RE: Role of AS2? from Dale Moberg on 2003-06-13 (www-ws-arch@w3.org from June 2003)

From: Dale Moberg <dmoberg@cyclonecommerce.com>
Date: Fri, 13 Jun 2003 09:28:34 -0700
To: "Cutler, Roger (RogerCutler)" <RogerCutler@chevrontexaco.com>, <www-ws-arch@w3.org>
Message-ID: <A1C7F8CC121B444CA879FB66B3268A1A03F621@usazscsmh1.cyclonecommerce.com>

Hi Roger,
 
Since I am one author/editor of that specification, I will try to
respond to your  Role of AS2?  query. 



	 Roger>  Can anyone comment on the relationship of Web services
to AS2 (http://www.ietf.org/internet-drafts/draft-ietf-ediint-as2-13.txt
<http://www.ietf.org/internet-drafts/draft-ietf-ediint-as2-13.txt> ).
Is this another transport protocol (like SMTP) that can be used
underneath Web services?  

	DaleMoberg> Background first. AS2 is a draft from the IETF
Applications EDIINT working group. The draft explains how to make use of
HTTP, HTTPS, MIME, CMS (or PKCS7), SMIME, MDN, and other IETF standards
in providing  secure acknowledged b2b communication. It was written and
used far before the emergence of SOAP and the WS. It has been through
many drafts, some of which mentioned how to use XML for conveying
metainformation about the transported business data, but that has
dropped out. Metainformation in the current draft is only relayed via
ordinary IETF application area headers. It is spartan in what
metainformation is defined and almost all defined information has a
direct use for control of security, transportation, and acknowledgment
processes. As to your question, it would be possible to put a SOAP
payload, even SWA style, within AS2 and treat it something like a
transport/packaging binding. This might make sense if you already had
the PKI setup on both sides for SMIME, and didn't want to worry about
receipts (acknowledgments) and WS-security approaches. I think the SOAP
processing hookup might benefit from having some conventions specified,
however. 

	Roger> Note that AS2 is built entirely on HTTP  so it doesn't
seem to be exactly the same kind of thing.  If it is, however, an
alternative for messaging WS's, does AS2 have some role that should be
recognized in the security and reliability aspects of Web services? 

	DaleMoberg> IMO, no. Especially if you mean by WS whatever uses
SOAP 1.x and/or WSDL  1.x. It is an alternative for some of the
functionality provided by WS, but is mainly geared to meet the EDIINT
requirements for receipts & security.

	 Roger>  One of the reasons I am asking about this is that AS2
has recently become a pretty hot topic in business because WalMart, the
prototype of the 800 lb gorilla, is in the process of mandating that if
you want to do business with them you have to use AS2.  This is, to put
it mildly, a very significant driver.    Whether or not AS2, as such,
should be incorporated somehow into the WSA, I would personally
appreciate any insights that you folks have about it. 

	 DaleMoberg> AS2 (which, btw, is short for Applicability
Statement 2) is something like a b2b pickup truck for any kind of
business data needing to be exchanged. Not a lot of frills really. No
particular support for business process notations, interface
descriptions, and the like. As such it probably has less complexity and
overhead than SOAP/WSDL based approaches. It is not quite as puritanical
as REST styles, however. For example, it takes advantage of the great
POST loophole in talking to processes just behind the HTTP speaker (web
server) in order to return MDNs in the HTTP reply.

Received on Friday, 13 June 2003 12:28:32 UTC