Can someone explain to me why there is so much debate about eb-xml vs. edi-int when SSL is an existing proven encryption protocol and EDI can be transported in HTTP using standard html form posting technology?
To see an example of what I mean go to: http://68.58.126.245/hipaaweb/logonframeset.aspx Login as: EDILive Password: EDILive By clicking the submit button you are actually submitting EDI live from your browser to a translator running on a test server (granted it is not SSL but that is just because I have not set up the certificate on this test server yet.) The translator actually receives the EDI, translates it and responds in real-time to your live 270 requests or 276 requests or 278 requests. Now obviously, this would not be done using a browser but a server can be set up to post EDI transactions this same way from one server to another. In essence allowing provider's software to connect directly to payer's and get the eligibility and claim status information requested. I realize that the implementation guides don't specify protocol for real-time transactions but it seems like overkill to create new security protocols over and above SSL. I also realize that some form of authentication must take place to allow only authorized users access to this information. There have been discussions here lately about using the ISA fields to pass username and passwords. Other payers are creating other forms of authentication, but what are the majority of payers doing to give access to eligibility and claim status in real-time to providers? Tony Kurzendoerfer TKSoftware Inc. -----Original Message----- From: William J. Kammerer [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 8:48 AM To: WEDI SNIP Routing Subworkgroup List Subject: EDIINT best practices workgroup Take a look at the thread entitled "EDIINT best practices workgroup," started by David Frenkel over on the WEDI SNIP Security Workgroup List; see http://www.mail-archive.com/wedi-security%40lists.wedi.org/ and scroll down for the thread. It's an animated discussion arguing the pros and cons of ebXML Messaging Services and EDI-INT (AS2). Though there's a lot a security techno-talk (SAML, WS-Security, TLS, public key crypto, XML-DSIG, pkcs#7 and s/MIME), this discussion is really more relevant to Routing. Both EDI-INT and ebXML MSH provide robust authentication and encryption - that's a given. The more important issue is which standard those who wish to exchange transactions point-to-point should settle on: the tried and true EDI-INT now used extensively in the retail industry (consider Wal-Mart's mandating AS2 on all suppliers) or the new sexy ebXML MSH which hasn't the penetration of EDI-INT but may be better at handling all types of payloads besides traditional EDI. EDI-INT (AS2) exclusively "pushes" messages to other clients who must be live 24X7. On the other hand, ebXML MSH can "push-pull," allowing the sender to "mailbox" messages for the recipient until he's ready to retrieve them. William J. Kammerer Novannet, LLC. Columbus, US-OH 43221-3859 +1 (614) 487-0320 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-routing as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-transactions as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
