AS2 Protocol for Business Data Interchange via HTTP, Part 1
We discuss the basics of the Applicability Statement 2, or AS2, security protocols that allow for the secure transfer of data over the internet
Join the DZone community and get the full member experience.Join For Free
The Applicability Statement 2 or AS2 specification defines a mechanism for the secure and reliable transfer of structured business data over the Internet.
AS2 Message Payloads
The AS2 protocol itself does not dictate any limits on the payload of an AS2 message. However. typical AS2 payloads are structured business documents such as Invoices, Purchase Orders, etc. and thus AS2 systems facilitate the Electronic Data Interchange or EDI. Some of the major sets of EDI standards are:
The UN-recommended UN/EDIFACT is the only international standard and is predominant outside of North America.
The US standard ANSI ASC X12 (X12) is predominant in North America.
The TRADACOMS standard developed by the ANA (Article Numbering Association, now known as GS1) is predominant in the UK retail industry.
The ODETTE standard used within the European automotive industry.
AS2 messages can carry non-EDI payloads such as XML, CSV, Fixed Width, Text, or payloads of other standards or proprietary formats, including any binary files.
MDN - Message Disposition Notice
A Message Disposition Notice or MDN is an electronic receipt issued by a receiver of a business document sent over the AS2 protocol. Usually, MDNs are signed by the receiver with their private keys and include a digital signature over the Message Integrity Code or MIC and other key AS2 header values such as From/To AS2 IDs, message ID, etc. The sending trading partner can then validate that the MIC of the MDN matches the MIC for the original request document it sent, and thus be certain that the complete document has been transmitted, and accepted by the receiving trading partner. Unless there is an error in digitally signing, a signature is always attached to an MDN - so that the electronic receipt issued has a digital signature with non-repudiation.
An MDN does NOT imply that a received business document has been processed without errors by the receiving trading partner. An MDN ONLY confirms that the message transmission completed successfully, and has been now received by the AS2 infrastructure of the receiving trading partner.
AS2 vs Traditional B2B Protocols
In contrast to other traditional B2B trading protocols, AS2 offers a secure, efficient and simple to use trading environment without a need for proprietary devices, software or expensive private networks or value added networks. Some of the key benefits of using AS2 include:
Encryption for the actual payloads exchanged - so that only the intended recipient/trading partner would be able to decrypt a message or file.
Ability to receive a signed receipt with an assurance that the payload was received intact - provided by an MDN which includes a signed receipt of the accepted payload hash.
Prevention of impersonation - signed AS2 messages allow the recipient to verify that the message originated from a trusted trading partner and not an impersonator.
Internet and Firewall friendliness and the associated cost savings - AS2 thus obliterates VANs (Value Added Networks) which are more complex, proprietary, and expensive.
Since the AS2 protocol operates over ordinary HTTP, it can easily pass through firewalls and utilize optional transport level SSL encryption, HTTP authentication, etc. for additional security. The AS2 protocol utilizes digital certificates to encrypt messages sent over the public Internet, with digital signatures over the payloads to ensure integrity and non-repudiation. The Message Disposition Notifications or MDNs are receipts issued by a receiver that is typically signed so that the sending party can verify that the payload was safely transmitted without alterations, and accepted by the receiving party. An MDN thus acts as a binding digital receipt for acceptance of a message, and thus plays a key role in facilitating B2B trading over the Internet.
Typically an enterprise would use a software application that supports the AS2 protocol and integrate it with existing IT infrastructure and internal systems. Once AS2 software is setup, it is usually referred to as an AS2 station, and the term 'Local Station' implies your AS2 systems, and the term 'Remote Station' implies another AS2 station of one of your trading partners. This way, AS2 give you the ability connect internal application systems to external partners, and their internal systems.
AdroitLogic AS2 Solutions
AS2 Gateway is a Cloud hosted AS2 Trading Gateway offered as a Service powered by the Enterprise Service Bus, UltraESB. AS2 Gateway is also available as a standalone application catered for on-premise deployments.
AS2 Station a B2B trading platform for organizations trading over the AS2 protocol, with a simplified and intuitive interface. The extensibility of AS2 Station makes it an ideal partner for organizations looking forward to seamlessly integrate AS2 capability to their existing systems and technology stacks.
Call To Action
Originally published at notebookbft.wordpress.com on June 9, 2017.
Published at DZone with permission of Rajind Ruparathna, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.