Hi! I was wondering if somebody could help me understand some XML stuff. I'm not a programmer or a web developer. I'm working on a project that involves building a secure electronic interface in HTTPS/XML form. It's not officially my job to build the interface or document the tech specs; my part is mostly on the business side and making the business users understand the process in lay terms. But I feel it would benefit me to understand HTTPS and XML. So I was hoping somebody could help me.
Let's imagine this scenario. I own a company that sells custom designer shoes to wholesalers. Company XYZ is a wholesaler who will buy from me in bulk. My website will provide XYZ quotes based on the following items XYZ uploads to my website: shoe size, height, material, and color. Once my website receives the data, it will return back quotes. So that's the overview of the process.
Here's the process in greater detail.
QUOTING WEBSITE
My shoe company has a website that provides quotes but on an individual basis. A user from Company XYZ will log onto my website to get a quote. The user can later make the purchase if desired.
HTTPS
My shoe company will build an HTTPS site that will link Company XYZ to my quoting website where they normally get individual quotes. But with this secure site, they will be able to ask for quotes in batches as opposed to individually.
COMPANY XYZ APPLICATION
Company XYZ will build their own application that they will use to connect to my quoting website.
1) AUTHENTICATION
The application that Company XYZ will build will go through two levels of authentication: one at the system level to log their application on to my secure electronic interface (and ultimately to my quoting website). Then at the "user" level, the application will log on a user.
2) LINK
Once authenticated at both the system and user levels, XYZ's application and my quoting website start "talking to each other".
3) UPLOAD / QUOTE REQUEST
Once their application and my quoting website are linked via my secure electronic interface, Company XYZ's application can upload the shoe size, height, material, and color in batches....say, for 100 potential customers that have contacted them for quotes. They would upload the data in XML format.
4) REAL-TIME RESPONSE
Considering all the data uploaded is good (and I can make all the shoes they specify...i.e., no errors), my quoting website will return quotes in real-time. Let's just say, for the purpose of playing out the scenario, the website will return a PDF. The PDF would show the size, height, material, and color as specified on the upload, as well as a sketch of the shoe, and of course, the price.
All 4 steps described above occur from application to application. There is no human intervention at all. If any, the human intervention would occur at the "purchasing" stage where, say Potential Customer Jane Doe receives her quote from Company XYZ on a Size 7, 4" heels, black leather pumps and decides to make the purchase. A person (let's call him Michael) in Company XYZ would manually log on to my quoting website and make the purchase of Jane's shoe. (His sale to Jane no longer concerns me.)
Another "purchasing" scenario would be Potential Customer Maria Lopez receives her quote from Company XYZ on a Size 6.5, 2" heels, brown suede leather boots. She changes her mind and wants the boots in leather instead of suede. Michael of Company XYZ would manually log on to my quoting website and manually edit the quote and change the material from suede to leather. My quoting website would yield another quote for the 6.5, 2" heels, brown leather boots. If Maria agrees with the new price, Company XYZ makes the purchase on my website. (Again, Michael's sale to Maria no longer concerns me).
From what I understand, what I just described above is not uncommon. Many companies build secure sites of this nature, so I hope somebody can clarify the questions I have. I plan to pose these questions to my development team, but it would be nice to have more than one source. So...without further ado, here are my questions:
Q1: In the steps described above, XYZ's application will send an authentication request twice: one at the system level and the second at the user level. Although there is no human intervention and it's all app to app, I would think a person would still have to trigger the process. If not, how does it work?
Q2: Still regarding authentication, when the dual authentication occurs, is there something that shows on XYZ's screen?
Q3: Say Michael at Company XYZ keeps an Excel speadsheet of all customer requests - 6 columns: customer first name, customer last name, shoe size, heel height, material, and color. Michael now has 100 customer requests. He wants to send me his batch of 100. How will he "translate" his spreadsheet data to XML for my quoting website to understand it when it gets uploaded by their application? (I think part of this is, I don't understand fully how XML works so wouldn't know how this would happen. How would the worksheet be translated to XML? Is it translated as a whole worksheet or just the cells/rows/columns that have the data he wants to send me? Once translated, how does the screen look when the XML upload of the data occurs?)
Q4: In #4 above where my website provides a real-time response, specifically in PDF form as described above, how exactly would XML return a PDF?
Q5: Looping back to the authentication part, since there is no human intervention, how does the "log-off" event occur? How would the session be terminated without it being told to be terminated?
I'm sorry that I've written a long message. I wanted to be clear (as much as I could) on the details so there's no ambiguity when you try to understand what the project goal is. I hope that somebody could help me understand this stuff. It would be greatly appreciated.
Thank you so much in advance.
Let's imagine this scenario. I own a company that sells custom designer shoes to wholesalers. Company XYZ is a wholesaler who will buy from me in bulk. My website will provide XYZ quotes based on the following items XYZ uploads to my website: shoe size, height, material, and color. Once my website receives the data, it will return back quotes. So that's the overview of the process.
Here's the process in greater detail.
QUOTING WEBSITE
My shoe company has a website that provides quotes but on an individual basis. A user from Company XYZ will log onto my website to get a quote. The user can later make the purchase if desired.
HTTPS
My shoe company will build an HTTPS site that will link Company XYZ to my quoting website where they normally get individual quotes. But with this secure site, they will be able to ask for quotes in batches as opposed to individually.
COMPANY XYZ APPLICATION
Company XYZ will build their own application that they will use to connect to my quoting website.
1) AUTHENTICATION
The application that Company XYZ will build will go through two levels of authentication: one at the system level to log their application on to my secure electronic interface (and ultimately to my quoting website). Then at the "user" level, the application will log on a user.
2) LINK
Once authenticated at both the system and user levels, XYZ's application and my quoting website start "talking to each other".
3) UPLOAD / QUOTE REQUEST
Once their application and my quoting website are linked via my secure electronic interface, Company XYZ's application can upload the shoe size, height, material, and color in batches....say, for 100 potential customers that have contacted them for quotes. They would upload the data in XML format.
4) REAL-TIME RESPONSE
Considering all the data uploaded is good (and I can make all the shoes they specify...i.e., no errors), my quoting website will return quotes in real-time. Let's just say, for the purpose of playing out the scenario, the website will return a PDF. The PDF would show the size, height, material, and color as specified on the upload, as well as a sketch of the shoe, and of course, the price.
All 4 steps described above occur from application to application. There is no human intervention at all. If any, the human intervention would occur at the "purchasing" stage where, say Potential Customer Jane Doe receives her quote from Company XYZ on a Size 7, 4" heels, black leather pumps and decides to make the purchase. A person (let's call him Michael) in Company XYZ would manually log on to my quoting website and make the purchase of Jane's shoe. (His sale to Jane no longer concerns me.)
Another "purchasing" scenario would be Potential Customer Maria Lopez receives her quote from Company XYZ on a Size 6.5, 2" heels, brown suede leather boots. She changes her mind and wants the boots in leather instead of suede. Michael of Company XYZ would manually log on to my quoting website and manually edit the quote and change the material from suede to leather. My quoting website would yield another quote for the 6.5, 2" heels, brown leather boots. If Maria agrees with the new price, Company XYZ makes the purchase on my website. (Again, Michael's sale to Maria no longer concerns me).
From what I understand, what I just described above is not uncommon. Many companies build secure sites of this nature, so I hope somebody can clarify the questions I have. I plan to pose these questions to my development team, but it would be nice to have more than one source. So...without further ado, here are my questions:
Q1: In the steps described above, XYZ's application will send an authentication request twice: one at the system level and the second at the user level. Although there is no human intervention and it's all app to app, I would think a person would still have to trigger the process. If not, how does it work?
Q2: Still regarding authentication, when the dual authentication occurs, is there something that shows on XYZ's screen?
Q3: Say Michael at Company XYZ keeps an Excel speadsheet of all customer requests - 6 columns: customer first name, customer last name, shoe size, heel height, material, and color. Michael now has 100 customer requests. He wants to send me his batch of 100. How will he "translate" his spreadsheet data to XML for my quoting website to understand it when it gets uploaded by their application? (I think part of this is, I don't understand fully how XML works so wouldn't know how this would happen. How would the worksheet be translated to XML? Is it translated as a whole worksheet or just the cells/rows/columns that have the data he wants to send me? Once translated, how does the screen look when the XML upload of the data occurs?)
Q4: In #4 above where my website provides a real-time response, specifically in PDF form as described above, how exactly would XML return a PDF?
Q5: Looping back to the authentication part, since there is no human intervention, how does the "log-off" event occur? How would the session be terminated without it being told to be terminated?
I'm sorry that I've written a long message. I wanted to be clear (as much as I could) on the details so there's no ambiguity when you try to understand what the project goal is. I hope that somebody could help me understand this stuff. It would be greatly appreciated.
Thank you so much in advance.