Sun B2B Suite AS2 Protocol Manager User's Guide

About the AS2 Protocol

AS2 is an Internet Draft security standard defined by the IETF (Internet Engineering Task Force) and designed to allow business transactions to move securely over the Internet. The standard that is defined is referred to as AS2.

The AS2 specification describes how applications communicate Electronic Data Interchange (EDI) transaction data over the Internet using HTTP, in a secure and interoperable manner. AS2 emphasizes the following key aspects of data security:

AS2 specifies the means to connect and to deliver, validate, and reply to data, securely and reliably. The purpose of this chapter is to assist you in developing an AS2-compliant eXchange system deployment that is interoperable with other implementations used by your TPs.

General History and Definitions

AS2 is an extension to Applicability Statement 1 (AS1), the standard for secure message transport based on the Simple Mail Transfer Protocol (SMTP). The extension from AS1 to AS2 consists mainly of compatibility with HTTP(S ), that is, HTTP with the Secure Sockets Layer (SSL), and S/Multipurpose Internet Mail Extensions (S/MIME).

Definition of EDI-INT

EDI-INT is an Internet Engineering Task Force (IETF) Working Group that exists to document the requirements and best practices for secure, interoperable EDI. The EDI-INT Requirements document contains sufficient background material to give the EDI community an explanation of any Internet-related issues.

The EDI-INT Requirements and Applicability Statements are general in nature, so they can be applied to all types of eBusiness transfers across nonsecure networks. The message payload itself does not have to be EDI. The data being transferred can be in the form of Extensible Markup Language (XML) business documents or any other data format.

Definition of AS1

AS1 is an Applicability Statement that described how then-current Internet standards could be leveraged to achieve EDI-INT using SMTP transport technologies. AS1 was published by the IETF EDI-INT Working Group.

Definition of AS2

AS2 is also an IETF EDI-INT Working Group specification. It extends AS1 to include real-time EDI based on S/MIME and HTTP(S ). AS2 security constructs are the same as AS1, with the addition of session-based cryptographic features and authentication.

AS2 Message Format

An AS2 message conforms using the following structure:

Figure 1–1 shows a diagram of the basic AS2 protocol message format.

Figure 1–1 AS2 Message Format

AS2 Message Format

Packaging Layer References

The following list details references for the packaging layers for S/MIME signed, encrypted messages: