An Auckland developer is promising to plug a crucial gap in electronic commerce -- the secure and seamless exchange of business documents.
The lack of standards for business-to-business communication between disparate accounting systems is crippling the take-off of e-commerce, says Peter Harrison, a security and encryption specialist.
Harrison, who works four days a week for local and U.S. encryption company RPK SecureMedia Inc., wants to give the business world a free, secure document exchange system that lets accounting systems communicate with each other. The project, dubbed DevCentre, will be based on open source software and the mark-up language of the moment, XML (Extensible Markup Language).
Harrison's not asking much in return. He wants to be paid a senior developer's salary for a year to finish the project. And he wouldn't object to having a few staff if the project takes off. His interest has more a missionary zeal.
"The problem is that most companies want to make serious amounts of money from their solutions. They are also aiming at large business, not small business. Solutions tend to be tens of thousands of dollars, and do not work with competitors' systems."
His solution will be distributed free. Because it will allow every accounting system to incorporate a standard way to transmit business documents, Harrison wants one or several accounting software companies to provide the cash for its development. He has already spoken to smaller ones, but says there's no money in unwanted add-ons.
"They have to support all the big guys. You have the smaller accounting firms supporting tens to hundreds of different import formats, and according to them it's basically a pain."
If an accounting software company puts NZ$1000 (US$401) into the project, it will get back "a hundred times that" in the long term, says Harrison.
Andrew McClure, business development manager at Wellington systems integrator SSLnz, says he tried to start a similar scheme two years ago.
"I wish him the best of luck," he says of Harrison's effort. Harrison's grand plan gestated at previous employer Aluminium Systems (ASL) in Pakuranga, which several years ago ventured into electronic ordering with its customers. The early operation was modem-to-modem but it enabled the company to cut its support costs through reducing support staff from four to one part-timer. About 95 percent of ASL's customers used the system, says Harrison.
DevCentre has three parts: an open source parser, to extract and "digest" messages into an XML format; a transport mechanism that uses standard e-mail software which will encrypt, sign and confirm arrival of documents; and a new network of public key encryption servers which will allow the exchange of keys.
This "trust network" - which he likens to a Napster or Gnutella for public keys - will have no central authority. When a new public key is received it will send the public key via secure channel to two servers on the list at random. A user can "interrogate" their public key at any time to ensure the key has not been replaced. Public keys are stored on a user's machine and verified against the public key server when used.
"This increases the chance that a man-in-the-middle attack is detected."
Harrison says he is not reinventing the wheel -- much of the crypto-library and XML parser coding is already available from open source libraries. And he has trialed it in a closed system. Application programming interfaces for Harrison's project will be available for C, C++, Delphi, Java and Visual Basic initially, in the form of libraries.
The server-side applications will be written in Java, the client-side in Delphi. Harrison admits the public certification authorities -- two have set up here already -- aren't going to be happy about someone offering free certification, but he intends working with them rather than in competition.
SSLnz's McClure endorses Harrison's use of an e-business subset of XML, ebXML.
"ebXML brings the cryptic world of EDI message formats up to date by treating common components such as address, party and location as reusable objects", he says.
But a more revolutionary standard under development, he says, is UDDI or universal description, discovery and integration. Using a globally distributed business registry, UDDI "blasts open" the model of closed trading partner relationships by providing a framework in which the programmable interfaces provided by a company are readily accessible, he says.