Ans: Standards such as AS1 and AS2 simplify communication by reducing the number of technologies an organization must support and manage. If every large organization used a different data transport standard, it would be cost-prohibitive for their smaller business partners to exchange data with them electronically. AS1 and AS2 allow organizations to implement one solution for data exchange with all business partners who are using an AS1 or AS2 solution.

Ans: Benefits of AS2 for a small to medium-size supplier are listed here under:

UCCnet-interoperable

• A standard supported by the Uniform Code Council (UCC) and others
• Many AS2 solutions have been certified by the Drummond Group
• Easy to connect trading partners

Cost-effective

• Leverages the Internet to reduce VAN fees
• Does not require expensive hardware like bisync

Extendable

• Leverages the Internet to exchange transactions other than EDI, such as POS and sales forecasts that have traditionally been too expensive to send over a VAN

Secure

• Offers security and non-repudiation via digital certificates
• Uses SSL to secure the transport pipe

Speed & efficiency

• Offers near real-time transaction processing
• Immediate transaction receipt acknowledgment
• Up to 200 times faster than bisync
• More dependable than bisync

Control

• You control transaction management
• You handle and manage your valuable data
• You control the transport schedule (batch processing and transport are possible)
• You receive immediate feedback from partners

Support

• Quick to set-up
• Easier to support and maintain compared to direct bisync
• AS2 is the first step required for UCCnet Communication certification

Ques: A major retailer (e.g., Wal-Mart) has decided that its suppliers must use AS2 to exchange Internet EDI documents. With all the options out there and little time to make a decision, what should I consider as I evaluate AS2 software solutions?

Ans: Driven by industry leaders, trading partners are moving to AS2 Internet EDI solutions to exchange business documents. This trend means that your Internet EDI solution should provide the flexibility and scalability to grow with your trading community.

Quality Internet EDI software solutions for suppliers provide much more than simple send/receive functionality. Because simple send/receive functionality is rarely sufficient, important features include:

• Trading Partner Management with partner profiles that support security certificates
• Transaction management, tracking, aging, reporting and audit trails
• Configurable message alerts and notification
• Flexible rules for document routing
• A database for setup, configuration and trading partner and transaction data
• Flexibility to set-up multiple transport protocols (AS1, AS2, FTP, HTTP, SMTP/POP3) with each trading partner (with no additional software or cost)
• Flexibility to exchange more than just EDI documents (with no additional software or cost)

Ques: I have heard about Internet EDI (AS1/AS2) Interoperability Certified software. How do I know that the Internet EDI software that I use will work with the software that my trading partners use?

Ans: Internet EDI Interoperability Certification is extremely important. It is the ONLY way that you can be certain that your Internet EDI solution will successfully exchange documents with your trading partners. You and your trading partners could have Internet EDI software from different vendors; interoperability certification indicates that the solutions have been tested and confirmed to work together. The Drummond Group is the organization that conducts the tests and provides certification for Internet EDI.

Because standards are updated periodically and some software vendors may change the AS2 components of their software, it is equally important to make sure that the software passed the latest round of interoperability testing.

Ques: What if I need to exchange data or documents other than EDI with my trading partners?

Ans: Choose an Internet EDI solution that handles all variations of EDI and XML formats, including cXML, ebXML and binary or flat files. Many software solutions for Internet EDI only support AS1 or AS2.

Ques: How does an Internet EDI solution help my company use UCCnet?

Ans: Information is exchanged with UCCnet as XML via the AS2 Internet EDI protocol. A few software vendors are certified UCC Solution Partners, providing communication and message translation capabilities.

Ques: What type of data can I transmit with AS1 and AS2?

Ans: Virtually any data. AS1 and AS2 are transport mechanisms and are not tied to any specific data format. Both AS1 and AS2 will work with almost any data type, including EDI, XML, TXT, DOC, XLS and ebXML.

Ques: Are my business documents safe? How secure is Internet EDI (AS2)?

Ans: Your business documents are very safe. AS2 provides privacy, authentication, integrity and non-repudiation.

• Privacy. Message content privacy is provided via data encryption so that a document can only be viewed by the Sender and the Receiver.
• Authentication. A Sender's digital signature ensures that the Sender is actually who they claim to be.
• Integrity. Hash totals are enclosed in Message Disposition Notifications (MDNs) so that a document cannot be altered without the Receiver detecting a change.
• Non-repudiation. A signed MDN is a receipt acknowledgment that serves as proof that a document was in fact received by the Receiver.

Ques: How is security over the Internet handled?

Ans: Security issues:-

• Encryption. Socket/Transport Based or Data Encryption - When referring to Internet EDI transport protocols (AS1 and AS2), encrypts both the socket and the payload.
• Public and private key encryption. Supports both public and private encryption.
• Certificate authority. Choose the source of the digital certificates from a Certificate Authority or a self-signed certificate generator.

Ques: Why is secure data transport important?

Ans: Security is an issue for any organization transmitting data electronically. Business data exchanged via the Internet typically includes sensitive information, such as inventory or sales figures, intended for a specific person at a specific organization. For this reason, it is important that data transmissions address privacy, access control and data integrity.

Ques: How easy is it to set-up and use Internet EDI software?

Ans: Our Internet EDI software solution, BizManager?, provides Setup Wizards to walk you through the process of setting up trading partner profiles and transport protocols. You can set-up and exchange EDI documents in as little as 15 minutes. Your installation may take longer depending on your business and technical requirements.

Ques: There are several people who will need to have access to the Internet EDI software. Can I install the software on multiple PCs?

Ans: With a web application you only need to install the software on one computer. There is no need to install or maintain software on multiple PCs. Users access the web application via a web browser (e.g., Microsoft Internet Explorer). For security, only users who are granted rights have access to the web application.

Step 1: AS2 Sender transmits document to AS2 Receiver

The document is first prepared by the AS2 Sender. While you will generally establish the format of the document with your trading partner, the actual contents of the document are independent of the AS2 protocol itself. You can trade baseball statistics in text files, and it is still technically AS2.

The sender of the document then optionally (but usually) S/MIME signs the document. The purpose of the signing of the document is three-fold. First, it establishes without a doubt that the AS2 Sender is the true sender of the document; only the sender of the document is capable of generating a signature that can be decrypted with the public key of the sender. Second, because the signature is created based on the contents of the document, you are gauranteed that the integrity of the document was preserved. If some nefarious third party intercepted the data and altered its contents, the signature and the document would not match. Third, by establishing that the AS2 Sender is the true sender of the document, the Receiver also establishes that the Sender *must* have knowingly sent the document. The sender cannot later deny that the document was sent if a signature is available stating otherwise.

The sender of the document then optionally (but again, usually) S/MIME encrypts the document. Encryption is done one-way so that only the receiver of the message is capable of decrypting the message; not even the sender of the message can decrypt the document once encrypted. An appropriate analogy would be one involving an opened combination padlock. Anyone with the public key (the padlock) is capable of encrypting a document (closing the padlock), but only the owner of the private key (the combination to the padlock) can decrypt it.

The message is then sent over HTTP or HTTPS to a server that the receiver is hosting. Generally, HTTPS is only used if S/MIME encryption is not, but it is possible to choose any option. It is of note that the encryption used by the S/MIME encryption is stronger than that used in HTTPS, but HTTPS encryption is less processor intensive and uses temporary session keys that expire after the session.

Step 2: AS2 Receiver acknowledges the document with a receipt

After the transfer of the document, a receipt is sent to the sender. The receipt is always signed for the same reasons that the document is, but it can be transferred a number of ways. The AS2 sender determines this when the document is sent.

A synchronous receipt is one that is sent over the same HTTP/HTTPS connection before the connection is closed. This is the easiest option for the sender, and is generally not a problem for smaller documents that are very quickly processed.

An asynchonous receipt is sent seperately, and if this option in used, the HTTP/HTTPS connection is closed almost immediately after the transfer of the document. An asynchronous receipt can be sent a few ways, the most common of which are HTTP, HTTPS and email (SMTP). If HTTP or HTTPS is used, the AS2 Sender provides the HTTP server for the AS2 Receiver to connect to. If SMTP is used, the AS2 Sender provides an email address which the AS2 Receiver should send to.

Back