AS2 ( Applicability Statement 2 ) is a new communication protocol for secure data transfer via the Internet. Electronic business documents of any format that are sent to the business partners are compressed and if necessary provided with an electronic signature.
Process of the communication
SupplyOn Customer AS2 works with an "envelope" in which the EDI data is embedded. The data is transmitted with the Hypertext Transfer Protocol ( HTTP ), the core technology of the World Wide Web. The server of the receiver waits for messages that are addressed to it. As soon as the server recognizes that a message addressed to it "knocks", the server examines the certificates/Authorization of the message. After the examination it lets the message enter.
Similarly as a telephone without a mailbox, the server acquires the message only if the server is available. Therefore the server has to keep a permanent connection to the internet.
Strength of AS2
The implementation of AS2 enables the user to send and receive data securely and reliably with the Internet protocol HTTPS. The cost advantage, which results from the use of the Internet, is passed on directly to the AS2 user. If you have decided to use an AS2 software solution, no additional costs will arise, even when sending a larger data volume. By the rising number of EDI messages this is, apart from the security aspect, for many companies the decisive factor to implement AS2.
Digital certificates ensure for example, that messages only reach the desired receiver and that the sender can be verified. AS2 works with encryption and signature algorithms, so that the security of the documents is ensured.
Conditions for the AS2 communication
A condition for the data exchange with other AS2 compatible companies is an Internet access and AS2 compliant software. Please pay attention that your AS2 software has to support HTTP Basic Authentication for data transmission to SupplyOn ( see AS2 Header – Message Subject).
SupplyOn AS2 parameter sheet
Should you have decided to transmit your EDIFACT messages via AS2, and we have received the contract for this service, you will receive the AS2 parameter sheet with the SupplyOn AS2 parameters. Please fill out this parameter sheet carefully and send it to integration-service@supplyon.com.
AS2 header – message subject
The AS2 Client from SupplyOn does not open the EDI messages but only reads information from the HTTP header. Important for our AS2 Client and the Partner / Entity Finding is the AS2 message subject (depending on the process, e.g.: SO_ORDRSP, SO-DESADV-D07A). Please populate the AS2 message subject of your respective AS2 client configuration with the agreed values for "Message Subject / Subject".
AS2 parameter & explanations
|
|
AS2 Parameter |
SupplyOn Communication |
Explanation |
|---|---|---|---|
| Security | Communication Certificate |
● trusted or self-signed ● maximum validity 5 years |
One certificate for communication and signature Trusted: Certificate Authority assigns, administrates and controls certificates. There are Class 2 and Class 3 certificates. Self-Signed: Self-Signed certificates reduce the administration effort. Certificates have to be updated at least after 5 years. |
| Digital signature | SHA1 | Before the data is dispatched a signature is generated and attached to the transmission. With the receipt of the message the receiver verifies the signature. This guarantees that the message really comes from the sender. SHA1 is an option of the signature algorithm and is recommended. | |
| Encryption | _ | No additional encryption of the data is necessary, since the communication is already SSL encrypted ( HTTPS )! | |
| Transport layer | Internet connection |
● permanent internet connection ● fixed and public URL or IP address mandatory |
A permanent Internet connection has to be granted. |
| Transport Protocol | AS2 via secure HTTP ( HTTPS ) | HTTPS is a special form of the HTTP Protocol offering increased security via SSL (128 Bit encryption). HTTPS is used to prevent the „monitoring“ during the transmission of sensitive data. | |
| Client Authentication | Authentication | HTTP Basic authentication with username and password | Authentication of the sending interface system during the receipt. |
| Message Disposition Notification=MDN | MDN | Mandatory | The MDN is an instrument for transaction security. The MDN is sent back by the recipient. It confirms the message receipt and provides proof that the correct recipient was reached, since he was in the possession of the private key. |
| MDN signed | Synchronously signed if necessary | Signing of the message receipt | |
| MDN encryption | _ | No additional encryption of the data is necessary, since the communication is already SSL encrypted ( HTTPS )! | |
| AS2 Header | Message Subject / Subject | Mandatory | Please check, if your AS2 Client is compatible to send the AS2 message subject in the subject line, e.g. SO_ORDRSP |