AS2 is a protocol that describes how to exchange structured business data securely using the HTTP transfer protocol.
Structured business data exchanged using AS2 protocol can be,
- Electronic Data Interchange (EDI) in either the
- UN Electronic Data Interchange for Administration, Commerce, and Transport (UN/EDIFACT) format or
- The American National Standards Committee (ANSI) X12 format
- XML or any other structured data formats.
Major application of AS2 is to exchange data in EDI formats.
Security
is achieved using digital certificates and encryption. Exchanged
messages can be signed using to provide security requirements such as
authenticity and preventing non-repudiation. They can be also encrypted
to provide confidentiality and integrity. Those are optional requirement
according to AS2 specification. An AS2 message can have its content in
plain text and without a digital signature.
S/MIME
is a format and protocol for adding cryptographic signature and/or
encryption services to Internet MIME messages. In AS2, files are encoded
as attachments in an S/MIME message. This is what we call an AS2
message. Those messages are sent using the HTTP or HTTPS, usually as
POST.
Content Types and AS2
There can be several content types for AS2 messages.
-
When there is no encryption, no signature
-
application/EDIxxxx or application/xml
-
When there is no encryption, but signature is present
-
multipart/signed – message contains two MIME parts
-
application/EDIxxxx or application/xml
-
application/pkcs7-signature
-
When there is Encryption, but no signature is present
-
application/pkcs7-mime
-
application/EDIxxxx or application/xml (in the decrypted message)
-
When there is both encryption and signature
-
application/pkcs7-mime
-
multipart/signed(encrypted) – decrypted message contains 2 parts
-
application/EDIxxxx or /xml)
-
application/pkcs7-signature)
Usually
AS2 clients are called "Trading partners". When sending a message, they
can request an acknowledgement message called MDN (Message Disposition
Notification).
There are several options of requesting a MDN. They are Synchronous MDN, Asynchronous MDN and No MDN.
If
there are problems receiving or interpreting the original AS2 message, a
"failed" MDN may be sent back. Both "failed" MDN and not receiving MDN
(when it is requested) are considered as failures according to specs.
Mendelson (GPL) and OpenAS2 (BSD) are open source implementations of AS2 for java, These can be used to send and receive AS2 messages. Specifically, Mendelson has a user-friendly GUI.
Mendelson (GPL) and OpenAS2 (BSD) are open source implementations of AS2 for java, These can be used to send and receive AS2 messages. Specifically, Mendelson has a user-friendly GUI.
1 comment:
thank you.
Post a Comment