AS2

Last updated

AS2 (Applicability Statement 2) is a specification on how to transport structured business-to-business data securely and reliably over the Internet. Security is achieved by using digital certificates and encryption.

Contents

Background

AS2 was created in 2002 by the IETF to replace AS1, which they created in the early 1990s.

The adoption of AS2 grew rapidly throughout the early 2000s because major players in the retail and fast-moving consumer goods industries championed AS2. Walmart was the first major retailer to require its suppliers to use the AS2 protocol instead of relying on dial-up modems for ordering goods. [1] Amazon, Target, Lowe's, Bed, Bath, & Beyond and thousands of others followed suit. Many other industries use the AS2 protocol, including healthcare, as AS2 meets legal HIPAA requirements.

In some cases, AS2 is a way to bypass expensive value-added networks previously used for data interchange. [2]

How AS2 protocol works How-as2-protocol-works.gif
How AS2 protocol works

Technical overview

AS2 is specified in RFC 4130, and is based on HTTP and S/MIME. It was the second AS protocol developed and uses the same signing, encryption and MDN (as defined by RFC3798) conventions used in the original AS1 protocol introduced in the late 1990s by IETF. In other words:

Like any other AS file transfer, AS2 file transfers typically require both sides of the exchange to trade X.509 certificates and specific "trading partner" names before any transfers can take place. AS2 trading partner names can usually be any valid phrase.

MDN options

Unlike AS1 or AS3 file transfers, AS2 file transfers offer several "MDN return" options instead of the traditional options of "yes" or "no". Specifically, the choices are:

AS2 w/ "Sync" MDNs

Return Synchronous MDN via HTTP(S) ("AS2 Sync") - This popular option allows AS2 MDNs to be returned to AS2 message sender clients over the same HTTP connection they used to send the original message. This "MDN while you wait" capability makes "AS2 Sync" transfers the fastest of any type of AS file transfer, but it also keeps this flavor of MDN requests from being used with large files (which may time out in low-bandwidth situations).

AS2 w/ "ASync" MDNs

Return Asynchronous MDN via HTTP(S) (a.k.a. "AS2 Async") - This popular option allows AS2 MDNs to be returned to the AS2 message sender's server later over a different HTTP connection. This flavor of MDN request is usually used if large files are involved or if your trading partner's AS2 server has poor Internet service.

AS2 w/ "Email" MDNs

Return (Asynchronous) MDN via Email - This rarely used option allows AS2 MDNs to be returned to AS2 message senders via email rather than HTTP. Otherwise, it is similar to "AS2 Async (HTTP)".

AS2 w/ No MDNs

Do not return MDN - This option works like it does in any other AS protocol: the receiver of an AS2 message with this option set simply does not try to return an MDN to the AS2 message sender.

Filename preservation

AS2 filename preservation feature will be used to communicate the filename to the trading partner. The banking industry relies on filenames being communicated between trading partners. AS2 vendors are currently certifying that implementation of filename communication conforms to the standard and is interoperable. There are two profiles for filename preservation being optionally tested under AS2 testing:

  • Filename preservation without MDN responses
  • Filename preservation with an associated MDN response certification

Walmart recommends contacting Drummond Group, LLC for more information on EDIINT AS2, or for a list of interoperable-testing AS2 software providers. [3] [4]

Benefits

For many businesses, the use of AS2 and electronic data interchange (EDI) is not a choice so much as it is a requirement of doing business with a large customer or partner. That said, AS2 is a universal protocol that has benefits, from both business and technology vantage points. [5]

Business case

Technological advantages

See also

Related Research Articles

Electronic data interchange (EDI) is the concept of businesses electronically communicating information that was traditionally communicated on paper, such as purchase orders, advance ship notices, and invoices. Technical standards for EDI exist to facilitate parties transacting such instruments without having to make special arrangements.

Multipurpose Internet Mail Extensions (MIME) is a standard that extends the format of email messages to support text in character sets other than ASCII, as well as attachments of audio, video, images, and application programs. Message bodies may consist of multiple parts, and header information may be specified in non-ASCII character sets. Email messages with MIME formatting are typically transmitted with standard protocols, such as the Simple Mail Transfer Protocol (SMTP), the Post Office Protocol (POP), and the Internet Message Access Protocol (IMAP).

<span class="mw-page-title-main">SOAP</span> Messaging protocol for web services

SOAP is a messaging protocol specification for exchanging structured information in the implementation of web services in computer networks. It uses XML Information Set for its message format, and relies on application layer protocols, most often Hypertext Transfer Protocol (HTTP), although some legacy systems communicate over Simple Mail Transfer Protocol (SMTP), for message negotiation and transmission.

A web service (WS) is either:

Direct Client-to-Client (DCC) is an IRC-related sub-protocol enabling peers to interconnect using an IRC server for handshaking in order to exchange files or perform non-relayed chats. Once established, a typical DCC session runs independently from the IRC server. Originally designed to be used with ircII it is now supported by many IRC clients. Some peer-to-peer clients on napster-protocol servers also have DCC send/get capability, including TekNap, SunshineUN and Lopster. A variation of the DCC protocol called SDCC, also known as DCC SCHAT supports encrypted connections. An RFC specification on the use of DCC does not exist.

Client-to-client protocol (CTCP) is a special type of communication between Internet Relay Chat (IRC) clients.

United Nations/Electronic Data Interchange for Administration, Commerce and Transport (UN/EDIFACT) is an international standard for electronic data interchange (EDI) developed for the United Nations and approved and published by UNECE, the UN Economic Commission for Europe.

XMODEM is a simple file transfer protocol developed as a quick hack by Ward Christensen for use in his 1977 MODEM.ASM terminal program. It allowed users to transmit files between their computers when both sides used MODEM. Keith Petersen made a minor update to always turn on "quiet mode", and called the result XMODEM.

In information and communications technology, a media type, content type or MIME type is a two-part identifier for file formats and format contents. Their purpose is comparable to filename extensions and uniform type identifiers, in that they identify the intended data format. They are mainly used by technologies underpinning the Internet, and also used on Linux desktop systems.

The Odette File Transfer Protocol (OFTP) is a protocol created in 1986, used for Electronic Data Interchange (EDI) between two communications business partners. Its name comes from the Odette Organisation.

XML/EDIFACT is an Electronic Data Interchange (EDI) format used in Business-to-business transactions. It allows EDIFACT message types to be used by XML systems.

Managed file transfer (MFT) is a technology that provides the secure transfer of data in an efficient and reliable manner. MFT software is marketed to companies as a more secure alternative to using insecure protocols like FTP and HTTP to transfer files. By using an MFT solution, companies can avoid custom scripting and meet compliance requirements.

AS4 is an open standard for the secure and payload-agnostic exchange of Business-to-business documents using Web services. Secure document exchange is governed by aspects of WS-Security, including XML Encryption and XML Digital Signatures. Payload agnosticism refers to the document type not being tied to any defined SOAP action or operation.

AS1 is a specification about how to transport structured business-to-business data securely and reliably over the Internet. Security is achieved by using digital certificates and encryption.

AS3, RFC 4823, is a standard by which vendor applications communicate structured business-to-business data over the Internet using File Transfer Protocol (FTP). It is an EDI protocol.

The Electronic Banking Internet Communication Standard (EBICS) is a German transmission protocol developed by the German Banking Industry Committee for sending payment information between banks over the Internet. It grew out of the earlier BCS-FTAM protocol that was developed in 1995, with the aim of being able to use Internet connections and TCP/IP. It is mandated for use by German banks and has also been adopted by France and Switzerland.

In computing, Flow is middleware software which allows data-integration specialists to connect disparate systems ; transforming and restructuring data as required between environments. Flow functionality can be utilised for data integration projects, for EDI and for data-conversion activities. Developed by Flow Software Ltd in New Zealand, Flow is available through a variety of partner companies or directly from Flow Software in New Zealand and Australia.

Electronic Business using eXtensible Markup Language, commonly known as e-business XML, or ebXML as it is typically referred to, is a family of XML based standards sponsored by OASIS and UN/CEFACT whose mission is to provide an open, XML-based infrastructure that enables the global use of electronic business information in an interoperable, secure, and consistent manner by all trading partners.

GS1 EDI is a set of global electronic messaging standards for business documents used in Electronic Data Interchange (EDI). The standards are developed and maintained by GS1. GS1 EDI is part of the overall GS1 system, fully integrated with other GS1 standards, increasing the speed and accuracy of the supply chain. Examples of GS1 EDI standards include messages such as: Order, Despatch Advice, Invoice, Transport Instruction, etc. The development and maintenance of all GS1 standards is based on a rigorous process called the Global Standard Management Process (GSMP). GS1 develops its global supply chain standards in partnership with the industries using them. Any organization can submit a request to modify the standard. Maintenance releases of GS1 EDI standards are typically published every two years, while code lists can be updated up to 4 times a year.

UNIDOC is an XML-based standard to support electronic data interchange (EDI) in business transactions between trading companies. Unlike other XML-based EDI formats, such as UBL, ebXML, RosettaNet or openTRANS, UNIDOC relies one a single structure. The first idea of such a universal format was published in 2014, its first specification in 2016 in the journal of the Chamber of Commerce and Industry Swabia . The current specification can be found in the UNIDOC XML Schema Definition.

References

  1. Hamblen, Matt (2002-09-16). "Wal-Mart Chooses Internet Protocol for Data Exchange". Computerworld. Retrieved 2020-03-30.
  2. "Seeburger eliminates van fees for Hyundai". 2006-03-14. Retrieved 2020-03-30.
  3. https://cdn.corporate.walmart.com/5d/8d/897b4bb84a95bb05214bf897cee3/edi-getting-started-guide.pdf [ bare URL PDF ]
  4. "Drummond Certified Products: AS2, as4, ebXML".
  5. "AS2: The Complete Guide".