The Applicability Statement 2 or AS2 specification defines a mechanism for the secure and reliable transfer of structured business data over the Internet.
AS2 Message Payloads
The AS2 protocol itself does not dictate any limits on the payload of an AS2 message. However. typical AS2 payloads are structured business documents such as Invoices, Purchase Orders etc. and thus AS2 systems facilitate the Electronic Data Interchange or EDI. Some of the major sets of EDI standards are:
- The UN-recommended UN/EDIFACT is the only international standard and is predominant outside of North America.
- The US standard ANSI ASC X12 (X12) is predominant in North America.
- The TRADACOMS standard developed by the ANA (Article Numbering Association now known as GS1) is predominant in the UK retail industry.
- The ODETTE standard used within the European automotive industry
AS2 messages can carry non-EDI payloads such as XML, CSV, Fixed Width, Text, or payloads of other standards or proprietary formats, including any binary files.
MDN – Message Disposition Notice
A Message Disposition Notice or MDN is an electronic receipt issued by a receiver of a business document sent over the AS2 protocol. Usually, MDNs are signed by the receiver with their private keys, and includes a digital signature over the Message Integrity Code or MIC and other key AS2 header values such as From/To AS2 IDs, message ID etc. The sending trading partner can then validate that the MIC of the MDN matches the MIC for the original request document it sent, and thus be certain that the complete document has been transmitted, and accepted by the receiving trading partner. Unless there is an error in digitally signing, a signature is always attached to a MDN – so that the electronic receipt issued has a digital signature with non-repudiation.
An MDN does NOT imply that a received business document has been processed without errors by the receiving trading partner. An MDN ONLY confirms that the message transmission completed successfully, and has been now received by the AS2 infrastructure of the receiving trading partner.
AS2 vs Traditional B2B Protocols
In contrast to other traditional B2B trading protocols, AS2 offers a secure, efficient and simple to use trading environment without a need for proprietary devices, software or expensive private networks or value added networks. Some of the key benefits of using AS2 includes:
- Encryption for the actual payloads exchanged – so that only the intended recipient trading partner would be able to decrypt a message or file
- Ability to receive a signed receipt with an assurance that the payload was received intact – provided by an MDN which includes a signed receipt of the accepted payload hash
- Prevention of impersonation – signed AS2 messages allow the recipient to verify that the message originated from a trusted trading partner and not an impersonator
- Internet and Firewall friendliness and the associated cost savings – AS2 thus obliterates VANs (Value Added Networks) which are more complex, proprietary and expensive
Since the AS2 protocol operates over ordinary HTTP, it can easily pass through firewalls, and utilize optional transport level SSL encryption and HTTP authentication etc. for additional security. The AS2 protocol utilizes digital certificates to encrypt messages sent over the public Internet, with digital signatures over the payloads to ensure integrity and non-repudiation. The Message Disposition Notifications or MDNs are receipts issued by a receiver that is typically signed, so that the sending party can verify that the payload was safely transmitted without alternations, and accepted by the receiving party. An MDN thus acts as a binding digital receipt for acceptance of a message, and thus plays a key role in facilitating B2B trading over the Internet.
Typically an enterprise would use a software application that supports the AS2 protocol, and integrate it with existing IT infrastructure and internal systems. Once AS2 software is setup, it is usually referred to as an AS2 station, and the term ‘Local Station’ implies your AS2 systems, and the term ‘Remote Station’ implies another AS2 station of one of your trading partners. This way, AS2 allows the ability connect internal application systems to external partners, and their internal systems.
AdroitLogic AS2 Solutions
AS2 Gateway is a Cloud hosted AS2 Trading Gateway offered as a Service powered by one of the best performing Enterprise Service Buses (ESB) UltraESB, developed by AdroitLogic. AS2 Gateway is also available as a standalone application catered for on-premise deployments.
AS2 Station a B2B trading platform for organizations trading over the AS2 protocol, with a simplified and intuitive interface. The extensibility of AS2 Station makes it an ideal partner for organizations looking forward to seamlessly integrate AS2 capability to their existing systems and technology stacks.
~ Rajind Ruparathna