Wal-Mart Stores is the only U.S. retailer that sells Mary-kateandashley One, a new fragrance branded by twin teenage entertainment moguls Mary-Kate and Ashley Olsen. Behind the scenes, fragrance and cosmetics manufacturer Coty depends on a hybrid business-to-business system that combines new standards and old technology -- older than the Olsen twins, in fact -- to keep Wal-Mart's shelves adequately stocked with the fragrance.

The old part of the technology hybrid is the data format: Coty uses the electronic data interchange standard to process orders electronically with Wal-Mart. An e-commerce staple, EDI has been around for more than 20 years as a standardized way for trading partners to transmit business documents and forms such as purchase orders, invoices and shipping notices.

What's new in Coty's setup is the transport mechanism: Coty is swapping EDI messages with Wal-Mart over the Internet, rather than using a value-added network (VAN). Traditional EDI goes hand in hand with a VAN; retailers and suppliers typically depend on a VAN provider's private network services, which assure the secure transmission of documents.

The Internet has made that dependence fade. Companies are looking to move some or all of their EDI transactions to the Internet because the technology costs less than VANs and is relatively simple to implement. While VAN-based EDI traffic is roughly flat, Internet EDI transactions are growing at an annual rate of 50 percent to 60 percent, according Meta Group.

The primary appeal of Internet EDI is that it reduces companies' reliance on VANs and their associated fees. Internet EDI also makes it easier for companies to conduct business electronically with smaller partners that don't have sophisticated IT infrastructures. Although traditional EDI requires each trading partner to install complex, proprietary software, Internet-based EDI lets companies conduct EDI through a Web browser or by installing basic client software.

Another advantage of Internet EDI is it lets a company migrate some of its partners to the Web while maintaining other proprietary connections in situations that demand it.

In response to demand, a number of vendors -- start-ups and established VAN providers looking to expand their portfolio -- offer software and hosted services for Internet EDI, including Advanced Data Exchange, bTrade, Cyclone Commerce, Global eXchange Service, iSoft and Sterling Commerce.

Driving the trend to Internet EDI are mandates from influential companies -- including Wal-Mart. As of the end of 2003, Wal-Mart requires many of its suppliers to send and receive EDI data via the Web. Specifically, Wal-Mart requires the use of Internet EDI software that adheres to Applicability Statement 2 (AS2).

AS2 is a draft specification that describes how to create a connection and securely transport an EDI file over the Internet. AS2 provides security for the transport of HTTP packets through digital signatures and data encryption. AS2 also provides for non-repudiation - proof that a transaction was performed at a certain time and by legitimate parties - through the use of receipts.

The AS2 specification was developed by the IETF's EDI over the Internet (EDIINT) working group, which was formed in 1996 to create a set of secure standards for sending EDI data over the Internet. Its predecessor is the AS1 specification, which details how vendor applications should securely exchange business messages over the Internet using Simple Mail Transfer Protocol (SMTP). The AS2 specification references AS1 packaging and security standards and defines how to use HTTP instead of SMTP to transport this data.

Coty is one of thousands of suppliers affected by the Wal-Mart mandate. Coty began investigating transmitting EDI over the Internet in 2002, when Wal-Mart and another of its customers put the effort on the fast track, says Bob Beachler, manager of logistics technology at the US$1.5 billion New York company.

In addition, Coty customer Meijer Stores, a grocery and general merchandise retailer, was encouraging its suppliers to forego VANs, Beachler says. Meijer didn't mandate that its suppliers change to Internet-based EDI, but added a financial burden to those that didn't make the switch. VANs carry monthly and per-message or per-character fees; each party pays for sending and receiving messages. Suppliers who stayed with VANs would be responsible for paying all transaction fees, Beachler says.

Transaction fees are significant for Coty, where EDI is standard operating procedure. The company's manufacturing and distribution facility annually processes more than 1.5 million orders, 98.3 percent of which are in EDI format, Beachler says.

Coty uses AS2 to conduct business with six of its customers, which represents about 40 percent of the company's total transaction volume. For Coty to conduct business with a typical midrange customer over a VAN costs about $300 per month, he says. Meanwhile, the company spent $22,000 on AS2-based Internet EDI software from iSoft. That deal lets for the company connect to its first 11 partners; adding additional partners costs about $1,000 for each connection.

The primary advantage is that the iSoft fees are one-time charges vs. ongoing VAN charges, Beachler says. "We all need a way to move information back and forth, even more so in future," Beachler says. "If we can do it a little cheaper, that's a very good thing. That's the key thing to me."

Maturing standards

AS2 still has some maturing to do, observers say.

"One of things that we're looking forward to in the development of EDIINT is more sophisticated and helpful management of a lot of the security parameters and information that has to be exchanged between trading partners," says David Walling, CTO at iSoft. For example, vendors have devised different ways of exchanging public-key certificates, because it was not originally specified in the AS2 draft, he says.

Walling also expects users will begin to use AS2 to transport non-EDI data, such as XML. Although AS2 today is used primarily to send EDI data, it is not limited to EDI data.

Nor is AS2 limited to inter-company transactions. For example, Coty uses iSoft Commerce Suite in its communications between distribution centers.

Companies increasingly are using AS2 to secure data as it moves within corporate boundaries - such as between legacy processing platforms, Walling says. "AS2 is a secure, reliable protocol for moving data on an IP network using HTTP," he says. "That doesn't have to be the Internet, it could be an intranet or a LAN within an organization."

Data probably moves more within the organization than it does between organizations, Walling says. "Companies are recognizing that it's of great value to be able to demonstrate that data was moved within their organization securely and reliably, and that they have some audit trail to prove it," he says.