AS2 (Applicability Statement 2) is a specification about how to transport data securely and reliably over the Internet. It is described in detail in RFC 4130.

Data usually are Electronic Data Interchange (EDI) messages but may be of any other message type. AS2 specifies how to connect, deliver, validate and acknowledge data. AS2 creates an envelope for a message which is then sent securely over the Internet. Security is achieved by using digital certificates and encryption.

An implementation of AS2 involves two machines, a client and a server, communicating with each other over the Internet. On the operating system level, the AS2 client may be a server, too, offering its communication services to application software. The client sends data to the server, e.g. a trading partner. On receipt of the message the receiving application sends an acknowledgement or MDN (Message Disposition Notification) back to the sender.

Advantages

• Removal of Value Added Network (VAN) costs
• Designed to push data securely and reliably over the Internet
• Fast and reliable connectivity
• Encryption ensures that only the sender and receiver can view the data
• Digital signatures ensure authentication: only messages from authorized senders are accepted
• Hash algorithm insures integrity by detecting whether the document was altered during transmission

Disadvantages

• Costs of a static IP address, permanent Internet connection, firewall and relevant expertise
• Cannot pull data
• No file restart
• Costs of AS2 software
• Need to manage the certificates used for secure connections
• Return on investment only with high transaction volume
• Only works over TCP/IP networks

AS2 Technical Overview

• AS2 provides an ‘envelope’ for the data, which is sent over the Internet using standard protocols (here: HTTP protocol; see also: AS1 with SMTP, AS3 with FTP)
• Data is transmitted using the HTTP POST request
• Data transmission is over TCP/IP, with or without SSL, to a static IP address
• Data can be transmitted signed and encrypted
• Non-Repudiation

Providers

• Inovis - AS2, EDI and Trading Partner Enablement
• Data Interchange Plc
• DIcentral
• mendelson-e-commerce GmbH - Opensource AS2 solution available
• SAA Consultants Limited (UK Based AS2 Solution - Drummond Group Accredited)
• Tumbleweed Communications (Drummond Group accredited)
• Boomi Software (Drummond Group accredited)
• webMethods (Drummond Group accredited)
• Orion Consulting Limited - AS2 Software and Data Exchange services

Information technology management

AS2