In this session, Glenn and Toon will provide some basic insights into the recent B2B messaging protocol AS4. The core concepts will be explained of how AS4 establishes a reliable and secure message exchange between trading partners. As AS4 is not out-of-the-box supported by Microsoft, this session aims to demonstrate that Microsoft products can be extended in order to be interoperable with AS4. Expect a nice mix of theoretical concepts and practical demos.
1. Sponsored & Brought to you by
An Intro to AS4, the Successor of AS2
Glenn Colpaert & Toon Vanhoutte
http://twitter.com/GlennColpaert
https://www.linkedin.com/in/glenncolpaert
https://twitter.com/ToonVanhoutte
https://be.linkedin.com/pub/toon-vanhoutte/6/276/84b
3. Nice to meet you
Glenn COLPAERT
Integration Consultant
Integration MVP
ToonVANHOUTTE
Integration Architect
OASIS ebXML
Committee Member
glenn.colpaert@codit.eu
+32 477 774 304
@GlennColpaert
toon.vanhoutte@codit.eu
+32 479 905 115
@ToonVanhoutte
4. Goal of this session
Create awareness on AS4 within the Microsoft integration community
and demonstrate interoperability of AS4 with the Microsoft stack.
7. What is AS4?
➔ AS4 defines a standardized, secure and reliable exchange
of messages, containing one or multiple payloads.
Messaging OASIS Standard WS-Security Reliability Payloads
8. History of AS4
8
Originating from ebXML Messaging Services
2002
ebMS 2.0
2007
ebMS 3.0
Core Specifications
2011
ebMS 3.0
Advanced Features
2013
AS4 Profile
of ebMS 3.0
Just
enough
design
11. Member State Member State
EESSI
Electronic Exchange of Social Security Information
Access
Point
Access
Point
Institution Institution
Over 10.000 social security institutions from 32 Member States
across Europe exchanging electronic information via more than 50
Access Points, using the secure and reliable AS4 messaging protocol.
Access Points are powered by
Microsoft BizTalk Server
13. AS4 Messaging Model
13
Sending Party
Business
Application
Producer
Sending
MSH
Submit
Notify
Receiving Party
Receiving
MSH
Business
Application
Consumer
Deliver
Notify
Send Receive
MSH = Messaging Service Handler
Implementation
Specific
Implementation
Specific
AS4
Communication
14. Demo Scenario
14
Jamie Oliver Inc.
FILE
System
Producer
Sending
MSH
Submit
Notify
Gordon Ramsay Food Service
Receiving
MSH
FILE
System
Consumer
Deliver
Notify
Send Receive
➔ Microsoft Integration Platform
➔ .NET Based
➔ Does not support AS4 ootb
➔ Open Source B2B Software
➔ Java Based
➔ Supports AS4 ootb
15. AS4 Messaging Model
15
Sending Party
Business
Application
Producer
Sending
MSH
Submit
Notify
Receiving Party
Receiving
MSH
Business
Application
Consumer
Deliver
P-Mode
User Message
Receipt / Error
General
Protocol
BusinessInfo
ErrorHandling
Reliability
Security
21. AS4 Security
Signing of UserMessage
22
AS4 Message
SOAP Header
UserMessage
From: Sender
To: Receiver
SOAP Body
XML Payload
SOAP Attachments
Any Payload (MIME)
Any Payload (MIME)
REF
WS-S
➔ Non Repudiation of Origin
➔ DetachedWS-Security
Signature
➔ In SOAP Header
➔ Including hashes of:
• UserMessage
• SOAP Body
• SOAP Attachments
22. AS4 Security
Signing of Receipt
23
WS-S
➔ Non Repudiation of Receipt
➔ NRR Receipt Format
➔ Signed by the receiver
➔ Including hashes of:
• UserMessage
• SOAP Body
• SOAP Attachments
AS4 Message
SOAP Header
Receipt
Non Repudiation
Information
HASH of UserMessage
HASH of SOAP Body
HASH of SOAP Attachments
AS4 Message
SOAP Header
UserMessage
From: Sender
To: Receiver
SOAP Body
XML Payload
SOAP Attachments
Any Payload (MIME)
Any Payload (MIME)
HASH
23. AS4 Security
Encryption – Data Confidentiality
24
➔ Transport Layer Security (SSL/TLS)
➔ Secure communication channel
➔ WS-Security Encryption
➔ Message encryption of:
• SOAP Body
• SOAP Attachments
AS4 Message
SOAP Header
UserMessage
From: Sender
To: Receiver
SOAP Body
XML Payload
SOAP Attachments
Any Payload (MIME)
Any Payload (MIME)
27. AS2 vs AS4
AS4 Differentiators
28
AS4
➔ Support for multiple payloads
➔ Support for native web services
➔ Support for pulling
➔ Support for lightweight
client implementations
➔ Support for modern crypto algorithms
➔ Support for more authentication types