Talk:AS2

Corrections and clarifications
On the lack of open source limitations:

I know this one's going to be hard to swallow, but AS2 is one protocol where there doesn't seem to be ANY significant open source player.

Please see the Hermes project which has been reissued as the base of several open source offerings.

http://www.cecid.hku.hk/pressrelease_20070511_H20released.php

H2O and its source code will be released under GNU General Public License Version 2. Users and developers can get community support through the mailing list cecid-hermes2@googlegroups.com.

Completed the AS2 Interoperability Testing AS-1Q05 with 29 other participants (http://ebusinessready.org/as2.html) organized by U.S. leading testing company, Drummond Group Inc., Hermes 2 enables real-time communication through HTTP or HTTPS to transmit data over the Internet. Besides, it provides security for the transport payload through Secure Multi-Purpose Internet Mail Extensions (S/MIME), digital signatures and encryption, while reliability and non-repudiation are achieved through the use of receipts.

The AS2 standard, commonly used in supply chains by large retailers, manufacturers and suppliers, is often regarded as the “EDI over Internet” standard. Hermes 2 facilitates large as well as small enterprises to exchange EDI or other business-to-business data with their partners and customers. It operates as a Java web application. The ebXML Messaging Service (ebMS) and AS2 messaging capabilities are facilitated by the corresponding plugins, which can be easily developed by users through Hermes’ Simple Plugin Architecture specification. The messaging operation requires a database with JDBC connectivity to keep track of the messaging status.


 * I see there is "Hermes 2+" here. Also, seems CECID was indeed certified in 2005, but is no longer on the Drummond site (presumably because advertising costs money, haha). Danuthaiduc (talk) 19:20, 4 March 2022 (UTC)

The discussion of AS2 in this wikipedia article is not of very high quality. It is full of misinformation, speculations based on absence of information, and distortion of requirements, design, and descriptions of AS2 traction in the marketplace. As people just now begin to realize that they could use POX and REST, a more full featured approach from the mid 1990s already is widely used and place in global trade collaborations. Dalemoberg 01:48, 18 October 2007 (UTC)

*On the alleged limitations

3.1.1 AS's "Two-Way Handshake" Does Not Let Receiver Know Sender Got MDN 3.1.2 AS MDNs Represent Handoffs of Responsibility, Not Fitness 3.1.3 AS Protocols Do Not Provide the AES Encryption Algorithm

On supposed limitation 3.1.1: TCP needs to synchronize the starting counter for a duplex channel. TCP handshake needs to have both sides acked on their sequencing proposal. But AS2 is not solving the same problem as starting up a TCP connection. If asynchronous MDNs are used, the HTTP 200 level OK to the POST of the MDN provides an ack on reception of the MDN. Another I-D AS2-Reliability is addressing failure to get a MDN by resending the original message. Synchronous ack mode is not successful until the MDN returns on the back channel. So the objection is both false and largely irrelevant to the requirements of EDIINT applicability statements, especially AS2.

On supposed limitation 3.1.2: applicability statements are meant to synthesize and reuse IETF standards. MDNs do not provide arbitrarily detailed information about the payload that is delivered. EDI has functional acknowledgements (997 and the like) that provide feedback on syntax and correctness of data. RosettaNet and other business protocols have their own specialized mechanisms for this. The EDIINT layering avoids duplication of functionality on the upper layers and this is not a limitation but a decision about its design. Again the objection is irrelevant and reflects a failure to understand both what is available in the business data exchange space and the rationale of design of MDN for NRR.

On supposed limitation 3.1.3: AS2 is built from CMS and derives its cryptographic strength from it (see RFC 3369 (rfc3369) - Cryptographic Message Syntax (CMS) for a start.) Then look at http://www.faqs.org/rfcs/rfc3565.html which has the title RFC 3565 - Use of the Advanced Encryption Standard (AES) Encryption Algorithm in Cryptographic Message Syntax (CMS).

So this limitation is simply false.

The presentation of these false, baseless and/or irrelevant objections in these paragraphs certainly indicates that someone is writing with an axe to grind. I propose that they be deleted, and that discussion then turn to the limitations expressed in 3.1. Dalemoberg 01:36, 18 October 2007 (UTC)


 * "Costs of a static IP address" - an IP adress does not cost anything!? —The preceding unsigned comment was added by 213.61.110.131 (talk • contribs).
 * An IP is a limited resource, and as a result has an economic value; usually ISPs charge customers that wish to lease an IP. John Vandenberg 23:59, 10 December 2006 (UTC)

Applicability_Statement_2
redirect Applicability_Statement_2 points to Electronic Data Interchange as a result of an Afd. Does this article need to exist separate from the EDI article? John Vandenberg 00:17, 11 December 2006 (UTC)


 * I don't think that the arguments for the Afd still hold. First, AS2 is a ratified IETF RFC. Second, AS2 is notable in it's own right. I'm aware of several open source implementations. Third, AS1, AS2, AS3 can be used for secure non-repudiable transfer of any document types, not just EDI documents. Ideoplex 19:27, 3 February 2007 (UTC)

Advertising
Do we really want a list of averybody who thinks they can provide this service listed here ? Not want you would normally find in an encyclopedia. Woodsstock 18:34, 26 February 2007 (UTC)

I certainly agree. This is becoming listcruft. Almost makes me regret reverting it. Pat Payne 20:48, 27 February 2007 (UTC)

Actually, after being contacted by one off the people who was trying to get his business listed on this asinine, riduculously-sized list of links, it got me thinking. And looking through them, I'm seeing a pattern that quite a few seem to be put there by representatives of the companies involved including some pretty damn blatant ones such as this one (note the username and the name of the company whose link he put in). So, if nobody who is NOT part of one of these companies objects, I'm going to clear out that list, and put a note in there for any who want to add links again, hoping against hope that it may do something. Pat Payne 21:45, 27 February 2007 (UTC)


 * I think that we should either allow the list of providers or we should remove it entirely. As things are, it's just begging for sock puppets. Ideoplex 22:47, 5 March 2007 (UTC)
 * I agree with the idea that there's too much of a risk for sockpuppetry and editwarring to allow the list as it was, but I do see the need for a couple of representative links in there. The problem is that all those people feel that this is just another avenue to be "competitive" in their business. There needs to be some sort of line drawn. I'd suggest 3 of the largest in this industry and no more. But someone with more knowledge of AS2'll have to make that judgement. Me, I'm just a friendly passing-by verbal shugyosha who has little to no familiarity with AS2 protocols, and who got into this mishivve during a RC patrol when someone blanked the entire list out of frustration that his colleagues had stacked the list so badly and wanted a piece of that action. Pat Payne 23:23, 5 March 2007 (UTC)
 * If you guys need help with a precedent for commercial links, let me suggest one of the following. (The "top 3" thing would look silly in a place like Wikipedia: this isn't a Gartner report and even in the industry no one's quite sure who the top 3 AS2 folks really are.)
 * List commercial vendors under an "Implementations" section, like "Pretty Good Privacy" does: http://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP_implementations
 * Move list of commercial software to a separate page, like "FTPS" does: http://en.wikipedia.org/wiki/Ftps and http://en.wikipedia.org/wiki/List_of_FTP_servers
 * I know this one's going to be hard to swallow, but AS2 is one protocol where there doesn't seem to be ANY significant open source player. A large part of this has to do with the dominance of the Drummond Group; if your software isn't certified by its "interoperability" program, you generally don't get to play with other AS2 vendors.  (And no, the Drummond Group program isn't free either.)


 * Jonathan.lampe@standardnetworks.com 20:49, 3 July 2007 (UTC)

What are those choices?
MDN Options Unlike AS1 or AS3 file transfers, AS2 file transfers offer several "MDN return" options instead of the traditional options of "yes" or "no". Specifically, the choices are: — Preceding unsigned comment added by 67.55.15.102 (talk) 05:07, 17 June 2011 (UTC)