The Signon message set includes the signon message, USERPASS change message, and challenge message, which must appear in that order. The and aggregates wrap the message.
Signon
The signon record identifies and authenticates a user to an FI. It also includes information about the application making the request, because some services might be appropriate only for certain clients. Every Open Financial Exchange request contains exactly one . Every response must contain exactly one record. Use of Open Financial Exchange presumes that FIs authenticate each customer and then give the customer access to one or more accounts or services. If passwords are specific to individual services or accounts, a separate Open Financial Exchange request must be made for each user ID or password required. This will not necessarily be in a manner visible to the user. Note that some situations, such as joint accounts or business accounts, will have multiple user IDs and multiple passwords that can access the same account.
FIs assign user IDs for the customer. Although the user ID may be the customer’s social security number, the client must not make any assumptions about the syntax of the ID, add check-digits, or do similar processing. Servers must accept user IDs, with or without punctuation.
To improve server efficiency in handling a series of Open Financial Exchange request files sent over a short period of time, clients can request that a server return a in the signon response. If the server provides a user key, clients will send the instead of the user ID and password in subsequent sessions, until the expires. This allows servers to authenticate subsequent requests more quickly.
The client returns if the server sent one in a previous . Servers can use the value of to track client usage but cannot assume that all requests come from a single client, nor can they deny service if they did not expect the returned cookie. Use of a backup file, for example, would lead to an unexpected value that nevertheless should not stop a user from connecting.
Servers can request that a consumer change his or her password by returning status code 15000. Servers should keep in mind that only one status code can be returned. If the current signon response status should be 15500 (invalid ID or password), the request to change the password must wait until an otherwise successful signon is achieved.
If the server returns any signon error, it must respond to all other requests in the same block with status code 15500. For example, if the server returns status code 15502 to the signon request, it must return status code 15500 to all other requests in the same block. The server must return status code 15500 to all requests; it cannot simply ignore the requests.
-
Signon Response
Unlike other responses, the signon response does not appear within a transaction wrapper.
NOTE: A client should use DTPROFUP and DTACCTUP only when the service provider that originated SONRS is the same provider that is specified by SPNAME in the profile message set. A client can determine if the service provider is the same by comparing the value of SPNAME in the appropriate message set with the value for SPNAME in the profile message set.
-
Tag
|
Description
|
|
Record-response aggregate
|
|
Status aggregate, see list of possible code values
|
|
|
|
Date and time of the server response, datetime
|
|
Use user key instead of USERID and USERPASS for subsequent requests. TSKEYEXPIRE can limit lifetime. A-64
|
|
Date and time that USERKEY expires, datetime
|
>
|
Language used in text responses, language
|
|
Date and time of last update to profile information for any service supported by this FI (see Chapter 7), datetime
|
|
Date and time of last update to account information (see Chapter 8), datetime
|
|
Financial-Institution-identification aggregate
NOTE: The client will determine out-of-band whether a FI aggregate should be used and if so, the appropriate values for it. If the FI aggregate is to be used, then the client should send it in every request, and the server should return it in every response.
|
|
|
|
Session cookie that the client should return on the next ,
A-1000
|
|
|
List of status code values for the element of :
-
Value
|
Meaning
|
0
|
Success (INFO)
|
NOTE: Only Success is applicable to Active Statements.
-
Some service providers support multiple FIs, and assign each FI an ID. The signon allows clients to pass this information along, so that providers know to which FI the user is signing on.
-
Tag
|
Description
|
|
FI-record aggregate
|
|
Organization defining this FI name space, A-32
|
|
Financial Institution ID (unique within ), A-32
|
|
| USERPASS Change
This does not apply to Active Statements.
-
This does not apply to Active Statements.
Examples
This does not apply to Active Statements.
|
Yüklə 0.98 Mb.