Q: What are EDI and AS2? What do all of these funny acronyms stand for and what do they mean?
| ||||||||||||
Q: What about AS1 and AS3? Both are similar to AS2 in the three principles they adhere to, but the communication protocol is different in each. AS1 is EDI over SMTP, while AS3 is EDI over FTP. Both AS1 and AS3 are also supported in IP*Works! EDI, but are not discussed specifically in this FAQ. | ||||||||||||
Q: Why do we even need to use AS2? Isn't SSL supposed to be securing the data? There are three primary purposes for the AS2 protocol1) Confidentiality By encrypting a message, you are guaranteeing that only the intended recipient of the message will be able to decrypt it. This is also provided by an SSL communication, but only during the actual internet transfer. With AS2, the document itself is encrypted rather than just the transfer.2) Authentication By signing a message, you are guaranteeing that only you could have sent this message to the recipient. This can also be provided in SSL by requiring client authentication.3) Non-Repudiation By signing a receipt for the transaction, both parties have irrefutable evidence that the transaction has occurred. This functionality is not provided by SSL. In short, AS2 can allow two parties to communicate with each other without needing to vouch for the integrity of the other party (or their AS2 configuration). | ||||||||||||
Q: What is eBusinessReady (Drummond Group / DGI) Certification, and why is it so important? The Drummond Group is an independent organization that provides e-BusinessReady certification for applications that claim to support AS2 standards. Rather than hold compliant applications to a public standard, Drummond Group goes one step further and certifies that every application in its certification program has undergone compliance testing with every other application in that same program. You can be certain that any two applications that are e-BusinessReady certified have already successfully communicated with one another in compliance testing. Moreover, many companies are requiring that their trading partners adopt a solution that is certified by the Drummond Group. | ||||||||||||
Q: What happens during this transaction anyway? For all of its complexity in terms of its applications, AS2 boils down to two basic parts. A document is sent from an AS2 sender to an AS2 receiver via HTTP, and the receiver acknowledges the transfer by giving the sender a receipt.Step 1: AS2 Sender transmits document to AS2 Receiver The document is first prepared by the AS2 Sender. While you will generally establish the format of the document with your trading partner, the actual contents of the document are independent of the AS2 protocol itself. You can trade baseball statistics in text files, and it is still technically AS2.Step 2: AS2 Receiver acknowledges the document with a receipt After the transfer of the document, a receipt is sent to the sender. The receipt is always signed for the same reasons that the document is, but it can be transferred a number of ways. The AS2 sender determines this when the document is sent. | ||||||||||||
Q: What kind of certificate will I need? Should I purchase one from a CA (VeriSign, Thawte, etc.)? Technically speaking, you can use any X.509 certificate containing a private key, even a self-signed one . You will need to negotiate with your trading partner what kind of certificate that you can use. If your trading partner requires that your certificate be signed by a trusted authority, then you should obtain one from a Certificate Authority. Otherwise, you can use the CertMgr component in our IP*Works! EDI toolkit to generate your own self-signed certificate. A demo application provided in the package can do this for you. | ||||||||||||
Q: What do I need to get from my trading partner? Your trading partner should be providing you with a few details. Most importantly, you'll need the public key of your trading partners certificate, which will be provided to you in CER or PEM format. Your trading partner will also provide you with an AS2 Identifier (a name, really) to be used in you communication. | ||||||||||||
Q: When one of these properties calls for a certificate, what do I use? If you are an AS2 Sender:The SigningCert properties are used to set your private key certificate.If you are an AS2 Receiver: The Cert properties are used to set your private key certificate. | ||||||||||||
Q: When I'm asked to use a private key, how do I set it? What are my choices? You're given 4 choices to use for your private key:
| ||||||||||||
Q: When I'm asked to use a public key, how do I set it? These are going to be sent to you as .CER files or .PEM's. You can simply read the contents out of the file and assign it to the object. Public key certificates are either DER (binary) or Base64 encoded. It doesn't matter how your certificate is encoded - the object will recognize both types, but if you are using a DER encoded certificate in .NET, you will want to assign the value to the byte array property (RecipientCertB, SignerCertB, etc.) to account for all the bytes. | ||||||||||||
Q: What should I be setting for AS2 Identifier? Your AS2 Identifier can be negotiated with your trading partner, but there's no standard for this. Common practices include your name, your company's name, or some other unique name. The only thing you really need to worry about here is to keep it consistent - your trading partner is going to look as this and be able to tell that it refers to you. | ||||||||||||
Q: Should I do a synchronous or asynchronous MDN? This is something that you can negotiate with your trading partner, but it is generally left up to the sender to specify (A receiver that implements the AS2 protocol must be prepared to do whatever the sender indicates here). The difference between the two is notable:A synchronous transaction is one in which the receipt that confirms the arrival of a document is sent over the same connection that was established to send the document. This is generally the easier of the two to configure, and is best to use when the expected response is going to be near immediate. An asynchronous transaction is one in which confirmation of the arrival of a document is sent over a separate connection, one that is determined by the sender. This is going to be useful when the document transferred is larger or may take more time to process, because the same connection does not need to be left alive while processing continues. This requires a bit more work from the sender, at least during set up, because a means of receiving these receipts must be set up (a web server or mail server), and the retrieval of the receipts needs to be coordinated with the sending program. |
Print this post
No comments:
Post a Comment