The following text is copyright 1998 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.

When is the Internet not the Internet?

By Scott Bradner

According to the published schedule the ANX is about to get real.

For the past few years the Automotive Network Exchange (http://www.aiag.org/anx/) has been preparing to change the way that the automotive industry does business in North America. The next big step should come at any time. That step is the publication of a list of certified service providers (ANX CSPs). ANX CSPs are Internet service providers (ISPs) which have demonstrated compliance with ANX-specified requirements for network service features, interoperability, performance, reliability, business continuity and disaster recovery, security, customer care, and trouble handling, and which have connected to one or more ANX certified exchange points.

The basic idea is to move most of the electronic interaction between the thousands of trading partners which make up the automotive business away from private networks and to the public data network infrastructure. I.e. move the communications to the Internet, except that the ANX folk take care to say the ANX system is not the Internet even though they do mention that it is part of the Internet. The difference they say is in the guarantees provided by requiring the trading partners to use ANX CSPs rather than just any ISP.

Of the dozen or so network service features that the ANX requires an ANX CSP to offer the most important involves security. All ANX CSPs must be part of a public key certificate hierarchy with its top run by the ANX. This certificate hierarchy is used to enable the ANX-wide use of the IETF's IP Security (IPSEC) set of security functions to protect and authenticate transactions between trading partners. Just in time the IPSEC documents were approved by the IETF as Proposed Standards two weeks ago and there are already many vendors selling products based on these standards.

Since each ANX CSP must have an approved public key certificate which is used in real time to authenticate the CSP, this hierarchy also provides a way for the ANX to decertify CSPs that fail to maintain the required level of quality. The ANX certification authority just revokes the CSP's certificate and the trading partners which might be customers of that CSP can no longer operate. (According to the ANX documents some warning will be given in this case.)

I expect that as soon as the list of CSPs is released it will become the approved ISP list for many organizations that have nothing to do with the automotive industry. I also expect that we will quickly see other industry groups adopting the same approach to trading partner interactions. But I also expect that this will be a short-lived phenomenon. I expect that industry-specific certification will be quickly replaced by Consumer Reports-style ratings once there is a better understanding of what to rate. The ANX experience will help in this.

It should be quite amusing to watch the reactions of ISPs that fail to get certified. Bluster and treats of legal action, as some ISPs may try, instead of fixing the deficiencies, will tell me all I need to know about an ISP.

disclaimer: We don't do bluster at Harvard, or at lease we do not call it that - but the above anticipatory amusement is my own.