overview icon

AS2 Protocol for Business Data Interchange via HTTP

Version: latest

The Applicability Statement 2 or AS2 specification defines a mechanism for the secure and reliable transfer of structured business data over the Internet. In contrast to other traditional B2B trading protocols, AS2 offers a secure, efficient and simple to use trading environment without a need for proprietary devices, software or expensive private networks or value added networks. Some of the key benefits of using AS2 includes:

  • Encryption for the actual payloads exchanged - so that only the intended recipient trading partner would be able to decrypt a message or file

  • Ability to receive a signed receipt with an assurance that the payload was received intact - provided by an MDN (see below) which includes a signed receipt of the accepted payload hash

  • Prevention of impersonation - signed AS2 messages allow the recipient to verify that the message originated from a trusted trading partner and not an impersonator

  • Internet and Firewall friendliness and the associated cost savings - AS2 thus obliterates VANs (Value Added Networks) which are more complex, proprietary and expensive

as2 overview

Since the AS2 protocol operates over ordinary HTTP, it can easily pass through firewalls, and utilize optional transport level SSL encryption and HTTP authentication etc. for additional security. The AS2 protocol utilizes digital certificates to encrypt messages sent over the public Internet, with digital signatures over the payloads to ensure integrity and non-repudiation. The Message Disposition Notifications or MDNs are receipts issued by a receiver that is typically signed, so that the sending party can verify that the payload was safely transmitted without alternations, and accepted by the receiving party. An MDN thus acts as a binding digital receipt for acceptance of a message, and thus plays a key role in facilitating B2B trading over the Internet.

Typically an enterprise would use a software application that supports the AS2 protocol, and integrate it with existing IT infrastructure and internal systems.  Once AS2 software is setup, its usually referred to as an AS2 station, and the term 'Local Station' implies your AS2 systems, and the term 'Remote Station' implies another AS2 station of one of your trading partners. This way, AS2 allows the ability connect internal application systems to external partners, and their internal systems.

AS2 Message Payloads

The AS2 protocol itself does not dictate any limits on the payload of an AS2 message. However. typical AS2 payloads are structured business documents such as Invoices, Purchase Orders etc. and thus AS2 systems facilitate the Electronic Data Interchange or EDI. Some of the major sets of EDI standards are:

  • The UN-recommended UN/EDIFACT is the only international standard and is predominant outside of North America.

  • The US standard ANSI ASC X12 (X12) is predominant in North America.

  • The TRADACOMS standard developed by the ANA (Article Numbering Association now known as GS1) is predominant in the UK retail industry.

  • The ODETTE standard used within the European automotive industry

AS2 messages can carry non-EDI payloads such as XML, CSV, Fixed Width, Text, or payloads of other standards or proprietary formats, including any binary files.

Message Disposition Notice or MDN

A Message Disposition Notice or MDN is an electronic receipt issued by a receiver of a business document sent over the AS2 protocol. Usually, MDNs are signed by the receiver with their private keys, and includes a digital signature over the Message Integrity Code or MIC and other key AS2 header values such as From/To AS2 IDs, message ID etc. The sending trading partner can then validate that the MIC of the MDN matches the MIC for the original request document it sent, and thus be certain that the complete document has been transmitted, and accepted by the receiving trading partner. Unless there is an error in digitally signing, a signature is always attached to a MDN - so that the electronic receipt issued has a digital signature with non-repudiation.

An MDN does NOT imply that a received business document has been processed without errors by the receiving trading partner. An MDN ONLY confirms that the message transmission completed successfully, and has been now received by the AS2 infrastructure of the receiving trading partner.

History and Related Specifications - AS1, AS3 and AS4

The AS2 specification was published in July 2005 as the "MIME-Based Secure Peer-to-Peer Business Data Interchange Using HTTP, Applicability Statement 2 (AS2)" by Dale Moberg and Rik Drummond in the RFC 4130 of the IETF. The AS2 protocol was developed to supersede the original AS1 protocol which was based over SMTP (email) and defined in the RFC 3335 by Terry Harding, Chuck Shih and Rik Drummond in 2002. AS3 is a draft specification for EDI file interchange over FTP, and AS4 is a conformance profile of the OASIS ebMS 3.0 specification.

However, AS2 remains as the most widely used protocol for business data exchange, especially after the world’s largest retailer, Walmart, decided to standardize on AS2 for all their trading partner communications. Many other companies across the world today use AS2 to securely exchange business data with their trading partners.

AS2 vs FTP, SFTP and FTPS

Although S/FTP and FTPS are still used for B2B integration, AS2 offers some key value additions over these traditional file transfer mechanisms with respect to security, guarantee of intact delivery and cost savings by using the Internet etc.

In this topic
In this topic