AS1 (Applicability Statement 1) is a specification about how to transport structured business-to-business data securely and reliably over the Internet. Security is achieved by using digital certificates and encryption.

AS1 technical overview edit

The AS1 protocol is based on SMTP and S/MIME. It was the first AS protocol developed and uses signing, encryption and MDN conventions. In other words:

  • Files are sent as "attachments" in a specially coded SMIME email message
  • Messages can be signed, but do not have to be
  • Messages can be encrypted, but do not have to be
  • Messages may request an MDN back if all went well, but do not have to request such a message
  • If the original AS1 message requested an MDN...
    • Upon the receipt of the message and its successful decryption or signature validation (as necessary) a "success" MDN will be sent back to the original sender. This MDN is typically signed but not encrypted.
      • Upon the receipt and successful verification of the signature on the MDN, the original sender will "know" that the recipient got their message (this provides the "Non-repudiation" element of AS1)
    • If there are any problems receiving or interpreting the original AS1 message, a "failed" MDN may be sent back.

Like any other AS file transfer, AS1 file transfers typically require both sides of the exchange to trade X.509 certificates and specific "trading partner" names before any transfers can take place.

See also edit

External links edit

  • RFC 3335 - AS1 specification
  • AS1 Providers - Drummond Certified