When using the Internet it is important that AS2 messaging provides security and reliability, and it does. In many cases, the AS2 standard builds on previous standards in these areas. For example, the use of digital certificates ensures that documents are delivered only to the intended recipient, that they are secured in transit, and that the sender can be verified. The AS2 standard works with some of the strongest encryption and signature algorithms available commercially, giving you the confidence that your documents will remain secure.
In addition, you need to secure your system from malicious attacks and ensure you are only exchanging data with known partners. These are network security issues not addressed by the AS2 standard. This can be resolved by using routers to isolate the AS2 server and control the traffic reaching it, or through implementation of one of the many firewall solutions available in the market.
Assuring reliable document status—so that documents don’t “get lost in the system”— typically requires tracking the progress of the document in four ways. Three of these apply to any standard that automates the exchange of documents (see Figure 2):
- The communication status confirms that data was received at a network level (for example, that all 256 bytes expected were actually transferred)
- The functional acknowledgement confirms that a valid message was received by the e-commerce application (for instance, that the EDI envelope was opened and contained a valid or structurally correct document); and
- The business acknowledgement confirms the content of the message and that it has been dealt with in an appropriate way (for example, a purchase order acknowledgement agrees to fulfill the orders made in a purchase order)
The AS2 standard adds a fourth kind of status—the MDN, or message disposition notification (see Figure 2). Because AS2 places a message in an envelope to enable it to be sent over HTTP, you need to know that the message was successfully extracted from that envelope. In fact, the AS2 envelope may contain another envelope (ANSI EDI, for instance) with the actual document inside that.
Figure 2: Document Status Tracking
AS2 software will generally manage both communication status and envelope extraction status, while AS2 services providers will also usually deal with functional status. The way in which you monitor business status will depend on your own business processes and the software you are using internally to manage those processes.