Table of Contents

Syscob Admin Guide → Secure EDI [SEDI]

2.  Introduction to SEDI Protocol

Syscob Export-It and Export-It Plus applications for Windows® communicate using ISO standard Electronic Data Interchange [EDI] with only “EDI partners” (DofA, 1-Stop, Customs [DIBP] and Bryn).  It employs Australian standard Secure EDI [SEDI] protocol to exchange EDI “Interchange” traffic via the (presumed to be unsecure) InterNet email system.

SEDI communications used in Australia conforms to the requirements defined by the statutory agencies (Customs and DofA) and the gateways (1-Stop and Bryn).  It is used to transport sequentially numbered “Interchange” blocks whose format is defined by the “Electronic Data Interchange for administration, commerce and transport” [EDIfact ISO 9735] standard.  Within an “Interchange” are EDI “Messages” that are defined by the UN ECE and used as specified in documents published by the agencies (Customs “Software Developers Guide” [SDG], DofA “EXDOC Interface Specification” [EIS], 1-Stop “IFTERA” and “APERAK” specifications and Tradegate “IFTMIN” specification).

SEDI Mail Account

Every “EDI partner” must have one, and only one, RFC822 standard email account dedicated to exchange of EDI “Interchange” traffic.  For statutory EDI agencies the EDI mail account has a “well known” address (e.g. “edi.prod@daff.gov.au” for the DofA EXDOC system).  Exporters using EDI in Australia must also have an email account and address dedicated to EDI.  This email address is not used for human communications and should not be defined as a mail account in any user email application—it is only used by the SEDI subsystem of Syscob applications.

When an exporter registers with an EDI agency (which is required to establish a “partnership” for exchange of EDI traffic) they must specify the dedicated email address that will be used by the exporter for EDI “Interchange” traffic.  If direct communications with Customs ICS is required then the exporter must also obtain and register a “Gatekeeper Type 3 CA” [device] Digital Certificate which is uniquely associated with the exporter's dedicated EDI email address.

SEDI Mail is Presumed to be Unsecure

Because SEDI employs Internet email, and because of the inherent security “threats” which can originate in the web, the SEDI protocol assumes that any mail received is a potential source of infection—should any script, commands or other content be allowed to execute.  Therefore, any traffic received by SEDI is handled in a secure manner:

  • If a message did not originate “From” an “EDI partner” then it is treated as SPAM and only handled as simple MIME text.
  • If the “EDI Interchange” is in compressed form then it will be decompressed, but any scripts or commands in the archive will not be allowed to execute.
  • Even for valid SEDI traffic the MIME headers and wrapper will be discarded and only the embedded “EDI Interchange” logged and processed.
In no case will anything received from the web be allowed to execute.  This ensures that any inbound “threats” cannot affect the SEDI machine or the exporter.

Only Customs ICS Needs Digital Certificates

The Australian Customs Service [DIBP] Integrated Cargo System [ICS] is the only EDI system in Australia that requires the use of Digital Certificates (from the VeriSign “Gatekeeper” program also employed by the Australian Taxation Office [ATO]).  EDI communication with EXDOC or 1-Stop or BabelBridge does not require Digital Certificates, but Customs ICS requires that EDI traffic be “signed” by the originator, to avoid spoofing, and that the content be “encrypted” to assure integrity and confidentiality during transport.

Subsequent topics in this section provide the detailed requirements for SEDI transport.

Table of Contents

Secure EDI [SEDI] » ServersScanningCertificatesConfigurationDiagnosticsLog Files