AS2 uses a digital certificate so you have authentication of the entity you communicate with before you use the secure communications.
AS2 is widely accepted, Retail, Banking, even the US military uses AS2 for point to point. While many malign Drummond for the fees they charge they have helped AS2 to have certifiable standards. S/FTP has several flavors, there is no global standard. Regards, James Hatcher -------- Original Message -------- Subject: [EDI-L] AS2 versus S/FTP From: "Ben Kenoyer" <[email protected]> Date: Wed, August 01, 2012 7:44 am To: [email protected] I am working on an internal proposal and am looking for some feedback from my peers who are on either side of this topic. I am working on an EDI software migration, and I selected the software we went with (Liaison ECS/Delta) for several reasons. One of the reasons I chose it (and one of the points I made in getting it approved) is that I can potentially save money by performing more direct-connections with a few of my higher-volume trading partners and avoid the VAN costs of data transmissions. My old software was limited to simple FTP connections. My new software is capable of just about any communication protocol that can be used by EDI. I have been speaking with one of my Network Administrators about getting our systems set up for AS2 (of which he and most of my Operations team have never heard). Since this protocol is a "push" behavior, they are very against it--even if going through a designated web server in our DMZ--from a security perspective. I can still accomplish some of my promised cost savings if I perform some direct-connections to higher-volume trading partners via S/FTP instead of AS2, but that could require at least one of us to host the FTP server and possibly allow the other to "push" documents to us. This seems much more doable if both partners can simply "pull" documents at their own leisure and keep the new processes within the scope of my current security policies. I have been trying to find a good business reason why AS2 is better than S/FTP. Basically, is it worth me trying to get my company to adjust their policies and possibly hardware, and invest their time to establish an environment that is compatible with AS2 in order to save me money, or are there any reasons I can't use my existing FTP abilities to accomplish this? I understand that EDIINT recommends AS2 for EDI traffic, but I haven't seen a discussion against S/FTP as it pertains to EDI. My current FTP connection to my VAN uses encryption in both directions, so the transmissions are secure and ensured. I have been told that while an MDN confirms receipt of a transmitted file, an X12 997 (Functional Acknowledgement) is still necessary to communicate that the transmitted file was functionally correct and not just simply received. So, using the "immediate acknowledgement of transmission success via MDN on AS2" argument is MOOT. Thoughts? Feedback? ------------------------------------ ... Please use the following Message Identifiers as your subject prefix: <SALES>, <JOBS>, <LIST>, <TECH>, <MISC>, <EVENT>, <OFF-TOPIC> Job postings are welcome, but for job postings or requests for work: <JOBS> IS REQUIRED in the subject line as a prefix.Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/EDI-L/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/EDI-L/join (Yahoo! ID required) <*> To change settings via email: [email protected] [email protected] <*> To unsubscribe from this group, send an email to: [email protected] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
