-----BEGIN PGP SIGNED MESSAGE-----
(I took the freedom to translate Martin's original question into English here.
Since this concerns all of GnuCash's developers, the discussion should be
continued in English, please.)
On Freitag, 21. November 2003 18:54, Martin Preuss wrote:
> previously you said that if there is a HBCI server implementation
> available, you would like to use it from GnuCash. Now that I'm
> currently on my way to actually program such a HBCI server-side
> implementation, I wanted to ask whether you can already provide
> more details about this idea. What kind of functionality are you
> interested in; what do you need; etc. Maybe I can adapt the
> HBCI server-side code accordingly, if I already know what your
> needs are.
For readers without HBCI knowledge: HBCI is a *protocol* that has every
features that are needed for secure online banking. I.e., it specifies
formats for encryption and signatures with self-created RSA keys as well as
the authentication procedure when initially exchanging the RSA keys. (The
point here is that the RSA fingerprint is printed on paper, which is then
signed by hand and sent to the other party by paper mail.) HBCI also
specifies the communication format for many so-called "business transactions"
("Geschäftsvorfall" in German), including single (or multiple) online
transfer, online direct debit, online statement retrieval, and many more.
Every specification of these business transactions also includes procedures
for negotiating the supported features of specific server and client
implementations. This also means that HBCI already specifies an exhaustive
data type for "a transaction", relatively similar to gnucash's "Transaction"
data type. And HBCI also specifies how this data type is serialized and in
what context it can be sent to the other party -- e.g. the user can send it
to the bank as an online transfer (or direct debit) order, or the bank sends
it to the user for his/her retrieved account statement.
Up to now, the auxiliary library OpenHBCI only was a client-side HBCI
implementation, and GnuCash used it to perform the HBCI client-side jobs as
needed for an online banking user. It has been successfully used with real
bank accounts over the last 1.5 years. *Now* things are changing. Martin
Preuss over the past few months pretty much rewrote the whole OpenHBCI
structure. And it turned out that in addition to the client-side HBCI
implementation, it is relatively easy for him to also write a server-side
implementation. It might be a matter of 2-3 months until he has finished this
on his own, and of course it will be even faster if others are helping.
I thought about two ideas that will be possible with such a library available:
1. Firstly, this would enable using HBCI as the backend's communication
protocol between many GnuCash clients and one central GnuCash server. This
means that there is a bullet-proof networking protocol available, which can
be used for an Internet-wide multi-user GnuCash setup. The client-side code
for such a distributed GnuCash bookkeeping is almost there -- it's not much
different from the existing HBCI module, which has been extensively tested
and used already. The server-side code would still need to be created, but
basically that's OpenHBCI's HBCI server listening on some port, and as soon
as someone sends a request to that server, OpenHBCI's server code passes the
request to the GnuCash HBCI-server code, which invokes the desired operation
in the GnuCash engine, returns the result to the OpenHBCI code, which in turn
delivers it to the client. I believe this is already possible with 3000-5000
lines of code, i.e. 1-2 months of work, and I find this terribly cool. The
point is that the HBCI protocol has been used since 1998 in Germany, and the
security concept hasn't been compromised since. So if we are using this, then
we are building on top of bullet-proof technology, and most part of it has
been extensively used alreay.
By the way, when using the PostgreSQL backend, is it possible for multiple
GnuCash users to access the same PostgreSQL database concurrently? If that is
the case, then in a secure environment networking issues are already handled
by the PostgreSQL database and the HBCI server-side code wouldn't give too
much additional benefit. But it could still be used for an Internet-wide
distributed setup, where encryption and authentication is needed
additionally.
2. Secondly, such a HBCI server-side library could enable someone to set up
his own OpenSource online *bank*. It would enable people to start their own
PayPal. The OpenSource Gift Exchange Registry idea by Christophe B. Browne
could actually be implemented with real working online transfers. The
donation jar of GnuCash could be set up to represent such a HBCI-accessible
bank, which means it can be managed by people all over the Internet. Well,
the possibilities are I think pretty much summarized by "setup your own
paypal".
What do people think? Is there a demand for such ideas? Who wants to setup an
Internet-wide distributed GnuCash?
Christian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iQCVAwUBP8C6k2XAi+BfhivFAQFU9wQAlYHzFW1NECK66F4Kq5JvJVe+j4SIFThh
ADBQopINYz4eqYO8ZxugQhsrXuObuyCIvilB/Li67NdMNPGwCJjQ/exaIO6rR7Jv
4lgH4D2vUjVKqeAZ8brxQrITN1T3f09XG538qSfY+0eaz3kqli3JBwTthNGnkuPK
G55XFO+xmSI=
=2lOF
-----END PGP SIGNATURE-----
_______________________________________________
gnucash-devel mailing list
[EMAIL PROTECTED]
http://www.gnucash.org/cgi-bin/mailman/listinfo/gnucash-devel
