On Nov 25, 2006, at 3:38 PM, Martin Preuss wrote:
> Hi,
>
> On Saturday 25 November 2006 21:12, David Reiser wrote:
> [...]
>> OTOH, the aqbanking ofxdirectconnect backend will need maintenance.
>> And at this point, it is hard to tell just how the various banks are
>> going to choose to implement the new MFA features available.
> [...]
>
> I haven't looked into these documents but there must be some way to
> determine
> which features the server uses. If that's the case we could adapt.
>
> However, given the fact that DirectConnect has been advertised so
> poorly in
> the past, e.g. the server addresses hidden (or sometimes redirected
> to some
> special MS servers) I wouldn't be surprised if this important
> information
> isn't made available either...
>
Well, the Intuit site says they are planning to meet the FFIEC regs
by using the CLIENTUID scheme in the updated specs. Supposedly,
Quicken 2007 had the new capability in October, Quicken 2005 and
2006 got it via a patch in early November, and Mac versions and
Windows Quickbooks 2007 will get it via patch before the end of the
year.
The good news is it may be simple (unless the banks screw up the
process by not letting us tell register an ID we can generate
ourselves). What the standard says:
2.5.1.1 Client Unique ID <CLIENTUID>
OFX servers can require OFX clients to include a client ID in each
signon request. This client ID should be unique to the installation
of the client software, but the method that the ID is generated is
left up to the client. The server can specify that this field is
required using the <CLIENTUIDREQ> tag in the applicable <SIGNONINFO>
section of the profile. Servers should expect that users may connect
via OFX from multiple locations and may need to associate more than
one <CLIENTUID> value with their <USERID>.
The client may make this value user discoverable, so that the user
can register the client ID with financial institutions. [I hope the
banks read this...]
and the example from later in the chapter is:
Signon in OFX 1.0.3 which includes CLIENTUID and both additional
credential tags:
<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20060321083010</DTCLIENT>
<USERID>12345</USERID>
<USERPASS>MyPassword</USERPASS>
<LANGUAGE>ENG</LANGUAGE>
<FI>
<ORG>ABC</ORG>
<FID>000111222</FID>
</FI>
<APPID>MyApp</APPID>
<APPVER>1600</APPVER>
<CLIENTUID>22576921-8E39-4A82-9E3E-
EDDB121ADDEE</CLIENTUID>
<USERCRED1>MyPin</USERCRED1> <!--Profile
has included
<USERCRED1LABEL>PIN:</USERCRED1LABEL>-->
<USERCRED2>MyID</USERCRED2> <!--Profile
has included
<USERCRED2LABEL>Your ID:</USERCRED2LABEL>-->
</SONRQ>
</SIGNONMSGSRQV1>
….
<!--Other message sets-->
</OFX>
I'll also have to do some more reading, but it looks like access to
the profile servers is by specified anonymous login. So maybe it's
possible to use the Yodlee data to retrieve the server address of the
banks...
>
> Regards
> Martin
Dave
--
David Reiser
[EMAIL PROTECTED]
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Aqbanking-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/aqbanking-devel
