AS2 EDI messaging protocol basics

AS2 EDI (Applicability Statement 2) is a specification for Electronic Data Interchange between
businesses using the Internet’s Web page protocol, the Hypertext Transfer Protocol. The
specification is an extension of the earlier version, Applicability Statement 1 (AS1). Both
specifications were created by EDI over the Internet (EDIINT), a working group of the Internet
Engineering Task Force (IETF) that develops secure and reliable business communications
standards.

The AS2 EDI standard provides Secure Multi-Purpose Internet Mail Extensions (S/MIME) and
uses HTTP or a more secure version, HTTPS, to transmit data over the Internet. AS2 EDI uses a
slower protocol, SMTP (Simple Mail Transfer Protocol). The use of HTTP or HTTPS allows
communication in real time rather than through e-mail delivery. Security, authentication,
message integrity, and privacy are assured by the use of encryption and digital signatures.
Another important feature, no repudiation, makes it impossible for the intended recipient of a
message to deny having received it.

The AS2 EDI standard allows businesses to use a common, single communications solution. This
eliminates the complications and costs involved when different businesses in a network use
different transfer protocols. A Web server, an EDI transfer engine, and digital certificates are
required for data exchange using AS2 EDI. Almost any type of data can be transmitted.

Advantages:
 Safe connection
 Ability to receive files processing statuses (MDN message answer)
 Ability of coding and authentication.
Disadvantages:
 Necessity for using specialized software
 Certificate is needed

AS2 or Applicability Standard 2 is one of the most common methods for transporting electronic
data interchange EDI securely and reliably (and inexpensively) over the Internet. AS2 creates a
sort of an iron-clad ‘envelope’ for the EDI data, which allows it to be sent from one computer to
another over the web using digital certificates and encryption. Due to security standards, many
organizations require partners to use AS2 for all EDI or other business to business
communications. And for those working in healthcare, it also satisfies many of the HIPAA
requirements. Any organization with constant access to the Internet is capable of handling AS2
communications, which allows for immediate transmission of files directly between trading
partners.
What is AS2?
Business to business document exchange has been traditionally carried out using EDI standards
via Value Added Networks (VANs). However, following the widespread availability of the
Internet in the last few years, many companies have been seeking ways in which they can take
advantage of the low cost communications and ease of access offered by the Internet in
exchanging business documents with trading partners, whilst retaining the reliability and
security offered by the EDI Value Added Networks.

AS2 (Applicability Statement 2), a secure messaging standard designed by the Internet
Engineering Task Force (IETF), meets this requirement. AS2 can be used to exchange structured
business data securely using HTTP transfer at a fraction of the cost of exchange via EDI Value
Added Networks.

How it works
Step 1
The business document is generated in the format agreed between the sender and the
recipient.
Step 2
An AS2 server digitally signs and encrypts the document and sends the document over
the Internet to the recipient.
Step 3
The recipient's AS2 server decrypts the document and checks the digital signature to
confirm the sender.
Step 4
The recipient's AS2 server generates a message notification and returns it over the
Internet to the sender's AS2 server to confirm receipt of the document.
AS2 data exchange provides all of the security and scalability benefits of the EDI Value Added
Network at a significantly lower cost and at a much faster transfer rate.

AS2 vs. OFTP2 Advanced Protocol Comparison

When looking closely at some of the newest protocol advancements, it’s interesting to note
that some protocols are very similar in functionality. So, why are mandates directing the use of
one protocol versus another? Most of the reason comes down to the history of implementation
and market use. To demonstrate this point, we’ll compare two of the more advanced protocols,
AS2 and OFTP2.
The History

OFTP was first introduced by ODETTE International Ltd., a membership organization formed by
the European automotive industry for the automotive industry, which sets the standards for e-
Business communications and data exchange. OFTP is the most prolific protocol inside Europe
for the exchange of EDI data, in particular for the automotive industry, and was initially
designed to work over an X.25 network. The historical use of this protocol has been over ISDN
networks that are/were popular in Europe but now this protocol is migrating to communication
over the Internet with the implementation of OFTP2. OFTP2 enhances security via encryption
methods and uses digital certificates — expanding what OFTP offers. Recent mandates issued
by Volkswagen and Volvo are increasing the demand to quickly implement OFTP2.

AS2 was developed in the U.S. by the Uniform Code Council (UCC) and is a secure, reliable
Internet data transport standard. Security is achieved by using digital certificates and
encryption. The AS2 standard supports EDI or any other data transmittals over the Internet
using HTTP. The AS2 specification describes how to transport data, not how to validate or
process data. Much of the success of AS2 has been seen in America, notably the retail sector. A
large influence behind the adoption of AS2 was in 2002 when retail giant Walmart mandated its
10,000 suppliers use AS2 to exchange EDI data with them directly.

Moving Forward

When evaluating protocols that are appropriate for your business, it’s to your advantage to
learn a bit about the protocols, their security features and the industries that use them. By
doing this you can ensure that the secure communications solution you choose works for your
business not only today, but well into the future.
STATS:

Tran Encr Fil Primar

Pr Me Non-
sfer yption e Certi Adva Chall y
otoco ssage Repudia
Suppo Metho Rest fication ntages enges Applicati
l Size tion
rted ds art on
Built-
CEM
in
is not
Certific
yet
ate
widely
Exchan
adopte
Small ge
d
— Y (CEM) U.S. Retail
Drumm
Real- Large SSL (Q4, Requ and
AS2 Y ond
Time (end CMS 2010 ires an Manufact
Group
of ) “always uring
2010) File on”
Restart Interne
t
connec
tion
   
Built-
in
New
Certific
er
ate
protoco
Exchan
l
ge
(CEM)
Track
record
European
and
Small Automoti
OFTP Real- SSL File adoptio
— Y Y Odette ve &
2 Time CMS Restart n yet to
Large Governm
be
ent
determi
ned
Requ
ires
“always
 
on”
Interne
t
 connec
tion