AS4 Definition
AS4 = Applicability Statement (AS4). Also Known as EDIINT AS4, AS4 offers secure B2B document exchange using web services. AS4 offers secure B2B document exchange using web services and was developed by the sub-committee of the OASIS ebXML messaging services technical committee. AS4 is still in its draft definition format. The AS4 profile provides the market place with an entry level solution that allows companies to begin utilizing their internal SOA based platforms for external B2B messaging while at the same time taking on some of the more complicated aspects of web services. The European Aerospace industry is proposing to use AS4 as its communication standard for sending ebXML related B2B documents between business partners AS4 was developed by the sub-committee of the OASIS ebXML.AS4 is not created from scratch. It is the latest of a series of B2B standards that started in 2002 with ebXML, and became Oasis standard in 2013, and ISO standard now.
Being an open standard, it ensures that there will be no vendor lock-in. A business can procure solutions in a competitive environment where vendors are encouraged to innovate continuously.
AS4 meets the requirements that are expected of any B2B protocol:
- Automation: Exchange of structured and unstructured payloads, as well as metadata that allows the receiver to reroute messages, and be able to correlate messages with earlier or future messages.
- Security: The protocol supports rich security features including:
- the integrity of message content, which cannot be modified in transit without it being detected
- confidentiality, so that third parties do not access your sensitive data
- non-repudiation, so sender and receiver cannot deny having sent or received a message.
- Reliability: in case of temporary network interruption, the message is resent. AS4 further ensures that a message is only received once, which means that received duplicates are detected and eliminated.
AS4 – What you need to know?
AS4 is based on SOAP and Web Services, which makes it different from AS2. It is, therefore, more compatible with standard environments because many organizations use these technologies for their internal integration. The use of these technologies for external integration becomes a very natural and seamless extension.AS4 provides rich support for metadata. It is not only a protocol for data exchanges. You can transport any type of payload: legacy EDI, binary, XML, JSON, etc.. Multiple payloads can be supported, if required.
Security is based on WS-Security and allows for a whole range of encrypting algorithms. AS4 is layered over HTTP only, and transport security can be achieved with TLS.
On a more functional level, AS4 is similar to available EDIINT protocols, but should be considered a next-generation protocol from AS2. The following represents some of these differences
- AS4 is a modern version of AS2, based on technology standardsthat are aligned with the IT landscape of organizations: SOAP, REST, Web Services etc.
- AS4 allows for service-oriented architecture exchanges, not only document interchange. This means you can extend your SOA to reach out to your trading network ecosystem.
- AS4 allows for a push, as well as for pull. This means that applications that are not always online, that do not have a permanent IP address or that is behind a firewall to occasionally connect and pull available messages.
- AS4 is a superset of AS2, but with modern technologies. It enables you to roll-out Web-Services to large communities. You will only need a single platform for all your partner connectivity, via legacy EDI as well as via more interactive transactions. You can reach out to small and large partners. Those who do not, or cannot afford to have an application running 24/7.
AS4 Messaging Standard
- Interoperability: The AS4 messaging standard is defined based on the OASIS standard
- Security: A subset of web services security features is used to ensure the non-repudiation of the message and data confidentiality.
- Reliability: by exchanging confirmation messages, AS4 ensures one-time delivery
- Payload Independence – any type of payload (EDI, XML, …) can be exchanged
AS4 Messaging Service Handler
The Messaging Service Handler (MSH) is responsible for setting up the AS4 message exchange with the remote access point on the sending or receiving side. Communication with the remote access point must comply with AS4 specifications and be able to communicate with an internal business applicationAS4 Message Types
- The ebMS 3.0 specification defines the following message types defined within the AS4 usage profile:
- User Message: contains the business payload that is exchanged between the business applications of two parties
-
- Signal Message: have the function of establishing non-repudiation and reliability. There are three different types:
- Receipt – Confirmed that the received MSH could analyze the incoming message
- Error – Confirms that the received MSH encountered a problem while parsing the incoming message.
- Pull request- Supports the pull message exchange pattern.
- Signal Message: have the function of establishing non-repudiation and reliability. There are three different types:
AS4 Adoption
Even though it is a rather recent standard, AS4 has increasingly gained more and more interest from organizations that want to expand their B2B/B2C capabilities, AS4 is increasingly being used in scenarios where a service-oriented architecture is needed for B2B messaging. These include the retail trade, the health and utilities sectors.For example, the European gas network operators (ENTSOG) have already defined their own usage profile in 2015. Other uses that rely on AS4 include:
- Europe:
- PEPPOL (Pan-European Public Procurement Online)
- e-CODEX (e-Justice communication via online data exchange)
- ENTSOG (European Network of Transmission System Operators for Gas)
- EPREL (European Product Registry for Energy Labelling)
- Japan: JEITA (Japanese Association of Electronics and Information Technology Industries)
- Australia: Superstream Pensions
- Worldwide: IATA (International Air Transport Association) for Cargo E-Business.
The European initiatives are in production use in Austria, Belgium, France, Germany, Hungary, Netherlands and Poland. More recently, PEPPOL implementations have been implemented outside of the EU, with implementations in New Zealand and Australia.