iSHARE: New way of trusting and sharing data in the Logistics Sector
A month ago iSHARE organized the second Tech-celerator event in the Netherlands for organizations and partners that are already involved in adopting iSHARE. As one of the first implementation partners in the Netherlands Rojo Consultancy was also part of this event and presented an interesting use-case and end-to-end live demo about how iSHARE add value in a supply chain network driven by SAP and non-SAP participants.
For this use-case Rojo Consultancy positioned SAP ERP as the source system and demonstrated how a shipment instruction to a carrier (represented by a Shipment IDOC) can be shared across the logistics chain more efficient and regulated using iSHARE as authentication and authorization layer.
Before going into more details, first let’s briefly explain what iSHARE is.
iSHARE is an authentication & authorisation protocol for both machine2machine and human2machine communication based on a JSON REST API architecture and acts as a set of agreements about sharing data in the Transport & Logistics sector. This set includes Functional, Technical, Operational and also Legal agreements, agreed by the sector itself.
The idea behind iSHARE is that when all parties in the sector adhere to the same agreements, when these parties agree to use the same technical standards for identification, authentication and authorization and agree to share data only to use for what is allowed according to the iSHARE agreements, the time and costs that are spent today on software integration and getting to know each other and trust reduces exponentially.
Business Scenario: Often times there is a requirement to integrate your SAP ERP system with a new LSP (Logistics Services Supplier, 1PL, 3PL, 4PL, etc.) , exchange data with a new customer or vendor your organization needs to introduce or setup a new set of interfaces to facilitate the flow of data between those parties. That also includes defining and agreeing the right way right way of authentication and authorization, to secure and regulate the flow of data between your company and those external entities.
iSHARE is the exact answer to the above explained recurring challenge. But how will iSHARE solve the above problem and what role does Rojo Consultancy play. So, to answer this let’s get into the technical details of the Demo which we built and demonstrated during the Tech-accelerator event. In the figure below we high-level depict the end-to-end scenario, including the Rojo iSHARE as a service business content for SAP Cloud Platform Integration – CPI.
- Entitled Party (SAP ERP): Can be any company who own ERP
- Service Consumer (SAP CPI): Rojo Consultancy plays the role of Service Consumer on the behalf of Entitled party or Service Provider.
- Scheme Owner: Can be governed by Entitled Party or 3rd Party and maintain the list all trusted parties and CA.
- Authorization Registry: An entity which maintain the list of Policy for in a network for parties adhering iSHARE protocol.
- Service Provider (Carrier Company): Can be any company who provides service to the entitled party
The Scenario can be broken down into below steps:
1) SAP ERP sends shipment IDOC to CPI:
The IDOC triggered from SAP system with all the required details is received by SAP CPI so as a service consumer and fetches the information of Sender and Receiver party from the IDOC.
Each involved party adhering iSHARE has its EORI number irrespective of their role in Supply Chain against a Sender/Receiver.
Using EORI number, Public Key & Private Key from keystore a JSON Web Token(JWT) is generated locally in CPI. The JWT generation is delivered as part of the Rojo iSHARE as a service for SAP CPI, making it simple for integration-developers to consume and apply in any iSHARE scenario.
2)CPI Validates the Involved Party:
Once the JWT token is generated CPI (Rojo) as service consumer will perform the following tasks :
- Get the access token from Scheme Owner using JWT generated so that we can initiate party validation.
- The access token is requested in format “application/x-www-form-urlencoded”
- Get the details of Involved Parties and validate following details of Entitle Party and Service Provider:
- They are in the trusted list
- Their Status is active
- The role they can play in the network.
- Log the details of service provider
3)CPI Validates the Delegation Policy between parties involved:
In Authorization registry(AR) we maintain the set of policy which explains what, when and between whom data can be shared.
- After the parties are validated the Delegation evidence is sent to AR based for validation and the request looks like below
- In response from Authorization registry(AR) we get a delegation evidence which states that the parties are allowed to exchange data.
- Based on the Response the data is send to Service provide or a warning message is send back to the SAP system.
4)Shipment Instruction is sent to Carrier company:
After Successful validation of Delegation Evidence from AR the shipment instruction is supposed to be sent to Service Provider which in our case is a carrier company.
- The access token is requested from Service provider according to iSHARE framework.
- After getting access token the Shipment instruction is posted to Service provider at the API exposed by them.
As we have shown in this short blog, with the power of SAP Cloud Platform integration and data-sharing rules defined by iSHARE, we can now standardize any type of data sharing scenario in a reliable and secure manner. In a highly integrated logistics industry governed by iSHARE data sharing rules, you are in-control from start to finish, when and which data flows smoothly and securely among authorized parties.
Interested to see how iSHARE can help your organization effectively standardizing the way you share data across the supply chain? Reach out to the author of this blog.