Method and system for remotely facilitating the integration of a plurality of dissimilar systems Number:7,143,190 from the United States Patent and Trademark Office (PTO) owispatent The present invention is related to a method and system for facilitating the integration of a plurality of dissimilar systems by allowing networks of integration framework installations and/or other compatible B2B servers to inter-operate across corporate enterprise boundaries to integrate the disparate systems operating within each corporate enterprise.<H facilitating, integration, Method, and, syst, 7143190.html, Patent, pto, 7143190

Title: Method and system for remotely facilitating the integration of a plurality of dissimilar systems

Abstract: The present invention is related to a method and system for facilitating the integration of a plurality of dissimilar systems by allowing networks of integration framework installations and/or other compatible B2B servers to inter-operate across corporate enterprise boundaries to integrate the disparate systems operating within each corporate enterprise.

Patent Number: 7,143,190 Issued on 11/28/2006 to Christensen, et al.

Inventors: Christensen; Mitchell T. (Livermore, CA), Sojka; Danny R. (Carmel, CA)
Assignee: Rappaport; Irving S. (Palo Alto, CA)

Appl. No.: 10/109,874

Filed: April 1, 2002

Current U.S. Class: 709/246

Current International Class: G06F 15/16 (20060101)

Field of Search: 709/204,218,250,230,232,246,249,223,224 707/10 713/201 719/328 715/523

References Cited [Referenced By]

U.S. Patent Documents


4951196	August 1990	Jackson
5557780	September 1996	Edwards et al.
6031533	February 2000	Peddada et al.
6035297	March 2000	Van Huben et al.
6041365	March 2000	Kleinerman
6085243	July 2000	Fletcher et al.
6260062	July 2001	Davis et al.
6363421	March 2002	Barker et al.
6418400	July 2002	Webber
6587827	July 2003	Hennig et al.
6711629	March 2004	Christensen et al.
6757739	June 2004	Tomm et al.
6832120	December 2004	Frank et al.
6959340	October 2005	Najmi
2002/0010741	January 2002	Stewart et al.
2002/0091533	July 2002	Ims et al.

Primary Examiner: Vaughn, Jr.; William C.
Assistant Examiner: Gerezgiher; Yemane M.
Attorney, Agent or Firm: Rappaport; Irving S.

Parent Case Text

RELATED PATENT APPLICATION

This patent application claims the benefit of related U.S. provisional patent application entitled "Method and System for Facilitating the Integration of a Plurality of Dissimilar Systems", Ser. No. 60/280,121, filed on Apr. 2, 2001 and which is included in its entirety in Appendix A.

Claims

We claim:

1. A method for facilitating remote integration of a trading system including a plurality of dissimilar systems using plurality of dissimilar data formats and plurality of communication protocols, the method comprising steps of: connecting one or more interoperating integrated framework installations across corporate domains; said integrated framework installations comprising at least two integration services allowing a connection between agents using a variety of protocols; an agent management service allowing dynamic installation and removal of agents; the integrated framework installations supporting both browser based applications using HTTP and mail client applications using SMTP to communicate with the integrated framework installations of the system; said integrated framework installations sending and receiving object activation requests and messages by utilizing POP3 and IMAP servers; mapping between said one or more interoperating integrated framework installations; translating the plurality of dissimilar data formats between said one or more interoperating integrated framework installations using ECMAScript for manipulation of the data formats; correlating events between said one or more interoperating integrated framework installations; supporting all non-application-specific services between said one or more interoperating integrated framework installations; and supporting the integration of at least two applications between said one or more interoperating integrated framework installations without any customization, whereby all of said steps can be performed remotely, with appropriate identification, but without additional dedicated hardware or software infrastructure.

2. The method of claim 1 wherein said connecting one or more interoperating integrated framework installations across corporate domains includes certifying authority using digital certificates.

3. The method of claim 1 wherein said translating data formats between said one or more interoperating integrated framework installations includes using data formats recognizable across multiple systems, including XML format.

4. A stand-alone distributed system for remotely facilitating integration of a trading system including a plurality of dissimilar host systems using plurality of dissimilar data formats and plurality of communication protocols, comprising: an integration framework for remotely connecting one or more interoperating integrated framework installations across corporate domains without customization and without additional dedicated hardware or software infrastructure; (an underlying application server) said integrated framework installations comprising at least two integration services allowing a connection between agents using a variety of protocols; an agent management service allowing dynamic installation and removal of agents; the integrated framework installations supporting both browser based applications using HTTP and mail client applications using SMTP to communicate with the integrated framework installations of the system; said integrated framework installations sending and receiving object activation requests and messages by utilizing POP3 and IMAP servers; business logic for mapping between said one or more interoperating integrated framework installations; translation logic connected to said business logic for formatting the data format between said one or more interoperating integrated framework installations using ECMAScript for manipulation of the data formats; correlation logic for correlating events between said interoperating integrated framework installations; integration logic for providing all non-application-specific services and integrating any application between said interoperating integrated framework installations, whereby said system, with appropriate identification, allows remote administration without being on-site at a framework installation location.

5. The system of claim 4 wherein said business logic includes: logic for processing events and data received from one host system and forwarded to one or more other host system, logic for processing requests from other host systems involving interaction with said one host system; and logic for processing responses sent from one host system to another host system.

6. The system of claim 4 wherein said translation logic includes: logic for translating specific data from said one host system into a format recognizable by other host systems, including XML format.

7. The system of claim 4 wherein each integration framework includes: a business logic processing unit; a host adaptor application connected to said business logic processing unit for enabling said business logic processing unit to interact with a host system to which it is connected; and integration services for providing system level services to said host adapter application and said business logic processing unit and for supporting remote administration for installation of additional host adapter applications and business logic processing units.

8. The system of claim 7, wherein said host adapter application includes: a first layer exposing said host system application programming interface and converting said application programming interface to a Java application programming interface, a second layer defining higher-level business objects that involve multiple calls to said first layer for simplifying scripting of said business logic processing unit, and a third layer that wraps said first and second layers with code for making said first and second layers accessible to the environment of said business logic processing unit.

9. The system of claim 8 wherein said host adapter application is re-useable with no customization.

10. The system of claim 4 wherein said integration logic provides system level services including network access, agent management, XML processing, agent administration, installation and configuration, and communication services for handling sending and receiving requests between agents, all capable of being accomplished remotely without being on-site at a framework installation location.

11. The system of claim 10 wherein said communications services support SSL based encryption of outgoing messages and certificate based remote partner and message authentication.

Description

BACKGROUND OF THE INVENTION

There are multiple models for automating a supply chain, such as the traditional point-to-point partnership supply chain automation as well as participation in, and integration with trading exchanges. Mid-market supply-chain-related applications have propagated over the last several years. The advent of Enterprise Resource Planning (ERP), Material Requirements Planning or Manufacturing Resource Planning (MRP), Customer Relationship Management (CRM), Supply Chain Management and Supply Chain Execution (SCM/SCE) and Marketplace applications (see glossary at the end of this document for more information) have contributed greatly to this explosion. For the enterprise to function successfully, tight integration between applications is imperative, albeit a considerable, and sometimes costly challenge. E-Business and the expansion of cross enterprise networks have added another level of complexity to this dilemma. Without an established method for connecting applications, custom (and typically not reusable) development work is undertaken each time two disparate systems are linked.

One of the most significant obstacles to supply chain automation is the integration of disparate systems. By it's very nature, a supply chain is a conglomerate of disparate software systems, from many different software vendors, each providing a small fraction of the capabilities of the overall supply chain. A fully optimized supply chain would require all of these systems to seamlessly interact, such that a purchase by a consumer of a finished good would be aggregated and propagated throughout the entire supply chain, resulting in the re-manufacturing and replenishment of this finished good to the supplier. The act of tying all the disparate systems within a supply chain together results in the notion of a high level, or abstract "meta-system" which governs inter-system processing of data, from start to finish.

The integration of disparate systems involves the translation of data formats and correlation of events between those two systems. Business logic provides the mapping between the two systems. Because this business logic is external to each system, an external execution environment is required to support the processing of business logic. The fundamental barriers to integrating applications are incompatible data formats (the format in which data relevant to each system is stored and accessed) and incompatible event models (the methods by which system events are invoked and carried out). The result is an impedance mismatch that prevents disparate applications from communicating and sharing information.

Both mid-sized and large companies have much to gain from automating and integrating their supply chains. Many of the existing integration solutions, however, can be rather unwieldy; licensing them is often very costly, and their resource requirements are typically extensive. Without a comprehensive integration solution, however, integrating two systems involves tedious custom development highly specific to the connection between those two systems. When the time comes to integrate another pair of systems, the integration process practically starts from the beginning, since the work from the first integration is frequently not easily applicable to other business relationships.

There are problems in current approaches with trying to enable large numbers of disparate systems to interact because they are subject to transport level failures. Any solution must overcome this shortcoming, providing some measure of guaranteed message delivery. The nature of Internet protocols is inherently point-to-point. A solution requires expanding this notion to support true point-to-multi-point communications. Once the physical disparities between two systems have been resolved, the CIF must then solve the problem of the architectural disparity between two systems. This architectural disparity can be broken down into two components. First, the way in which data is represented within each system is typically vastly different. Enabling communication between two such systems requires converting one data format into the other. Second, the events that each system processes may be fundamentally different.

The internal system level events, which trigger the internal business logic of each system, must be correlated. It can be deduced that this data conversion and event model correlation requires some level processing external to either system.

Another problem with current systems is that they do not support the wide scale implementation of system level interoperability. There are many ways to accomplish this goal and many tools on the market support the development of such solutions. But these tools generally do not support `mass implementation` of system level interoperability. This requires scaling deployment to support dozens, hundreds or even thousands of inter-operating systems. Mass integration on this scale requires a new approach to systems integration. This type of integration requires a solution to be lightweight, remotely maintainable and require minimal support on the part of the transacting parties.

Wide scale integration implies some constraints. For instance, the deployment of a dozen installations is achievable by conventional means, i.e. visits by technical personnel to install configure and test each installation. When this number moves to the dozens, hundreds or even thousands of installations, this model does not scale. A viable solution must compensate for this limitation, so that it can support minimal technical ability on the part of the installation personnel, and fully remote maintenance of any and all installations. Maintenance refers to remote configuration, the addition of or changes to business logic, the addition or deletion of CIF software components and installation/updating of operational data.

Accomplishing wide scale integration of disparate systems provides little value, however if it exposes customers' proprietary data to prying eyes. As such, a satisfactory solution must accomplish these goals while ensuring the security of each participant's intellectual property. This entails coverage of the following security elements. Authentication--Ensure that participants are who they say they are. Authorization--Ensure that each participant has beep granted access to other systems by a mutually trusted authority. Non-repudiation--Ensure that neither party to a particular transaction can later deny involvement in the transaction. Encryption--Ensure that access to sensitive data transmitted across the open Internet is restricted to the intended recipient. Service level ACL--Ensure that access to the services implemented is restricted to the specified trading partners.

SUMMARY OF THE INVENTION

The present invention is directed to a method and system for facilitating the integration of a plurality of dissimilar systems. Some of the key features and benefits of the system include: Enabling the exchange of data and/or events between disparate systems. Bridging the physical gap between those systems. Providing an execution environment for the business logic required to map the data and event models of the disparate systems. Platform independence. Supporting the inherent "one to many" integration model, e.g., enable the Trading Exchange model. Providing for timely and secure exchange of data and/or events between disparate systems. Minimizing internal development (with objective of lowering costs and reducing implementation time). Supporting scalability, and specifically scalability with hardware. Implementing public standards wherever possible, again with the objective of minimizing cost of the solution. Supporting customization via configuration, which supports the requirement to minimize internal development.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 represents a collection of integrated installations representing two distinct integrated domains.

FIG. 1A represents an overview diagram of the integrated framework of the present invention.

FIG. 1B represents the integration framework host adapter.

FIG. 2 shows the bilateral authentication of client and server integration framework using digital certificates.

FIG. 3 demonstrates the interaction between an integrated framework installation, the domain administration application and the certificate server during client/server certificate generation.

FIG. 4 depicts the logical separation of the integrated framework components, calling out the frequency with which each component tends to change.

FIG. 5 depicts the services provided by the integration services component.

FIG. 6 depicts typical remote object activation request processing.

FIG. 7 depicts typical asynchronous, unidirectional message distribution processing.

FIG. 8 shows typical bidirectional object activation using MOM point-to-multi-point processing.

FIG. 9 depicts communication between the message producing integration framework and the SMTP server.

FIG. 10 depicts communication between the message consuming integration framework and the POP3/IMAP server for unidirectional message distribution.

FIG. 11 depicts communication between the message producing integration framework and the SMTP and POP3/IMAP servers.

FIG. 12 depicts communication between the message consuming integration frameworks and the SMTP and POP3/IMAP server for bi-directional object activation.

DEFINITIONS, ACRONYMS, AND ABBREVIATIONS

Below is a list of definitions, acronyms and abbreviations used in this application. Most definitions are taken from internet.com's Webopedia,http://webopedia.internet.com.

Access Control List (ACL)--Access Control refers to mechanisms and policies that restrict access to computer resources. An Access Control. List specifies what operations different users can perform on specific files and directories.

API--Application Programming Interface. Refers to a set of routines, protocols, and tools for building software applications.

ASP--Application Service Provider. Third party entities that manage and distribute software-based services and solutions to customers across a wide area network, from a central data center.

CORBA--Common Object Request Broker Architecture. An architecture that enables pieces of programs (objects) to communicate with one another regardless of what programming language they were written in or what operation system they are running on.

CRM--Customer Relationship Management. A comprehensive approach that provides seamless integration of every area of business that touches the customer, e.g., marketing, sales, customer service, field support, etc.

CXML--Commerce XML. Refers to a set of document type definitions (DTDs) for the XML specification. It was designed to standardize the exchange of catalog content and to define request/response processes for secure electronic transactions over the Internet. The processes include purchase orders, change orders, acknowledgments, status updates, ship notifications, and payment transactions.

DTD--Document Type Definition. A file that defines how the markup tags should be interpreted by the application presenting the marked-up document.

ECMAScript--ECMAScript is an international standard scripting language, based on Netscape's Javascript.

EDI--Electronic Data Interchange. EDI supports the transfer of data between different companies using networks, such as the Internet. It is a mechanism for enabling companies to buy, sell, and trade information.

ERP--Enterprise Resource Planning. An ERP system integrates all facets of the business, including planning, manufacturing, sales, and marketing.

HTML--Hypertext Markup Language. The authoring language used to create documents on the World Wide Web. It uses tags and attributes to define the structure and layout of a document.

HTTP--Hypertext Transport Protocol. HTTP is the protocol that defines how messages are formatted and transmitted and what actions web servers and browsers should take in response to various commands.

JAVA--A high-level programming language developed by Sun Microsystems. Java is an object-oriented language, similar to C++. Compiled Java code can run on most computers because Java interpreters and runtime environments (Java Virtual Machines or JVMs) exist for most operating systems.

JavaScript--A scripting language originally developed by Netscape to enable web authors to design interactive web sites. Although developed independently, it shares some of the features and structures of Java.

JDBC--Java Database Connectivity. A Java API that enables Java programs to execute SQL (Structured Query Language) statements, allowing Java programs to interact with any SQL-compliant databases.

JNI--Java Native Interface. A Java programming interface, or API, that allows developers to access the languages of a host system and determine the way Java integrates with native code.

JRE--Java Runtime Environment.

LDAP--Lightweight Directory Access Protocol. LDAP is a protocol for accessing information directories. Because LDAP is an open protocol, applications need not worry about the type of server hosting the directory.

MRP--Material Requirements Planning or Manufacturing Resource Planning. MRP is a concept for the computerized determination of requirements, procurement, storage, and the staging of material needed for manufacturing.

Non-repudiation--In general non-repudiation is used as an adjective to denote that the subject system can fit within a fully deployed infrastructure of certificate authorities and secure digital signature devices to show that a particular individual, or organization, was responsible for the content of a digital document.

SCE--Supply Chain Execution. SCE systems provide tools that communicate and optimize supply chain transactions. They deal with getting a job done, with decisions made in real-time, minutes, hours, or weeks in advance. Examples include Transportation Management Systems, Warehouse Management Systems, Order Management Systems, and International Trade Logistics Systems.

SCM--Supply Chain Management. The delivery of enhanced customer and economic value through synchronized management of the flow of physical goods, associated information, and financial information, from sourcing through to consumption. It is the equivalent of SCE+SCP.

SCP--Supply Chain Planning. SCP systems include supply chain network design, demand planning and forecasting, supply planning, manufacturing planning and forecasting, and distribution planning. SCP is focused on getting ready for a job, with decisions made from weeks to years in advance.

SOAP--Simple Object Access Protocol. Provides a mechanism for applications to communicate with each other over the Internet, independent of platform. SOAP relies on XML to define the format of the information and then adds the necessary HTTP headers to send it.

SSL--Secure Socket Layer. SSL is a protocol for transmitting private documents via the Internet. SSL works by using a private key to encrypt data that is transferred over the SSL connection.

TCP/IP--Transmission Control Protocol/internet Protocol. The suite of communication protocols used to connect hosts on the Internet.

XCBL--XML Common Business Library. A suite of XML based document definitions authored by CommerceOne that are based on a subset of the EDI document set.

XML--Extensible Markup Language. A subset of SGML that enables designers to create their own customized tags, enabling the definition, transmission, validation, and interpretation of data between applications and between organizations.

XML Schema--XML Schemas replace DTDs as a way to describe and validate data in an XML environment.

XPATH--The primary purpose of XPath is to address parts of an XML document. In support of this primary purpose, it also provides basic facilities for manipulation of strings, numbers and Booleans. XPath operates on the abstract, logical structure of an XML document, rather than its surface syntax. XPath gets its name from its use of a path notation as in URLs for navigating through the hierarchical structure of an XML document. In addition to its use for addressing, XPath is also designed so that it has a natural subset that can be used for matching (testing whether or not a node matches a pattern); this use of XPath is described in XSLT.

XSLT--Extensible Stylesheet Language Transformations. The language used in XSL style sheets to transform XML documents into other XML documents. An XSL processor reads the XML document and follows the instructions in the XSL style sheet, then it outputs a new XML document. This is extremely useful in e-commerce, where the same data need to be converted into different representations of XML because not all companies use the same programs, applications, and/or computer systems.

DETAILED DESCRIPTION

Overview

The integration framework domains shown in FIG. 1 constitute a pure business-to-business (B2B) framework. The role of B2B is to interconnect corporate enterprises across the Internet. While Enterprise Application Integration (EAI) focuses on integrating applications within a specific corporate domain, B2B focuses on integration between corporate domains. An isolated integration framework installation operating within an enterprise provides little benefit in the way of B2B integration. While some benefit may be garnered by interconnecting back end systems within that enterprise, this type of solution is best left to EAI solutions. The true benefit of the integration framework is realized when networks of integration framework installations and/or other compatible B2B servers inter-operate across corporate enterprise boundaries to integrate the disparate systems operating within each corporate enterprise.

A collection of one or more integration framework installations that inter-operate within or across corporate domains is recognized as an integration framework Domain as shown by 100 and 102 in FIG. 1. The notion of an integration framework Domain was conceived to provide a mechanism for creating a closed system of inter-operating B2B servers. Examples of such a closed system would be a private trading exchange, or the interconnection of a buyer with a set of suppliers.

FIG. 1 represents a collection of integration framework installations representing two distinct integration framework Domains 100 and 102. Domain 100 has several integration frameworks shown as 101 and Domain 102 has several integratio frameworks shown as 103. Notice that one of those integration framework installations 104 is configured to operate within both domains 100 and 102.

Integration framework Domains exist as a security measure, and to compartmentalize and isolate remote integration framework administration. Every integration framework installation is configured to operate within one or more integration framework Domains. As such, an integration framework cannot connect to another integration framework that is outside of its own domain(s). The integration framework Domain Administration tool described herein administers one or more integration framework Domains.

Domain Security

Domain participation is administered by way of a client digital certificate deployed on each operational integration framework installation. This digital certificate, signed by a certifying authority running the integration framework domain, will enumerate the domains for which this particular integration framework installation is authorized to participate. When an integration framework initiates a transaction with a remote integration framework, this certificate is provided to the remote integration framework (server) during session authentication. During the client Authentication process, the server integration framework verifies that the client certificate specifies the appropriate integration framework domain. FIG. 2 shows the bi-lateral authentication of client and server integration frameworks using digital certificates.

If an integration framework installation wishes to participate in more than one integration framework Domain, the certifying authority must issue a new client certificate specifying participation in multiple domains, and the previous certificate revoked. Client and Server certificates are installed on every integration framework installation via the Domain Administration Application. The process for installing digital certificates on a given integration framework installation is as follows. The domain administrator connects remotely to the integration framework using the Domain Admin tool. Integration framework configuration information is retrieved from the remote integration framework and a Certificate Signing Request (CSR) is constructed within the Domain Administration application using the integration framework configuration information. This CSR is submitted to the certifying authority for signing. The certifying authority signs the remote integration framework information, generating both a client and server digital certificate. The newly generated certificates are installed on the remote integration framework via the Domain Administration application. The certificate generation process must invalidate (revoke) any existing client/server certificates.

Rather than compile, distribute and install all aspects of the integration component at a frequency dictated by changes in business logic, the integration framework subdivides the architecture into separate components that can be released independently of the others. These three components are known as Integration Services, Business Logic Processing Unit and one or more Host Adapters. FIG. 4 depicts the logical separation of the integration framework components, calling out the frequency with which each component tends to change.

The Integration Services component defines the foundation of the Integration Framework. An upgrade to the Integration Services component requires re-installation of the integration framework. Upgrades to the Host Adapter(s) and Business logic can be done remotely, without requiring a server restart. This component decomposition supports dynamic server upgrades, as well as remote administration of the Host Adapter and Business Logic.

Many of the reasons that the integration framework is so suitable for such a variety of enterprises rest in its architecture. The integration framework 108 has three main components that make up each host system as shown in FIG. 1A. These components include a Business Logic Processing Unit shown at 10 for Host System A 112 and Business Logic Processing Unit 114 for Host System Z shown at 116. Each host system also has a Host A Adapter 118 and a Host Z Adapter 120 connected to the respective Business Logic Processing Units 110 and 114 respectively. Host A Adapter 118 is connected to Host System A 112 and Host Z Adapter 120 is connected to Host System Z 116. The Host A Adapter 118 and Business Logic Processing Unit 110 are each connected to Integration Services unit 122. The Host Z Adapter 120 and Business Logic Processing Unit 114 are each connected to Integration Services unit 124. The two Integration Services units 122 and 124 are each connected to a Network or the Internet or an Extranet represented by element 126. These building blocks make up the integration framework 108 shown in FIG. 1A.

Business Logic Processing Unit--Each Business Logic Processing Unit 110 and 114, as the name implies, incorporates business logic for a company's unique transactional relationships. It receives requests, exchanges data with your back-end ("host") applications, and invokes other agents. It also distributes data to other systems, either internal or external to your organization. The Business Logic Processing Units 110 and 114 can establish contact with other integration frameworks in its integration framework domain. (An integration framework domain is a group of related integration frameworks managed by a common administrator shown as integration framework domains 100 and 102 in FIG. 1. An integration framework domain roughly corresponds to an industry, such as food or petroleum.) Business logic to be executed by the Business Logic Processing Units 110 and 114 is organized in one of two ways--Agents and Services, and Payload Processors.

In the Agent/Service model, each individual unit of business logic is referred to as a Service. One or more Services are grouped to form an Agent. This grouping is typically based on the general function of each of the grouped Services. For instance, a collection of Services that cooperate to provide interaction with a back-end financial management system might belong to the Finance-Agent. Agents exist as remotely deployable software components. This model supports the reuse of similar business logic processes between integration framework installations.

The Payload Processor model involves tying units of business logic to predefined elements within the incoming XML payload document. A Payload Processor consists of one or more Payload Processing Rules. A Payload Processing Rule is the combination of a search pattern, and the definition of business logic to be executed whenever the search pattern is recognized within the incoming XML payload document. The search pattern conforms to the XPATH syntax as specified by the W3C. The associated business logic is defined via the integration framework administration application.

In general, the Agent/Service model supports document object model (DOM) based processing of the incoming XML payload while the Payload Processor model supports event based processing. The Business logic author is free to choose whichever model best suits a given application.

Host Adapter--The Host Adapters 118 and 120 serve to connect the Business Logic Processing Units 110 and 114 respectively to a company's existing systems. The Integration Framework Host Adapter 118 shown in FIG. 1B consists of three main layers connected to the JD Edwards Host System 112, which has a Host Application Programming Interface (API) 134. The bottom layer 136 actually exposes and accesses the data that the host API uses. Some applications provide a library of program functions that an external application (such as the integration framework) may call to access their data. For other applications, the Host Adapter 118 directly accesses the application's data files or relational database. The middle layer 138 defines relatively complex processes, such as various Business Objects, that involve a series of operations on the bottom layer 136. Submitting an invoice, for example, might require reading and writing data from multiple places. The top layer 140 provides a simpler Scriptable Interface or wrapper to the other two layers.

Integration Services--Integration Services 122 and 124 in FIG. 1A each provide a suite of network communication and data processing utilities to the other two components, the Host A Adapter 118 and Business Logic Processing Unit 110 and the Host Z Adapter 120 and Business Logic Processing Unit 114, respectively. Integration Services 122 and 124 each establishes secure connections between agents with a variety of protocols, such as SOAP and SMTP, in addition to supporting integration with standard Message Oriented Middleware (MOM) solutions, such as SonicMQ and MQSeries. The Integration Services components 122 and 124 also each provides for the management of the Business Logic Processing Units 110 and 114 respectively and Payload Processors running on separate machines to provide for fail over and scalability (load balancing).

Business Logic Processing Unit Component

A Business Logic Processing Unit 114 will execute all application-specific business logic, via the Host Z Adapter 120 component, and business logic provides logic to:

Process events and/or data received from the Host System Z 116 that are to be forwarded to one or more other (possibly remote) systems. For example, a process event might be an Ariba Marketplace (Host System Z 116) request for availability and price of a quantity of nails that is to be forwarded to one or more suppliers of nails. In this case, the appropriate Business Logic Processing Unit 114 requests received from other (possibly remote) Agents, which involve interaction with the Host System Z 116. For example, a request for availability and price of a quantity of nails received from a remote Agent representing the Ariba Marketplace by the Agent for a hardware supplier with a JD Edwards ERP Host System A shown at 112. In this case, the local Agent will process the request, interacting with the JDE-ERP Host System A 112 as necessary to determine availability and pricing. (Extending this model, the same supplier might choose to integrate with two different trading exchanges--say Buzzsaw and eSteel. In that case, we could simply create two agents: Supplier-to-Buzzsaw and Supplier-to-eSteel. Both Agents could interact with the JDE application via a single Host Adapter.)

Process responses being sent from one Host System to another. For example, the response to a request for price and availability of a quantity of nails. In this case, the Ariba Marketplace Agent will specify (for example) how the content of the response (payload) should be formatted for the Ariba Host System Z shown at 116.

Translate Host System specific data into a format recognizable by other (possibly remote) Agents. For example, the Ariba Marketplace Host System Z 116 upon receipt of a purchase order from a buyer, triggers business logic contained within a local Agent. The Business Logic Unit 114 extracts the pertinent purchase order data via the Ariba Host Z Adapter 120, and constructs a standard XML representation of this purchase order (e.g. XCBL Purchase Order document). The Business Logic Unit 114 then determines the destination of the purchase order from the purchase order data, and requests a service from (invokes a method on) a remote Agent located at the destination to handle the purchase order. This is accomplished via the Integration Services component 124. The remote Agent receives the standard XML purchase order document via its Integration Services component, parses the document, and interacts with its own Host System as necessary to input the purchase order information.

The Business Logic Units may operate within an ECMAScript (JavaScript) environment, enabling Agents to be fully customized (in the field) by Internet Consultants and Engineers. The Integration Services components 122 and 124 each exposes XML processing capabilities into the script environment, enabling XML queries (via XPATH) and XML translations via XSLT (Extensible Stylesheet Language Transformations, a language for transforming XML documents into other XML documents). The scripted nature of the Agent makes it the easiest component to customize--and in fact, for most implementations, the bulk of the customization work will be done on the Agent, not on the other two components, the Host Adapter or Business Logic Unite of the Integration Framework.

Host Adapter Component

The "Host System" is a software application. It could be an ERP system like JD Edwards, a trading exchange like Ariba Marketplace, a custom application, or an application with an HTML-based UI (e.g., a web storefront).

The Host Adapter such as 118 in FIG. 1B will enable one or more Business Logic Processing Units 110 to interact with the Host System API as shown in FIG. 4. The Host Adapter wraps the Host System 112 API 134 with code that makes it accessible from within the Agent scripting environment. This allows the business logic within an Agent to make calls into, and receive calls from the Host System API 134.

The Host Adapter 118 is comprised of three layers. The first layer 136 exposes the Host System API 134 (Application Programming Interface), essentially converting it to a Java API. (If the back-end system already has a Java API, this layer will be unnecessary). The second layer 138 defines higher-level business objects that involve multiple calls to the lower level Host System API 136, e.g., submit invoice, submit PO, query price and availability. This second layer 138 is designed to simplify scripting of business logic in the Business Logic Processing Unit 110. The third layer 140 wraps the first two (which are Java interfaces) with code that makes them both accessible to the ECMAScript environment of the Business Logic Processing Unit 110.

The Host Adapter component 118 is reusable with little or no customization, e.g., once a JD Edwards Host Adapter 118 is developed, it should be reusable on all projects that involve the integration of JD Edwards system 112 with some other application. The Host Adapter is designed to work with a specific release of the back-end application. If the customer upgrades to a newer version of back-end software, a new Host Adapter release may be required to access features of the new release. Block 127 shows that most modifications to the system can be done remotely, while re-installation is rarely required.

Integration Services Component

The Integration Services component 122 shown in FIG. 4 serves as the foundation of the integration framework. This component is actually a collection of system level services available to both the Host Adapter(s) 118 and the Business Logic Processing Unit 110. While each service is defined below, it is important to note that the Integration Services component 122 represents the lowest layer of integration framework functionality. As such, the installation of an integration framework is basically the installation and configuration of the Integration Services component, Host Adapters for communicating with the host file system and an Agent that supports remote integration framework administration. This basic configuration supports the remote administration for installation of additional Host Adapters and Business Logic Processing Units. FIG. 5 depicts the services provided by the Integration Services component 122. A description of each of the services within the Integration Services component 122 follows. The definition of these services roughly flows bottom to top with respect to FIG. 5.

The Integration Services component 122 provides various system level services, including Network Access services 142, Agent Management and XML Processing services 144 for the Agents, as well as services to support agent administration, installation, and configuration 146. The Communication services 148 contains the mechanisms for handling the sending and receiving of requests between Agents, e.g., SOAP/SMTP encoding 149 and/or interaction with MOM. Partner registration services are also supported.

All communication services provided by the Integration Services Component support SSL based encryption 150 of outgoing messages and certificate based remote partner and message authentication.

The Agent Management services provided by the Integration Services Component include the dynamic installation/removal of agents (including the associated Host Adapter component(s)), enabling/disabling installed Integration Services, Service invocation, execution monitoring, load sharing 152 and usage monitoring 154 (for the potential per transaction fee based model).

The XML Processing services 144 enables Agent processing of XML documents from within the scripting environment--for example, enabling the query of an XML document for all elements with Product=Nails--, translation of data from one XML format to another--for example, the conversion of an XCBL invoice to an CXML invoice- and direct manipulation of XML data from ECMAScript--for example, construction of a new XML document, or modifying content within an existing XML document. XSLT technology is used for transformation of documents from one format to another. XML Schema and DTDs are used for validation of the document formats. XPath is used to select sub-trees of documents or whole documents that match conditions defined on document content and structure, from which new documents can be constructed based on what is selected. XPath is also used in conjunction with XSLT to address sub-parts of an XML document that can be used to determine whether nodes conform to a pattern.

The Integration Services are "constant or generic" components of the Integration Framework, requiring little or no application-specific customization.

The encapsulation of functionality into these three components maximizes reusability. While each business has unique requirements, neither the integration framework provider nor its clients are ever in the position of having to "reinvent the wheel." For each back-end system (such as Intershop, Manugistics, OracleApps, QuickBooks, SAP, or even custom mainframe legacy applications), the Host Adapter 118 provides a uniform interface that the integration framework can rely on for all users of that software package. The integration framework provider develops the Host Adapter for each back-end application once, and that Host Adapter is highly reusable. Since the Business Logic Processing Unit 110 is, to some extent, unique to a particular integration, it does require some customization. The Business Logic Processing Unit, however, is designed with ease of customization in mind. The integration framework provider and Internet Engineers adapt the Business Logic Processing Unit to a client's particular business rules.

Unlike some other integration solutions, the present invention makes extensive use of several established standards and Internet protocols. The fact that the integration framework uses several well-known protocols means that users can easily establish contact with the integration framework. Using the Hyper Text Transfer Protocol (HTTP) interface, a user can interact with the integration framework in a Web browser. If HTTP connectivity is not available, due most likely to a firewall, the integration framework also supports Simple Mail Transfer Protocol (SMTP). Through the SMTP interface, a user can exchange information with the integration framework using any Internet mail client. While the integration framework will probably be getting a great deal of its information from other integration framework installations, it is a reality that many mid-sized companies do not have back-end systems that cover the whole of their business process. So, HTTP and SMTP interfaces provide a very useful way to carry out manual processing without installing a complex dedicated client application.

The integration framework Web server responds to client connections, and an LDAP server provides for maintaining user information. The integration framework also adheres to a number of Internet security standards. The Secure Sockets Layer (SSL) technology is the same that Web browsers and many other Internet applications use to protect their data from interception (encryption) and to verify the other party's identity in communications (authentication). The integration framework's primary means of representing data is also an open technology; it uses Extensible Markup Language (XML) for this purpose. XML, an extensible derivative of SGML, provides for the representation of complex objects in a uniform and hierarchical manner. The integration framework employs the Simple Object Access Protocol (SOAP v1.1). SOAP represents a standard means of accessing distributed objects using XML payload syntax. The Universal Description Discovery integration (UDDI) initiative uses SOAP to substantially simplify communications between objects. The integration framework also interfaces with a number of Message-Oriented Middleware (MOM) applications through the Java Message Service (JMS) API. The scripting language that the integration framework uses for defining business rules (in the Business Logic Processing Unit) is ECMAScript-262 (JavaScript), a language that, while powerful, is fairly accessible to individuals without a high degree of programming experience. Finally, much of the rest of the integration framework is in Java, a leading open platform language developed by Sun Microsystems.

The integration framework's Java implementation means that the integration framework can run on multiple hardware platforms. The integration framework supports both Windows and Unix environments, and easily adapts to any environment for which a Java Runtime Environment (JRE) is available. Since the hardware environment for business systems today is quite heterogeneous, it makes a great deal of sense to develop on a platform that will run on as many types of systems as possible. Java programs will run on any Java Runtime Environment (JRE) without recompilation, regardless of the underlying hardware. Indeed, in addition to running on both the Windows and Unix platforms, the integration framework's hardware requirements are rather basic. A minimal installation of the integration framework will run on a "standard" desktop machine.

The integration framework leverages the extensive infrastructure that the Internet brings with it, while overcoming its shortcomings as a business communications tool. Since the Internet is decentralized and highly dependent on intermediate systems, it, by itself has a certain amount of inherent unreliability. When one party sends a message to another by standard Internet mail, for instance, the sender cannot prove or even know that the recipient actually received it. The integration framework, however, provides a facility for easily interfacing with 3.sup.rd party Message Oriented Middleware that provide guaranteed message delivery and also generates audit trails. When two parties engage in a transaction through the integration framework, each party will know that the other received all related messages. Through the SSL authentication process, each party will be able to verify the identity of the other party. The integration framework utilizes the security features provided by the MOM vendor.

Also, unlike most Internet mail, the information in messages that the integration framework exchanges is secure. Since the messages travel in encrypted form, any entity intercepting them would likely find them unintelligible. While many other products use SSL and it is a proven technology, it is only part of the integration framework's comprehensive security architecture. Data security is a preeminent consideration in the integration framework. Client and server digital certificates secure communication between integration frameworks. Smart card technology secures administration functions and access to the client's Business Logic. With a smart card, an administrator can access, configure, and monitor an integration framework node from anywhere on the Internet.

Like the Internet, however, integration framework domains allow for a dynamic understanding of the machines and organizations that comprise them. Whether one is in a traditional supply chain environment or a trading exchange, businesses regularly forge new relationships and end existing relationships. The integration famework provider administers integration framework domains for various industries, and one party can integrate with any other party in its domain.

Network Access

At the lowest level, all integration framework network communication takes place using the HTTP(S) network protocol. HTTP(S) is a mature, stable and well documented network protocol, and has become the standard for inter network communication. The Integration Services component contains a configurable number of HTTP(S) listeners, waiting for incoming service requests. It is intended that the HTTP(S) keep-alive session facility be utilized to enable multiple individual HTTP(S) request/response pairs over a single TCP/IP connection).

Transaction Security

FIG. 2 shows bilateral authentication of client and server integration framework domain authentication using digital certificates. Each transaction between a client integration framework 200 and server integration framework 202 as shown in FIG. 2 will optionally utilize the HTTP(S) features to provide for remote authentication, non-repudiation, encryption and service authorization. HTTP(S) uses digital certificates to provide these security services. Since the authentication process is bi-directional, both a client certificate 204 and a server certificate 206 are required for each integration framework installation. The certifying authority must generate all integration framework certificates. Each certificate is generated for the express purpose of integration framework-to-integration-framework communication within one or more integration framework Domains.

Bi-directional authentication means that when a client integration framework 200 initiates communication through an SSL connection 208 making a connection request 210 through an accept SSL connection request 212 with a server integration framework 202, the server integration framework 202 returns a server certificate 206, sent and signed by the certifying authority 214. The client 200 uses a factory installed public key certificate authenticate server/domain 216 to validate that the server certificate 206 was indeed signed by the certifying authority 214, then the client authenticate server/domain 216 verifies the server URL/IP Address and integration framework 202 Domain name. Once the client 200 has authenticated the server 202, the client certificate sending authority 218 then submits a client certificate 204 to the server integration framework 202. The server integration framework 202 then reverses the process in the authenticate client/domain 220 for the client 200. The HTTP(S) protocol then provides for the private key exchange and facilitates encryption for the remainder of the session.

Non-repudiation is achieved as the client 200 digitally signs (using it's private key) the message request contents. The server 202 similarly signs the response contents, thereby assuring that each party is bound to the transaction. This eliminates the threat of either party denying participation in the transaction.

Service level access control is achieved by using the signed remote server URL/IP Address information to authorize the remote integration framework for the specified service invocation. If the remote integration framework has not been authorized to request this service, the service request is denied, and an error message returned to the client.

FIG. 3 demonstrates the interaction between a client/server integrated framework installation 300, the client integration framework 302, the domain administration application 304 and the certificate server 306 during client/server certificate generation. It is intended that standard X.509 version 3 digital certificates will be used. The version 3-certificate extensions field is used to identify the list of integration framework Domains for which the certificate is valid. Version 3 certificate extensions are also used to specify sub-domain access control. This entails the specification of one or more individual integration framework addresses (IP or URL) to be either included or excluded (but not both).

The certificate installation 300 shows that the client integration framework 302 provides configuration information 308 to the domain administration application 304 to construct a Certificate Signing Request (CSR) 310 which is submitted to the certificate server 306 to provide verification of remote integration framework information 312. The information 312 is passed to a certificate generator 314 which generates both digital server certificates 316 and client certificates 318. These certificates 316 and 318 are passed to a certificate log installation 320. The certificate log installation 320 then passes the logged digital server certificates 316 and client certificates 318 for installation 322.

Protocol Encoding/Decoding

The HTTP(S) protocol defines a session based network connection, with no provision for the structure of the data that will traverse this connection. In order for two endpoints to effectively communicate, some structure to the data passed through the HTTP(S) connection must be agreed upon. Fundamentally, this structure is comprised of XML formatted data. While XML formatted data provides structure and meaning to the data, there still needs to be some level of agreement between the involved parties as to the specific XML format to be used. This section deals with that encoding.

Fundamentally, when one integration framework wishes to communicate with a remote integration framework, the structure of that message must include a message identifier, and a message body. The message identifier serves to identify what operation is to be performed by the remote integration framework as a result of receiving this message, while the payload represents the data to be operated on. The terms used throughout the rest of this description refer to the message identifier and message body respectively as `topic` and `payload`.

The topic and payload are implemented using variable length character strings. Ideally, the topic will be a structured character string that identifies to the receiving integration framework the processing which is to be performed, while the payload will be a serialized, well formed, a