AS3
Secure, Reliable, and Interoperable Messaging for FTP-centric environments
File Transfer Protocol, FTP, is a commonly used protocol because of its ease of use and widespread adoption. However, the use of FTP in industries where sensitive data is exchanged, such as medical and financial, was limited due to a lack of security and reliability. Even with FTP/S, or FTP with Secure Sockets Layer (SSL), the protocol lacks the level of security required for these organizations.
A main issue deals with the need to confirm receipt of a message by a specified, trusted party. FTP does not offer a method to indicate whether or not a message was received by the intended recipient. Also, secure FTP poses issues with how it encrypts the data. FTP/S encrypts network-level packet communications. With packet encryption, firewalls are prevented from inspecting the flow of network traffic. This scenario was not acceptable for many business security groups. These issues left organizations to develop proprietary solutions that were expensive and did not promote open business standards.
AS3 was developed by the Internet Engineering Task Force (IETF) to address these specific problems. AS3, or Applicability Statement 3, is a draft specification by which applications communicate EDI data, or other information such as XML documents, securely over the Internet using the FTP/S protocol. Where it advances over FTP/S is in the use of receipts, or Message Disposition Notifications (MDNs). MDNs provide a legal way to verify receipt of a message. The sender can request a digital signature along with the receipt, ensuring the identity of the recipient. The combination of an MDN and digital signature provides a high level of security and verification known as “non-repudiation.” This is the same level of security and reliability provided in AS2.
AS3 (like AS2) is an open standards protocol promoting interoperability. The Drummond Group certifies interoperability among software products in its eBusinessReady program. The first round of tests, of which Cleo successfully participated, completed in January of 2005. Interoperability makes the solution attractive to organizations that desire to do business with a wide variety of partners and do not want to be constrained to the limits and expense of a proprietary solution.
It is important to note that AS3 is not an extension or the next level of AS2, but a separate standard. AS2 uses HTTP/S, and AS3 is built on FTP/S (while AS1 utilizes SMTP).
Cleo’s AS3 products also provide optional message compression, allowing business to exchange data more efficiently.
The combination of reliability, security, interoperability, and efficiency makes AS3 attractive to any company desiring secure communications. AS3 may be particularly well suited for FTP-centric businesses that have a significant investment in FTP scripting, applications, or security. AS3 offers both "push" and "pull" FTP capabilities, which may widen its adoption rate (AS2 is a push-only protocol). This "push/pull" set up is similar to the asynchronous and bisynchronous environments that you may be familiar with and can be achieved with the Integrated FTP Server in Cleo's VLTrader.
Cleo's LexiCom software can be used for AS3 compliance at the client side.