EDI Messaging Protocols: AS2, FTP, OFTP, HTTP
Applicability Statement (AS) 1 was developed by the IETF (Internet Engineering Task Force) to implement secure and reliable messaging over SMTP and S/MIME. It was the first AS protocol to be developed and uses signing, encryption and MDN conventions. (MDN refers to Message Disposition Notifications or the ability to provide “Return Receipts”). As with any AS file transfer, AS1 file transfers typically require both sides of the exchange to trade SSL certificates and specific “trading partner” names before any transfers can take place.
Applicability Statement (AS) 2 uses the same signing, encryption, and MDN conventions used in the original AS1 protocol. AS2 messages are usually sent across the internet using the HTTP or HTTPS protocol. AS2 has been widely deployed as a point to point connectivity method. AS2 offers many advantages over standard HTTP, including increased verification, and security achieved through the use of receipts and digital signatures. AS2 transactions and acknowledgements also occur in real-time, increasing the efficiency of document exchanges. The U.S company Walmart was one of the first companies to help drive the adoption of AS2 across the retail sector.
Applicability Statement (AS) 3 was developed by the IETF to implement secure and reliable messaging over FTP. AS3 is based upon the secure version of the FTP protocol, rather than HTTP. AS3 transport is S/MIME over FTP and operates a client/server model like FTP, as opposed to the peer-to-peer approach used by AS2. AS3 also uses MDN’s (receipt notifications) like AS2. AS3 is a push/pull protocol and the client side AS3 does not require a listener to be always aware of inbound traffic (whereas AS2 always requires a persistent connection for the listener). AS3 may be especially well suited for banking and other industries where there are heavy investments in FTP scripting, applications and security.
Applicability Statement (AS) 4 offers secure B2B document exchange using web services and was developed by the sub-committee of the OASIS ebXML messaging services technical committee. AS4 is still in its draft definition format. The AS4 profile provides the market place with an entry level solution that allows companies to begin utilising their internal SOA based platforms for external B2B messaging while at the same time taking on some of the more complicated aspects of web services. The European Aerospace industry is proposing to use AS4 as its communication standard for sending ebXML related B2B documents between trading partners. Further information about AS4 can be found on the Drummond Group site, here.
ebXML Messaging Service offers a secure and reliable SOAP/Web Services based packaging, routing and transport protocol as defined by the ebXML specifications. The ebMS is an open standard and as such is communication protocol neutral although the most common underlying protocols are HTTP and SMTP. ebMS essentially offers a way to exchange ebXML based B2B documents between different business applications using SOAP/Web services.
File Transfer Protocol is a standard network protocol used to exchange and manipulate files over a TCP/IP based network such as the internet. FTP is built on a client-server architecture and utilises separate control and data connections between the client and server applications. FTP is also often used as an application component to automatically transfer files for internal functions within programs. FTP can be used with user-based password authentication or with anonymous user access.
File Transfer Secure Protocol is an extension of FTP which adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols. FTPS should not be confused with SFTP, an incompatible secure file transfer subsystem for the Secure Shell (SSH) protocol. It is also different from Secure FTP, the practice of tunneling FTP through an SSH connection
HyperText Transfer Protocol is used to request and transmit files, especially web pages and web page components, over the internet or other computer networks. In HTTP, web browsers typically act as clients, while an application running on the computer hosting the web site acts as a server. HTTP is typically implemented across TCP/IP however it can be implemented on top of any other protocol on the internet, or on other networks.
HyperText Transfer Protocol Secure is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encryption and secure identification of the server. HTTPS connections are often used for payment type transactions across the internet and for the exchange of sensitive information between corporate business systems.
Odette File Transfer Protocol was developed to offer a standard communication platform for the European automotive industry and has been in use since the mid-1980s. OFTP has also seen adoption across the retail, white goods, manufacturing, government, transport, insurance and banking industries to name but a few. The OFTP protocol is very simple to use, consisting of only fourteen commands. The protocol is extremely efficient, allowing large transmission windows to be utilised whilst incorporating file restart, data compression and security. OFTP has been designed to allow companies to communicate easily via point to point connections.
Odette File Transfer Protocol version 2.0 is the latest version of the OFTP standard and has been designed from the outset to be used across the internet. OFTP2 offers a number of benefits over OFTP including data compression, exchange of digital certificates (to improve security of transmissions) between trading partners, it allows the handling of very large files (over 500Gb) and offers support for additional character sets such as Chinese and Japanese. To date, OFTP has mainly been used in Europe however as OFTP2 has been designed to operate across the internet it can help trading partners connect to one another all over the world. Many automotive manufacturers in Europe have been running OFTP2 pilot projects since 2008 and it is expected to be widely deployed across production projects during 2010.
Secure File Transfer Protocol is a network protocol that provides file access, file transfer and file management functionality over any reliable data stream. It was designed as an extension to the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capability, but it is also intended to be usable with other protocols as well. SFTP can be used in a number of different applications such as secure transfer over Transport Layer Security (TLS) and transfer of management information within VPN applications. This protocol assumes that it is run over a secure channel, such as SSH, that the server has already authenticated the client and that the identity of the client user is available to the protocol.