Database systems have long been used by businesses to record their commercial interactions with customers, vendors, financial institutions, and other third parties. Most database applications are transaction based—meaning that the application obtains all required data for a particular transaction before the transaction is written to the database.
Since the early days of database systems, it has long been a goal to automate the transfer of transaction data between the business's computer systems and those of the other third parties. Early methods of transferring transaction data between database systems included exporting data (in accordance with a defined report) from a first system onto a magnetic tape or other data media. The data media is then physically transferred to a second system. While such a system was an improvement over manual entry of data, several draw backs existed. First, physical transfer of the data media could take a significant amount of time if mail or courier was used. Secondly, the three steps of writing the data file to the data media, transferring the data media, and loading the data file from the data media all required human intervention to be properly performed. Thirdly, both the application on the first system and the application on the second system had to be compatible—or, stated another way, the data file written to the data media by the first system had to be in a format that could be read and loaded into the second system.
Development of modems, value added networks (VAN), and Internet networking in general significantly improved the data transfer process. Rather than physically transferring a data file on magnetic tape or other data media, the data file could be transferred using a dial up connection between the two computer systems, a VAN connection, or an Internet connection.
Using a dial up connection, a modem associated with the first system could dial and establish a PSTN telephone line connection with a modem associated with the second system. A user would be able to export the data file from the first system, transfer the data file to the second system over the PSTN connection, and a user of the second system could load the data file into the second system.
A VAN connection is quite similar to a dial-up connection with the exception that the PSTN connection is continually maintained (e.g. a leased line) through a value added intermediary for security. Transfer of a data file between the first system and the second system over a VAN may include the user of the first system exporting the data file, transferring the data file to the second computer system (through the value added intermediary) and a user of the second system loading the data file into the second system.
Subsequent development of the Internet and secure file transfer systems such as the Secure File Transfer Protocol (SFTP) has obsoleted dial up connection and value added intermediary technology for most data transfer applications. Utilizing the Internet and SFTP technology, the user of the first computer system would export the data file, log onto the SFTP server (that is networked to the second computer system), and upload the file to the SFTP server. The user of the second computer system would then retrieve the file from the SFTP server and load the file into the second computer system.
While transferring of files using dial up connections, VAN connections, and FTP file transfer are a significant improvement over use of magnetic media for transferring a data file, the two systems must still be compatible and human intervention is still required for the file transfer.
A separate field of technology known as web services is being developed to support platform independent processing calls over the Internet. Web Services are data processing services (referred to as methods) which are offered by a servicing application to a requesting application operating on a remote system.
The system offering the web services to requesting systems publishes a Web Service Description Language (WSDL) document which is an Extensible Markup Language (XML) document that describes the web service and is compliant with the Web Services Description Language (WSDL) protocol. The description of the web service may include the name of the web service, the tasks that it performs, the URL to which the method requests may be sent, and the XML structure and parameters required in a method request.
To obtain a published service, the requesting application sends a method call to the system as a Simple Object Access Protocol (SOAP) message within an HTTP wrapper. The SOAP message includes an XML method call which conforms to the required structure and parameters. So long as each system can build and interpret the XML data within the SOAP message within the HTTP wrapper, no compatibility between the two systems is required.
Web services enable applications to be written which request data from the web service providers. For example, a web server which provides stock quotes may publish the structure and parameters for requesting a stock quote, the method call may be required to include the ticker symbol corresponding to the requested quote. The web server system provides the information to the requesting application in response to receiving a method call for a method which the web service system publishes as available.
Web service systems are optimized for unattended transferring of XML method calls and responses between a system and a web service provider. However, the use of web service systems for transferring transaction data between two applications has at least two problems.
First, each of the two applications must be configured to manage the exchange of XML messages at the application level. For example, the client application must be configured with the appropriate information for contacting the web services server and the two applications must be appropriately configured for handling the timing of the transaction transfer and appropriate acknowledgments.
Secondly, web service technology is a transport technology that does not include any inherent security. The transfer of method calls using web services can be secured only if the applications include means for mutual authentication and means for encrypting the messages.
In yet another field of technology, middle ware systems known as message queuing systems have been developed to manage the transfer of data messages between two applications. When a first application (e.g. an origin application) sends a message to a second application, it uses a “MQPUT” processing call to transfer the message to a local message queuing manager. The message queuing manager places the message in a queue for delivery to the destination application. When the destination application is ready to receive a data message, it uses an “MQGET” to its local message queuing manager to retrieve the next message in the delivery queue.
The message queuing software: i) manages the transfer of messages between message queuing managers so that messages can be delivered across remote plafforms; and ii) enables both the origin application and the destination application to send and receive messages using their own schedule of events—thereby eliminating the need for each application to be responsive to the event timing needs of the other application.
While message queuing software handles timing and acknowledgement issues, message queuing technology, like web services technology, is a transport technology that does not include any inherent security. The transfer of messages through message queuing managers can be secured only if the origin and destination applications include means for mutual authentication and means for encrypting the messages.
At the most general level, what is needed is a solution that enables unattended transfer of data over an open network, such as the Internet, between two unattended applications, each operating on remote and secure network systems. More specifically, what is needed is a transport solution for securely transporting messages between the two systems in an unattended manner that that does not require each of the applications to include means for mutual authentication and means for message encryption.