The following text is copyright 1998 by
Network World, permission is hearby given for reproduction, as long as
attribution is given and this notice is included.
When is the Internet not
the Internet?
By Scott Bradner
According to the
published schedule the ANX is about to get real.
For the past few years
the Automotive Network Exchange (http://www.aiag.org/anx/) has been preparing to change
the way that the automotive industry does business in North America. The next
big step should come at any time. That step is the publication of a list of
certified service providers (ANX CSPs). ANX CSPs are Internet service providers
(ISPs) which have demonstrated compliance with ANX-specified requirements for
network service features, interoperability, performance, reliability, business
continuity and disaster recovery, security, customer care, and trouble
handling, and which have connected to one or more ANX certified exchange
points.
The basic idea is to
move most of the electronic interaction between the thousands of trading
partners which make up the automotive business away from private networks and
to the public data network infrastructure. I.e. move the communications to the
Internet, except that the ANX folk take care to say the ANX system is not the
Internet even though they do mention that it is part of the Internet. The
difference they say is in the guarantees provided by requiring the trading partners
to use ANX CSPs rather than just any ISP.
Of the dozen or so
network service features that the ANX requires an ANX CSP to offer the most
important involves security. All ANX CSPs must be part of a public key
certificate hierarchy with its top run by the ANX. This certificate hierarchy
is used to enable the ANX-wide use of the IETF's IP Security (IPSEC) set of
security functions to protect and authenticate transactions between trading
partners. Just in time the IPSEC documents were approved by the IETF as
Proposed Standards two weeks ago and there are already many vendors selling
products based on these standards.
Since each ANX CSP must
have an approved public key certificate which is used in real time to
authenticate the CSP, this hierarchy also provides a way for the ANX to
decertify CSPs that fail to maintain the required level of quality. The ANX
certification authority just revokes the CSP's certificate and the trading
partners which might be customers of that CSP can no longer operate. (According
to the ANX documents some warning will be given in this case.)
I expect that as soon as
the list of CSPs is released it will become the approved ISP list for many
organizations that have nothing to do with the automotive industry. I also
expect that we will quickly see other industry groups adopting the same
approach to trading partner interactions. But I also expect that this will be a
short-lived phenomenon. I expect that industry-specific certification will be
quickly replaced by Consumer Reports-style ratings once there is a better
understanding of what to rate. The ANX experience will help in this.
It should be quite
amusing to watch the reactions of ISPs that fail to get certified. Bluster and
treats of legal action, as some ISPs may try, instead of fixing the
deficiencies, will tell me all I need to know about an ISP.
disclaimer: We don't do
bluster at Harvard, or at lease we do not call it that - but the above
anticipatory amusement is my own.