Why AS2

At a minimum, B2B commerce requires:

  • Partners to use common data formats (these days, typically EDI or XML)
  • Common network connectivity, so that a network path exists between trading partners
  • Secure document delivery, so that only the intended recipient receives the message
  • Secure document transmission, so that no one can read the document in transit
  • Non-repudiation, so that the recipient can be sure that a document was actually sent by the claimed sender
  • Reliable document status, so that a sender knows exactly what has happened to a document

Ideally, a B2B commerce system would also offer:

  • The ability to manage partner relationships and control the kind of information being shared with which partners
  • The ability to convert data into a form acceptable to the recipient
  • The ability to send data using a range of protocols (such as secure FTP, FTP over VPN, and so on) and to make use of different carrier services, such as traditional value-added networks or other third-party integration service providers.

Some parts of this challenge—for example, common formats and functional acknowledgement— have been solved through the development of a range of data standards, such as ANSI, EDIFACT and forms of XML aimed at the B2B commerce environment, such as cXML and OAG BODs. Connectivity through the ever-evolving choice of protocols was traditionally achieved using a mix of private and shared value-added networks, adding to the complexity of the communication process, especially where smaller organisations were involved. The rapid growth of the Internet to the point of near universal connectivity is now allowing trading partners to carve out the pathways between them more easily—but at the expense of other requirements such as security, privacy and manageability.

An Internet standard created by the EDI over the Internet (EDIINT) task force of the Internet Engineering Task Force (IETF)—the body that develops the standards used on the Internet—addresses these concerns. Called AS2 (which stands for Applicability Statement 2), it was created to allow the secure and reliable transmission of documents over the Internet using the HTTP protocol.

In simple terms, if you can “surf the web”, you have the basic infrastructure needed to send AS2-compliant documents and to exchange documents with other organisations also running AS2-compliant software—without needing to know anything about the specifics of their systems. If your organisation can host a website 24x7, you have the basic infrastructure for receiving documents from partners via AS2—again without needing to know any technical specifics about their platforms.

Companies may question the need for yet another online standard—but there are good reasons why they should consider AS2. First, AS2 has been designed for both business messaging and the Internet, meaning it works particularly well for the exchange of business documents. Unlike traditional data oriented protocols like FTP (which remains the leading TCP/IP-based protocol for B2B, eclipsing even AS2), it addresses issues such as document encryption and signatures, and offers receipts. And unlike other e-commerce specific standards, like ebXML or RosettaNet, it allows companies to continue to use existing internal processes, demanding changes only to the mechanisms actually used to exchange documents with partners. Although large enterprises will continue to make significant investments in e-commerce to handle high volumes of transactions, smaller partners with lower transaction volumes will now be able to afford the same features through relatively inexpensive software or outsourcing services. This should significantly increase the number of trading partners exchanging information electronically.

Second, AS2 may offer some cost savings over more traditional approaches to data exchange when both partners are using AS2 and when very high volumes of data need to be exchanged or when companies are migrating from legacy direct connects—although implementing it and managing the AS2 environment ongoing will still involve software, hardware and professional service fees.