AS2 vs AS4, which is better?

We have talked about the different protocols in our previous blogs, but now it's time to put two of them head-to-head. AS2 and AS4 are both popular File Transfer Protocols that allow businesses to exchange data securely with their businesspartners. Which one is better?

AS2 vs AS4?

We have talked about the different protocols in our previous blogs, but now it's time to put two of them head-to-head. AS2 and AS4 are both popular File Transfer Protocols that allow businesses to exchange data securely with their businesspartners. They have their own strengths and weaknesses, so which one is better?

What is AS2?

AS2 (Applicability Statement 2) is a protocol specification that’s used to transmit sensitive data securely and reliably over the internet. Upgraded from AS1, the original protocol created in the 1990s, AS2 supports the encryption of messages. AS2 protocol combines the use of several secure and widely used technologies including HTTPS, SSL Certificates, S/MIME, and file hashing.

AS2 supports the encryption of messages (also known as AS2 messages) that are then exchanged with trading partners and vendors via HTTPS. These messages are built using the S/MIME format.

How Does AS2 Work?

AS2 utilizes digital certificates and encryption standards to protect critical information while it’s in transit across systems, networks, and locations. AS2 messages can be compressed, signed, encrypted, and sent over a secure SSL tunnel.

Users can also request an MDN (Message Disposition Notification, or "receipt") to verify that the message was received and decrypted successfully. Using digitally signed receipts to compare the returned message checksum value creates an NRR (non-repudiation of receipt). An NRR gives the sender legal proof of unaltered delivery and verification that the message received is identical to what was sent.

What is AS4?

Applicability Statement 4 was defined in 2013 to be payload agnostic, with specifications based on the functional requirements of AS2. AS4 is an open Business-to-Business (B2B) standard for securing and exchanging documents between businesses using Web Services. The protocol supports compression, SOAP enveloping, encryption, and security tokens, with non-repudiation features similar to those of AS2.

How Does AS4 Work?

AS4 runs on Simple Object Access Protocol (SOAP/WSDL) and uses Hypertext Transfer Protocol (HTTP) as its communication protocol. And, because AS4 uses the HTTP protocol, it can secure document exchange through Transparent Layer Security (TLS). Like AS2, AS4 is payload agnostic, supporting a multitude of document formats including EDI X12, EDIFACT, HL7, XML, JSON, binary, and ASCII. AS4 is designed to be a simplified conformance standard of the ebMS v3.0 specification, and document security is achieved by employing aspects of WS-Security, XML Encryption, and XML Digital Signatures.

How Are AS2 and AS4 Similar?

AS4 supersedes AS2, and while AS2 is still widely used, AS4 is the next generation protocol with more modern technologies and that's why governments and industries like gas/electrical are all pushing for AS4 at the moment.

The most important common characteristics of AS2 and AS4 are:

  • Payload Agnostic – Both AS2 and AS4 are payload agnostic. This means that they both support any kind of payload that needs to be exchanged: XML, flat file, EDI, HL7, PDF, binary, and more.
  • Payload Compression – AS2 and AS4 both support the compression of exchanged files in order to reduce bandwidth.
  • Signing and Encryption – Both protocols support the signing and encryption of the exchanged payloads. Trading partners themselves have the option to apply it or not.
  • Non-Repudiation – Both AS2 and AS4 support non-repudiation, done by utilizing signing verifications.

How Are AS2 & AS4 Different?

Although AS2 and AS4 share similarities, there are some key differences between the two, including:

  • Acknowledgements – In AS2 and AS4, acknowledgements support reliable messaging and non-repudiation of receipt. In AS2 this is done by using MDNs, while AS4 uses SOAP messages with XML Digital Signatures.
  • Message Packaging – With AS2, the message packaging is purely MIME based. In AS4, this is governed by a combination of MIME and SOAP.
  • Security – AS2 applies security via the S/MIME specifications, while AS4 is based on the well-known WS-Security standard.

Why is Peppol Keen on AS4 Compliance?

OpenPEPPOL decided to make AS4 mandatory to ensure the exchange of documents within the Peppol network aligns with the international requirements. Plus, the European Commission, New Zealand, and Australia favor the use of AS4. On top of that, AS4 is a popular OASIS standard known to provide more flexibility than AS2.

So Which is Better? AS2 or AS4?

AS4 is more compatible with standard environments, because many organizations use technologies like SOAP, XML, and EDI for their internal integration(s). AS4 allows the extension of these technologies for external integration, becoming a very natural and seamless operation.

AS4 is not only a protocol for data exchanges, it also provides rich support for metadata. You can transport any type of payload: JSON, binary, legacy EDI, JSON, and so on.

It allows for service-oriented architecture (SOA) exchanges, not only document interchange. AS4 also allows for push, as well as pull. This means that applications that are not always online or do not have a permanent IP address, or that are behind a firewall can occasionally connect and pull available messages.

AS4 is set to last for at least two decades. Several of our solutions like GoAnywhere MFT is AS4-certified by the Drummond Group, which recognizes that GoAnywhere meets full interoperability testing and that all information exchanged and received meets the security standards set by AS4.

Fully Certified and Ready to Help!

Do you want to be fully prepared for a bright and safe communication future? At ECS International we gladly help you move forward. Our solutions are one of the few fully certified AS4 solutions in Europe, ensuring you interoperability with business partners, associations, regulators, financial institutions, networks and exchange hubs. Feel free to contact us for more information: +31 229 574331 or use Contacform.