summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Dold <florian.dold@gmail.com>2020-05-13 20:38:59 +0530
committerFlorian Dold <florian.dold@gmail.com>2020-05-13 20:38:59 +0530
commitc8db85cc9900c42a84ad0d09456f2e6e9931c672 (patch)
tree4491362f788e0427f7f818345229dea4115e3043
parent84aaedffc6ab612595e724103a1b7b3311b23417 (diff)
downloaddocs-c8db85cc9900c42a84ad0d09456f2e6e9931c672.tar.gz
docs-c8db85cc9900c42a84ad0d09456f2e6e9931c672.tar.bz2
docs-c8db85cc9900c42a84ad0d09456f2e6e9931c672.zip
EBICS bank transport doc
-rw-r--r--libeufin/bank-transport-ebics.rst48
-rw-r--r--libeufin/index.rst7
2 files changed, 55 insertions, 0 deletions
diff --git a/libeufin/bank-transport-ebics.rst b/libeufin/bank-transport-ebics.rst
new file mode 100644
index 00000000..1363fa3e
--- /dev/null
+++ b/libeufin/bank-transport-ebics.rst
@@ -0,0 +1,48 @@
+The EBICS Bank Transport
+========================
+
+An EBICS bank transport in LibEuFin conceptually corresponds
+to the "EBICS Subscriber" in EBICS terminology.
+
+
+Bank Transport Setup
+--------------------
+
+The following steps are required to set up an EBICS bank transport:
+
+1. The bank must set up the EBICS access for the user.
+ The bank will notify the user of the following parameters:
+
+ * the URL of the EBICS server used by the bank
+ * the HostID of the bank within the EBICS server (sometimes one EBICS server hosts multiple banks)
+ * the PartnerID (typically identifies the owner of the bank account within the banking system)
+ * the UserID (typically identifies the person that accesses the bank account, can be different from the owner)
+ * the SystemID (optional and rarely used, basically a "sub-identity" of a subscriber when multiple technical
+ systems have access to the account via EBICS)
+
+2. The user enters the information from the list above in the setup dialog in the LibEuFin nexus (UI/CLI).
+3. The LibEuFin nexus generates cryptographic key material (3 RSA key pairs)
+5. The nexus sends the public keys electronically to the bank's EBICS server, together with the information
+ identifying the subscriber (PartnerID, UserID, SystemID).
+6. The user print a document that contains the public key and hashes for all three key pairs.
+ The user then signs this document sends it to the bank (physically/scanned).
+7. The bank receives the letter and verifies that the keys from the letter correspond
+ to the electronically sent keys. If they match, the bank sets the state of the
+ subscriber to "ready".
+8. The user now has to wait until the bank has set the EBICS subscriber state to "ready".
+ There is no in-band notification for this, but the Nexus can try downloading the bank's
+ cryptographic parameters. This will only succeed once the EBICS subscriber is set to "ready"
+ by the bank.
+9. The user should confirm the public keys of the bank received in the previous step.
+ Typically the bank gives the value of these public keys in an out-of-band channel.
+10. Now the user can finally use the EBICS bank transport. The first step after finishing
+ the setup should be to import the bank accounts accessible for this EBICS subscriber.
+
+
+Alternative ways of setting up the EBICS bank transport are:
+
+* Importing from a backup. The backup contains metadata (EBICS URL, HostID,
+ UserId, ...) and the three passphrase-protected subscriber keys.
+* Certificate-based setup (currently not supported by LibEuFin, only used in France)
+
+
diff --git a/libeufin/index.rst b/libeufin/index.rst
index bc00b964..f8d3a985 100644
--- a/libeufin/index.rst
+++ b/libeufin/index.rst
@@ -7,7 +7,14 @@ LibEuFin is a project providing free software tooling for European FinTech.
:glob:
concepts
+<<<<<<< Updated upstream
ebics
api-sandbox
api-nexus
+=======
+ bank-transport-ebics
+ api-nexus2
+ api-sandbox
+ ebics
+>>>>>>> Stashed changes
iso20022