Security in value added networks—security requirements for EDI

Abstract The paper describes the security requirements for Electronic Data Interchange (EDI) Service. The development of EDI today is based on the modern communication methods as are X.400 and FTAM. Joint working groups (ISO JTC1 and CCITT WG VII) are working on the development of the EDI Conceptual model based on the store-and-forward exchange of data. The group has decided to define the EDI service and the EDI Conceptual Model analogously to the Interpersonal Messaging System in order to preserve compatibility with X.400. Special attention in the Conceptual Model of EDI is devoted to the mechanisms that counter the vulnerability of the EDI services. In this paper the existing security services and mechanisms of X.400 are evaluated in the view of EDI security requirements. New specific security services which appear to be a necessary part of the EDI model are briefly described. The work presented in this paper is based on the security concepts in the ISO/IEC JTC1/SWG-EDI Documents.