A Simple Overview of OFTP (Odette File Transfer Protocol)

JSCAPE offers a simple introduction to the Odette File Transfer Protocol (OFTP). Learn what it is, its security features, which companies use it, and more.

  1. Blog

Overview: OFTP (Odette File Transfer Protocol)

A couple of days ago, we released JSCAPE MFT Server version 9.1. Although technically a minor release, 9.1's actually accompanied by several new features that we, in the JSCAPE team, are quite excited about. One of those features is OFTP or the Odette File Transfer Protocol. In the succeeding sections I'm going to explain to you what it is and why, if your business is involved in data interchange, it's something you might find very useful.


OFTP (Odette File Transfer Protocol) is primarily used in EDI (Electronic Data Interchange), a method employed by large enterprises for the purpose of exchanging electronic documents in a standardized manner. EDI transactions are typically carried out between trading partners (a.k.a. interorganisational transactions) but can also be performed among business units within the same organisation (a.k.a. intraorganisational transactions).

EDI was designed for companies who needed to exchange files in support of business transactions but were faced with system incompatibility issues. This need for interoperability is increasingly becoming critical for businesses, especially those whose supply chains are located across the globe where information systems can be (more likely than not) different from theirs.

In most configurations, an EDI system would typically sit between a company's business applications or ERP system and a file transfer or communications system. Its main function would be to translate/map application data into a standardised format (a.k.a. an EDI message) and vice versa. The other party would naturally have a similar configuration. Here's how things would look like:


In the past, these EDI messages were transmitted through VANs (Value-Added Networks) over expensive ISDN or X.25 networks. But today, there's the Internet.

But while the Internet lends itself as a superhighway for faster, more cost-effective ways of exchanging information, just like most highways, it's also crawling with all sorts of threats. That's why it's important to transmit EDI messages using secure data transfer mechanisms. That's where OFTP comes in.

Originally designed to transmit EDI messages across the relatively safer but slowly vanishing X.25 and ISDN (as well as the early Internet) networks, OFTP has now evolved into OFTP2 - a protocol built to counter various network-based threats while taking advantage of the unparalleled speed and affordability potential of the Internet.

Companies who want to exchange EDI documents via OFTP will each need to deploy an OFTP server. Files exchanged between the two parties woud be normally done via server to server file transfers, free of human intervention.


Who are using OFTP (Odette File Transfer Protocol)?

OFTP was originally created for the automotive industry, one of the few industries who pioneered the global supply chain. As you probably know, a single car can consist of different parts designed, assembled, or manufactured in different countries. Today, in addition to the automotive industry, OFTP is also being employed in government, customs, finance, retail, transportation, engineering, and several areas in manufacturing. It is most widely used by OEMs and even by Tier 1, 2, and 3 suppliers in Europe, where OFTP originated.

Some of the big users of OFTP/OFTP2 include:

  • BMW
  • Daimler
  • Ford
  • GM Europe
  • MAN
  • Peugeot
  • Scania
  • Volvo
  • Karmann
  • JCI
  • Bosch, and
  • PSA

to mention a few.

But what makes OFTP so appealing to these businesses? Let's take a look as some of the business benefits of OFTP (more specifically, of the more advanced OFTP2)

Note: For more details on OFTP, read RFC 2204. For OFTP2, read RFC 5024

Business Benefits

  • Lower CAPEX requirements-OFTP can operate over TCP/IP. Meaning, it can run on the Internet. That alone is a big advantage. Practically all enterprises already have access to (often high speed) Internet connections. Thus, because a large part of the needed infrastructure should already be in place, deploying an OFTP service wouldn't require much capital. Its affordability can also translate to easier adoption. It would be easier to convince a trading partner to transact with you through EDI if cost issues are out of the way.

  • Increased productivity and efficiency - In addition to the constantly growing bandwidths of today's Internet connections, OFTP also supports file compression . These two properties combined can result in shorter transmission times. That means, transactions can be completed much faster.

    What about large files? Well, OFTP is already designed to support extremely large files (up to petabytes order-of-magnitude), making it very suitable for transporting large CAD, CAM, or CAE drawings. That's not all. OFTP file transfers can also restart if something goes awry. Unlike other file transfer protocols, which have to resend the entire file in the event of a momentary network disruption, OFTP can simply resume at the point of disconnection. Global transactions can always be subjected to poor network conditions. Connections can drop anytime. Hence, the ability to restart can save precious time, especially for large file transfers that take several hours to complete.

  • Highly interoperable - Again, because the Internet is so ubiquitous, it's highly likely that say a company in Germany can easily transact with a trading partner in China.

  • Built-in data integrity and non-repudiation - OFTP was purposely built for businesses. That's why transactions are readily supported by digitally signed electronic delivery receipts (similar to AS2 MDN). Just like in the brick-and-mortar world, electronic receipts prevent potential conflicts resulting from disagreements on whether a file was successfully delivered or not.

OFTP Security Features

As mentioned earlier, OFTP2 was designed to address the threats that lurk on today's Internet. Its main security features include: session security, file security, and strong authentication. Let's take a closer look at these three.

Session security - OFTP session security comes in the form of SSL encryption. SSL encrypts data in motion, i.e., as data traverses the network, and protects it from network-based attacks like man-in-the-middle attacks.

File security - File encryption provides an additional layer of security (in addition to session security), encrypting the file until it reaches its final destination. Both file and session encryption preserve data confidentiality.

Strong authentication - A strong method of authentication is required to ensure that you're actually transacting with the entity you want to transact with, and not an impostor. Strong authentication is implemented through X.509 certificates.

Related articles

Did you like this post? You might find these interesting as well:

AS2 Simplified - Like OFTP, AS2 is also used in EDI.

You Know It’s Time To Implement Server To Server File Transfer When.. - OFTP and AS2 are normally used in automated file transfers. If you're not sure whether you're ready for automation, this article can serve as your guide.

Understanding Key Differences Between FTP, FTPS and SFTP - FTP, FTPS, and SFTP aren't as purposely designed for EDI as AS2 or OFTP. But when delivered through a managed file transfer server, these file transfer protocols can actually do a lot.

Get Started

Both OFTP and AS2, as well as FTP, FTPS, and SFTP are supported by JSCAPE MFT Server - a Managed File Transfer Server that runs on Linux, Windows, OSX, UNIX, Solaris, and other operating systems. Give it a test run. Download the free, fully-functional evaluation edition now.