AS2
From Wikipedia, the free encyclopedia
AS2 (Applicability Statement 2) is a specification about how to transport data securely and reliably over the Internet. Security is achieved by using digital certificates and encryption.
Contents |
[edit] Implementation
Data can consist of Electronic Data Interchange (EDI) messages, but may be of any other message type. AS2 specifies how to connect, deliver, validate and acknowledge data, and creates an envelope for a message which is then sent securely over the Internet.
An implementation of AS2 involves two machines, a client and a server, communicating with each other over the Internet. At the operating system level, the AS2 client may be a server as well, offering its communication services to application software.
The client sends data to the server (e.g. a trading partner); on receipt of the message, the receiving application sends an acknowledgment or MDN (Message Disposition Notification) back to the sender.
[edit] Advantages
- Elimination or reduction of Value-added network (VAN) costs
- Designed to push data securely and reliably over the Internet
- Fast and reliable connectivity
- Encryption ensures that only the sender and receiver can view the data
- Digital signatures ensure authentication; only messages from authorized senders are accepted
- The use of a hash algorithm ensures data integrity by detecting whether the document was altered during transmission
[edit] Disadvantages
- Costs of a static IP address, permanent Internet connection, firewall, and relevant expertise
- Cannot pull data
- File restart is optional
- Costs of AS2 software
- Need to manage the certificates used for secure connections
- Only works over TCP/IP networks
[edit] AS2 Technical Overview
The AS2 protocol is based on HTTP and SMIME. It was the second AS protocol developed and uses the same signing, encryption and MDN conventions used in the original AS1 protocol. In other words:
- Files are sent as "attachments" in a specially coded SMIME message (an AS2 message)
- AS2 messages are always sent using the HTTP or HTTPS protocol (Secure Sockets Layer — also known as SSL — is implied by HTTPS) and usually use the "POST" method (use of "GET" is rare)
- Messages can be signed, but do not have to be
- Messages can be encrypted, but do not have to be
- Messages may request an MDN message back if all went well, but do not have to request such a message
- If the original AS2 message requested an MDN...
- Upon the receipt of the message and its successful decryption or signature validation (as necessary) an MDN "success" message will be sent back to the original sender. This MDN is typically signed but never encrypted (unless temporarily encrypted in transit via HTTPS).
- Upon the receipt and successful verification of the signature on the MDN, the original sender will "know" that the recipient got their message (this provides the "Non-repudiation" element of AS2)
- If there are any problems receiving or interpreting the original AS2 message, a "failed" MDN may be sent back. However, part of the AS2 protocol states that the client must treat a lack of an MDN as a failure as well, so some AS2 receivers will simply not return an MDN in this case.
- Upon the receipt of the message and its successful decryption or signature validation (as necessary) an MDN "success" message will be sent back to the original sender. This MDN is typically signed but never encrypted (unless temporarily encrypted in transit via HTTPS).
Like any other AS file transfer, AS2 file transfers typically require both sides of the exchange to trade SSL certificates and specific "trading partner" names before any transfers can take place. AS2 trading partner names can usually be any valid phrase.
[edit] MDN Options
Unlike AS1 or AS3 file transfers, AS2 file transfers offer several "MDN return" options instead of the traditional options of "yes" or "no". Specifically, the choices are:
[edit] AS2 w/ "Sync" MDNs
Return Synchronous MDN via HTTP(S) ("AS2 Sync") - This popular option allows AS2 MDNs to be returned to AS2 message sender clients over the same HTTP connection they used to send the original message. This "MDN while you wait" capability makes "AS2 Sync" transfers the fastest of any type of AS file transfer, but it also keeps this flavor of MDN request from being used with large files (which may time out in low-bandwidth situations).
[edit] AS2 w/ "ASync" MDNs
Return Asynchronous MDN via HTTP(S) (a.k.a. "AS2 Async") - This popular option allows AS2 MDNs to be returned to the AS2 message sender's server later over a different HTTP connection. This flavor of MDN request is usually used if large files are involved.
[edit] AS2 w/ "Email" MDNs
Return (Asynchronous) MDN via Email - This rarely-used option allows AS2 MDNs to be returned to AS2 message senders via email rather than HTTP. Otherwise, it is similar to "AS2 Async (HTTP)".
[edit] AS2 w/ No MDNs
Do not return MDN - This option works like it does in any other AS protocol: the receiver of an AS2 message with this option set simply does not try to return an MDN to the AS2 message sender.
[edit] External links
- AS2 Specification, RFC 4130 AS2 specification as listed in RFC #4130
- AS2 secures documents using the Web
- AS2 Providers - Drummond Certified
- Opensource AS2 Providers
- Explanation of AS2 Cryptographic Services