AS2 Transport

This chapter describes how to use AS2 Transport for document exchange.

AS2 Transport Overview

AS2 (Applicability Statement 2) is the name given to implementations of RFC 4130 (MIME-Based Secure Peer-to-Peer Business Data Interchange Using HTTP) from the IETF. AS2 involves the exchange of documents over the internet using S/MIME, HTTP, and HTTPS.

AS1 and AS2 are widely recognized standards for the exchange of documents between businesses: these standards allow users to exchange data securely and reliably using the internet. This results in reduced costs for users by eliminating the need for VANs (Value Added Networks).

To date, over 25 different companies offer products which support AS1 or AS2 or both. These products have all undergone interoperability testing facilitated by Drummond Group Inc. and are certified by eBusinessReady as being interoperable.

AS2 transport supports:
  • Documents signing
  • Documents encryption
  • Documents compression
  • Attachments

AS2 Transport

AS2 Transport allows you to exchange documents over the Internet using S/MIME and HTTP/S. When using AS2, data is encoded in a MIME message according to the Internet Engineering Task Force (IETF) AS2 RFC standard (RFC 4130).

Message Compression

Compression is available for large AS2 messages if a trading partner can send AS2 messages according to the IETF AS2 standard (RFC 4130) and the trading partner's AS2 product has passed interoperability testing with the Drummond Group.

There are different algorithms that can be used for compression of MIME messages. The Drummond Group AS2 interoperability test specification calls for a particular specification (draft-ietf-ediint-compression-12) to be followed when doing compression.

For large messages, compression is highly recommended. Do not use compression on smaller messages, since this might create a compressed message that is larger than the original.

Attachments

AS2 Transport supports single and multiple attachments in messages when used with TIBCO BusinessConnect Container Edition Services Plug-in (EZComm protocol).

AS2 MIME messages with attachments, described in RFC 6362 (Multiple Attachments for Electronic Data Interchange - Internet Integration (EDIINT)), are constructed in a single multipart/related MIME body part. The message payload is the first body part and any attachments are contained in subsequent body parts. Header elements indicate whether a message has an attachment and the type of attachment.

Filename Preservation

Some back-end systems require that data to be processed be stored in files with particular filenames. So for some trading partners it might be necessary to associate filenames with the contents of messages you send to them.

For AS2 messages, there is a draft specification (http://tools.ietf.org/id/draft-harding-ediint-filename-preservation-03.txt) that has been written to address this problem. The filename preservation draft specification requires that systems which conform to the specification provide the ability to specify the filename for storing the message content in the filename parameter of the Content Disposition header. For inbound messages, the ability to pass the filename from the Content Disposition header to the back-end systems must be provided.

Some TIBCO BusinessConnect Container Edition protocols also provide the ability for the private process to specify a filename to be used as the value of the filename parameter in the Content Disposition MIME header of outgoing MIME messages, including AS2 messages.

TIBCO BusinessConnect Container Edition protocols which support specifying the filename value for the Content Disposition header will also pass the value of the filename parameter from the Content Disposition header of inbound AS2 messages to the private process.

See the User's Guide of the TIBCO BusinessConnect Container Edition protocol you are using to verify whether it supports passing the Content Disposition header filename to/from the private process.

AS2-HTTP and AS2-HTTPS

TIBCO BusinessConnect Container Edition AS2 Transport provides the ability to communicate with trading partners using AS2-HTTP/S. The following options are available:
  • Authentication Supported through digital signatures.
  • Security Supported through message encryption.
  • Non-repudiation Supported through digital signatures and message receipts.
  • Filename Preservation Supported through the use of the filename parameter in the Content Disposition header as specified in the draft-ietf-ediint-filename-preservation-02 specification.
  • Compression Supported through the compression option as specified in the draft-ietf-ediint-compression-12 specification.
Note: Synchronous request-response transactions are not supported with AS2-HTTP or AS2-HTTPS.

Message Digest Algorithm

The AS2 specification, RFC 4130, recommends that the SHA-1 hash algorithm be used to calculate the message digest for all outbound messages. By default, the TIBCO BusinessConnect Container Edition AS2 transport will always use the SHA-1 hash algorithm regardless of the Digest Algorithm setting for the business agreement.

For messages with multiple attachments, the message digest is calculated over the whole multipart MIME package, not just the message payload, as described in RFC 3335 (MIME-based Secure Peer-to-Peer Business Data Interchange over the Internet) and RFC 5402 (Compressed Data within an Internet Electronic Data Interchange (EDI) Message).

To override the default use of SHA-1 for the hash algorithm by the AS2 transport, you can set the TIBCO BusinessConnect Container Edition property bc.ediint.digestAlgorithmEnabled as follows:

  • If bc.ediint.digestAlgorithmEnabled is set to true, the AS2 transport will use the digest algorithm that is specified in the business agreement Document Security settings.

  • If bc.ediint.digestAlgorithmEnabled is false (the default), the AS2 transport will ignore the digest algorithm setting in the business agreement and use SHA-1.

Use of the MD5 hash algorithm with AS2 should not be required. Drummond Group certified AS2 products all use SHA-1 for the hash algorithm during interoperability testing. However, the AS2 specification also states that AS2 products should be able to accept messages which use the SHA-1 hash algorithm. TIBCO BusinessConnect Container Edition will process inbound messages using either hash algorithm.

Disabling Session Cache for HTTPS

HTTPS (SSL) transport endpoints (HTTPS, AS2-HTTPS) use an internal SSL transport cache to significantly improve the performance of negotiating security parameters while establishing trusted connections.

In some situations, problems might arise when third party server implementations are not able to properly handle cached sessions or renegotiation of security properties at the beginning of each application level communication session. For example, the Initiator always wants to ensure that the peer's credential is the one that is trusted and hasn't changed during any cached session.

The cache usually holds successfully negotiated security parameters for about 20 minutes, which means that large numbers of transactions between the Initiator and any given trading partner will require a credential renegotiation in approximately 20 minutes.

In order for BusinessConnect Container Edition to enforce the renegotiation of the peer's credentials, the Disable Session Cache check box can be selected for any individual outgoing transport. When selected, each time when TIBCO BusinessConnect Container Edition has business data to be delivered to the corresponding trading partner, the peer's credentials are requested and reverified.

For more information and the right location for disabling and enabling session cache see bc.ssl.disableSessionCache.