AS2

Last updated July 16, 2024

AS2 (Applicability Statement 2) is a specification on how to transport structured business-to-business data securely and reliably over the Internet. Security is achieved by using digital certificates and encryption.

Background

AS2 was created in 2002 by the IETF to replace AS1, which they created in the early 1990s.

The adoption of AS2 grew rapidly throughout the early 2000s because major players in the retail and fast-moving consumer goods industries championed AS2. Walmart was the first major retailer to require its suppliers to use the AS2 protocol instead of relying on dial-up modems for ordering goods.^[1] Amazon, Target, Lowe's, Bed, Bath, & Beyond and thousands of others followed suit. Many other industries use the AS2 protocol, including healthcare, as AS2 meets legal HIPAA requirements.

In some cases, AS2 is a way to bypass expensive value-added networks previously used for data interchange.^[2]

How AS2 protocol works How-as2-protocol-works.gif — How AS2 protocol works

Technical overview

AS2 is specified in RFC 4130, and is based on HTTP and S/MIME. It was the second AS protocol developed and uses the same signing, encryption and MDN (as defined by RFC3798) conventions used in the original AS1 protocol introduced in the late 1990s by IETF. In other words:

Files are encoded as "attachments" in a standardized S/MIME message (an AS2 message). AS2 does not specify the contents of the files. Usually, the file contents are in a standardized format that is separately agreed upon, such as XML or EDIFACT.
AS2 messages are always sent using the HTTP or HTTPS protocol (Secure Sockets Layer — also known as SSL — is implied by HTTPS) and usually use the "POST" method (use of "GET" is rare).
Messages can be signed, but do not have to be.
Messages can be encrypted, but do not have to be.
Messages may request a Message Disposition Notification (MDN) back if all went well, but do not have to request such a message.
If the original AS2 message requested an MDN:
- Upon the receipt of the message and its successful decryption or signature validation (as necessary) a "success" MDN will be sent back to the original sender. This MDN is typically signed but never encrypted (unless temporarily encrypted in transit via HTTPS).
- Upon the receipt and successful verification of the signature on the MDN, the original sender will "know" that the recipient got their message (this provides the "Non-repudiation" element of AS2).
- If there are any problems receiving or interpreting the original AS2 message, a "failed" MDN may be sent back. However, part of the AS2 protocol states that the client must treat a lack of an MDN as a failure as well, so some AS2 receivers will not return an MDN in this case.

Like any other AS file transfer, AS2 file transfers typically require both sides of the exchange to trade X.509 certificates and specific "trading partner" names before any transfers can take place. AS2 trading partner names can usually be any valid phrase.

MDN options

Unlike AS1 or AS3 file transfers, AS2 file transfers offer several "MDN return" options instead of the traditional options of "yes" or "no". Specifically, the choices are:

AS2 w/ "Sync" MDNs

Return Synchronous MDN via HTTP(S) ("AS2 Sync") - This popular option allows AS2 MDNs to be returned to AS2 message sender clients over the same HTTP connection they used to send the original message. This "MDN while you wait" capability makes "AS2 Sync" transfers the fastest of any type of AS file transfer, but it also keeps this flavor of MDN requests from being used with large files (which may time out in low-bandwidth situations).

AS2 w/ "ASync" MDNs

Return Asynchronous MDN via HTTP(S) (a.k.a. "AS2 Async") - This popular option allows AS2 MDNs to be returned to the AS2 message sender's server later over a different HTTP connection. This flavor of MDN request is usually used if large files are involved or if your trading partner's AS2 server has poor Internet service.

AS2 w/ "Email" MDNs

Return (Asynchronous) MDN via Email - This rarely used option allows AS2 MDNs to be returned to AS2 message senders via email rather than HTTP. Otherwise, it is similar to "AS2 Async (HTTP)".

AS2 w/ No MDNs

Do not return MDN - This option works like it does in any other AS protocol: the receiver of an AS2 message with this option set simply does not try to return an MDN to the AS2 message sender.

Filename preservation

AS2 filename preservation feature will be used to communicate the filename to the trading partner. The banking industry relies on filenames being communicated between trading partners. AS2 vendors are currently certifying that implementation of filename communication conforms to the standard and is interoperable. There are two profiles for filename preservation being optionally tested under AS2 testing:

Filename preservation without MDN responses
Filename preservation with an associated MDN response certification

Walmart recommends contacting Drummond Group, LLC for more information on EDIINT AS2, or for a list of interoperable-testing AS2 software providers. ^[3]^[4]

Benefits

For many businesses, the use of AS2 and electronic data interchange (EDI) is not a choice so much as it is a requirement of doing business with a large customer or partner. That said, AS2 is a universal protocol that has benefits, from both business and technology vantage points.^[5]

Business case

Cut costs by using the web for EDI file transfers, AS2 reduces the cost of transactions from expensive VANs.
Extend EDI to more partners; with lower costs and universal web connectivity, AS2 allows organizations to implement EDI with partners worldwide that have little EDI infrastructure.
Save time by eliminating the need to manually process orders.
Eliminate errors by turning manual processes into automated processes.
Universal solution — AS2 is established and tested, so no one has to re-invent the wheel.

Technological advantages

Leverage the web: if an organization can share data securely via the web, they already have much of the infrastructure for AS2.
Unlimited EDI data — there are no practical limitations on transaction sizes via the web, and AS2 includes features for managing large transfers.
Payload Agnostic — AS2 can be used to transport any type of document. While EDI X12, EDIFACT and XML are common, any mutually agreed-upon format may be transferred.

Related Research Articles

Electronic data interchange (EDI) is the concept of businesses electronically communicating information that was traditionally communicated on paper, such as purchase orders, advance ship notices, and invoices. Technical standards for EDI exist to facilitate parties transacting such instruments without having to make special arrangements.

Multipurpose Internet Mail Extensions (MIME) is a standard that extends the format of email messages to support text in character sets other than ASCII, as well as attachments of audio, video, images, and application programs. Message bodies may consist of multiple parts, and header information may be specified in non-ASCII character sets. Email messages with MIME formatting are typically transmitted with standard protocols, such as the Simple Mail Transfer Protocol (SMTP), the Post Office Protocol (POP), and the Internet Message Access Protocol (IMAP).

Trivial File Transfer Protocol (TFTP) is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network. TFTP has been used for this application because it is very simple to implement.

Direct Client-to-Client (DCC) is an IRC-related sub-protocol enabling peers to interconnect using an IRC server for handshaking in order to exchange files or perform non-relayed chats. Once established, a typical DCC session runs independently from the IRC server. Originally designed to be used with ircII it is now supported by many IRC clients. Some peer-to-peer clients on napster-protocol servers also have DCC send/get capability, including TekNap, SunshineUN and Lopster. A variation of the DCC protocol called SDCC, also known as DCC SCHAT supports encrypted connections. An RFC specification on the use of DCC does not exist.

Message-oriented middleware (MOM) is software or hardware infrastructure supporting sending and receiving messages between distributed systems. MOM allows application modules to be distributed over heterogeneous platforms and reduces the complexity of developing applications that span multiple operating systems and network protocols. The middleware creates a distributed communications layer that insulates the application developer from the details of the various operating systems and network interfaces. APIs that extend across diverse platforms and networks are typically provided by MOM.

Client-to-client protocol (CTCP) is a special type of communication between Internet Relay Chat (IRC) clients.

United Nations/Electronic Data Interchange for Administration, Commerce and Transport (UN/EDIFACT) is an international standard for electronic data interchange (EDI) developed for the United Nations and approved and published by UNECE, the UN Economic Commission for Europe.

XMODEM is a simple file transfer protocol developed as a quick hack by Ward Christensen for use in his 1977 MODEM.ASM terminal program. It allowed users to transmit files between their computers when both sides used MODEM. Keith Petersen made a minor update to always turn on "quiet mode", and called the result XMODEM.

YMODEM is a file transfer protocol used between microcomputers connected together using modems. It was primarily used to transfer files to and from bulletin board systems. YMODEM was developed by Chuck Forsberg as an expansion of XMODEM and was first implemented in his CP/M YAM program. Initially also known as YAM, it was formally given the name "YMODEM" in 1985 by Ward Christensen, author of the original XMODEM.

In email, a return receipt is an acknowledgment by the recipient's email client to the sender of receipt of an email message. What acknowledgment, if any, is sent by the recipient to the sender is dependent on the email software of the recipient.

FTPS is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer cryptographic protocols.

The Odette File Transfer Protocol (OFTP) is a protocol created in 1986, used for Electronic Data Interchange (EDI) between two communications business partners. Its name comes from the Odette Organisation.

Tradacoms is an early standard for EDI primarily used in the UK retail sector. It was introduced in 1982 as an implementation of the UN/GTDI syntax, one of the precursors of EDIFACT, and was maintained and extended by the UK Article Numbering Association.

Managed file transfer (MFT) is a technology that provides the secure transfer of data in an efficient and reliable manner. MFT software is marketed to companies as a more secure alternative to using insecure protocols like FTP and HTTP to transfer files. By using an MFT solution, companies can avoid custom scripting and meet compliance requirements.

AS1 is a specification about how to transport structured business-to-business data securely and reliably over the Internet. Security is achieved by using digital certificates and encryption.

AS3, RFC 4823, is a standard by which vendor applications communicate structured business-to-business data over the Internet using File Transfer Protocol (FTP). It is an EDI protocol.

<span class="mw-page-title-main">Linoma Software</span>

Linoma Software was a developer of secure managed file transfer and IBM i software solutions. The company was acquired by HelpSystems in June 2016. Mid-sized companies, large enterprises and government entities use Linoma's software products to protect sensitive data and comply with data security regulations such as PCI DSS, HIPAA/HITECH, SOX, GLBA and state privacy laws. Linoma's software runs on a variety of platforms including Windows, Linux, UNIX, IBM i, AIX, Solaris, HP-UX and Mac OS X.

The Electronic Banking Internet Communication Standard (EBICS) is a German transmission protocol developed by the German Banking Industry Committee for sending payment information between banks over the Internet. It grew out of the earlier BCS-FTAM protocol that was developed in 1995, with the aim of being able to use Internet connections and TCP/IP. It is mandated for use by German banks and has also been adopted by France and Switzerland.

Invisible mail, also referred to as iMail, i-mail or Bote mail, is a method of exchanging digital messages from an author to one or more recipients in a secure and untraceable way. It is an open protocol and its java implementation (I2P-Bote) is free and open-source software, licensed under the GPLv3.

GS1 EDI is a set of global electronic messaging standards for business documents used in Electronic Data Interchange (EDI). The standards are developed and maintained by GS1. GS1 EDI is part of the overall GS1 system, fully integrated with other GS1 standards, increasing the speed and accuracy of the supply chain. Examples of GS1 EDI standards include messages such as: Order, Despatch Advice, Invoice, Transport Instruction, etc. The development and maintenance of all GS1 standards is based on a rigorous process called the Global Standard Management Process (GSMP). GS1 develops its global supply chain standards in partnership with the industries using them. Any organization can submit a request to modify the standard. Maintenance releases of GS1 EDI standards are typically published every two years, while code lists can be updated up to 4 times a year.

References

↑ Hamblen, Matt (2002-09-16). "Wal-Mart Chooses Internet Protocol for Data Exchange". Computerworld. Retrieved 2020-03-30.
↑ "Seeburger eliminates van fees for Hyundai". 2006-03-14. Retrieved 2020-03-30.
↑ https://cdn.corporate.walmart.com/5d/8d/897b4bb84a95bb05214bf897cee3/edi-getting-started-guide.pdf
↑ https://www.drummondgroup.com/certified-products/b2b-interoperability/
↑ "AS2: The Complete Guide".

External links

RFC 4130 - AS2 specification
AS2: Part 1 - What Is It? AS2 series by Loren Data Corp.
AS2: Part 2 - Best Practices AS2 series by Loren Data Corp.
AS2: Part 3 - Certificates AS2 series by Loren Data Corp.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Hamblen, Matt (2002-09-16). "Wal-Mart Chooses Internet Protocol for Data Exchange". Computerworld. Retrieved 2020-03-30.

[2] "Seeburger eliminates van fees for Hyundai". 2006-03-14. Retrieved 2020-03-30.

[3] ttps://cdn.corporate.walmart.com/5d/8d/897b4bb84a95bb05214bf897cee3/edi-getting-started-guide.pdf

[4] ttps://www.drummondgroup.com/certified-products/b2b-interoperability/

[5] "AS2: The Complete Guide".

[1]

[2]

[3]

[4]

[5]

AS2

Contents