SOA! B2B! ASAP! There's a building boom underway in Service Oriented Architectures (SOAs) and business-to-business (B2B) integration, and everybody's rushing to get in on it. After all, integrating application assets and business processes is no longer just an option; it's a necessity. You've got a lot to gain if you do it, and plenty to lose if you don't. So you better get onboard, and fast. Right?

Well, yes and no. Yes, it's urgent. And no, you shouldn't rush it.

No one could blame you for wanting to plunge right in and get something - anything! - up and running. But when it comes to building a really solid infrastructure for B2B integration in an SOA, planning is everything. You're doing something that's fundamentally different from the way you've always done things before. You're bringing together entities with different systems, cultures, and ways of doing business. And to get it right, you're going to need to proceed carefully.

That's doesn't mean planning it to death, or missing opportunities because you were too busy getting ready for them. But it does mean answering some basic questions before you proceed.

• What's your first B2B project going to be?
• Who's going to be involved?
• How are you going to secure it? Scale it?

Think through everything on the front end, and you'll save time and trouble later. Here are some things you can do to help ensure your success.

Pick the Right Project, Partners, and Protocols
Make your first trading partner integration project the easiest one. Choose partners that already understand B2B as well as the related IT and integration issues; partners who know why the old one-off connections won't work in multiple-partner scenarios, and who've given some serious thought to integration alternatives. Even better, consider partners who already have B2B gateway infrastructures in place.

Once you know who you're working with, you'll need to choose the message-exchange standards and protocols that you'll follow to communicate with each other. (The next section of this article tells you more about how to do that.) Finish laying the groundwork by setting up a simple "request out/response in" message flow for sending and receiving information. Doing these things at the outset will make the rest of the planning process - not to mention the actual project implementation - go smoothly.

Frame It with Standards
If you have dozens, hundreds, or thousands of different trading partners, they will, of course, have dozens, hundreds, or thousands of different ways of doing things. That makes standards extremely important in B2B integration with multiple partners. Standards enable you to have a common set of processes for sharing access to resources that you can apply consistently across B2B projects.

For example, you're going to need a set of standards for exchanging messages and data with trading partners. So you need to choose standards and protocols that cover your specific communication needs, based on factors like the type of business you're in and the degree to which you need to leverage existing standards. Ideally, you'll want to be able to support a variety of protocols and standards that will work with different projects that may come up.

Most B2B transactions today are based on the EDI standard. It's been around for a long time, it's tried and true, and it's widely used. But it's also gradually being eclipsed by standards like OASIS, UBL, and xCBL that are based on the XML message format. XML appears to be on the way to becoming the norm for business communications. It's not there yet, however.

For example, in healthcare, it's hard to justify replacing EDI, because thousands of healthcare organizations have already implemented EDI standards. So what do you do? Split the difference and set up your integration infrastructure to support both EDI and XML. (And be sure the B2B integration software you select is a standards-based product that supports a wide range of standards.)

EDI, OASIS, UBL, and xCBL are all cross-industry standards that are freely available to anyone. But there are also a number of XML-based, industry-specific standards around which you can build a standards framework, including:

• AIAG (automotive)
• CIDX (chemical)
• FIXML, iFX, and SWIFT (financial)
• HIPAA (healthcare)
• PIDX (petroleum / energy)
• RosettaNet (electronics)

Today most industries have at least one XML-or EDI-based protocol. If there's no industry-specific standard for your business, help create one by participating in the standards-setting process of a standards body. Okay, that may not sound like the best place to direct IT resources when there's so much else to do - but it's a golden opportunity to help set the direction of the standard that's going to support your industry.

You can divide the standards protocols up into four sections: transport, delivery, security, and business. Transport protocol choices are HTTP and HTTPS (the most popular choices for transport over the Internet), FTP, SMTP, and others. Selecting a delivery protocol such as AS2 or the ebXML Message Service provides you and your trading partners with several necessary items: the ability to assign a digital signature identifying the sender, and the capability of XML Encryption to encrypt either the entire document or parts of the document. Delivery protocols also define the series of acknowledgments and responses for reliability. So adding a delivery protocol to the mix gives both parties non-repudiation.

Business protocols define the actual business document that is the goal of eBusiness messaging.

Security protocols are closely tied to the delivery protocol. Using SSL (HTTPS) is the most common. Applying a digital signature and using XML Encryption, as mentioned, will lock down the message so that no prying eyes can see its details, and also ensure that the message arrives untampered with.

Secure the Structure
Integrating with trading partners means exposing your internal IT assets to them - and that means identity management has to be a cornerstone of your infrastructure security. To ensure that you get the level of security you need, choose identity-enabled B2B integration software that includes comprehensive, advanced identity management capabilities.

How does identity management support security in SOA-based B2B infrastructures? By enabling you to 1) apply security policies to services and business processes and 2) control access based on policy.

With identity-enabled B2B integration, you'll be able to protect IT assets by centrally managing users' access to applications and services through identity-based authorization and authentication. You'll also be able to audit that access automatically on an ongoing basis through identity-based auditing. Even better, you'll be able to do these things without the hassle of having to roll out and maintain separate solutions and vendors for B2B integration and identity management.

Of course TCP/IP firewalls have been protecting the perimeter of your organization for quite a while by now. But many traditional TCP/IP firewalls allow XML to pass through ports without examining what is actually in the XML data elements. And plenty of nasty stuff can be included in the XML, like denial of service attacks, SQL insertion attacks, and Trojan binaries. If you choose to use XML-based protocols as a delivery or business protocol, it's a prudent (many would say required) strategy to deploy an XML firewall in the DMZ and make it the first stop every message makes on its way into your network. This will provide a higher degree of protection for your organization.

Set Up a Library of Services
You can't have an effective integration infrastructure today without reusable services. That's one of the main reasons that one-off solutions aren't viable: they require you to create a whole new set of services for every partner integration. Instead, you need reusable services to manage many of the processes associated with message flow, security, and business activity monitoring.

Reusable services are ideal for tasks like message validation, processing, tracking, and auditing. They can also be used to deliver mechanisms for secure partner-data storage, access management, and virus protection. Because reusable services are so vital to trading partner integration, be sure to choose a B2B software solution that includes functionality for message processing, security, and other reusable services.

Build It to Scale
You need to get your trading partners connected to your systems fast, so both of you can benefit from B2B integration as quickly as possible. But the more trading partners you have, the tougher this can be. The following best practices for on-ramping trading partners on a large scale will make it easier:
•  Set up a dedicated Web site where partners can go to find general information about integrating with your business, as well as project-specific information about partner agreements, business processes, technical specifications, and so forth
•  Engage a third-party service for testing and certification to deliver feedback to partners on where their processes are delivering data successfully and where they're not, so they can take whatever corrective action is needed to keep the on-ramping process going smoothly
•  Assemble a dedicated team of IT engineers and project managers responsible for trading partner relations during on-ramping including maintaining the project-specific information on the Web site

In B2B integration, a little planning goes a long way. Make the right choices about people and projects, be informed on issues like standards and services, and keep security and scalability top of mind - and your integration project is far more likely to succeed.