Chapter 1 Introduction to AS2 PM
This chapter provides a basic introduction to AS2 protocol, as well as how it operates with AS2 PM. It is not intended to be a thorough tutorial for all the features this protocol.
This chapter covers the following topics:
About the AS2 Protocol
AS2 is an Internet Draft security standard defined by the IETF (Internet Engineering Task Force) and designed to allow business transactions to move securely over the Internet. The standard that is defined is referred to as AS2.
The AS2 specification describes how applications communicate Electronic Data Interchange (EDI) transaction data over the Internet using HTTP, in a secure and interoperable manner. AS2 emphasizes the following key aspects of data security:
-
Privacy
-
Data integrity
-
Authenticity
-
Nonrepudiation of origin and receipt
AS2 specifies the means to connect and to deliver, validate, and reply to data, securely and reliably. The purpose of this chapter is to assist you in developing an AS2-compliant eXchange system deployment that is interoperable with other implementations used by your TPs.
General History and Definitions
AS2 is an extension to Applicability Statement 1 (AS1), the standard for secure message transport based on the Simple Mail Transfer Protocol (SMTP). The extension from AS1 to AS2 consists mainly of compatibility with HTTP(S ), that is, HTTP with the Secure Sockets Layer (SSL), and S/Multipurpose Internet Mail Extensions (S/MIME).
Definition of EDI-INT
EDI-INT is an Internet Engineering Task Force (IETF) Working Group that exists to document the requirements and best practices for secure, interoperable EDI. The EDI-INT Requirements document contains sufficient background material to give the EDI community an explanation of any Internet-related issues.
The EDI-INT Requirements and Applicability Statements are general in nature, so they can be applied to all types of eBusiness transfers across nonsecure networks. The message payload itself does not have to be EDI. The data being transferred can be in the form of Extensible Markup Language (XML) business documents or any other data format.
Definition of AS1
AS1 is an Applicability Statement that described how then-current Internet standards could be leveraged to achieve EDI-INT using SMTP transport technologies. AS1 was published by the IETF EDI-INT Working Group.
Definition of AS2
AS2 is also an IETF EDI-INT Working Group specification. It extends AS1 to include real-time EDI based on S/MIME and HTTP(S ). AS2 security constructs are the same as AS1, with the addition of session-based cryptographic features and authentication.
AS2 Message Format
An AS2 message conforms using the following structure:
-
HTTP header package: RFC2616/RFC2045
-
Encryption package: RFC2633 (application/pkcs7-mime)
-
Digitally signed package: RFC1847 (multipart/signed) (encrypted)
-
Message payload: RFC2376 (application/xml) (encrypted)
-
Digital signature: RFC2633 (application/pkcs7-signature) (encrypted)
The HTTP header is the outermost package, which is supplemented by the headers of the encryption package, which envelopes the signed multipart, which in turn binds the payload and signature parts.
-
Figure 1–1 shows a diagram of the basic AS2 protocol message format.
Figure 1–1 AS2 Message Format
Packaging Layer References
The following list details references for the packaging layers for S/MIME signed, encrypted messages:
Additional AS2 References
You can find the current standards-track drafts of the EDI-INT Requirements document, as well as AS2 specifications, at the following web sites:
-
For MIME-based secure peer-to-peer business data interchange over the Internet:
http://www.ietf.org/rfc/rfc3335.txt?number=3335
-
For HTTP transport for secure peer-to-peer business data interchange over the Internet:
http://www.ietf.org/proceedings/02jul/I-D/draft-ietf-ediint-as2-11.txt
http://www.ietf.org/proceedings/02mar/I-D/draft-ietf-ediint-as2-10.txt
- © 2010, Oracle Corporation and/or its affiliates