The AS2 standard continues to be one of the most widely adopted messaging standards in the world. With retailers, consumer products goods, hard-lines, insurance, financial services, petroleum and government industries adopting AS2, the critical financial information that flows over AS2 messaging represents billions of dollars each year. To ensure that important transactional information is received securely, Drummond Certified full matrix interoperability certification is mission-critical for these industries. There are typically some 20-30 products from around the globe participating in each round of testing, with some 40,000 test cases performed.
Drummond Group is chosen by GS1 as its sole compliance certification agent for the Global Data Synchronisation Network (GDSN) Data Pool AS2 Interoperability requirement. GDSN Data Pools are now required to use a Drummond Certified AS2 solution. GDSN data pools that develop their own AS2 solutions must certify their AS2 product with Drummond by participating in an AS2 test event every two years to maintain their AS2 certification. A list of the most current certified products and the corresponding final report can be found on our AS2 certified products page.
Low Cost, High-Yield Extension of your Quality Assurance Department — Interoperability testing with Drummond provides software vendors an opportunity to test their software against the widest code base possible, similar to real world environments. It is not uncommon for some B2B vendors to invest in licensed copies of their competitor’s products and construct elaborate test labs in order to fully debug their products in a simulated production environment. However, the annual license and resource costs to maintain test labs of this magnitude far outweigh the costs associated with participating in DG interoperability testing. A low-risk, non-competitive and market-simulated test environment allows vendors to make improvements to their code before going to market.
Lifecycle Product Interoperability Management — Product interoperability is critical to your customers. The Drummond Certified program offers the ability to test various versions of your product to ensure life cycle interoperability. The first backward version of a product that has been certified is free.
Market Acceptance — Drummond Certified products that pass the test obtain the Drummond Certified seal and are put on the recommended AS2 vendor lists, recognizing your company’s support of industry standards and interoperability. This, in turn, increases your company’s potential for new buyers. As new buyers examine products on the recommended AS2 vendors list, new buyers will visit your website for product information.
Proven Track Record — The Drummond Certification program has been in existence for over a decade, driving interoperability for some of the largest supply chains. These supply chains continue to require trading partners to use products from the recommended AS2 vendors list.
Competitive Advantage — Drummond Certified products show potential partners, customers and competitors alike that your solutions are compliant to industry standards and interoperable with other certified software solutions. This also helps your sales force by removing obstacles that can jeopardize a sales opportunity.
Leading Edge Business Solutions — The Drummond Certified seal lets customers know that your products will save them costs associated with implementing incompatible, proprietary supply chain solutions. The seal also lets customers know that your products will save them costs associated with implementing incompatible, proprietary supply chain solutions.
Ongoing Testing — Drummond Certification has proven to draw the most widely used AS2 vendors in the market test after test, so you have the opportunity to continue testing and certifying your product with widely used AS2 products. Testing is conducted with Drummond Group proprietary testing technology, which automates comprehensive testing by removing the burden of manual testing efforts required otherwise. In addition, testing is performed using a proven Drummond Group testing process which moves the testing along in a fair and time-efficient manner.
AS2 Transport Certification tests an AS2 products mechanism for transporting data through the layers of the protocol stack using HTTP, ensuring that data can be transported correctly and can be understood. SSL (or TLS) may also be applied to secure the channel and protect the data from being read or intercepted by a “man-in-the-middle”.
Depending on a product’s capabilities and feature set, participants may certify any or all of these transport profiles.
Depending on a product’s capabilities and feature set, participants may certify any or all of these transport profiles.
AS2 Legacy Transport Profile
Transport: Non-SSL and SSL and CTE Optional
Authentication: None
Payloads: Legacy Security: SHA-1 and 3DES (signed and encrypted)
MDN: Asynchronous and Synchronous MDN, signed and unsigned
Compression: Yes and No
AS2 Advanced Transport Profile
Transport: SSL and CTE
Authentication: None
Payloads: Advanced Security: SHA-2 and AES (signed and encrypted)
MDN: Asynchronous and Synchronous MDN, signed
Compression: Yes
AS2 Authenticate Transport Profile
Transport: SSL and CTE
Authentication: Basic Auth
Payload Security: Advanced
Security: SHA-2 and AES (signed and encrypted)
MDN: Asynchronous and Synchronous MDN, signed
Compression: Yes
Participants may elect to test Chunked Transfer Encoding (CTE). Chunked Transfer Encoding (CTE) is a mechanism that allows HTTP messages to be split into several parts. The Chunked-Transfer-Encoding tests verify a product’s ability to send messages without initially knowing how much data will be sent. In the case where the size of the data is known, a “Content-Length” header is usually included. When the data length is unknown, a “Transfer-Encoding: chunked” header is included instead, and the data is streamed in “chunks” with a data length indicator included at the beginning of each chunk and a ‘0’ character added at the end to indicate the end of the chunked data stream.
Basic Authentication is a method used by products hosted on Cloud-based platforms to restrict access to authorized users. In the context of an HTTP transaction, Basic Authentication is a means for an AS2/HTTP user to provide a username and password when making a request to the server. In basic authentication, a request contains a header field in the form of Authorization: Basic <credentials> , where <credentials> is the Base64 encoding of the username and password joined by a single colon : . The specification is described in RFC 7617.
Legacy Data Security
Drummond Group has been providing AS2 interoperability and conformance testing since June, 2000 and has certified over a thousand international software products within the automotive, consumer product goods, energy, financial services, government, healthcare, pharmaceutical and retail industries. End-users in these industries trust that Drummond-Certified products are interoperable and will “just work” right out of the box, leaving them more time to spend on their day-to-day business needs and less time worrying about transporting data to their business partners. Thus, it can’t be denied that being Drummond-certified makes your products more valuable
Although current security requirements necessitate stronger encryption algorithms, it may be important to your customers to remain backward-compatible with the legacy payload algorithms (SHA-1 and 3DES) for signing and encryption. Although the focus moving forward will be to test stronger encryption algorithms, Drummond Group will continue to offer test cases that use legacy payload security for the foreseeable future.
Advanced Data Security
The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for
the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. Rijndael is a family of ciphers with different key and block sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits. AES has been adopted by the U.S. government. It supersedes the Data Encryption Standard (DES), which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. The AES specification is documented at https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf
In cryptography, SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256, SHA-384, SHA-512) designed by the National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. SHA-2 includes a significant number of changes from its predecessor, SHA-1. SHA-2 consists of a set of four hash functions with digests that are 224, 256, 384 or 512 bits. The SHA-2 specification is documented at https://csrc.nist.gov/csrc/media/publications/fips/180/2/archive/2002-08-01/documents/fips180-2.pdf The Drummond AS2 Certification process tests a myriad of different test cases in terms of security transport and MDN configuration using the SHA-256, SHA-384 and SHA-512 hash algorithms. SHA-224 is not tested.
AS2 Extended Functionality
Industry Specific
Multiple attachment testing adds multiple payload attachments to AS2 messages. Although it was originally conceived for meeting the needs of the PIDX profile used by the Oil, Gas & Electric supply chains, multiple attachments can be used within any industry or supply chain. Through the use of the multipart/related MIME type, an unbounded number of payload attachments may be included with the AS2 message.
The EDIINT RFC does not mandate any provisions for maintaining the file name of transmitted data from one trading partner to another. However, certain trading communities require that specific file names are
preserved within the message format to trigger backend processing. To that end, a mechanism for including the original file name within the payload by adding a “Content-Disposition” header to the payload’s innermost MIME headers was developed. The full specification may be found at: https://datatracker.ietf.org/doc/draft-harding-ediint-filename-preservation/
As in the Filename Preservation (FN) profile, the FN for MA profile further enhances the Filename Preservation specification to include preservation of the filename when multiple attachments are being sent. The same IETF Filename Preservation specification applies, as it documents that for the AS2 FN-MA message, a “Content-Disposition” header be included for each individual attachment’s MIME body part describing the filename of that attachment.
AS2 Filename Preservation addresses the need to communicate a payload filename provided by the sender to the recipient. This requirement has been documented in the IETF Filename Preservation draft. The need for this requirement originated with the Financial Services Technical Consortium (fstc.org) but is useful by all industries.
This profile addresses the business context whereby Trading Partners that provide a filename with AS2 payloads desire to be notified if that filename is already in existence. This notification provides content-based MDN responses that serve as alerts or notifications to the sending Trading Partner. The receiving AS2 system should therefore not overwrite the existing duplicate filename, nor submit this duplicate payload for backend processing.
The demand for updating active certificates that may have expired, been compromised and/or revoked is a critical concern in most, if not all, industries that utilize AS2. Certificate Exchange Messaging (CEM) addresses this concern through the use of proper exchanging and loading of new digital certificates within a working trading partner profile, without interfering with the active trading relationship. The Certificate Exchange Messaging for EDIINT draft describes the implementation details and usage of certificate exchange messages and the process that must be done for seamlessly moving the newly received certificate(s) into the trading environment.
AS2 Assurance
With the wide use of AS2 in different industry verticals with millions of transactions and a wide variety of document types and files sizes being exchanged between heterogeneous environments per day, the demand for the reliability of AS2 message transfers is critical. AS2 Assurance provides a means for guaranteed message delivery in the form of message retries and restarts when network or server failures are encountered.
AS2 reliability is a draft IETF specification (https://datatracker.ietf.org/doc/draft-duker-as2-reliability/) for guaranteed message delivery, duplicate message elimination and reporting, which will enable “reliable” communication between AS2 servers. It extends the AS2 RFC 4130 standard and in essence recognizes error scenarios that may occur during message transfers. Recovery from these error scenarios is described as retrying a message on failure and resending that message until a configured number of retry attempts has been exceeded
The AS2 restart feature was designed to allow prematurely terminated message transfers (due to network or firewall timeout errors) to be able to resume the message transfer from the point where the previous transfer had been broken. The benefits of this feature are that the message does not have to repackaged, that is, there is no need to reapply signing, encryption and/or compression after the failure, and previously sent bytes of data do not have to be resent again. When a message transfer ends prematurely, AS2 Restart allows the sender to query the receiver for the number of bytes it has already received, allowing the sender to resume the message transfer from that particular point.
With typical message transfers potentially in the gigabyte range, the AS2 Restart with VLM profile extends the AS2 Restart profile to include very large message (VLM) transfers. Implementation of the AS2 Restart with VLM feature enhances Quality of Service and expedites message transfers of very large messages, especially on “glitchy” networks. Message files that are tested are 200-megabyte, 500-megabyte and 1-gigabyte.
Conference call times will be chosen based on which time zone the majority of the participants are located in. Aside from daily conference calls, communication will be facilitated through elist, online support tool, and instant messaging.
3622 Lyckan Parkway, Suite #3003
Durham, NC 27707 USA
© 2024 Drummond Group. All rights reserved. All brand names and trademarked logos used on this website are for identification purposes only and are the property of their respective owners. Their inclusion here does not imply endorsement, sponsorship, or affiliation with Drummond Group. All content, including text, images, graphics, and other materials, is protected by copyright law and may not be reproduced, distributed, or transmitted without prior written permission from Drummond Group, LLC.
Please fill out the form below to download the guide.
Please fill out the form below to download the guide.
Please fill out the form below to download the guide.
