AS2

Last updated August 31, 2024

AS2 (Applicability Statement 2) is a specification on how to transport structured business-to-business data securely and reliably over the Internet. Security is achieved by using digital certificates and encryption.

Background

AS2 was created in 2002 by the IETF to replace AS1, which they created in the early 1990s.

The adoption of AS2 grew rapidly throughout the early 2000s because major players in the retail and fast-moving consumer goods industries championed AS2. Walmart was the first major retailer to require its suppliers to use the AS2 protocol instead of relying on dial-up modems for ordering goods.^[1] Amazon, Target, Lowe's, Bed, Bath, & Beyond and thousands of others followed suit. Many other industries use the AS2 protocol, including healthcare, as AS2 meets legal HIPAA requirements.

In some cases, AS2 is a way to bypass expensive value-added networks previously used for data interchange.^[2]

How AS2 protocol works How-as2-protocol-works.gif — How AS2 protocol works

Technical overview

AS2 is specified in RFC 4130, and is based on HTTP and S/MIME. It was the second AS protocol developed and uses the same signing, encryption and MDN (as defined by RFC3798) conventions used in the original AS1 protocol introduced in the late 1990s by IETF. In other words:

Files are encoded as "attachments" in a standardized S/MIME message (an AS2 message). AS2 does not specify the contents of the files. Usually, the file contents are in a standardized format that is separately agreed upon, such as XML or EDIFACT.
AS2 messages are always sent using the HTTP or HTTPS protocol (Secure Sockets Layer — also known as SSL — is implied by HTTPS) and usually use the "POST" method (use of "GET" is rare).
Messages can be signed, but do not have to be.
Messages can be encrypted, but do not have to be.
Messages may request a Message Disposition Notification (MDN) back if all went well, but do not have to request such a message.
If the original AS2 message requested an MDN:
- Upon the receipt of the message and its successful decryption or signature validation (as necessary) a "success" MDN will be sent back to the original sender. This MDN is typically signed but never encrypted (unless temporarily encrypted in transit via HTTPS).
- Upon the receipt and successful verification of the signature on the MDN, the original sender will "know" that the recipient got their message (this provides the "Non-repudiation" element of AS2).
- If there are any problems receiving or interpreting the original AS2 message, a "failed" MDN may be sent back. However, part of the AS2 protocol states that the client must treat a lack of an MDN as a failure as well, so some AS2 receivers will not return an MDN in this case.

Like any other AS file transfer, AS2 file transfers typically require both sides of the exchange to trade X.509 certificates and specific "trading partner" names before any transfers can take place. AS2 trading partner names can usually be any valid phrase.

MDN options

Unlike AS1 or AS3 file transfers, AS2 file transfers offer several "MDN return" options instead of the traditional options of "yes" or "no". Specifically, the choices are:

AS2 w/ "Sync" MDNs

Return Synchronous MDN via HTTP(S) ("AS2 Sync") - This popular option allows AS2 MDNs to be returned to AS2 message sender clients over the same HTTP connection they used to send the original message. This "MDN while you wait" capability makes "AS2 Sync" transfers the fastest of any type of AS file transfer, but it also keeps this flavor of MDN requests from being used with large files (which may time out in low-bandwidth situations).

AS2 w/ "ASync" MDNs

Return Asynchronous MDN via HTTP(S) (a.k.a. "AS2 Async") - This popular option allows AS2 MDNs to be returned to the AS2 message sender's server later over a different HTTP connection. This flavor of MDN request is usually used if large files are involved or if your trading partner's AS2 server has poor Internet service.

AS2 w/ "Email" MDNs

Return (Asynchronous) MDN via Email - This rarely used option allows AS2 MDNs to be returned to AS2 message senders via email rather than HTTP. Otherwise, it is similar to "AS2 Async (HTTP)".

AS2 w/ No MDNs

Do not return MDN - This option works like it does in any other AS protocol: the receiver of an AS2 message with this option set simply does not try to return an MDN to the AS2 message sender.

Filename preservation

AS2 filename preservation feature will be used to communicate the filename to the trading partner. The banking industry relies on filenames being communicated between trading partners. AS2 vendors are currently certifying that implementation of filename communication conforms to the standard and is interoperable. There are two profiles for filename preservation being optionally tested under AS2 testing:

Filename preservation without MDN responses
Filename preservation with an associated MDN response certification

Walmart recommends contacting Drummond Group, LLC for more information on EDIINT AS2, or for a list of interoperable-testing AS2 software providers. ^[3]^[4]

Benefits

For many businesses, the use of AS2 and electronic data interchange (EDI) is not a choice so much as it is a requirement of doing business with a large customer or partner. That said, AS2 is a universal protocol that has benefits, from both business and technology vantage points.^[5]

Business case

Cut costs by using the web for EDI file transfers, AS2 reduces the cost of transactions from expensive VANs.
Extend EDI to more partners; with lower costs and universal web connectivity, AS2 allows organizations to implement EDI with partners worldwide that have little EDI infrastructure.
Save time by eliminating the need to manually process orders.
Eliminate errors by turning manual processes into automated processes.
Universal solution — AS2 is established and tested, so no one has to re-invent the wheel.

Technological advantages

Leverage the web: if an organization can share data securely via the web, they already have much of the infrastructure for AS2.
Unlimited EDI data — there are no practical limitations on transaction sizes via the web, and AS2 includes features for managing large transfers.
Payload Agnostic — AS2 can be used to transport any type of document. While EDI X12, EDIFACT and XML are common, any mutually agreed-upon format may be transferred.

Related Research Articles

Electronic data interchange (EDI) is the concept of businesses electronically communicating information that was traditionally communicated on paper, such as purchase orders, advance ship notices, and invoices. Technical standards for EDI exist to facilitate parties transacting such instruments without having to make special arrangements.

Multipurpose Internet Mail Extensions (MIME) is a standard that extends the format of email messages to support text in character sets other than ASCII, as well as attachments of audio, video, images, and application programs. Message bodies may consist of multiple parts, and header information may be specified in non-ASCII character sets. Email messages with MIME formatting are typically transmitted with standard protocols, such as the Simple Mail Transfer Protocol (SMTP), the Post Office Protocol (POP), and the Internet Message Access Protocol (IMAP).

<span class="mw-page-title-main">SOAP</span> Messaging protocol for web services

SOAP is a messaging protocol specification for exchanging structured information in the implementation of web services in computer networks. It uses XML Information Set for its message format, and relies on application layer protocols, most often Hypertext Transfer Protocol (HTTP), although some legacy systems communicate over Simple Mail Transfer Protocol (SMTP), for message negotiation and transmission.

A web service (WS) is either:

Direct Client-to-Client (DCC) is an IRC-related sub-protocol enabling peers to interconnect using an IRC server for handshaking in order to exchange files or perform non-relayed chats. Once established, a typical DCC session runs independently from the IRC server. Originally designed to be used with ircII it is now supported by many IRC clients. Some peer-to-peer clients on napster-protocol servers also have DCC send/get capability, including TekNap, SunshineUN and Lopster. A variation of the DCC protocol called SDCC, also known as DCC SCHAT supports encrypted connections. An RFC specification on the use of DCC does not exist.

Client-to-client protocol (CTCP) is a special type of communication between Internet Relay Chat (IRC) clients.

United Nations/Electronic Data Interchange for Administration, Commerce and Transport (UN/EDIFACT) is an international standard for electronic data interchange (EDI) developed for the United Nations and approved and published by UNECE, the UN Economic Commission for Europe.

XMODEM is a simple file transfer protocol developed as a quick hack by Ward Christensen for use in his 1977 MODEM.ASM terminal program. It allowed users to transmit files between their computers when both sides used MODEM. Keith Petersen made a minor update to always turn on "quiet mode", and called the result XMODEM.

In information and communications technology, a media type, content type or MIME type is a two-part identifier for file formats and format contents. Their purpose is comparable to filename extensions and uniform type identifiers, in that they identify the intended data format. They are mainly used by technologies underpinning the Internet, and also used on Linux desktop systems.

The Odette File Transfer Protocol (OFTP) is a protocol created in 1986, used for Electronic Data Interchange (EDI) between two communications business partners. Its name comes from the Odette Organisation.

XML/EDIFACT is an Electronic Data Interchange (EDI) format used in Business-to-business transactions. It allows EDIFACT message types to be used by XML systems.

Managed file transfer (MFT) is a technology that provides the secure transfer of data in an efficient and reliable manner. MFT software is marketed to companies as a more secure alternative to using insecure protocols like FTP and HTTP to transfer files. By using an MFT solution, companies can avoid custom scripting and meet compliance requirements.

AS4 is an open standard for the secure and payload-agnostic exchange of Business-to-business documents using Web services. Secure document exchange is governed by aspects of WS-Security, including XML Encryption and XML Digital Signatures. Payload agnosticism refers to the document type not being tied to any defined SOAP action or operation.

AS1 is a specification about how to transport structured business-to-business data securely and reliably over the Internet. Security is achieved by using digital certificates and encryption.

AS3, RFC 4823, is a standard by which vendor applications communicate structured business-to-business data over the Internet using File Transfer Protocol (FTP). It is an EDI protocol.

The Electronic Banking Internet Communication Standard (EBICS) is a German transmission protocol developed by the German Banking Industry Committee for sending payment information between banks over the Internet. It grew out of the earlier BCS-FTAM protocol that was developed in 1995, with the aim of being able to use Internet connections and TCP/IP. It is mandated for use by German banks and has also been adopted by France and Switzerland.

In computing, Flow is middleware software which allows data-integration specialists to connect disparate systems ; transforming and restructuring data as required between environments. Flow functionality can be utilised for data integration projects, for EDI and for data-conversion activities. Developed by Flow Software Ltd in New Zealand, Flow is available through a variety of partner companies or directly from Flow Software in New Zealand and Australia.

Electronic Business using eXtensible Markup Language, commonly known as e-business XML, or ebXML as it is typically referred to, is a family of XML based standards sponsored by OASIS and UN/CEFACT whose mission is to provide an open, XML-based infrastructure that enables the global use of electronic business information in an interoperable, secure, and consistent manner by all trading partners.

GS1 EDI is a set of global electronic messaging standards for business documents used in Electronic Data Interchange (EDI). The standards are developed and maintained by GS1. GS1 EDI is part of the overall GS1 system, fully integrated with other GS1 standards, increasing the speed and accuracy of the supply chain. Examples of GS1 EDI standards include messages such as: Order, Despatch Advice, Invoice, Transport Instruction, etc. The development and maintenance of all GS1 standards is based on a rigorous process called the Global Standard Management Process (GSMP). GS1 develops its global supply chain standards in partnership with the industries using them. Any organization can submit a request to modify the standard. Maintenance releases of GS1 EDI standards are typically published every two years, while code lists can be updated up to 4 times a year.

UNIDOC is an XML-based standard to support electronic data interchange (EDI) in business transactions between trading companies. Unlike other XML-based EDI formats, such as UBL, ebXML, RosettaNet or openTRANS, UNIDOC relies one a single structure. The first idea of such a universal format was published in 2014, its first specification in 2016 in the journal of the Chamber of Commerce and Industry Swabia . The current specification can be found in the UNIDOC XML Schema Definition.

References

↑ Hamblen, Matt (2002-09-16). "Wal-Mart Chooses Internet Protocol for Data Exchange". Computerworld. Retrieved 2020-03-30.
↑ "Seeburger eliminates van fees for Hyundai". 2006-03-14. Retrieved 2020-03-30.
↑ https://cdn.corporate.walmart.com/5d/8d/897b4bb84a95bb05214bf897cee3/edi-getting-started-guide.pdf ^{[ bare URL PDF ]}
↑ "Drummond Certified Products: AS2, as4, ebXML".
↑ "AS2: The Complete Guide".

External links

RFC 4130 - AS2 specification
AS2: Part 1 - What Is It? AS2 series by Loren Data Corp.
AS2: Part 2 - Best Practices AS2 series by Loren Data Corp.
AS2: Part 3 - Certificates AS2 series by Loren Data Corp.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Hamblen, Matt (2002-09-16). "Wal-Mart Chooses Internet Protocol for Data Exchange". Computerworld. Retrieved 2020-03-30.

[2] "Seeburger eliminates van fees for Hyundai". 2006-03-14. Retrieved 2020-03-30.

[3] ttps://cdn.corporate.walmart.com/5d/8d/897b4bb84a95bb05214bf897cee3/edi-getting-started-guide.pdf ^{[ bare URL PDF ]}

[4] "Drummond Certified Products: AS2, as4, ebXML".

[5] "AS2: The Complete Guide".

[1]

[2]

[3]

[4]

[5]

AS2

Contents