Support

An industry-wide initiative of North American retailers and trading partners to upgrade their bar code scanning and processing systems to support the new 14-digit GTIN by January 1, 2005

Application-to-application integration is a euphemism for enterprise application integration.Two or more applications, usually but not exclusively within the same organization, are linked at an intimate message or data level.

Advanced Encryption Standard is a new Federal Information Processing Standard (FIPS) that specifies an encryption algorithm(s) capable of protecting sensitive government information well into the twentyfirst century. The U.S. Government will use this algorithm and the private sector will use it on a voluntary basis.

The ITU-T (International Telecommunications Union-T) standard for certificates. X.509 v3 refers to certificates containing or capable of containing extensions.

Application Program Interface is a popular element of programs that enable inter-program communications.

Advanced Program-to-Program Communication is IBM's program-to-program communication, distributed transaction processing and remote data access protocol suite across the IBM software product line.

Applicability Statement 1 - an international standard for EDI over the Internet where the transport protocol is Simple Mail Transport Protocol. Limited market acceptance since SMTP is lossy, so neither party really knows that the message was delivered. Advantage is that most firewall and enterprise security procedures do not need to change.

Applicability Statement 2 - an international standard for EDI over the Internet where the transport protocol is the HyperText Transport Protocol. Gaining market acceptance since confirmed delivery is required for http service. Disadvantage is that most firewall and enterprise security procedures need to be changed.

Application Service Providers operated data centers and high speed Internet connections with a business model purporting to rent business applications on a time-sharing or monthly rental basis over the Internet. Assumed that large-enterprise applications for ERP, SFA or CRM could be partitioned cost-effectively for usage-based fees and that customers would rather rent than run their own SAP/Oracle/Siebel system, or if they were a small business, just buy the small/mid-sized business application. Customer demand never materialized, so VC investments backing these companies dried up by the end of 2000.

A clearly specified mathematical computation process; a set of rules that gives a prescribed result.

An algorithm that uses two mathematically related, yet different key values to encrypt and decrypt data. One value is designated as the private key and is kept secret by the owner. The other value is designated as the public key and is shared with the owner's trading partners. The two keys are related such that when one key is used to encrypt data, the other key must be used for decryption. See public key and private key.

Communications is a form of communication by which two applications communicate independently, without requiring both to be simultaneous available for communications. A process sends a request and may or may not be idle while waiting for a response. It is a popular non-blocking communications style. Most popular data communications protocols (IP, ATM, Frame Relay, etc) rely on asynchronous methods.

The verification of the source (identity), uniqueness, and integrity (unaltered contents) of a message.

The final recipient communicates with the data source, expressing intent to regularly integrate new information into its back-end system ("agreement to synchronise"). For case items, it expresses the intent to trade the item. Note: Authorization works on the basis of GTIN level and GLN of information provider and target market and is sent once for each GTIN.

Refers to electronic commerce conducted between companies and almost exclusively involves system-to-system interactions. In contrast, business-to-consumer is typically system-person interactions. B2B includes products, services and systems such as eMarketplaces, supply chains and EDI products and services.

was made popular through the enormous visibility of companies such as amazon.com, eToys, eBay and others. B2C involves system-person interactions typically through a browser connected to a web site. Many of the products built for this market were also used in early B2B implementations, however the lack of back office integration allowing system-to-system interaction between companies has became the bane of this technology set. See B2B above.

Most network designs, whether local, metropolitan or wide-area have a system of interconnected hubs where spokes reaching out to lower speed hubs which have spokes that reach out to users (or even lower speed hubs that have spokes that reach out to users, etc). The backbone refers to the series of hub-to-hub connections and the network devices that connect them to form the major

The maximum amount of data that can be sent through a connection; usually measured in bits per second.

The process whereby a server application and its client are joined across a network through a simple proprietary protocol that typically acknowledges the presence of the other, performing rudimentary security and version control, for example.

A Microsoft-sponsored set of guidelines for publishing XML schemas and using XML messaging to integrate enterprise software programs. BizTalk is part of that company's current thrust around dot-Net technologies. May be 'dead-on-arrival' because its success requires applications vendors to adopt BizTalk technologies that had been developed without their participation, something Oracle, SAP and Siebel, for example, have been loathe to do in the past.

A synchronous messaging process whereby the requestor of a service must wait until a response is received. See async.

A message queue that resides in memory.

A specialized networking device that automates the execution of specific business process(es) and appropriate routing and or transformation algorithm(s), given a business document.

Certifying Authority or Certificate Authority refers to a secure server that signs end-user certificates and publishes revocation data. Before issuing a certificate, the CA follows published policies to verify the identity of the trading partner that submitted the certificate request. Once issued, other trading partners can trust the certificate based upon the trust placed in the CA and its published verification policy. See certificate.

Component Object Model - Microsoft's standard for distributed objects. Com is an object encapsulation technology that specifies interfaces between component objects within a single application or between applications. It separates the interface from the implementation and provides APIs for dynamically locating objects and for loading and invoking them.

Common Object Request Broker Architecture - a standard maintained by the OMG.

The Collaborative Planning, Forecasting and Replenishment (CPFR) offering will enable collaboration among all supply-chain-related activities. This collaboration will include setting common cross-enterprise goals and performance measures, creating category/item goals across partners and collaborating on sales and order forecasts. Performance will be monitored as collaborative activities are executed providing participants with the ability to evaluate partners. (www.cpfr.org)

Common Programming Interface-Communications IBM's SNA peer-to-peer API that can run over SNA and TCP/IP. It masks the complexity of APPC.

A catalog is like the telephone yellow pages, only it is electronic and includes much more explicit detail on products and services offered by suppliers. With a simple click of a mouse, a buyer can access a catalogue and obtain a global list of suppliers and their products. The catalogue is divided into several different layers of data ranging from category and product type to length and width details. A buyer can look for product information on a catalogue search engine similar to the Internet's Yahoo or Netscape Navigator. Once the buyer types in the key words, moments later he or she has a comprehensive listing of suppliers, categories and product data.

A classification assigned to an item that indicates the higher level grouping to which the item belongs. Items are put into logical like groupings to facilitate the management of a diverse number of items. Category Hierarchy: The classification of products by department, category and subcategory; for example, "Bakery, Bakery Snacks, Cakes."

Structured grouping of category levels used to organise and assign products. Collaboration Arrangement: The process in which a seller and a buyer form a collaborative partnership. The collaboration arrangement establishes each party's expectations and what actions and resources are necessary for success.

Refers to a public key certificate. Certificates are issued by a certification authority (CA), which includes adding the CA's distinguished name, a serial number and starting and ending validity dates to the original request. The CA then adds its digital signature to complete the certificate. See CA and digital signature.

An uncertified public key created by a trading partner as part of the Rivest Shamir Adleman (RSA) key-pair generation. The certificate request must be approved by a certification authority (CA), which issues a certificate, before it can be used to secure data. See CA, public key, RSA, trading partner, and uncertified public key.

Some systems of cryptographic hardware require arming through a secret-sharing process and require that the last of these shares remain physically attached to the hardware in order for it to stay armed. In this case, "common key" refers to this last share. It is not assumed secure, as it is not continually in an individual's possession.

Software that provides inter-application connectivity based on communication styles such as message queuing, ORBs and publish/subscribe. IBMÕs MQseries is a Message-Oriented Middleware (MOM) product.

A formally defined system for controlling the exchange of information over a network.

Connectionless communications do not require a dedicated connection between applications. The Internet and the US Postal System are both connectionless systems. Packets of information or envelopes are inserted in one end of the system. Each packet has a destination address which is read by network devices that in turn forward the packet closer to its destination. Packets can be lost, received out of sequence or easily duplicated. The receiving application must have the intelligence to check sequence, eliminate duplications and request missing packets. Network resources are consumed only for the duration of the packet processing. In contrast, the telephone network is a connection-oriented system. Both ends of the phone call must be available for communications at the time of the session and network resources are consumed for the duration of the call.

Content switches are a nominal improvement over Routing Switches which are a nominal improvement over IP routers. Routing Switches can inspect packet addressing details through functionality imbedded in silicon, operating at many times the speed of equivalent general purpose, multi-protocol IP routers. As an extension to routing switches, content switches can inspect packet headers to determine protocol used http or https for example. Https packets require more processing since they need to be decrypted and typically involve purchasing transactions. Being able to switch traffic across a group of servers addresses a particular problem in server farms where a content switch can balance the load, improving customer satisfaction.

Going beyond the framework of content switching, it is increasingly important to know the context of a document. Knowing that this document is an invoice related to that purchase order, for example, is at the heart of what inter-business process management systems need to address. Furthermore, being able to apply routing algorithms that vary based on information contained within the document goes far beyond the traditional routing and even the more modern content routing paradigms.

The ANSI ASC X12 standards body has defined the CICA (pronounced "see-saw") as a method for creating syntax-neutral business messages. Business messages can be broken down into constituent components which can be reused in a variety of different formats - X12, EDIFACT or RosettaNet for example.

GTIN and/or GLN catalogue administered by an EAN Member Organisation. Commonly referred to as country data pools.

The mathematical science used to secure the confidentiality and authentication of data by replacing it with a transformed version that can be reconverted to reveal the original data only by someone holding the proper cryptographic algorithm and key.

Customer Relationship Management (CRM) is the function of integrating systems that relate to the customer quite literally everything from marketing through sales to accounts receivable, bill collection and customer support call center systems into a single business system. Siebel successfully transformed (through acquisition and good marketing) their sales force automation market leadership into CRM system leadership. Many CRM projects gave rise to the requirement for EAI products.

Distributed Computing Environment from the Open Software Foundation, DCE provides key distributed technologies such as RPC, distributed naming service, time synchronization service, distributed file system and network security.

Digital Encryption Standard. A standard, U.S. Government symmetric encryption algorithm that is endorsed by the U.S. military for encrypting unclassified, yet sensitive information. The Data Encryption Standard is a block cipher, symmetrical algorithm (extremely fast) that uses the same private 64-bit key for encryption and decrypting. This is a 56- bit DES-CBC with an Explicit Initialization Vector (IV). Cipher Block Chaining (CBC) requires an initialization vector to start encryption. The IV is explicitly given in the IPSec packet. See triple DES, and symmetric algorithm.

Document Object Model an internal-to-the-application, platform-neutral and language-neutral interface allowing programs and scripts to dynamically access and update the content, structure and style of documents. Typically, XML parsers decompose XML documents into a DOM tree that the application can use to transform or process the data.

IBM's Distributed Relational Database Architecture.

A form of EAI that integrates the different applications' data stores to allow the sharing of information among applications. It requires the loading of data directly into the databases via their native interfaces and does not allow for changes in business logic.

A data source sends a full data set to its home data pool. The data loaded can be published only after validation by the data pool and registration in the global registry. This function covers:

A data pool is a repository of GCI/GDAS data where trading partners can obtain, maintain and exchange information on items and parties in a standard format through electronic means. Multiple trading partners use data pools in order to align/synchronise their internal master databases (GCI GDS definition).

Party that provides a community of trading partners with master data. The data source is officially recognised as the owner of this data. For a given item or party, the source of data is responsible for permanent updates of the information that is under its responsibility (GCI definition). A data source is also known as ÒPublisher.Ó Examples of data sources: manufacturers, publishers and suppliers.

Transformation is a key function of any EAI or inter-application system. There are two basic kinds: syntactic translation changes one data set into another (such as different date or number formats), while semantic transformation changes data based on the underlying data definitions or meaning.

Refers either to data integrity alone or to both integrity and origin authentication (although data origin authentication is dependent upon data integrity.)

Verifies that data has not been altered. One of two data authentication components.

Database middleware allows clients to invoke services across multiple databases for communications between the data stores of applications. This middleware is defined by standards such as ODBC, DRDA, RDA, etc

The process of transforming cyphertext into plaintext.

An electronic signature that can be applied to any electronic document. An asymmetric encryption algorithm, such as the Rivest Shamir Adleman (RSA) algorithm, is required to produce a digital signature. The signature involves hashing the document and then encrypting the result with the sender's private key. Any trading partner can verify the signature by decrypting it with the sender's public key, recomputing the hash of the document, and comparing the two hash values for equality. See hash function, private key, public key, and RSA.

A method of delivering product from a distributor directly to the retail store, bypassing a retailer's warehouse. The vendor manages the product from order to shelf. Major DSD categories include greeting cards, beverages, baked goods, snacks, pharmaceuticals, etc.

A set of data that identifies a real-world entity, such as a person in a computer-based context.

Also known as "E-Biz" or "eBusiness" and is used to describe the use of Internet technologies and the Web in particular, for the conduct of business. Applied in internal-facing, external-facing, applications, networking and systems to describe the broad trend of using the combination of IP networks and applications to reduce costs, automate processes and improve customer service.

Unlike the typical procurement system, e-Procurement uses the Internet to perform the procurement function.

Enterprise Application Integration is a set of technologies that allows the movement and exchange of information between different applications. Typically, products from vendors such as Vitria, Tibco, WebMethods and CrossWorlds (acquired by IBM) address this market space with software integration products that require a significant systems integration effort to implement. Because of the cost and complexity of using EAI technologies, they are not generally used to form trading networks of more than just a few independent companies.

EAN International is the worldwide leader in identification and e-commerce. It manages and provides standards for the unique and non-ambiguous identification and communication of products, transport units, assets and locations. The EAN-UCC system offers multi-sectoral solutions to improve business efficiency and productivity. EAN International has representatives in 97 countries. The system is used by more than 850,000 user companies. (www.ean-int.org)

EAN and UCC co-manage the EAN-UCC System - the global language of business.

The EAN-UCC System offers multisector solutions to improve business efficiency and productivity. The system is co-managed by EAN International and the Uniform Code Council (UCC).

Electronic Data Interchange. The computer-to-computer transmission of information between partners in the supply chain. The data is usually organised into specific standards for the case of transmission and validation.

Electronic Data Interchange over the INTernet (see AS1 and AS2).

an emerging standard for inter-business process definition for exchanging business data. Leverages much of the semantic knowledge and information in the EDI community.

Initiative between retailers and suppliers to reduce existing barriers by focussing on processes, methods and techniques to optimise the supply chain. Currently, ECR has three primary focus areas: supply side (e.g., efficient replenishment), demand side (e.g., efficient assortment, efficient promotion, efficient product introduction) and enabling technologies (e.g., common data and communication standards, cost/ profit and value measurement). The overall goal of ECR is to fulfil consumer wishes better, faster and at less cost.

The conduct of business communications and management through electronic methods, such as electronic data interchange and automated data collection systems.

The process of transforming plaintext into an unintelligible form (ciphertext) such that the original data either cannot be recovered (one-way encryption) or cannot be recovered without using an inverse decrypting process (two-way encryption).

An event refers to a change of state in the system such as new or changed information regarding item, party, rights, permissions, profiles, notification, etc. Completion of tasks such as subscription, notification, data distribution, data distribution set-up, etc. Arrival or forwarding of messages.

In the Global Data Synchronisation context, it is a provider of value-added services for distribution, access and use of master data. Organisations that provide exchanges can provide data pool function as well.

A network that links an enterprise to its various business partners over a secure Internet-based environment. In this way, it has the security advantages of a private network at the shared cost of a public one. See VPN.

Party that is authorised to view, use, download a set of master data provided by a data source. A final data recipient is not authorised to update any piece of master data provided by a data source in a public data pool (GCI definition). Final data recipient is also known as "Subscriber."

The Global Commerce Initiative (GCI) is a voluntary body created in October 1999 to improve the performance of the international supply chain for consumer goods through the collaborative development and endorsement of recommended standards and key business processes. (www.globalcommercerinitiative.org)

Global Data Alignment Service

Gateway is a hardware and/or software device that performs translations between two or more disparate protocols or networks.

The GDD is a global list of data items where:

1. The structure of attributes includes aggregate information entities (master data for party and item and transactional data)
2. Neutral and relationship-dependent data, core and extension groups and transaction oriented data
3. Definition of master data includes:
4. Neutral data: relationship independent, general valid data
5. Relationship-dependent data: depending on bilateral partner agreements
6. Core: irrespective of the sector and country
7. Extension: sector specific, country specific
8. Definition of transactional (process-dependent) data includes neutral and relationship-dependent as well as core and extension

A 13-digit non-significant reference number used to identify legal entities (e.g., registered companies), functional entities (e.g., specific department within a legal entity) or physical entities (e.g., a door of a warehouse).

A registry is a global directory for the registration of items and parties. It can only contain data certified GCI compliant. It federates the GCI/GDAS-compliant data pools and acts as a pointer to the data pools where master data has been originally and physically stored. From the conception viewpoint, the registry function is supported by one logical registry, which could be physically distributed.

An "umbrella" term used to describe the entire family of EAN/UCC data structures for trade items (products and services) identification. The family of data structures includes: EAN/UCC- 8, UCC-12, EAN/UCC-13 and EAN/UCC-14. Products at every level of product configuration (consumer selling unit, case level, inner pack level, pallet, shipper, etc.) require a unique GTIN. GTIN is a new term, not a standards change.

Groupware refers to a collection of applications that center around collaborative human activities. Originally coined as the product category for Lotus Notes, it is a model for client-server computing based on five foundation technologies: multimedia document management, workflow, email, conferencing and scheduling.

HyperText Markup Language, derived from the Standardized General Markup Language and managed by the W3C is a presentation-layer technology for displaying content in a web browser. The markup tags instructs the web browser how to display a web page.

A typical enterprise information system today includes many types of computer technology, from PCs to mainframes. These include a wide variety of different operating systems, application software and in-house developed applications. EAI solves the complex problem of making a heterogeneous infrastructure more coherent.

The home data pool is the preferred data pool of a data source or a data recipient. A data source publishes its data in its home data pool, which makes it available to final data recipients. A final data recipient accesses master data through its home data pool. A home data pool could be a national, regional or private GCI/GDAS-compliant data pool. The home data pool is the key aspect of the single point of entry concept.

Internet Inter-ORB Protocol - a standard that ensures interoperability for objects in a multi-vendor ORB environment operating over the Internet.

In a client-server environment, integrity means that the server code and server data are centrally maintained and therefore secure and reliable.

The interconnection of embedded devices, including smart objects, with an existing infrastructure which is accessible via the internet.

Data pools and the global registry are connected so that they constitute one logical data pool, which makes available to users, all required master data in a standardised and transparent way.

An internal Internet. An intranet is a network based on TCP/IP protocols and belonging to an organization, usually a corporation. An intranet is accessible only by the organization's members, employees, or other authorized users. An intranet's web sites look and act just like any other web site but the firewall surrounding an intranet fends off unauthorized access. Secure intranets are now the fastest-growing segment of the Internet because they are much less expensive to build and manage than private networks based on proprietary protocols.

An implementation approach that requires changes or additions to existing applications.

An item is any product or service on which there is a need to retrieve pre-defined information and that may be priced, ordered or invoiced at any point in any supply chain (EAN/UCC GDAS definition). An item is uniquely identified by an EAN/UCC Global Trade Item Number (GTIN).

bTrade Process Routers have a unique just-in-time binding which binds the most current partner capability to the process at the moment it is required. This allows very large scale networks to deal with churn among partner capabilities such as addresses, names, protocols and business processes.

The trustworthy process of creating a private key/public key pair. The public key is supplied to an issuing authority during the certificate application process.

(1) An algorithm that uses mathematical or heuristic rules to deterministically produce a pseudo-random sequence of cryptographic key values. (2) An encryption device that incorporates a key generation mechanism and applies the key to plaintext (for example, by Boolean exclusive ORing the key bit string with the plain text bit string) to produce ciphertext.

The period for which a cryptographic key remains active.

A private key and its corresponding public key. The public key can verify a digital signature created by using the corresponding private key. See private key and public key.

Automatic balancing of requests among replicated servers to ensure that no server is overloaded.

Multipurpose Internet Mail Extension is an extension to the original Internet e-mail protocol that lets people exchange different kinds of data files on the Internet: audio, video, images, application programs, and other kinds, as well as the ASCII handled in the original protocol, the Simple Mail Transport Protocol (SMTP). Servers insert the MIME header at the beginning of any Web transmission. Clients use this header to select an appropriate "player" application for the type of data the header indicates. Some of these players are built into the Web client or browser (for example, all browser come with GIF and JPEG image players as well as the ability to handle HTML files); other players may need to be downloaded. New MIME data types are registered with the Internet Assigned Numbers Authority MIME as specified in detail in Internet RFC-1521 and RFC-1522.