MIME-Based Secure Peer-to-Peer Business Data Interchange Using HTTP, Applicability Statement 2 (AS2)
RFC 4130
Network Working Group D. Moberg
Request for Comments: 4130 Cyclone Commerce
Category: Standards Track R. Drummond
Drummond Group Inc.
July 2005
MIME-Based Secure Peer-to-Peer
Business Data Interchange Using HTTP,
Applicability Statement 2 (AS2)
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This document provides an applicability statement (RFC 2026, Section
3.2) that describes how to exchange structured business data securely
using the HTTP transfer protocol, instead of SMTP; the applicability
statement for SMTP is found in RFC 3335. Structured business data
may be XML; Electronic Data Interchange (EDI) in either the American
National Standards Committee (ANSI) X12 format or the UN Electronic
Data Interchange for Administration, Commerce, and Transport
(UN/EDIFACT) format; or other structured data formats. The data is
packaged using standard MIME structures. Authentication and data
confidentiality are obtained by using Cryptographic Message Syntax
with S/MIME security body parts. Authenticated acknowledgements make
use of multipart/signed Message Disposition Notification (MDN)
responses to the original HTTP message. This applicability statement
is informally referred to as "AS2" because it is the second
applicability statement, produced after "AS1", RFC 3335.
Moberg & Drummond Standards Track [Page 1]
RFC 4130 AS2 for Business Data Interchange Using HTTP July 2005
Table of Contents
1. Introduction ....................................................3
1.1. Applicable RFCs ............................................3
1.2. Terms ......................................................3
2. Overview ........................................................5
2.1. Overall Operation ..........................................5
2.2. Purpose of a Security Guideline for MIME EDI ...............5
2.3. Definitions ................................................5
2.4. Assumptions ................................................7
3. Referenced RFCs and Their Contributions .........................9
3.1. RFC 2616 HTTP v1.1 [3] .....................................9
3.2. RFC 1847 MIME Security Multiparts [6] ......................9
3.3. RFC 3462 Multipart/Report [8] .............................10
3.4. RFC 1767 EDI Content [2] ..................................10
3.5. RFC 2045, 2046, and 2049 MIME [1] .........................10
3.6. RFC 3798 Message Disposition Notification [5] .............10
3.7. RFC 3851 and 3852 S/MIME Version 3.1 Message
Specifications and Cryptographic Message Syntax (CMS) [7]..10
3.8. RFC 3023 XML Media Types [10] .............................10
4. Structure of an AS2 Message ....................................10
4.1. Introduction ..............................................10
4.2. Structure of an Internet EDI MIME Message .................11
5. HTTP Considerations ............................................12
5.1. Sending EDI in HTTP POST Requests .........................12
5.2. Unused MIME Headers and Operations ........................12
5.3. Modification of MIME or Other Headers or Parameters Used ..13
5.4. HTTP Response Status Codes ................................14
5.5. HTTP Error Recovery .......................................14
6. Additional AS2-Specific HTTP Headers ...........................14
6.1. AS2 Version Header ........................................15
6.2. AS2 System Identifiers ....................................15
7. Structure and Processing of an MDN Message .....................17
7.1. Introduction ..............................................17
7.2. Synchronous and Asynchronous MDNs .........................19
7.3. Requesting a Signed Receipt ...............................21
7.4. MDN Format and Values .....................................25
7.5. Disposition Mode, Type, and Modifier ......................30
7.6. Receipt Reply Considerations in an HTTP POST ..............35
8. Public Key Certificate Handling ................................35
9. Security Considerations ........................................36
Show full document text