AS4 offers secure B2B document exchange based on web services and was developed by a subcommittee of the Technical Committee of OASIS ebXML Messaging Services. AS4 is in many ways similar to AS2, but works in a Web services context and contains advanced interaction patterns and receipts for message-based transfer business.
AS4 is characterized by the following features:
- Acknowledgment mechanisms, a reliable messaging and allows a repeat in the case of a lost message
- Secure data exchange via password authentication, digital signature and encryption
- Compression and transmission of large volumes of data
- Pattern for message exchanges that allow a rich variety of interactions between sender and receiver
The mendelson AS4 server is a out-of-the-box solution that supports the AS4 usage profiles ebMS 3.0 AS4, ENTSOG AS4, e-SENS AS4 and PEPPOL AS4. You could either pull or push any kind of data, with full encryption, signature and TLS support. Additional services like EESSI (Electronic Exchange of Social Security Information) are also supported because they are based on e-SENS.
- PUSH messages
- PULL messages
- Key and certificate management
- Partner management
- Digital signatures, detailed settings for SOAP structure signature and payload signature
- Message encryption, detailed settings for SOAP structure encrytion and payload encryption
- Supports fully encrypted SOAP data
- UserNameToken authentication
- ENTSOG AS4 Usage Profile support
- ebMS AS4 Usage Profile support
- e-SENS AS4 Usage Profile support
- PEPPOL AS4 Usage Profile support
- Usage Profile selectable per user
- Multiple local identities
- Full support for message bundling
- Secure transport (TLS 1.2, TLS 1.3)
- Support for SSL client authentication
- System task to auto clear old log entries
- Multinational support: Localized to german and english
- Customizable local directory poll processes
- Customizable remote parter poll processes (PULL request)
- Local MPC (message processing queue), configurable per partner
- Sync and async Receipt Signal support
- Easy integration to existing systems, using a partner based file system interface
- Integrated scheduler picks up data from directories
- Message post processing (scripting on receipt)
- Pluggable into any servlet container like Tomcat, Jetty, ... - contains an integrated Jetty webserver
- Email event notification
Supports WSS 1.1, WSS X.509 Certificate Token Profile.
The following encryption algorithms are supported:
The following key transport algorithms are supported:
- RSA-OAEP with the digest SHA-1 and the mask generation function SHA1_MGF1
- RSA-OAEP-11 with the digest SHA-1 and the mask generation function SHA1_MGF1
- RSA-OAEP-11 with the digest SHA-224 and the mask generation function SHA224_MGF1
- RSA-OAEP-11 with the digest SHA-256 and the mask generation function SHA256_MGF1
- RSA-OAEP-11 with the digest SHA-384 and the mask generation function SHA384_MGF1
- RSA-OAEP-11 with the digest SHA-512 and the mask generation function SHA512_MGF1
Supports WSS 1.1 [SOAPATTACH], Attachment-Content-Only transform, Attachment-Complete transform
The following hash algorithms are supported:
Security Token Authentication
Supports WSS Username Token Profile and wsse:PasswordText-type
- Trusted certificates, self signed certificates
- SHA-1 signed certficates, SHA-2 signed certificates
- Trusted by any CA
mendelson AS4 could send and receive AS4 messages from and to trading partners via HTTP and HTTPS.
There runs an additional poll thread for every partner that polls special directories per partner and sends matching files to the mendelson AS4 server. An internal pull destination (mpc, message processing channel) could be setup per partner to allow the processing of PULL Request signals from other AS4 systems.
Please have a look at the following diagram for an overview of the included components of the mendelson AS4 package. All these components install out-of-the-box if you are using the installer. The main difference in the architecture between the commercial version and the community version (open source) is that in the commercial version the user interface and the AS4 server are running in different processes and could even run on different machines/operation systems while the server could run as service. The community version acts as a desktop system, user interface and server are running in the same process.
The server is the core component. It is responsible for the transaction processing and cares for encryption, digital signatures and the communication to all the other components.
AS4 Client (Rich client)
The AS4 client contains the transaction management, partner management, certificate management (commercial version only). It allows to set all server properties and configure the system.
The database server stores all information about the transactions and the master data of partners, subjects etc.
The HTTP server acts as a servlet container for the message receipt servlet. It host also some information pages. The servlet sends received messages to the server. There is a HTTP server included in the installation package but its also possible to deploy the AS4 receiver in any other servlet container.
This component sends AS4 messages and signals to the trading partner. It also receives AS4 data (Signals, User Messages) on the back channel.
Allows the notification via mail if there occurred any event that requires user interaction.