AS4 - Astra Zeneca

Copyright (c) 2009, Drummond Group

AS4: Secure B2B Document Exchange Using Web Services

By Timothy Bennett, Drummond Group

[email protected]

615.337.6087

mailto:[email protected]


What is AS4?

An open standard for the secure and payload-agnostic exchange of B2B documents using Web services

Maps the AS2 functional requirements onto the WS-* stack using ebMS 3.0 as a leverage point

Constrains the ebMS v3.0 specification (and its underlying specifications) for message packaging, transport, security, exchange patterns, and business non-repudiation


Purpose of AS4

Provides an entry-level on-ramp for Web services B2B messaging by embracing “elegant simplicity”

Promotes the adoption of Web services

Extends the use of SOA deployments for inter-business communication


Benefits Summary Web services landscape lacks a B2B messaging specification

that has the simplicity and elegance of AS2

Simplification of Web services for B2B breeds an environment whereby the likelihood for interoperability become achievable

As SOA and Web services deployments becomes more pervasive, the opportunity for B2B communication on these platforms will increase

New markets that are Web services centric can benefit from the AS2 success story


B2B Web Services Messaging

ebMS 3.0 is one of the first “applicability statement” specifications for Web services messaging

Composes and extends SOAP, WS-Security, WS-ReliableMessaging, and other WS-* standards to provide comprehensive guidance on WS messaging

But even ebMS 3.0 is too complex and the AS4 profile brings the AS2 success story closer to the Web Services landscape


AS4 Profile Highlights

Message packaging governed by ebMS 3.0

Support for both document push and pull message exchange choreographies

Message security governed by WS-Security specification along with support for payload compression

Support for an AS2-like business Non-Repudiation Receipt

Reception Awareness – Just enough reliable messaging


AS4 Message Packaging

Message contained within a SOAP Envelope

Two types of messages: user messages and signal messages

Payloads contained either in the SOAP:Body or SOAP Attachments

Message metadata contained in SOAP:Header


AS4 Document Push/Pull Support for AS2's synchronous and asynchronous document push

choreographies

Support for the ebMS v3 document pull choreography which is not available with AS2

Important for markets where 24x7 Internet connectivity and IP addressability is not available

Clients can access multiple document pull channels (priority, document types, etc)

AS4 defines a “Light Client” for deployment to IT and cost challenged endpoints


AS4 Message Security

Support for payload compression and must occur prior to attaching the document(s) and prior to any message-level security

Support for message-level security including various combinations of XML Digital Signature and/or XML Encryption as governed by WS-Security

X.509 security tokens for signing/encryption; additional support for username/password tokens for access to message pull channels


AS4 Non-Repudiation of Receipt (NRR)

Support for business non-repudiation receipts similar to AS2's RFC3798 (MDN)

The MDN is specified by the ebXML BPSS in the form of an XML schema and returned as special signal message

AS4 defaults to requiring message recipients to return a signed receipt and contain digests necessary for NRR

Receipt may contain error information if the Recipient could not process the Sender's message


AS4 Reception Awareness

Makes use of the message receipt as the signal to the message sender that the recipient received the business payload – similar to AS2 Reliability

Support for Duplicate Detection at the message Recipient

Support for Message Retry if the Sender does not receive a receipt.








Q&A

Comments? Questions?Feedback?

Technology

AS4 - Astra Zeneca