Applicability Statement 4 Protocol (AS4)
What is AS4?
Organizations often use SOAP-based web services as an application programming interface (API) to securely transmit large, complex documents, such as product catalogs.
AS4 is a SOAP-based web API layered over HTTP from a technical viewpoint and can be used for EDI. As a SOAP-based web service, AS4 is an open standard and is more compatible with standard environments than AS2. Many organizations use these API technologies for internal integrations, so it's a natural way to extend integrations to external sources.
Key Features of AS4
- Built on proven interoperability standards: MIME, SOAP and WS-Security
- Provides rich support for metadata and is payload agnostic - document types, such as purchase orders aren't tied to any defined SOAP action, providing flexibility
- AS4 can transport any type of payload (multiple if needed), including: legacy MFT, binary, XML, JSON and more
- Lets receivers reroute messages and correlate them with past or future messages
- Resends messages in case of temporary network disturbance and ensures a message is only received once, detecting and eliminating duplicates
- Offers large file compression and transfer support
- Error generation, reports any errors to the message sender of the message receiver
- Allows rich variety of interactions between sender and receiver: PUSH, PULL, etc.
Age
The IETF created AS4 in 2013. It's the newest, most modern MFT protocol in widespread use.
AS4 Status and Popularity
AS4 is gaining increasing adoption as more and more organizations strive to modernize their data communications. However, many major retailers and organizations still use AS2 and have not yet upgraded to AS4.
AS4 Security
AS4 ensures enterprise-class security in document exchange, using a subset of WS-Security. It maintains the integrity of document messages and the confidentiality of sensitive data.
The AS4 MFT protocol:
- Provides password authentication, digital signatures and encryption
- Achieves transport security with TLS
- Confirms authenticity of the sender and ensures messages are unaltered in transit
- Uses XML Digital Signatures and MDN receipts, providing non-repudiation - both senders and receivers can't deny sending or receiving messages
- Supports a whole range of encrypting, including XML encryption
- Uses X.509 security tokens and username/password tokens
Who Uses AS4?
AS4 is increasingly being adopted in the European government and energy sectors and is also gaining increasing popularity and use among all manner of organizations modernizing their internal technologies as well as extending their standards-based internal integrations. Its structure also makes it ideal for use with trading partners based in emerging markets, such as Southeast Asia, who don't have extensive IT infrastructures.