RSS

Category Archives: Work

The joys of being a POSR

Nope… not a mis-spelling – that’s POSR, as in Punch Out Setup Request.  As part of this current set of postings on cXML and the magic that is eCommerce that’s the subject dujuor.  The totally awesome and completely cool … POSR.

Now, a POSR is probably the single most important part of the eCommerce step by step.  It’s what authenticates and allows and online catalog to be sent to you. 

Here’s what one looks like  courtesy of www.cxml.org

The first section of a POSR handles the Doctype and how to handle the document…

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cXML SYSTEM "http://xml.cXML.org/schemas/cXML/1.2.020/cXML.dtd">
<cXML payloadID=1233444@ariba.com   timestamp="2000-03-12T18:39:09-08:00">

Now the grey line up there has the doctype and you can put all kinds of good things in there but what I’m showing here is the most important part – the DTD.  With this badboy you can write an app that will allow you to validate all your cXML and make sure it works, using some very simple XML routines and a few free tools available on the web. 

TIP:
You can – also find xml validators that can read the DTD – but many will choke on this line.  XML Notepad for example is designed for pretty much XML only and not cXML, and will choke.  The same thing goes for some browser based viewers.  If that’s all you’ve got to view xml – remove this line and you’ll find it’ll load the file fine.

Anyway, you can use the DTD to learn a lot about what’s wrong with any cXML that you’re given (or that you create) by validating it against the DTD.  So if you’re not – do so.  It’ll save you weeks of headaches.  This is especially true if you’re dealing with SAP or some of the Oracle solutions out there that like to write their own versions of cXML, or worse let you output in any fashion you want without telling you there are rules to how cXML is processed. 

<cXML DTD and  Consultant Rant Begins Here>
I would say 80% of the work I’m currently doing is on telling people how to validate their cXML, and fighting with people who tell me, “But we work successfully with dozens of vendors doing it this way…”.  That may be the case – but cXML has rules, and it doesn’t matter how anyone else works – if you’re outputting to cXML you follow it’s rules or you pay.

The reward for following the rules is that if you do have a valid document – cXML is as stable as a rock, and your cXML will process like cannonball from a cannon.  So it is worth the effort to do it right, even if your “consultant” tells you it’s not necessary.  (Clue – if your “expert” tells you it’s not necessary to follow a standard… slap them.  They either don’t know how to follow the standard, have been told by a software application advertisement it’s not necessary, or something but the bottom line is – they don’t know.  I’ve seen a rash of “consultants” who claim this standard or that standard isn’t needed.  It usually is – and the only reason why they don’t or they won’t use the recommended DTD standard is that they assume what they’ve been told by articles or others who are not familiar with them, that a DTD is basically the same thing as an XSD schema.  

They hold many things in common, and often have a degree of interchangeability – but there is a reason why a DTD and an XSD exist and we don’t just use one or the other.  The subtle nuances in how they work allow them to perform different degrees of use for different types of uses.  For cXML the DTD is the model you need to be using, and one of the reasons is that certain required fields within the cXML DTD file enforce rules needed to make cXML work efficiently and correctly.  When consultants try to slip around these rules, or try to get loose with the rules – it may work fine on their local system, but when they try to connect to anyone else, it becomes costly and time consuming.
</End Rant>

Before move on, it’s important to point out one thing in the DTD.  DTDs are versioned.  Each version has it’s own requirements and rules.  If you find that you’re not validating – check the version which you’re validating against – it does make often a very big difference.  You can read more about each of the versions, and get copies of them at www.cxml.org.

So… let’s get back to the POSR.  What this does is it handles the hand shaking between the customer who is “Punching Out” to the vendor who has the catalog of goods that they will punch out to us.  Now the concept of the “PunchOut” is very simple.  A customer may have a massive catalog of items, but we don’t want all of them, or we may have rules regarding certain items in the catalog.  (Joe the Janitor probably isn’t allowed to buy the same things that Victor the V.P. does at a company.)   This can be controlled by the catalog that is “punched out” to the customer.  And all of this – begins with the POSR, where we authenticate not just the company but often the employee at the company who is requesting access to the catalog. 

This is done at the header of the POSR.  Here’s what a header looks like:

<Header>
        <From>
            <!– Supplier’s identity –>
            <Credential domain="NetworkID">
              <Identity lastchangedTimestamp="2000-03-12T18:39:09-08:00">AN01333333333</Identity>
            </Credential>
        </From>
        <To>
            <!– BCE’s identity –>
            <Credential domain="NetworkID">
                <Identity>AN01222222222</Identity>
            </Credential>
        </To>
        <Sender>
            <Credential domain="AribaNetworkUserId">
                <Identity>admin@ariba.com</Identity>
                <SharedSecret>bce’s shared secret with AN</SharedSecret>

            </Credential>
            <UserAgent>Ariba Network v20</UserAgent>
        </Sender>
    </Header>

The area you need to pay closest attention to is the one that reads “AribaNetworkUserId”, which I’m going to break from things here and point out that cXML is a standard developed by Ariba, and so – you’re going to see a lot of cheerleading for them in it.  But you will probably have to change this for some eCommerce companies who… ahem… have competing products.  But what you should never deviate from – is the use of a ID and SharedSecret.  These will generally be supplied to you – from the vendor doing the punchout.  These are the most important part of the punchout.  Without them… you won’t authenticate, you won’t get a catalog and you will most definitely not pass go and collect $200.

Now if you’re familiar with earlier versions of cXML you’ll note that up in the Suppliers Identity – there’s a lastChangedTimestamp and you may not have seen that before.  The truth is cXML (even with all those DTD rules) is very flexible.  And you can actually put in your own Identities in this section so if your internal cXML processor needs other names to identify it – go to it.  I’ve actually seen cXML where there were up to 15 Identities here.  So long as the Identity that you and your vendor have agreed upon is in here amongst the others you can get pretty creative and this is a good place for you as an organization to make use of multiple identities.

The next part of a good punchout setup request is … the request itself.   It contains a cookie, and if you have to do debugging something really handy… the BrowserFormPost.  If you can locate this you can discover exactly here it originated from – and often this can help with network an connectivity issue resolution.  So – keep track of that. 

<Request>
    <ProviderSetupRequest>
        <OriginatorCookie>c546794949</OriginatorCookie>
        <BrowserFormPost>
             <URL>
http://service.ariba.com/returntome</URL>
        </BrowserFormPost>

        <Followup>
             <URL>http://service.ariba.com/laterUpdates</URL>
        </Followup>
        <SelectedService>BCE.Edi</SelectedService>
        <Extrinsic name="user">
           <Identity>user234</Identity>
        </Extrinsic>
        <Extrinsic name="url">
           <URL>
http://service.ariba.com/anotherurl</URL>
        </Extrinsic>

    </ProviderSetupRequest>
</Request>

Also up in there… are the extrinsics.  Now I’ll let you in on a secret.  Most of the stuff you see up there?  Look up in the DTD – you’ll find a lot of it is not required.  Remember that rant on DTDs I had up above?  The DTD – will tell you exactly what fields are required and which fields are optional for cXML.  Now, some vendors may have rules over and above those – but the DTD is core.  It speaks – the world listens.  So – check to see what you need and what you don’t need. A good rule of thumb for efficient processing is that if you don’t need to be sending  it – don’t.  All that does is make the systems on the vendor’s end have to read through it and figure out if it’s needed or not.

Put into a cXML document only those things you absolutely need for the best performance. 

And that leaves us to the last part about the POSR… the closing tag. 

</cXML>

I won’t go into a rant over tags here – but I will say that a well formed document with complete tags is essential.  Don’t get sloppy.  cXML is not forgiving when it comes to tags.  It’s not chopped HTML where an unclosed tag will let it slide through.  It may work on your system – but validate, validate, validate. 

Get a tool which handles DTD validations, or roll your own.  Either way – validate your stuff.  If you use a tool like SAP or Oracle, find out how to get your output – even if you have to get it from the server logs and validate that.  Make sure the application you’re using actually does churn out valid cXML if you’re sending it to a vendor.  The time you save on that one chore – may save you weeks of arguing back and forth which of you has the problem.  Don’t just assume your cXML output is good – KNOW it’s good because with the flexibility in some tools that I’ve mentioned it will actually let you create very bad cXML that no one can run no matter how forgiving their system is.

Well this is a larger post than I meant – but I’ve been behind on my postings… so seemed I should make up for it here.  Next we’ll look at the PunchOutSetupResponse (the return to the POSR) – the OrderRequest and the POOM.  (Yeah, yeah… I can tell you’re all shaking with anticipation.)

See you next week.

Advertisements
 
Leave a comment

Posted by on April 13, 2009 in Work

 

what’s been keeping me up at night…

Been a bit busy… so I figured I’d give everyone a taste of the somewhat promised cXML eCommerce toy I’m working on.  So here are a few screen shots.  As you can see – it’s designed to load cXML or XML and perform validations.  It also allows the tester to actually POST the cXML PunchOut and OrderRequests directly to the server.  This retrieves complete header information.  The tester can auto-generate OCI HTML web forms that can be sent to customers for their own testing.  

You can also verify Authentication Tokens, Session IDs, and perform HostName / IP Address checks. 

The cXML validation allows the user to validate against any of a number of DTD files, from cXML to those used by OSN or even 3rd party or local files.  Anyway… that’s what has been keeping me from Posting.   In the next week or so – I’ll get some code up and discuss how eCommerce procurement systems work a little more directly. 

Until then… you’re just going to have use these shots and wonder.  (And for the record … yes I have removed any sensitive info from these screen shots.  The cXML displayed is a generic OrderRequest form. 

 image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

image

 

image  image

image

 
Leave a comment

Posted by on April 3, 2009 in Design, Development, Internet, Work

 

what’s been keeping me up at night…

Been a bit busy… so I figured I’d give everyone a taste of the somewhat promised cXML eCommerce toy I’m working on.  So here are a few screen shots.  As you can see – it’s designed to load cXML or XML and perform validations.  It also allows the tester to actually POST the cXML PunchOut and OrderRequests directly to the server.  This retrieves complete header information.  The tester can auto-generate OCI HTML web forms that can be sent to customers for their own testing.  

You can also verify Authentication Tokens, Session IDs, and perform HostName / IP Address checks. 

The cXML validation allows the user to validate against any of a number of DTD files, from cXML to those used by OSN or even 3rd party or local files.  Anyway… that’s what has been keeping me from Posting.   In the next week or so – I’ll get some code up and discuss how eCommerce procurement systems work a little more directly. 

Until then… you’re just going to have use these shots and wonder.  (And for the record … yes I have removed any sensitive info from these screen shots.  The cXML displayed is a generic OrderRequest form. 

 image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

image

 

image  image

image

 
Leave a comment

Posted by on April 3, 2009 in Work

 

Grumblings from the field…

In a bit of a hurry this morning so this’ll just be a cap up of what’s going on.

The Job Market in the Pac Norwest for software development and IT has definitely taken a blow – but there’s still a lot of work out there.  I still receive about 4 or 5 job requests per week (my resume is unusual as I have job skills that are uncommon).  But most of these for the last three weeks are not ones I’d really look into unless the economy is bad.  The practice of sending out contact emails for positions with unrealistically low or unrealistic job requirements (usually both) for the purposes of being able to say, “We couldn’t find anyone here in the USA qualified” is still pretty rampant.  I’ve seen about 6 of those in the last month.  (When was the last time you saw an honest request for a Program Manager with a background as a Sr. Developer with 10 years experience for $25/hr??  Yeah – they seriously want to fill that position.)

It’s insulting and disgusting that companies will go to that length to justify hiring outside the US, and it’s more annoying that the offers come from respected legal and recruiting firms.  I won’t say who I’ve seen use this the most – however you might be surprised their one of the longest and major supporters of Open Source software and similar initiatives.  I’ve said it before that one of my core dislikes of the OSS community is it’s naiveté regarding the fact that their largest supporters exist because they’re too cheap to pay for software and have always felt software had no value.  It becomes pretty obvious when a companies true motivations for greed and being cheap are so thinly veiled behind the cloak of “We’re one of the good guys!”. 

Let’s face it – if you’re not making your money off the development of the software that people use, then you have to be making it off the process of selling it or supporting it.  In a model such as that the guy on the low end of the totem pole will always be the guy who created it in the first place.  They are the ones who’s efforts are not perceived as having value because it’s their efforts they place as having little or no cost associated to them.  (If you’re not charging anyone for the hours it took to develop  product – which is where that model places the cost recoup at – then the developers and creators are effectively valued at ‘zero cost”.)

So where do these companies place value?  They place it on the management end of things and the sales end of things.  The sales of the software, and over a long term the sale of the software support, or the sales of the software as a service.  Bottom line – the jobs they really care about are managers and sales people.  For the people who come up with the software, who spend the hundreds and thousands of man hours to code it to test it and to bring it to life?  Well, they’re a necessary evil – one which if they can find anyone to do it cheaper – they will.  Which is why yes… they do send out emails to people here in the USA looking for jobs, people they’ve often

laid off or let go, giving unrealistically low, or unrealistic job requirements, or in some cases just bizarre job requirements, all so they can be turned down.  They can then go before the US Congress and Senate and say, “We looked for people here in the USA for these jobs – but there aren’t any who meet the qualifications!  Can we go overseas and get them without losing our tax breaks???”. 

The HR departments of these companies can sign up for (and line up for) classes to learn how to do this.  And this doesn’t burn you up – the fact is this is not the “American Job” vs “Overseas Job” issue that drives this, and those probably hardest hit are – as incredible as this may seem – overseas wokers.  Overseas, in places like Hyderabad, Beijing and the former Soviet Republics you’ll find the amount of fraud based job services there is a full blown industry not all that different than Coyote hustlers that tell immigrants they can sneak them through the American border but take their money and leave them, often with no hope of survival.   Now, if you say, “Hey we’re cracking down on these bastards”, I’d like to point out – they busted 11 people and companies.  11 of them is not even a band aid on this gaping wound.  11 busts isn’t even lip service to the literally billions being spent on this.  The fact is that as long as it’s profitable for these companies to treat the people who create products you use like dirt (and for many of us – that person is us) they will continue to do so. 

So – hey – support the open source movement – make software free to everyone.  It is after all, just someone’s idea – it’s not like has value right?  Anyone can do it, and with the right sales model we can recoup the loss by selling maintenance, and services.  While you’re at – you may want to head down to Walmart and buy a nice coat made by children overseas to keep warm in on that unemployment line.  Just some food for thought. 

 
Leave a comment

Posted by on February 16, 2009 in Design, Development, Internet, Work

 

Grumblings from the field…

In a bit of a hurry this morning so this’ll just be a cap up of what’s going on.

The Job Market in the Pac Norwest for software development and IT has definitely taken a blow – but there’s still a lot of work out there.  I still receive about 4 or 5 job requests per week (my resume is unusual as I have job skills that are uncommon).  But most of these for the last three weeks are not ones I’d really look into unless the economy is bad.  The practice of sending out contact emails for positions with unrealistically low or unrealistic job requirements (usually both) for the purposes of being able to say, “We couldn’t find anyone here in the USA qualified” is still pretty rampant.  I’ve seen about 6 of those in the last month.  (When was the last time you saw an honest request for a Program Manager with a background as a Sr. Developer with 10 years experience for $25/hr??  Yeah – they seriously want to fill that position.)

It’s insulting and disgusting that companies will go to that length to justify hiring outside the US, and it’s more annoying that the offers come from respected legal and recruiting firms.  I won’t say who I’ve seen use this the most – however you might be surprised their one of the longest and major supporters of Open Source software and similar initiatives.  I’ve said it before that one of my core dislikes of the OSS community is it’s naiveté regarding the fact that their largest supporters exist because they’re too cheap to pay for software and have always felt software had no value.  It becomes pretty obvious when a companies true motivations for greed and being cheap are so thinly veiled behind the cloak of “We’re one of the good guys!”. 

Let’s face it – if you’re not making your money off the development of the software that people use, then you have to be making it off the process of selling it or supporting it.  In a model such as that the guy on the low end of the totem pole will always be the guy who created it in the first place.  They are the ones who’s efforts are not perceived as having value because it’s their efforts they place as having little or no cost associated to them.  (If you’re not charging anyone for the hours it took to develop  product – which is where that model places the cost recoup at – then the developers and creators are effectively valued at ‘zero cost”.)

So where do these companies place value?  They place it on the management end of things and the sales end of things.  The sales of the software, and over a long term the sale of the software support, or the sales of the software as a service.  Bottom line – the jobs they really care about are managers and sales people.  For the people who come up with the software, who spend the hundreds and thousands of man hours to code it to test it and to bring it to life?  Well, they’re a necessary evil – one which if they can find anyone to do it cheaper – they will.  Which is why yes… they do send out emails to people here in the USA looking for jobs, people they’ve often

laid off or let go, giving unrealistically low, or unrealistic job requirements, or in some cases just bizarre job requirements, all so they can be turned down.  They can then go before the US Congress and Senate and say, “We looked for people here in the USA for these jobs – but there aren’t any who meet the qualifications!  Can we go overseas and get them without losing our tax breaks???”. 

The HR departments of these companies can sign up for (and line up for) classes to learn how to do this.  And this doesn’t burn you up – the fact is this is not the “American Job” vs “Overseas Job” issue that drives this, and those probably hardest hit are – as incredible as this may seem – overseas wokers.  Overseas, in places like Hyderabad, Beijing and the former Soviet Republics you’ll find the amount of fraud based job services there is a full blown industry not all that different than Coyote hustlers that tell immigrants they can sneak them through the American border but take their money and leave them, often with no hope of survival.   Now, if you say, “Hey we’re cracking down on these bastards”, I’d like to point out – they busted 11 people and companies.  11 of them is not even a band aid on this gaping wound.  11 busts isn’t even lip service to the literally billions being spent on this.  The fact is that as long as it’s profitable for these companies to treat the people who create products you use like dirt (and for many of us – that person is us) they will continue to do so. 

So – hey – support the open source movement – make software free to everyone.  It is after all, just someone’s idea – it’s not like has value right?  Anyone can do it, and with the right sales model we can recoup the loss by selling maintenance, and services.  While you’re at – you may want to head down to Walmart and buy a nice coat made by children overseas to keep warm in on that unemployment line.  Just some food for thought. 

 
Leave a comment

Posted by on February 16, 2009 in Work

 

money for nothin…

Got up this morning and saw a very disturbing story about people scamming people through Monster.com.  They covered one scam – which adminittedly is a pretty lame scam. but people are falling for it. 

You get contacted by a firm they “hire” you but… OH NOES!  You need the latest Laptop, or a company cell phone or other medium to large purchase.   Don’t worry, they’ll send you a check for the expenses to get you working right away… what’s your bank account number?  They need to do a wire transfer. 

All of this seems somewhat reasonable.  And when you’re out of work it sounds like a dream come true.  Problem is that like many things that are too good to be true it is.  You give them your bank account info – and they give you an empty bank account.

Now, here’s another scam they can do… in order to get you your supplies their company ONLY banks through bank _________ and you need to set up an account there.  (In the example on TV the bank was Wells Fargo – but I’ve seen this scam with others.)  Once you set up an account there they send a check through.  You go buy the laptop and send them the receipt.   Sounds pretty legit right?  They  did send you money all they wanted was the receipt – you got a laptop out of the deal right?

Three days later your new bank account informs you it’s waaaay overdrawn and that banking fraud is illegal.  Seems that tansfer got refused.  You now owe the bank for the money – and the credit card company you bought the laptop through – and you btw – find out the laptop that you sent that receipt for?  It’s already been returned somewhere else.

Here’s how this works – it relies on a scam that knows how banks work.  So when someone gives you a wire transfer… you sit on that check until it actually clears.  When dealing with someone new that asks unusual requests like these… call the bank and verify the funds.  They can do this without alerting anyone, and it’s actually accepted banking behavior. 

So… be careful.  Watch out for Monster, HotJobs and especially Craigs List jobs … if you’re  professional – verify the company with a professional web site, or make some calls.  Check with better business bueau – do a bit of research. 

Earlier this year I had a very legit firm that contacted me.  I went through 3 rounds of interviews over the phone and got flown out to meet for a face to face interview.  A great group of people.  But something didn’t feel right so I did some googling and checking for sales numbers, checking for who the company was and what they’d done vs. what their PR said they wanted to do.  Turned out their eyes were bigger than their pocketbooks and I was actually called by them the week before I was to start (after months of contact and planning) and they informed me they were unable to hire me.

Had I not been expecting this – financially it would have been a disaster. 

So – lessons learned for everyone – Check All Future Employers out!  They run a background check on you – you should be running one on them.    Google., www.Zabbasearch.com , www.yahoo.com, there are dozens of ways to look up a company – look them up.  Do a search on future bosses.  Know who it is that is making that offer – know as much about their business as the do.  It can’t hurt … and your impressive knowledge of their company may actually help you land a job. 

 
Leave a comment

Posted by on January 27, 2009 in Work

 

money for nothin…

Got up this morning and saw a very disturbing story about people scamming people through Monster.com.  They covered one scam – which adminittedly is a pretty lame scam. but people are falling for it. 

You get contacted by a firm they “hire” you but… OH NOES!  You need the latest Laptop, or a company cell phone or other medium to large purchase.   Don’t worry, they’ll send you a check for the expenses to get you working right away… what’s your bank account number?  They need to do a wire transfer. 

All of this seems somewhat reasonable.  And when you’re out of work it sounds like a dream come true.  Problem is that like many things that are too good to be true it is.  You give them your bank account info – and they give you an empty bank account.

Now, here’s another scam they can do… in order to get you your supplies their company ONLY banks through bank _________ and you need to set up an account there.  (In the example on TV the bank was Wells Fargo – but I’ve seen this scam with others.)  Once you set up an account there they send a check through.  You go buy the laptop and send them the receipt.   Sounds pretty legit right?  They  did send you money all they wanted was the receipt – you got a laptop out of the deal right?

Three days later your new bank account informs you it’s waaaay overdrawn and that banking fraud is illegal.  Seems that tansfer got refused.  You now owe the bank for the money – and the credit card company you bought the laptop through – and you btw – find out the laptop that you sent that reciept for?  It’s already been returned somewhere else.

Here’s how this works – it relies on a scam that knows how banks work.  So when someone gives you a wire transfer… you sit on that check until it actually clears.  When dealing with someone new that asks unusual requests like these… call the bank and verify the funds.  They can do this without alerting anyone, and it’s actually accepted banking behavior. 

So… be careful.  Watch out for Monster, HotJobs and especially Craigs List jobs … if you’re  professional – verify the company with a professional web site, or make some calls.  Check with better business bueau – do a bit of research. 

Earlier this year I had a very legit firm that contacted me.  I went through 3 rounds of interviews over the phone and got flown out to meet for a face to face interview.  A great group of people.  But something didn’t feel right so I did some googling and checking for sales numbers, checking for who the company was and what they’d done vs. what their PR said they wanted to do.  Turned out their eyes were bigger than their pocketbooks and I was actually called by them the week before I was to start (after months of contact and planning) and they informed me they were unable to hire me.

Had I not been expecting this – financially it would have been a disaster. 

So – lessons learned for everyone – Check All Future Employers out!  They run a background check on you – you should be running one on them.    Google., www.Zabbasearch.com , www.yahoo.com, there are dozens of ways to look up a company – look them up.  Do a search on future bosses.  Know who it is that is making that offer – know as much about their business as the do.  It can’t hurt … and your impressive knowledge of their company may actually help you land a job. 

 
Leave a comment

Posted by on January 27, 2009 in Work