AS2 & EDI Glossary
A comprehensive reference of AS2, EDI, and B2B integration terms used in electronic data interchange.
3
- 3DES (Triple DES)
- A legacy symmetric encryption algorithm still supported by many AS2 implementations for backward compatibility. 3DES applies the DES algorithm three times and is considered cryptographically weaker than AES. NIST deprecated 3DES in 2023; migration to AES is recommended.
- Related: Encryption (AS2), AES (Advanced Encryption Standard)
A
- AS2 (Applicability Statement 2)
- A specification (RFC 4130) for secure, reliable transport of structured business data over HTTP/HTTPS. AS2 uses S/MIME encryption and digital signatures to ensure data integrity, authentication, and non-repudiation. It is the dominant protocol for EDI document exchange in retail, healthcare, and manufacturing.
- Related: MDN (Message Disposition Notification), S/MIME (Secure/Multipurpose Internet Mail Extensions), EDI (Electronic Data Interchange), RFC 4130
- AS2 ID
- A unique identifier assigned to each party in an AS2 exchange. The AS2-From and AS2-To headers in every AS2 message use these IDs to identify the sender and receiver. AS2 IDs are case-sensitive and must be agreed upon by both trading partners before establishing a connection.
- Related: AS2 (Applicability Statement 2), Trading Partner
- Asynchronous MDN
- An MDN receipt sent as a separate HTTP POST to a URL specified by the sender (via the Receipt-Delivery-Option header). The original message delivery gets an HTTP 200 immediately, and the MDN arrives later. Required when message processing takes too long for a synchronous response.
- Related: MDN (Message Disposition Notification), Synchronous MDN
- AES (Advanced Encryption Standard)
- A symmetric encryption algorithm widely used in AS2 for encrypting message payloads. AES-128 and AES-256 are the recommended encryption algorithms for AS2, replacing the older 3DES. AES-256 is preferred for maximum security.
- Related: Encryption (AS2), 3DES (Triple DES)
C
- Certificate (X.509)
- A digital certificate that contains a public key and identity information, used in AS2 for encryption and signing. Certificates can be self-signed (for testing) or CA-signed (for production). Key parameters include key size (2048-bit minimum recommended), algorithm (RSA or ECDSA), and validity period.
- Related: Digital Signature, Encryption (AS2), Certificate Chain
- Certificate Chain
- The sequence of certificates from an end-entity certificate up to a trusted root Certificate Authority (CA). For AS2, the receiver must be able to verify the entire chain to trust the sender's certificate. Incomplete chains are a common cause of AS2 connection failures.
- Related: Certificate (X.509), CA (Certificate Authority)
- CA (Certificate Authority)
- A trusted entity that issues digital certificates. In AS2, CA-signed certificates provide higher trust than self-signed certificates because the receiver can verify the certificate against the CA's root certificate. Common CAs include DigiCert, GlobalSign, and Sectigo.
- Related: Certificate (X.509), Certificate Chain
- Content-Transfer-Encoding
- The encoding applied to the AS2 message body for transport over HTTP. Common values are 'binary' (no encoding, raw bytes) and 'base64' (text-safe encoding). Most modern AS2 implementations use binary transfer encoding for efficiency.
- Related: AS2 (Applicability Statement 2)
D
- Digital Signature
- A cryptographic mechanism that proves a message was sent by the claimed sender and has not been altered in transit. In AS2, the sender signs messages using their private key, and the receiver verifies using the sender's public key (from their certificate). Common algorithms: SHA-256, SHA-384, SHA-512.
- Related: S/MIME (Secure/Multipurpose Internet Mail Extensions), Certificate (X.509), Non-Repudiation
- Drummond Certification
- An interoperability certification program run by the Drummond Group where AS2 software vendors test their products against each other in structured test events. Drummond-certified products have proven they can successfully exchange messages with other certified implementations. Events occur biannually (Q2 and Q4).
- Related: AS2 (Applicability Statement 2), Interoperability (AS2)
E
- EDI (Electronic Data Interchange)
- The structured, computer-to-computer exchange of standard business documents (purchase orders, invoices, shipping notices) between trading partners. EDI uses standardized formats like ANSI X12 (North America) and EDIFACT (international) and is transported via protocols like AS2, SFTP, and VAN.
- Related: X12 (ANSI ASC X12), EDIFACT (UN/EDIFACT), AS2 (Applicability Statement 2)
- EDIFACT (UN/EDIFACT)
- The international EDI standard maintained by the United Nations. EDIFACT is the predominant EDI format outside North America, particularly in Europe, and includes message types like ORDERS, INVOIC, and DESADV. Can be transported via AS2, SFTP, or VAN.
- Related: EDI (Electronic Data Interchange), X12 (ANSI ASC X12)
- Encryption (AS2)
- The process of encrypting AS2 message content so only the intended recipient can read it. The sender encrypts using the receiver's public key; the receiver decrypts with their private key. Common algorithms: AES-128, AES-256 (recommended), and 3DES (legacy, being phased out).
- Related: S/MIME (Secure/Multipurpose Internet Mail Extensions), AES (Advanced Encryption Standard), 3DES (Triple DES)
H
- HIPAA (Health Insurance Portability and Accountability Act)
- U.S. federal law requiring healthcare entities to use standardized EDI transactions and protect health information. HIPAA mandates specific X12 transaction sets (837, 835, 270/271, 278) and requires encryption and authentication — making AS2 a preferred transport protocol for healthcare EDI.
- Related: EDI (Electronic Data Interchange), AS2 (Applicability Statement 2), X12 (ANSI ASC X12)
I
- Interoperability (AS2)
- The ability of different AS2 software implementations to successfully exchange messages with each other. Interoperability issues are common due to differences in how vendors implement encryption, signing, MDN handling, and certificate validation. Testing interoperability is the primary use case for AS2 Certify.
- Related: Drummond Certification, AS2 (Applicability Statement 2)
- ISA Segment (Interchange Control Header)
- The first segment of an X12 EDI interchange, containing routing and control information: sender/receiver IDs (ISA06/ISA08), interchange date/time, control number, and acknowledgment request flag. The ISA segment is exactly 106 characters and uses fixed-length fields.
- Related: X12 (ANSI ASC X12), Transaction Set
M
- MDN (Message Disposition Notification)
- A receipt message sent by the receiving AS2 server back to the sender to confirm that a message was received and processed. MDNs can be synchronous (returned in the same HTTP response) or asynchronous (sent later to a separate URL). MDNs can be signed to provide non-repudiation of receipt.
- Related: Asynchronous MDN, Synchronous MDN, Non-Repudiation
- MIC (Message Integrity Check)
- A hash value calculated over the message content and included in the MDN receipt. The MIC allows the sender to verify that the message the receiver processed matches what was originally sent. MIC algorithm must match between sender's Content-MIC and receiver's MDN — mismatches indicate data corruption or processing errors.
- Related: MDN (Message Disposition Notification), Digital Signature
- MFT (Managed File Transfer)
- Enterprise software for securely transferring files between systems, partners, and people. MFT platforms typically support multiple protocols including AS2, SFTP, FTPS, and HTTPS. Major MFT vendors include IBM (Sterling), Axway, GoAnywhere (Fortra), MOVEit, and Cleo.
- Related: AS2 (Applicability Statement 2), SFTP (SSH File Transfer Protocol)
N
- Non-Repudiation
- The assurance that the sender of a message cannot deny having sent it, and the receiver cannot deny having received it. AS2 achieves non-repudiation through digitally signed messages and signed MDN receipts. This is a key compliance requirement for HIPAA, Sarbanes-Oxley, and retail mandates.
- Related: MDN (Message Disposition Notification), Digital Signature
P
- Partnership (AS2)
- The configured relationship between two AS2 endpoints. A partnership definition includes both parties' AS2 IDs, URLs, certificates (signing and encryption), preferred algorithms, and MDN preferences. Partnership configuration is the primary setup step in any AS2 implementation.
- Related: AS2 ID, Trading Partner
R
- RFC 4130
- The Internet Engineering Task Force (IETF) specification that defines the AS2 protocol: 'MIME-Based Secure Peer-to-Peer Business Data Interchange Using HTTP, Applicability Statement 2 (AS2).' Published in July 2005, it builds on RFC 3335 (AS1) and specifies how to use HTTP and S/MIME for secure B2B messaging.
- Related: AS2 (Applicability Statement 2)
S
- Synchronous MDN
- An MDN receipt returned in the same HTTP response as the AS2 message delivery. The sender's HTTP connection stays open until the receiver processes the message and returns the MDN. Simpler to implement but can cause timeout issues with large payloads or slow processing.
- Related: MDN (Message Disposition Notification), Asynchronous MDN
- S/MIME (Secure/Multipurpose Internet Mail Extensions)
- The cryptographic standard used by AS2 to encrypt message content and create digital signatures. S/MIME provides confidentiality (encryption), authentication (signing), and integrity (hash verification). AS2 uses S/MIME's CMS (Cryptographic Message Syntax) for wrapping payloads.
- Related: AS2 (Applicability Statement 2), Encryption (AS2), Digital Signature
- SFTP (SSH File Transfer Protocol)
- A secure file transfer protocol that runs over SSH. SFTP is commonly used alongside AS2 for B2B file exchange. Unlike AS2, SFTP does not natively provide non-repudiation, MDN receipts, or standardized message tracking. Some trading partners offer both AS2 and SFTP as transport options.
- Related: AS2 (Applicability Statement 2), MFT (Managed File Transfer)
T
- Trading Partner
- Any business entity with which your organization exchanges EDI documents. Each trading partner relationship requires configuration of AS2 IDs, certificates, URLs, and encryption/signing preferences. Large retailers like Walmart may have 20,000+ trading partners.
- Related: AS2 ID, Partnership (AS2), EDI (Electronic Data Interchange)
- Transaction Set
- A specific type of EDI document identified by a three-digit number in the X12 standard. Common transaction sets: 850 (Purchase Order), 810 (Invoice), 856 (ASN/Ship Notice), 820 (Payment Order), 997 (Functional Acknowledgment), 270/271 (Healthcare Eligibility). Each has a defined segment structure.
- Related: X12 (ANSI ASC X12), EDI (Electronic Data Interchange)
V
- VAN (Value-Added Network)
- A third-party network service that acts as an intermediary for EDI document exchange. VANs provide mailbox-based delivery, protocol translation, and document tracking. AS2 is often used as a direct (point-to-point) alternative to VANs, eliminating per-document VAN fees.
- Related: EDI (Electronic Data Interchange), AS2 (Applicability Statement 2)
X
- X12 (ANSI ASC X12)
- The EDI standard developed by the Accredited Standards Committee X12, widely used in North America. Common X12 transaction sets include 850 (Purchase Order), 810 (Invoice), 856 (Advance Shipping Notice), and 820 (Payment Order). X12 documents are typically transported via AS2 in retail and healthcare.
- Related: EDI (Electronic Data Interchange), EDIFACT (UN/EDIFACT), Transaction Set
Z
- Zlib Compression
- Optional compression applied to AS2 message payloads before encryption and signing, as defined in RFC 3274. Compression reduces bandwidth usage and is beneficial for large EDI documents. Not all AS2 implementations support compression, so it must be negotiated between partners.
- Related: AS2 (Applicability Statement 2)