What Is AS4?
AS4 (Applicability Statement 4) is a message protocol based on web services to securely exchange B2B messages between trading partners. The protocol was developed by the technical committee of OASIS (Organization for the Advancement of Structured Information Standards) for ebXML Messaging Services. AS4's web services capability gives it the opportunity to develop into a cloud-based communication standard.
Comparison AS2 and AS4
AS4 and AS2 are very similar by design. During the development of AS4, all advantages of AS2 were analyzed, worked out and inspired by them. In contrast to AS2, AS4 works within a web service context and also has better interaction patterns and delivery notifications. In addition, compared to AS2, AS4 has the option of actively pulling messages by the recipient, since the AS4 server is permanently active.
Main features of the AS4 messaging standard
- Interoperability: The AS4 messaging standard is defined based on the OASIS standard
- Security: A subset of web services security features is used to ensure the non-repudiation of the message and data confidentiality
- Reliability: by exchanging confirmations, AS4 ensures a one-time delivery
- Independence from use: any type of payload (EDI, XML, ...) can be exchanged
AS4 Messaging Service Handler
The Messaging Service Handler (MSH) is responsible for setting up the AS4 message exchange with the remote station on the sending or receiving side. Communication with the remote station must comply with AS4 specifications and be able to communicate with an internal business application.
Message types of AS4
The ebMS 3.0 specification defines the following message types defined within the AS4 usage profile:
The areas of use of AS4
AS4 is increasingly being used in markets that use a service-oriented architecture for B2B messaging. These include the retail trade, the healthcare and the utilities sector.
For example, the European gas network operators (ENTSOG) have already defined their own usage profile in 2015. Other uses that rely on AS4 include:
- Peppol (Pan-European Public Procurement Online)
- e-CODEX (e-Justice communication via online data exchange)
- ENTSOG (European Network of Transmission System Operators for Gas)
- EPREL (European Product Registry for Energy Labelling)
- JEITA (Japanese Association of Electronics and Information Technology Industries)
- Superstream Pensions
- ATA (International Air Transport Association)
Learn more about how SEEBURGER AG offers its customers an AS4 gateway for various purposes.
What are the general advantages of AS4?
FAQ MaKo AS4
- AS4 communication replaces AS2 and email communication in the electricity sector.
- All market participants need to set up a new connection to each of their communication partners.
- AS4 communication to be encrypted with ECC Brainpool (elliptic curve cryptography).
- Certificates are used within the smart meter public key infrastructure (PKI).
- Participants will need to obtain new certificates.
- MaKo to become part of the smart meter public key infrastructure (SM-PKI).
- Private keys must be secured in the hardware security module (HSM).
- Take a look at this SEEBURGER AS4 blog article to discover more.
The AS4 migration period will not be extended.
There is no “transition period.” There is a migration period from October 1, 2023 to March 31, 2024.
All market participants are required to be able to communicate via AS4 starting October 1, 2023. SEEBURGER does not know how the BNetzA will deal with market participants who do not meet the deadline.
- You need an AS4 adapter that supports ECC Brainpool. The SEEBURGER adapter already supports this type of encryption.
- You need a hardware security module (HSM) to generate and store private keys.
- You need new certificates from the Federal Office for Information Security’s smart meter public key infrastructure.
You can find information on the AS4 profile for MaKo on the edi@energy page.
MaKo only uses the push method.
The URL is the same as the AS4 address used for communication.
Your file has been successfully transferred via AS4 if you receive a synchronous, non-repudiation receipt (NRR).
Each endpoint, i.e. each individual partner ID, requires a hostname.
HSM is an acronym for Hardware Security Module. This is used to generate and store private keys.
A company can use multiple HSMs. There are no restrictions to the number you can use.
Yes, you can use the same HSM. You can find more details in the BSI Certificate Policy (CP) for Smart Metering PKI version 1.1.2.
From what we know so far, you can use any HSMs that have already been approved for SM-GW communication by the BSI.
You can use one HSM for several organizations and customers.
All cryptographic operations that need a private key take place within the HSM.
Contradictory passages from the CP related to storing the keys for communication with the sub CA, and not for market communication, will be corrected.
According to the definition, passive external market participants (EMT) do not fall under security level 2 but only under security level 1, which means that using a certified HSM is not mandatory.
For the MaKo AS4 service, SEEBURGER opted for an HSM certified for the smart meter PKI because we want to provide our customers with proof of compliance with the requirements for the cryptography module at any time. An HSM certified according to the PKI specifications fulfills the requirements and can be proven by the certification and the manufacturer's declaration.
Find more information on all sub CAs in this list from the Federal Office for Information Security (BSI): SubCA-Liste.
You must use a TLS certificate from the smart metering public key infrastructure (SM-PKI).
The certificate policy for the smart meter PKI stipulates an individual AS4 certificate for each MP-ID - i.e. also for each division- as the MP-ID must be maintained in the certificate.
From what we know so far, the AS4 certificates will expire after two years.
There are no clearly defined rules or consequences for this scenario. However, it is obligatory to have fully migrated by March 31, 2024 at the latest.
The BDEW has issued recommendations for dealing with migration.
However, essentially “the market has to organize itself”. You are therefore expected, to plan time for queries and delays into your project plan.
You can find the BDEW application help “introductory scenario for migrating to AS4” on the Edi@Energy website.
The conversion service sends a conversion request to the partner. Your partner confirms the request, after which you can use AS4 to communicate in both directions.
Please ensure a fallback option to email in the unlikely case that an error occurs during the migration period of October 2023 to March 2024.
Incoming email communication should be kept open during the migration period.
However, we recommend monitoring these emails so that market participants who have supposedly switched to AS4 do not send them to the mailbox. As of April 1, 2024, according to BNetzA specifications, you must not communicate via email anymore and hence the mailbox shall be closed down.
If the connection fails even after repeated attempts, the sender receives an error notification. However, if only a single transmission fails, this does not mean that the whole market communication has been disrupted.
A temporary switch back to email communication can only be done if one of the two partners has identified a disruption in the market communication and has also declared it as such.
This temporary email communication will be carried out in mutual agreement and as soon as the fault has been rectified, the system will be switched back to AS4 in a likewise mutual agreement. This regulation applies to the changeover phase.
SEEBURGER is in contact with other manufacturers and service providers as well as via various working groups, such as BDEW, EDNA. The tests are ongoing.
No, there are no exemptions.
In the HSM.
- Both will be valid.
- RzÜ from version 2.x regulates the AS4 communication for MaKo in the electricity sector.
- RzÜ from version 1.x regulates the communication for MaKo in the gas industry which has not yet changed, Redispatch 2.0.
RzÜ 1.x continues to apply to the gas industry.We currently have no information when they are implementing AS4.
The application help is to be seen as a recommendation. The migration period runs until March 31, 2024. However, you may consider migrating as many partners as soon as possible.
The German BNetzA is not planning to have a central address service for retrieving AS4 communication data.
Therefore, you must separately store and continuously update all data per MP-ED for each of your market partners.
At the technical level of AS4 communication, the SEEBURGER AS4 Service also supports the requirements for AS4 communication in schedule management.
However, since the AS4 service is designed on the basis of the specification for MaKo in the electricity sector and the requirements for schedule management were not known at this time, this use case is not yet in scope.
The effects on MaKo are not yet known, as the individual process steps have not yet been defined. However, this has no effect on today's MaKo.
Connect via AS2 or a REST service.
The connection specifications are based on the specifications of the BSI CP 1.3.3.4 external market participants:
"With such a system structure, care MUST be taken to ensure that the data exchange between the service provider and the client has a security level comparable to the security mechanisms defined in [TR-03116-3].” TR-03116-3 refers to TR-02102, which states what is “secure” and for how long from the BSI’s viewpoint.