The Applicability Statement 2 or AS2 specification defines a mechanism for the secure and reliable transfer of structured business data over the Internet. In contrast to other traditional B2B trading protocols, AS2 offers a secure, efficient and simple to use trading environment without a need for proprietary devices, software or expensive private networks or value-added networks. Some of the key benefits of using AS2 includes:
Since the AS2 protocol operates over ordinary HTTP, it can easily pass through firewalls and utilize optional transport-level SSL encryption, HTTP authentication etc. for additional security. The AS2 protocol utilizes digital certificates to encrypt messages sent over the public Internet, with digital signatures over the payloads to ensure integrity and non-repudiation.
The Message Disposition Notices or MDNs, are receipts issued by a receiver that is typically signed so that the sending party can verify that the payload was safely transmitted without alterations, and accepted by the receiving party. An MDN thus acts as a binding digital receipt for acceptance of a message, and thus plays a key role in facilitating B2B trading over the Internet.
Typically an enterprise would use a software application that supports the AS2 protocol and integrate it with existing IT infrastructure and internal systems. Once AS2 software is set up, it’s usually referred to as an AS2 station. The term Local Station implies your AS2 system, and the term Remote Station implies another AS2 station of one of your trading partners. This way, AS2 allows the ability to connect internal application systems to external partners, and their internal systems.
The AS2 protocol itself does not dictate any limits on the payload of an AS2 message. However, typical AS2 payloads are structured business documents such as Invoices, Purchase Orders etc. and thus AS2 systems facilitate the Electronic Data Interchange or EDI. Some of the major sets of EDI standards are:
AS2 messages can carry non-EDI payloads such as XML, CSV, Fixed Width, Text, or payloads of other standards or proprietary formats, including any binary files.
A Message Disposition Notice or MDN is an electronic receipt issued by a receiver of a business document sent over the AS2 protocol. Usually, MDNs are signed by the receiver with their private keys, and includes a digital signature over the Message Integrity Code or MIC and other key AS2 header values such as From/To AS2 IDs, message ID etc. The sending trading partner can then validate that the MIC of the MDN matches the MIC for the original request document it sent, and thus be certain that the complete document has been transmitted and accepted by the receiving trading partner. Unless there is an error in digitally signing, a signature is always attached to an MDN - so that the electronic receipt issued has a digital signature with non-repudiation.
An MDN does NOT imply that a received business document has been processed without errors by the receiving trading partner. An MDN ONLY confirms that the message transmission completed successfully, and has been now received by the AS2 infrastructure of the receiving trading partner.
The AS2 specification was published in July 2005 as the “MIME-Based Secure Peer-to-Peer Business Data Interchange Using HTTP, Applicability Statement 2 (AS2)” by Dale Moberg and Rik Drummond in the RFC 4130 of the IETF. The AS2 protocol was developed to supersede the original AS1 protocol which was based over SMTP (email) and defined in the RFC 3335 by Terry Harding, Chuck Shih and Rik Drummond in 2002. AS3 is a draft specification for EDI file interchange over FTP, and AS4 is a conformance profile of the OASIS ebMS 3.0 specification.
However, AS2 remains as the most widely used protocol for business data exchange, especially after the world’s largest retailer, Walmart, decided to standardize on AS2 for all their trading partner communications. Many other companies across the world today use AS2 to securely exchange business data with their trading partners.
Although S/FTP and FTPS are still used for B2B integration, AS2 offers some key-value additions over these traditional file transfer mechanisms with respect to security, a guarantee of intact delivery and cost savings by using the Internet etc.