AS2 & EDI Glossary
A comprehensive reference of AS2, EDI, and B2B integration terms used in electronic data interchange.
3
- 3DES (Triple DES)
- A legacy symmetric encryption algorithm still supported by many AS2 implementations for backward compatibility. 3DES applies the DES algorithm three times and is considered cryptographically weaker than AES. NIST deprecated 3DES in 2023; migration to AES is recommended.
- Related: encryption, aes
A
- AS2 (Applicability Statement 2)
- A specification (RFC 4130) for secure, reliable transport of structured business data over HTTP/HTTPS. AS2 uses S/MIME encryption and digital signatures to ensure data integrity, authentication, and non-repudiation. It is the dominant protocol for EDI document exchange in retail, healthcare, and manufacturing.
- Related: mdn, s-mime, edi, rfc-4130
- AS2 ID
- A unique identifier assigned to each party in an AS2 exchange. The AS2-From and AS2-To headers in every AS2 message use these IDs to identify the sender and receiver. AS2 IDs are case-sensitive and must be agreed upon by both trading partners before establishing a connection.
- Related: as2, trading-partner
- Asynchronous MDN
- An MDN receipt sent as a separate HTTP POST to a URL specified by the sender (via the Receipt-Delivery-Option header). The original message delivery gets an HTTP 200 immediately, and the MDN arrives later. Required when message processing takes too long for a synchronous response.
- Related: mdn, sync-mdn
- AES (Advanced Encryption Standard)
- A symmetric encryption algorithm widely used in AS2 for encrypting message payloads. AES-128 and AES-256 are the recommended encryption algorithms for AS2, replacing the older 3DES. AES-256 is preferred for maximum security.
- Related: encryption, 3des
C
- Certificate (X.509)
- A digital certificate that contains a public key and identity information, used in AS2 for encryption and signing. Certificates can be self-signed (for testing) or CA-signed (for production). Key parameters include key size (2048-bit minimum recommended), algorithm (RSA or ECDSA), and validity period.
- Related: digital-signature, encryption, certificate-chain
- Certificate Chain
- The sequence of certificates from an end-entity certificate up to a trusted root Certificate Authority (CA). For AS2, the receiver must be able to verify the entire chain to trust the sender's certificate. Incomplete chains are a common cause of AS2 connection failures.
- Related: certificate, ca
- CA (Certificate Authority)
- A trusted entity that issues digital certificates. In AS2, CA-signed certificates provide higher trust than self-signed certificates because the receiver can verify the certificate against the CA's root certificate. Common CAs include DigiCert, GlobalSign, and Sectigo.
- Related: certificate, certificate-chain
- Content-Transfer-Encoding
- The encoding applied to the AS2 message body for transport over HTTP. Common values are 'binary' (no encoding, raw bytes) and 'base64' (text-safe encoding). Most modern AS2 implementations use binary transfer encoding for efficiency.
- Related: as2
D
- Digital Signature
- A cryptographic mechanism that proves a message was sent by the claimed sender and has not been altered in transit. In AS2, the sender signs messages using their private key, and the receiver verifies using the sender's public key (from their certificate). Common algorithms: SHA-256, SHA-384, SHA-512.
- Related: s-mime, certificate, non-repudiation
- Drummond Certification
- An interoperability certification program run by the Drummond Group where AS2 software vendors test their products against each other in structured test events. Drummond-certified products have proven they can successfully exchange messages with other certified implementations. Events occur biannually (Q2 and Q4).
- Related: as2, interoperability
E
- EDI (Electronic Data Interchange)
- The structured, computer-to-computer exchange of standard business documents (purchase orders, invoices, shipping notices) between trading partners. EDI uses standardized formats like ANSI X12 (North America) and EDIFACT (international) and is transported via protocols like AS2, SFTP, and VAN.
- Related: x12, edifact, as2
- EDIFACT (UN/EDIFACT)
- The international EDI standard maintained by the United Nations. EDIFACT is the predominant EDI format outside North America, particularly in Europe, and includes message types like ORDERS, INVOIC, and DESADV. Can be transported via AS2, SFTP, or VAN.
- Related: edi, x12
- Encryption (AS2)
- The process of encrypting AS2 message content so only the intended recipient can read it. The sender encrypts using the receiver's public key; the receiver decrypts with their private key. Common algorithms: AES-128, AES-256 (recommended), and 3DES (legacy, being phased out).
- Related: s-mime, aes, 3des
H
- HIPAA (Health Insurance Portability and Accountability Act)
- U.S. federal law requiring healthcare entities to use standardized EDI transactions and protect health information. HIPAA mandates specific X12 transaction sets (837, 835, 270/271, 278) and requires encryption and authentication — making AS2 a preferred transport protocol for healthcare EDI.
- Related: edi, as2, x12
I
- Interoperability (AS2)
- The ability of different AS2 software implementations to successfully exchange messages with each other. Interoperability issues are common due to differences in how vendors implement encryption, signing, MDN handling, and certificate validation. Testing interoperability is the primary use case for AS2 Certify.
- Related: drummond-certification, as2
- ISA Segment (Interchange Control Header)
- The first segment of an X12 EDI interchange, containing routing and control information: sender/receiver IDs (ISA06/ISA08), interchange date/time, control number, and acknowledgment request flag. The ISA segment is exactly 106 characters and uses fixed-length fields.
- Related: x12, transaction-set
M
- MDN (Message Disposition Notification)
- A receipt message sent by the receiving AS2 server back to the sender to confirm that a message was received and processed. MDNs can be synchronous (returned in the same HTTP response) or asynchronous (sent later to a separate URL). MDNs can be signed to provide non-repudiation of receipt.
- Related: async-mdn, sync-mdn, non-repudiation
- MIC (Message Integrity Check)
- A hash value calculated over the message content and included in the MDN receipt. The MIC allows the sender to verify that the message the receiver processed matches what was originally sent. MIC algorithm must match between sender's Content-MIC and receiver's MDN — mismatches indicate data corruption or processing errors.
- Related: mdn, digital-signature
- MFT (Managed File Transfer)
- Enterprise software for securely transferring files between systems, partners, and people. MFT platforms typically support multiple protocols including AS2, SFTP, FTPS, and HTTPS. Major MFT vendors include IBM (Sterling), Axway, GoAnywhere (Fortra), MOVEit, and Cleo.
- Related: as2, sftp
N
- Non-Repudiation
- The assurance that the sender of a message cannot deny having sent it, and the receiver cannot deny having received it. AS2 achieves non-repudiation through digitally signed messages and signed MDN receipts. This is a key compliance requirement for HIPAA, Sarbanes-Oxley, and retail mandates.
- Related: mdn, digital-signature
P
- Partnership (AS2)
- The configured relationship between two AS2 endpoints. A partnership definition includes both parties' AS2 IDs, URLs, certificates (signing and encryption), preferred algorithms, and MDN preferences. Partnership configuration is the primary setup step in any AS2 implementation.
- Related: as2-id, trading-partner
R
- RFC 4130
- The Internet Engineering Task Force (IETF) specification that defines the AS2 protocol: 'MIME-Based Secure Peer-to-Peer Business Data Interchange Using HTTP, Applicability Statement 2 (AS2).' Published in July 2005, it builds on RFC 3335 (AS1) and specifies how to use HTTP and S/MIME for secure B2B messaging.
- Related: as2
S
- Synchronous MDN
- An MDN receipt returned in the same HTTP response as the AS2 message delivery. The sender's HTTP connection stays open until the receiver processes the message and returns the MDN. Simpler to implement but can cause timeout issues with large payloads or slow processing.
- Related: mdn, async-mdn
- S/MIME (Secure/Multipurpose Internet Mail Extensions)
- The cryptographic standard used by AS2 to encrypt message content and create digital signatures. S/MIME provides confidentiality (encryption), authentication (signing), and integrity (hash verification). AS2 uses S/MIME's CMS (Cryptographic Message Syntax) for wrapping payloads.
- Related: as2, encryption, digital-signature
- SFTP (SSH File Transfer Protocol)
- A secure file transfer protocol that runs over SSH. SFTP is commonly used alongside AS2 for B2B file exchange. Unlike AS2, SFTP does not natively provide non-repudiation, MDN receipts, or standardized message tracking. Some trading partners offer both AS2 and SFTP as transport options.
- Related: as2, mft
T
- Trading Partner
- Any business entity with which your organization exchanges EDI documents. Each trading partner relationship requires configuration of AS2 IDs, certificates, URLs, and encryption/signing preferences. Large retailers like Walmart may have 20,000+ trading partners.
- Related: as2-id, partnership, edi
- Transaction Set
- A specific type of EDI document identified by a three-digit number in the X12 standard. Common transaction sets: 850 (Purchase Order), 810 (Invoice), 856 (ASN/Ship Notice), 820 (Payment Order), 997 (Functional Acknowledgment), 270/271 (Healthcare Eligibility). Each has a defined segment structure.
- Related: x12, edi
V
- VAN (Value-Added Network)
- A third-party network service that acts as an intermediary for EDI document exchange. VANs provide mailbox-based delivery, protocol translation, and document tracking. AS2 is often used as a direct (point-to-point) alternative to VANs, eliminating per-document VAN fees.
- Related: edi, as2
X
- X12 (ANSI ASC X12)
- The EDI standard developed by the Accredited Standards Committee X12, widely used in North America. Common X12 transaction sets include 850 (Purchase Order), 810 (Invoice), 856 (Advance Shipping Notice), and 820 (Payment Order). X12 documents are typically transported via AS2 in retail and healthcare.
- Related: edi, edifact, transaction-set
Z
- Zlib Compression
- Optional compression applied to AS2 message payloads before encryption and signing, as defined in RFC 3274. Compression reduces bandwidth usage and is beneficial for large EDI documents. Not all AS2 implementations support compression, so it must be negotiated between partners.
- Related: as2