AS2: Difference between revisions

AS2 (Applicability Statement 2) is a specification about how to transport data securely and reliably over the Internet. Security is achieved by using digital certificates and encryption.

The AS2 protocol is based on HTTP and SMIME. It was the second AS protocol developed and uses the same signing, encryption and MDN conventions used in the original AS1 protocol. In other words:

• Files are sent as "attachments" in a specially coded SMIME message (an AS2 message)
• AS2 messages are always sent using the HTTP or HTTPS protocol (Secure Sockets Layer — also known as SSL — is implied by HTTPS) and usually use the "POST" method (use of "GET" is rare)
• Messages can be signed, but do not have to be
• Messages can be encrypted, but do not have to be
• Messages may request an MDN message back if all went well, but do not have to request such a message
• If the original AS2 message requested an MDN...
  • Upon the receipt of the message and its successful decryption or signature validation (as necessary) an MDN "success" message will be sent back to the original sender. This MDN is typically signed but never encrypted (unless temporarily encrypted in transit via HTTPS).
    • Upon the receipt and successful verification of the signature on the MDN, the original sender will "know" that the recipient got their message (this provides the "Non-repudiation" element of AS2)
  • If there are any problems receiving or interpreting the original AS2 message, a "failed" MDN may be sent back. However, part of the AS2 protocol states that the client must treat a lack of an MDN as a failure as well, so some AS2 receivers will simply not return an MDN in this case.

Like any other AS file transfer, AS2 file transfers typically require both sides of the exchange to trade SSL certificates and specific "trading partner" names before any transfers can take place. AS2 trading partner names can usually be any valid phrase.

Unlike AS1 or AS3 file transfers, AS2 file transfers offer several "MDN return" options instead of the traditional options of "yes" or "no". Specifically, the choices are:

Return Synchronous MDN via HTTP(S) ("AS2 Sync") - This popular option allows AS2 MDNs to be returned to AS2 message sender clients over the same HTTP connection they used to send the original message. This "MDN while you wait" capability makes "AS2 Sync" transfers the fastest of any type of AS file transfer, but it also keeps this flavor of MDN request from being used with large files (which may time out in low-bandwidth situations).

Return Asynchronous MDN via HTTP(S) (a.k.a. "AS2 Async") - This popular option allows AS2 MDNs to be returned to the AS2 message sender's server later over a different HTTP connection. This flavor of MDN request is usually used if large files are involved.

Return (Asynchronous) MDN via Email - This rarely-used option allows AS2 MDNs to be returned to AS2 message senders via email rather than HTTP. Otherwise, it is similar to "AS2 Async (HTTP)".

Do not return MDN - This option works like it does in any other AS protocol: the receiver of an AS2 message with this option set simply does not try to return an MDN to the AS2 message sender.

• AS2 Specification, RFC 4130 AS2 specification as listed in RFC #4130
• AS2 secures documents using the Web
• AS2 Providers - Drummond Certified
• Opensource AS2 Providers
• Explanation of AS2 Cryptographic Services