WHAT are AS1 and AS2?
AS1 - Applicability Statement (AS) 1 was developed by the IETF (Internet Engineering Task Force) to implement secure and reliable messaging over SMTP and S/MIME. It was the first AS protocol to be developed and uses signing, encryption and MDN conventions. (MDN refers to Message Disposition Notifications or the ability to provide “Return Receipts”). As with any AS file transfer, AS1 file transfers typically require both sides of the exchange to trade SSL certificates and specific business partner names before any transfers can take place.
AS1 software requirements:
AS2 - Applicability Statement (AS) 2 uses the same signing, encryption, and MDN conventions used in the original AS1 protocol. AS2 messages are usually sent across the internet using the HTTP or HTTPS protocol. AS2 has been widely deployed as a point-to-point connectivity method. AS2 offers many advantages over standard HTTP, including increased verification, and security achieved through the use of receipts and digital signatures. AS2 transactions and acknowledgments also occur in real-time, increasing the efficiency of document exchanges. Walmart was one of the first companies to help drive the adoption of AS2 across the retail sector.
AS2 software requirements:
Why are the as1 and as2 standards important?
Standards, such as AS1 and AS2, simplify communication by reducing the number of technologies an organization must support and manage. If every large organization use a different data transport standard, it would cost prohibitive for their smaller business partners to exchange data with them electronically. AS1 and AS2 allow organizations to implement one solution for data exchange with all business partners who are using an AS1 or AS2 solution.
The benefits of AS2 for a small to medium-size supplier
UCCnet-interoperable
Cost-effective
Extendable
Secure
Speed & efficiency
Control
Support
How does as1 work?
AS1 provides S/MIME (Multipurpose Internet Mail Extension) encryption and security over SMTP. S/MIME (Secure/Multipurpose Internet Mail Extensions) secures data with authentication, message integrity, non-repudiation of origin, and privacy features and is the standard means of transporting virtually all Internet email. SMTP (Simple Mail Transfer Protocol) is the protocol used by most email systems for sending email messages between servers.
How does AS2 work?
AS2 is an adjustment of AS1, providing S/MIME over HTTP or HTTP/S, instead of SMTP, as the transport protocol. HTTP (Hypertext Transfer Protocol) and its secure form, HTTP/S define how messages are formatted and transmitted and what actions Web servers and browsers should take in response to various commands.
Are my business documents safe? How is secure Internet EDI (AS2)?
Your business documents are very safe. AS2 provides privacy, authentication, integrity, and non-repudiation.
How does AS1compare with AS2?
Because AS1 uses SMTP it provides asynchronous, “store and forward” data transport, whereas AS2 makes use of HTTP to allow for synchronous, “real-time” transmission of data with immediate message delivery notices.
What are the advantages of AS1 & AS2?
Advantages of AS1 & AS2: -
What about AS3?
AS3 - Applicability Statement (AS) 3 was developed by the IETF to implement secure and reliable messaging over FTP. AS3 is based upon the secure version of the FTP protocol, rather than HTTP. AS3 transport is S/MIME over FTP and operates a client/server model like FTP, as opposed to the peer-to-peer approach used by AS2. AS3 also uses MDN’s (receipt notifications) like AS2. AS3 is a push/pull protocol and the client side AS3 does not require a listener to be always aware of inbound traffic (whereas AS2 always requires a persistent connection for the listener). AS3 may be especially well suited for banking and other industries where there are heavy investments in FTP scripting, applications, and security.
There is no AS3 specification. While some vendor organizations claim to support AS3, it does not exist.
What about AS4?
AS4 - Applicability Statement (AS) 4 offers secure B2B document exchange using web services and was developed by the sub-committee of the OASIS ebXML messaging services technical committee. AS4 is still in its draft definition format. The AS4 profile provides the marketplace with an entry-level solution that allows companies to begin utilizing their internal SOA based platforms for external B2B messaging while at the same time taking on some of the more complicated aspects of web services. The European Aerospace industry is proposing to use AS4 as its communication standard for sending ebXML related B2B documents between business partners. Further information about AS4 can be found on the Drummond Group site.
How do IPNET’S products use AS1 and AS2?
IPNet’s products use AS1 and AS2 to securely transport any data type with encryption and data authentication, ensuring that the sender and receiver are who they claim to be and providing notification of message delivery and receipt. On the sender side, the data is compressed and encrypted for transport. Once the data arrives on the receiving side, it is automatically decrypted and validated. Next, the recipient acknowledges receipt by returning an encrypted, signed or unsigned digital receipt to the sender. The sender receives the digital receipt and automatically decrypts it. This secure data transfer process happens through AS1 and AS2’s use of recognized security standards, specifically S/MIME, HTTP/S, and digital certificates.
How can I be sure IPNET’S products truly support AS1 and AS2?
The Uniform Code Council (UCC) in cooperation with the Drummond Group, Inc. sponsors an AS1/AS2 test program every six to nine months. This test program allows vendors to test the interoperability of their AS1 and AS2 products with those of other vendors in a setting that reproduces a customer environment. IPNet has successfully completed AS1 and AS2 interoperability testing.
What type of data can I transmit with AS1 and AS2?
Virtually any data. AS1 and AS2 are transport mechanisms and are not tied to any specific data format. Both AS1 and AS2 will work with almost any data type including EDI, XML, TXT, DOC, XLS, and ebXML.
Should my company use AS1 or AS2?
That depends. AS1 and AS2 both offer the most secure data transport available. The benefit of AS2 over AS1 is that it offers real-time, instantaneous notification of message delivery and receipt. AS2 requires a dedicated Web server, so, if you do not have a Web server which can be used to host your IPNet solution or your server is not always accessible from the Internet due to corporate firewall restrictions, AS2 is not an option for your organization.
AS1 - Applicability Statement (AS) 1 was developed by the IETF (Internet Engineering Task Force) to implement secure and reliable messaging over SMTP and S/MIME. It was the first AS protocol to be developed and uses signing, encryption and MDN conventions. (MDN refers to Message Disposition Notifications or the ability to provide “Return Receipts”). As with any AS file transfer, AS1 file transfers typically require both sides of the exchange to trade SSL certificates and specific business partner names before any transfers can take place.
AS1 software requirements:
- Email server - Microsoft Exchange 5.5 SP2 or Lotus Notes R4.6 or higher
- Encryption security certificate - from a certificate authority such as Verisign, Entrust or Thawte
- Modem - if connecting to the email server via a dial-up connection.
AS2 - Applicability Statement (AS) 2 uses the same signing, encryption, and MDN conventions used in the original AS1 protocol. AS2 messages are usually sent across the internet using the HTTP or HTTPS protocol. AS2 has been widely deployed as a point-to-point connectivity method. AS2 offers many advantages over standard HTTP, including increased verification, and security achieved through the use of receipts and digital signatures. AS2 transactions and acknowledgments also occur in real-time, increasing the efficiency of document exchanges. Walmart was one of the first companies to help drive the adoption of AS2 across the retail sector.
AS2 software requirements:
- Encryption security certificate - from a certificate authority such as Verisign, Entrust or Thawte
- Modem - if connecting to the HTTP/S Web server via dial-up.
Why are the as1 and as2 standards important?
Standards, such as AS1 and AS2, simplify communication by reducing the number of technologies an organization must support and manage. If every large organization use a different data transport standard, it would cost prohibitive for their smaller business partners to exchange data with them electronically. AS1 and AS2 allow organizations to implement one solution for data exchange with all business partners who are using an AS1 or AS2 solution.
The benefits of AS2 for a small to medium-size supplier
UCCnet-interoperable
- A standard supported by the Uniform Code Council (UCC) and others
- Many AS2 solutions have been certified by the Drummond Group
- Easy to connect trading partners
Cost-effective
- Leverages the Internet to reduce VAN fees
- Does not require expensive hardware like BISYNC
Extendable
- Leverages the Internet to exchange transactions other than EDI, such as POS and sales forecasts that have traditionally been too expensive to send over a VAN
Secure
- Offers security and non-repudiation via digital certificates
- Uses SSL to secure the transport pipe
Speed & efficiency
- Offers near real-time transaction processing
- Immediate transaction receipt acknowledgment
- Up to 200 times faster than BISYNC
- More dependable than BISYNC
Control
- You control transaction management
- You handle and manage your valuable data
- You control the transport schedule (batch processing and transport are possible)
- You receive immediate feedback from partners
Support
- Quick to set-up
- Easier to support and maintain compared to direct BISYNC
- AS2 is the first step required for UCCnet Communication certification
How does as1 work?
AS1 provides S/MIME (Multipurpose Internet Mail Extension) encryption and security over SMTP. S/MIME (Secure/Multipurpose Internet Mail Extensions) secures data with authentication, message integrity, non-repudiation of origin, and privacy features and is the standard means of transporting virtually all Internet email. SMTP (Simple Mail Transfer Protocol) is the protocol used by most email systems for sending email messages between servers.
How does AS2 work?
AS2 is an adjustment of AS1, providing S/MIME over HTTP or HTTP/S, instead of SMTP, as the transport protocol. HTTP (Hypertext Transfer Protocol) and its secure form, HTTP/S define how messages are formatted and transmitted and what actions Web servers and browsers should take in response to various commands.
Are my business documents safe? How is secure Internet EDI (AS2)?
Your business documents are very safe. AS2 provides privacy, authentication, integrity, and non-repudiation.
- Privacy: Message content privacy is provided via data encryption so that a document can only be viewed by the Sender and the Receiver.
- Authentication: A Sender's digital signature ensures that the Sender is actually who they claim to be.
- Integrity: Hash totals are enclosed in Message Disposition Notifications (MDNs) so that a document cannot be altered without the Receiver detecting a change.
- Non-Repudiation: A signed MDN is a receipt acknowledgment that serves as proof that a document was in fact received by the Receiver.
How does AS1compare with AS2?
Because AS1 uses SMTP it provides asynchronous, “store and forward” data transport, whereas AS2 makes use of HTTP to allow for synchronous, “real-time” transmission of data with immediate message delivery notices.
What are the advantages of AS1 & AS2?
Advantages of AS1 & AS2: -
- Secure electronic transmission of data, especially over the Internet.
- Allows organizations to conduct business much more quickly than with paper.
- For example, turn-around times of business transactions are decreased when conducted electronically.
- The AS1 standard is a way to securely transport EDI documents over the Internet via SMTP (email).
- The AS2 standard is a way to securely transport EDI and XML documents over the Internet via HTTP.
- The AS3 standard is a way to securely transport EDI documents and XML over the Internet via FTP.
- Also, organizations benefit by greatly reducing the cost associated with traditional, Value-added Network (VAN) EDI.
- The AS1/AS2 specifications use the Internet to exchange data and, therefore, eliminate expensive VAN transaction fees.
- The AS1 and AS2 are the recognized standards for data transport,
- Organizations benefit by greatly reducing the time and cost associated with business data exchange.
- Using the recognized AS1/AS2 standards provides interoperability between data transmissions, ensuring organizations can read each other’s data.
What about AS3?
AS3 - Applicability Statement (AS) 3 was developed by the IETF to implement secure and reliable messaging over FTP. AS3 is based upon the secure version of the FTP protocol, rather than HTTP. AS3 transport is S/MIME over FTP and operates a client/server model like FTP, as opposed to the peer-to-peer approach used by AS2. AS3 also uses MDN’s (receipt notifications) like AS2. AS3 is a push/pull protocol and the client side AS3 does not require a listener to be always aware of inbound traffic (whereas AS2 always requires a persistent connection for the listener). AS3 may be especially well suited for banking and other industries where there are heavy investments in FTP scripting, applications, and security.
There is no AS3 specification. While some vendor organizations claim to support AS3, it does not exist.
What about AS4?
AS4 - Applicability Statement (AS) 4 offers secure B2B document exchange using web services and was developed by the sub-committee of the OASIS ebXML messaging services technical committee. AS4 is still in its draft definition format. The AS4 profile provides the marketplace with an entry-level solution that allows companies to begin utilizing their internal SOA based platforms for external B2B messaging while at the same time taking on some of the more complicated aspects of web services. The European Aerospace industry is proposing to use AS4 as its communication standard for sending ebXML related B2B documents between business partners. Further information about AS4 can be found on the Drummond Group site.
How do IPNET’S products use AS1 and AS2?
IPNet’s products use AS1 and AS2 to securely transport any data type with encryption and data authentication, ensuring that the sender and receiver are who they claim to be and providing notification of message delivery and receipt. On the sender side, the data is compressed and encrypted for transport. Once the data arrives on the receiving side, it is automatically decrypted and validated. Next, the recipient acknowledges receipt by returning an encrypted, signed or unsigned digital receipt to the sender. The sender receives the digital receipt and automatically decrypts it. This secure data transfer process happens through AS1 and AS2’s use of recognized security standards, specifically S/MIME, HTTP/S, and digital certificates.
How can I be sure IPNET’S products truly support AS1 and AS2?
The Uniform Code Council (UCC) in cooperation with the Drummond Group, Inc. sponsors an AS1/AS2 test program every six to nine months. This test program allows vendors to test the interoperability of their AS1 and AS2 products with those of other vendors in a setting that reproduces a customer environment. IPNet has successfully completed AS1 and AS2 interoperability testing.
What type of data can I transmit with AS1 and AS2?
Virtually any data. AS1 and AS2 are transport mechanisms and are not tied to any specific data format. Both AS1 and AS2 will work with almost any data type including EDI, XML, TXT, DOC, XLS, and ebXML.
Should my company use AS1 or AS2?
That depends. AS1 and AS2 both offer the most secure data transport available. The benefit of AS2 over AS1 is that it offers real-time, instantaneous notification of message delivery and receipt. AS2 requires a dedicated Web server, so, if you do not have a Web server which can be used to host your IPNet solution or your server is not always accessible from the Internet due to corporate firewall restrictions, AS2 is not an option for your organization.
No comments:
Post a Comment