC) for the American National Standards Institute (ANSI).

X12.58 An ANSI security structures standard that defines data formats required for authentication and encryption to provide integrity, confidentiality, and verification of the security originator to the security recipient for the exchange of Electronic Data Interchange (EDI) data defined by Accredited Standards Committee (ASC) X12. See X12.

X.509 The International Telecommunications Union-T (ITU-T) specification that describes the format for hierarchical maintenance and storage of public keys for public-key systems.

XML Like HTML, eXtensible Markup Language is a subset of Standard Generalized Markup Language. XML is a standard for defining descriptions of content. Where HTML uses tags to define the presentation of information without context, XML uses tags to provide metadata which describes the context of the data thereby giving meaning to data that can be understood by computers. Since its approval by the W3C in 1998, XML has been endorsed by every major software vendor as the standard API, offering great promise to the industry indeed.

XML schema An XML schema defines a type of document and the specialized XML tags that will be used with it. The schema may also include rules for exchanges of the document type.

X/Open An independent open systems organization with the strategy to combine various standards into a comprehensive integrated systems environment called Common Applications Environment, which contains an evolving portfolio of practical APIs.

XPath An XML query access method that navigates the hierarchical structure of an XML document. It gets to a particular point in the document by naming a progression of nodes in the tree structure.

XQuery An SQL-like query language based on the structure of XML that allows direct access to specific nodes in an XML document. XML documents are hierarchical, starting with a document root and proceeding through a tree structure of parent nodes and related child nodes. A node may be any tagged element in the document, such as its title, table of contents, charts or tables. XQuery can retrieve and store information contained at a particular node without requiring the user to name all elements along the hierarchical path to that node.

XSL The eXtensible Stylesheet Language is a syntax for defining the display of XML information.

XSLT An XSL Transform defines how XML data defined in one vocabulary can be translated into another, say between two customers.

Zero Latency Latency is the delay, measured between action and reaction. Zero latency, therefore means no delay between an event and its response.

Zero Latency Process An automated process with no time delays (i.e. no manual re-entry of data) at the interfaces of different information systems. STP is an example.