Estimated reading time: 2 minutes, 18 seconds

complexity2Like VANs, AS2 gets complex if there are more than a couple of nodes involved. It is an excellent protocol with strong encryption and digital signatures, positive sender identification and proof of receipt. It is the implementation that can be weak, not the application.

AS2 (Applicability Statement 2) is a specification for Electronic Data Interchange (EDI) between businesses using the Internet's Web page protocol, the Hypertext Transfer Protocol (HTTP). The AS2 standard provides Secure Multi-Purpose Internet Mail Extensions (S/MIME) and uses HTTP or its more secure version, HTTPS, to transmit data over the Internet. Security, authentication, message integrity, and privacy are assured by the use of encryption and digital signatures.


Another important feature, nonrepudiation, makes it impossible for the intended recipient of a message to deny having received it. A Web server, an EDI transfer engine, and digital certificates are all that are required for data exchange using AS2.

All this sounds very well developed, but AS2 has no “directory” function. What would e-mail be like if it had no directory function? E-Mail has its DNS & MX records which automatically make the rounds of other e-mail systems.  

Much of the management of AS2 is still manual. That means it is time to automate! URLs and Public Certificates change. Most every AS2 package allows you to generate and sign your own certificate. The process will generate both a private and public key for a length of time selected by you. The private key will automatically be securely stored where the AS2 software can access it, and the public certificate will be placed in a location where you can send copies to your trading partners.


There needs to be a way to update and exchange this “metadata” (defined as a set of data that describes and gives information about other data) between AS2 systems. How about setting up repositories for the certificates and automatically sending data to trading partners?


No, I don't mean a “Certificate Authority” that just adds cost for no real reason. This would be like an “authoritative name server” which is vital to email (Simple Mail Transfer Protocol or SMTP). Maintenance responsibility needs to rest with the originator of the data. When the originator hits the “SEND” button, a pre-defined process takes over with all of the originator's trading partners.

But where do you start? Voluntary! Get big HUBs interested and service providers like SPS Commerce interested and things would move. Lest we forget, AS2 would not be where it is today if it weren't for WalMart. Let's all pull together to make AS2 easier to administer as usage grows.

Shown below is an excellent collection of reference material on AS2:

AS2: Part 1 – What Is It?

AS2: Part 2 – Best Practices

AS2 Best Practices Part 3, Certificates

Last modified on Tuesday, 24 December 2013
Read 2635 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.
Ok Decline