EDI Resource Center
Types of EDI: Messaging Protocols
Electronic data interchange (EDI) is a communications technology used to exchange business documents between organizations via computers. Handling everything from purchase orders and invoices to health insurance codes and shipments, EDI is a crucial business communications tool.
So What Are The Different Types of EDI?
EDI protocols are the technologies used by EDI software to transfer data securely from one computer to another. Each protocol reflects a set of universal guidelines that dictate how the data is encrypted and configured while in transit.
There are many types of EDI messaging protocols, each created to use different types of data exchange technologies and EDI software to send and receive data.
EDI protocols have evolved for more than 50 years, since a group of companies created EDI in 1968, with new protocols pioneered every few years to capture the benefits of newer technologies. In this guide, we give you an overview of the different types of EDI protocols, the technologies they use and their applications.
A Quick Word on Direct EDI vs. VANs
It's worth noting you have a key decision to make about how to set up any EDI protocol: use direct EDI with each trading partner or go through a Value Added Network, or VAN.
In direct EDI, also known as point-to-point EDI, you establish a specific connection with each business partner using an agreed-upon protocol.
VANs act as middlemen, translating EDI messages between protocols and partners, while enabling you to use your own, single protocol no matter which protocol your partners use.
Traditionally, VANs were the only option, but as Internet EDI technology has improved and EDI software has emerged, direct EDI is used more and more. VANs generally reduce initial setup costs, but they charge a fee for every document, or even line item, they process. Depending on how much you trade with a given partner or use a certain protocol, you can save money over time with direct EDI. But along with setup comes ongoing management and maintenance, which can cut into savings. There are other considerations as well, such as control over your setup, partner requirements and more.
Given these considerations, you'll want to evaluate the software options out there and may even consider a hybrid setup that could incorporate a B2B managed services provider experienced in both approaches.
AS1 EDI Protocol
AS1 stands for Applicability Statement 1 and specificies how to transport data securely and reliably via the Internet using email protocols.
Technology and Features
The AS1 protocol is based on SMTP and S/MIME (email technologies). It was the first AS protocol developed and uses signing, encryption and MDN conventions. It works as follows:
- Files are sent as "attachments" in a specially coded SMIME email message
- Messages can, but aren't required to be signed
- Messages can, but aren't required to be encrypted
- Messages may, but aren't required to, request Message Disposition Notifications, or MDNs, to ensure the recipient gets the message.
- If an MDN is requested, upon receipt and successful decryption or signature validation, a "success" MDN goes from the recipient to the original sender
- Upon receipt and verification of the signature on the MDN, the original sender knows the recipient got their message, providing "non-repudiation"
- If there are any problems receiving or interpreting the original AS1 message, a "failed" MDN may be sent back
Age
AS1 was developed by EDI over the Internet (EDIINT), a working group of the Internet Engineering Task Force (IETF) during the 1990s to help facilitate web-based EDI communications between partners. At the time, it was a major technological step forward that delivered higher security with reduced setup costs over the Internet.
Status and Popularity
The AS1 EDI specification is largely superseded by the Applicability Statement 2 (AS2) standard, which uses HTTP.
Security
AS1 achieves security with digital certificates and encryption. AS1 (like all AS file transfers) generally requires both sides of the exchange to trade X.509 certificates and specific "trading partner" names before transferring any EDI documents.
AS2 EDI Protocol
AS2 is the next generation of open-standards EDI protocol developed by the IETF and replaced AS1. For millions of companies, AS2 is the EDI messaging protocol used to transfer files between trading partners.
Technology and Features
AS2 enables secure data transmission over the Internet using HTTPS. In doing so, AS2 massively extends EDI functionality through the ubiquity of Internet access. It involves two computers, a client and a server, connecting in a point-to-point manner via the web.
Age
AS2 was developed and pioneered in the early 2000s ('02 - '04) and has only grown since.
Status and Popularity
AS2 is one of the most popular methods for transporting data, especially EDI data, securely and reliably over the Internet. It's used by many major retailers worldwide and has become an ubiquitous standard that still draws new companies to it.
In addition, AS2 is backed by the Drummond Group, an organization that certifies the compatibility of versions from different vendors and certifies EDI Software. If you purchase any two products from the list of Drummond-certified products, they will work well together - i.e. they'll have strong interoperability.
Security
AS2 creates an "envelope" for the EDI data, allowing it to be sent securely - using digital certificates and encryption - over the Internet. It also supports signed receipts to ensure that your trading partner received the message after it has been delivered.
Who Uses It?
Walmart famously championed EDI via AS2 and has driven its mass adoption within the broader retail industry in particular. AS2 is the de facto standard for EDI transactions in the U.S.
Learn More About AS2
See our complete AS2 guide to learn how AS2 works, understand its benefits and get a brief, step-by-step breakdown on AS2 implementation.
AS3 EDI Protocol
Developed by the IETF, Applicability Statement 3 (AS3) is an open-standards protocol promoting secure EDI data transportation and application interoperability. It is not intended as a next version or replacement for AS2, simply as a protocol using a different technology that benefits different users.
Technology and Features
AS3 is built on File Transfer Protocol (FTP). Since the 1960s, companies have used FTP to send data, including EDI data, across the Internet to partners. The problem is FTP isn't secure by itself. AS3 adds MDNs, similar to AS1, to provide verification known as non-repudiation. It also enables organizations to securely send and receive XML documents, in addition to EDI documents. AS3 enables push and pull FTP capabilities, similar to setups in asynchronous and bi-synchronous environments.
Age
The IETF developed AS3 in 2006.
Status and Popularity
AS3 is used across industry, for many companies that use FTP. But it's not nearly as popular as AS2 or AS4.
Security
AS3 provides tight security on par with that of AS2 by implementing MDNs in combination with encryption. This 1-2 punch of digital signatures and encryption makes AS3 more secure than both traditional FTP and File Transfer Protocol Secure (FTPS), which uses Secure Sockets Layer (SSL) in combination with FTP. It improves on the way FTPS encrypts data by allowing firewalls to inspect the flow of network traffic.
Who Uses It?
Organizations worldwide that use FTP in their technology framework rely on AS3. It's particularly useful for organizations with a sizable IT investment in FTP scripting, applications or security. It's even useful for many financial and healthcare organizations that need to send highly sensitive information via EDI and want to use FTP.
AS4 EDI Protocol
Applicability Statement 4 (AS4) is a web-services update to AS2, built largely on the OASIS ebMS 3.0 framework. Its lightweight nature, which strips out much of the bulk from the ebMS 3.0 framework, makes AS4 a relatively low-cost communications standard to implement for organizations with a minimal IT infrastructure, as its built with a light client setup option.
Technology and Features
Organizations often use SOAP-based web services as an application programming interface (API) to securely transmit large, complex documents, such as product catalogs. AS4 is actually a SOAP-based web API layered over HTTP from a technical viewpoint and can be EDI from a business use perspective.
As a SOAP-based web service, AS4 is an open standard and is more compatible with standard environments than AS2. Many organizations use these API technologies for internal integrations, so it's a natural way to extend integrations to external sources.
Key Features:
- Built on proven interoperability standards: MIME, SOAP and WS-Security
- Provides rich support for metadata and is payload agnostic - document types, such as purchase orders aren't tied to any defined SOAP action, providing flexibility
- AS4 can transport any type of payload (multiple if needed), including: legacy EDI, binary, XML, JSON and more
- Lets receivers reroute messages and correlate them with past or future messages
- Resends messages in case of temporary network disturbance and ensures a message is only received once, detecting and eliminating duplicates
- Offers large file compression and transfer support
- Error generation, reports any errors to the message sender of the message receiver
- Allows rich variety of interactions between sender and receiver: PUSH, PULL, etc.
Age
The IETF created AS4 in 2013. It's the newest, most modern EDI protocol in widespread use.
Status and Popularity
AS4 is gaining increasing adoption as more and more organizations strive to modernize their data communications. However, many major retailers and organizations still use AS2 and have not yet upgraded to AS4.
Security
AS4 ensures enterprise-class security in document exchange, using a subset of WS-Security. It maintains the integrity of document messages and the confidentiality of sensitive data.
The AS4 EDI protocol:
- Provides password authentication, digital signatures and encryption
- Achieves transport security with TLS
- Confirms authenticity of the sender and ensures messages are unaltered in transit
- Uses XML Digital Signatures and MDN receipts, providing non-repudiation - both senders and receivers can't deny sending or receiving messages
- Supports a whole range of encrypting, including XML encryption
- Uses X.509 security tokens and username/password tokens
Who Uses It?
AS4 is increasingly being adopted in the European government and energy sectors and is also gaining increasing popularity and use among all manner of organizations modernizing their internal technologies as well as extending their standards-based internal integrations. Its structure also makes it ideal for use with trading partners based in emerging markets, such as Southeast Asia, who don't have extensive IT infrastructures.
EDI via FTP: VPN, SFTP and FTPS
File Transfer Protocol (FTP) is a protocol for computers connected through the Internet (and other TCP/IP networks) to securely transfer files between each other. FTP is commonly used to transfer webpage files from their creator to the computer that acts as their server for everyone on the Internet. It's also used to download programs and other files to your computer from other servers.
But FTP is not a highly secure protocol; for EDI scenarios, it usually requires additional layers of security. The three options for added security include:
- Transmitting FTP messages via a virtual private network (VPN)
- Using Secure Shell File Transfer Protocol (SFTP): This is FTP in conjunction with Secure Shell (SSH), a protocol used for secure, remote logins
- Using File Transfer Protocol Secure (FTPS): This is FTP in conjunction with SSL/TLS (Secure Sockets Layer or Transport Layer Security) and was created in later versions of FTP by the original creators of FTP
All three methods, FTP via VPN, SFTP and FTPS, can connect using direct EDI or over a VAN.
Technology and Features
FTP uses a client-server model with separate control and data connections linking the client and server. Each trading partner generally uses a clear-text sign-in protocol for authentication.
Age
FTP is the oldest file transfer and EDI protocol and has seen use in EDI from the beginning in the 1960s.
Status and Popularity
FTP is used ubiquitously throughout the web, including for website updates and employing bulk file transfers. Users can quickly and easily install an FTP server in all major operating systems, including Windows, Linux, UNIX and Mac OS. In use for decades, FTP is the most widely used file transfer protocol. But due to security issues, most organizations only use FTP for transferring files within the organization. For EDI applications, only a secure FTP option will do.
Security Issues
The big drawbacks are that FTP by itself doesn't encrypt data in transit and FTP uses separate command and data channels. That's why it's not considered secure and why SFTP, FTPS and FTP via VPN standards have emerged. We'll break down each of the three major types of secure FTP options.
FTP WITH VPN
Often, businesses connecting through FTP use a virtual private network (VPN), which provides an extra layer of security around transactions. But FTP with VPN isn't perfect. It's biggest drawback is a lack of non-repudiation, which verifies the identity of each party and prevents receivers from denying the receipt of a transaction from a verified sender.
SFTP
SFTP is essentially FTP with a different security layer, Secure Shell (SSH), developed by the Internet Engineering Task Force (IETF), which originally created FTP. This security layer encrypts the message while in transit and decrypts the message upon arrival. SFTP requires the server to authenticate the client computer. All commands and data are encrypted to prevent passwords and other sensitive information from being exposed to the network in plain text. Unlike FTP, SFTP does protect data during transmission and doesn't use separate command and data channels - it transfers data and commands in formatted packets with one secure connection.
But like FTP with a VPN, SFTP doesn't provide non-repudiation, which makes it unsuitable for many EDI applications.
FTPS
FTPS - FTP over SSL/TSL - adds a secure encryption layer (Secure Sockets Layer) around the FTP protocol to secure the commands and data transferred between client and server. FTPS is similar to SFTP. The only major difference is the additional security layer for FTPS was developed by web browser company, Netscape, instead of the IETF. Both FTPS and SFTP work the same way. And both have the same setbacks - the lack of non-repudiation and message management. Both protocols encrypt the data while in transit, keeping it safe while moving over the Internet, and then decrypt it upon arrival at its destination. As with FTP with VPN above, interoperability is a major issue.
OFTP and OFTP2 EDI Protocols
Odette File Transfer Protocol (OFTP) is a communications technology built specifically for B2B document exchange. Like all the AS protocols and unlike the other FTP protocols, it can provide digitally signed electronic delivery receipts. Though OFTP was originally designed for direct, point-to-point EDI, both OFTP and OFTP2 can work with a VAN as well.
OFTP is simple to use, consisting of just fourteen commands. It's designed for maximum efficiency, enabling large transmission windows with file restart, data compression and security.
Technology and Features
It was designed in the spirit of the Open System Interconnection (OSI) model using the Network Service provided by CCITT X.25 recommendation. It works with:
- TCP/IP
- X.25/ISDN
- And native X.25
A single OFTP2 entity can make and receive calls, exchanging files in both directions. This means that OFTP2 can work in a PUSH or PULL mode, as opposed to AS2, which can only use PUSH.
Age
OFTP was created in 1986 specifically to meet the EDI needs of the European automotive industry. Its name comes from the Odette Organisation (the Organization for data exchange by teletransmission in Europe).
In 2007, Data Interchange created an update, OFTP2, as a specification for the secure transfer of business documents over the Internet, ISDN and X.25 networks.
Status and Popularity
OFTP2 is in widespread use throughout Europe. Originally developed for the European automotive industry, it touches many more organizations throughout the supply chain, including global parts manufacturers. OFTP has also seen adoption across the retail, white label goods, manufacturing, government, transport, insurance, banking industries and many more.
Who Uses It?
OFTP is most common in Europe. If you work with any European company or have operations in Europe, there's a good chance you'll be using OFTP2. But it has also spread throughout the world to supply chain partners of European companies and organizations. It's a global standard and can be used by companies of any size, regardless of geographical location and connection reliability.
Security
OFTP 2 can encrypt and digitally sign message data, request signed receipts and provide mass data compression. All of these services are available for OFTP2 over TCP/IP, X.25/ISDN or native X.25. When used over a TCP/IP network, increased session level security is available for OFTP 2 over TLS.
OFTP vs. OFTP2
OFTP was developed to offer a standard communication platform in the mid-1980s. OFTP2 has been designed from the outset for use across the web, with key advantages over OFTP, including:
- Data compression
- Exchange of digital certificates between trading partners (to improve security)
- It handles massive files (greater than 500 GB)
- OFTP2 supports additional character sets, such as Chinese and Japanese
OFTP2 extended the reach of OFTP well beyond Europe, connecting trading partners across the globe.
Web EDI Using Smart Forms
Web EDI is simply conducting EDI through an Internet browser, enabling trading partners to use online forms to create, exchange, and manage electronic documents. Web EDI makes it easy and affordable for small and medium-size organizations that only sporadically need EDI.
It replicates paper-based documents using simple, pre-populated forms to help businesses communicate and comply with their business partners using built-in logic - e.g. if a form is filled out with X data, do Y with the data. Business partners anywhere in the world can connect without dedicating IT resources to their EDI implementation.
The forms contains fields where users enter information that's automatically converted into an EDI message and sent via secure Internet protocols, such as FTPS, Hypertext Transport Protocol Secure (HTTPS) or AS2.
The ease of web EDI reduces the need for each partner to install EDI software or manage a complex EDI environment, opening the benefits of EDI to more trading partners. It's particularly useful for extending EDI to partners in countries with limited IT and EDI specialist resources.
Web EDI is traditionally based around a hub and spoke model, where a major business partner acts as the hub and smaller partners act as spokes. It looks like this:
- The hub organization implements EDI and develops a web forms option for its small and mid-size partners
- The web forms are hosted, either on the hub's site or by an EDI network service provider
- EDI partners connect to the web forms via web browser to exchange documents as forms converted to EDI documents behind the scenes
- The forms are then processed by the hub
Mobile EDI
As more and more firms seek to mobilize the supply chain and develop corporate apps, new EDI mobile apps are beginning to appear. In particular, apps for iPads and other tablets are gaining popularity in the supply chain space.
One emerging use case is the adoption of Direct Exchange (DEX) in the retail industry, in which delivery personnel scan item barcodes into mobile devices to create invoices. Data is transmitted to receivers via in-store docking stations, and receivers then open the invoice in the docking system, right then and there, and scan delivered goods to verify quantities. After data is reconciled, the digital invoice is automatically closed, and a finalized copy is then transmitted to the supplier system via mobile device. Some retailers can save half an hour per delivery using this technology, which quickly adds up to massive time and money savings.
More and more mobile EDI opportunities emerge continuously, though right now there is not a particular standard transaction set in the space.
Easily Use Any Major EDI Protocol with CData Arc
CData Arc is a convenient, all-in-one EDI software solution that enables you to use any major EDI protocol to easily connect with your trading partners. In combination with our managed file transfer (MFT) capabilities and expert EDI integrator network, we make it as fast and easy as humanly possible to set up EDI for your business - without the costs of a VAN.