1 files changed, 58 insertions, 21 deletions
diff --git a/design-documents/050-libeufin-nexus.rst b/design-documents/050-libeufin-nexus.rst
index 779e0b58..6049bda6 100644
--- a/design-documents/050-libeufin-nexus.rst
+++ b/design-documents/050-libeufin-nexus.rst
@@ -59,11 +59,11 @@ Configuration file
   HOST_ID = mybank
   USER_ID = myuser
   PARTNER_ID = myorg
-  SYSTEM_ID = banksys
-  ACCOUNT_NUMBER = DE1234567890 # This value must identify with how the bank calls the bank account
+  IBAN = MY-IBAN
+  BIC = MY-BIC
+  NAME = MY NAME
   BANK_PUBLIC_KEYS_FILE = enc-auth-keys.json
   CLIENT_PRIVATE_KEYS_FILE = my-private-keys.json
-  ACCOUNT_META_DATA_FILE = ebics-meta.json
   BANK_DIALECT = postfinance # EBICS+ISO20022 style used by the bank.
   
   [nexus-postgres]
@@ -112,15 +112,6 @@ JSON with:
   * submitted_ini (boolean)
   * submitted_hia (boolean)
 
-File contents: ACCOUNT_META_DATA_FILE
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-JSON with:
-
-  * account_holder_iban
-  * bank_code
-  * account_holder_name
-
 Database schema
 ---------------
 
@@ -194,15 +185,6 @@ The ebics-setup tool performs the following:
     accept them (or auto-accept via --auto-accept-keys). If the user accepted
     the public key, update the flag to "accepted".
 
-  * If all of the above has happened and we have accepted public keys from the
-    bank, try to download the list of bank accounts associated with the
-    connection and check that the configured account number is among them.  On
-    success, store the associated meta data in the account meta data file.  On
-    failure, show an error message with the list of available accounts (also
-    show this list via --show-associated-accounts). If the configured account
-    number is available, show a brief "setup ready" message.
-
-
 nexus-ebics-fetch
 -----------------
 
@@ -214,6 +196,23 @@ nexus-ebics-fetch
     over (before committing any transactions with the next day!) also fetches a
     final statement of the previous day, thus ensuring we get a statement
     every day plus intra-day reports.
+    
+    .. note::
+      
+      (1) "from that day forward (inclusive)" must **not** rely on EBICS returning
+      the unseen messages: that's because they might **already** be downloaded but
+      never made it to the database.
+      
+      (2) "and when the day rolls over".  When does a day roll over? => A day rolls
+      over when the current time is at least on the day after the transaction with the
+      most recent timestamp that's stored in the database.
+
+      (3) "Afterwards, fetches reports".  This must happen **only after** any possible
+      previous statement got downloaded.
+
+      To summarize: at any point in time the database must contain (the content of) any
+      possible statement up to the current time, plus any possible report up to the current
+      time (in case that's not covered by any statement so far).
 
   * Bounces transactions with mal-formed wire transfer subjects.
 
@@ -315,3 +314,41 @@ Discussion / Q&A
   the bank response, may lead double-submission even if the HTTP talk ended
   well: it suffices to crash after having received a "200 OK" response but
   before setting the submitted flag to the database.
+
+* the ebics-submit section mentions the EBICS order ID.  The following excerpt
+  was found however at page 88 of the EBICS 3 specifications: 
+
+  ``OrderID is only present if a file is transmitted to the bank relating to an order with an
+  already existing order number (only allowed for AdminOrderType = HVE or HVS)``
+
+  Nexus does not support HVE or HVS.
+
+* As of private communication, the responsibility of submitting idempotent payments
+  relies on the use of ``request_uid`` (a database column of the initiated payment)
+  as the ``MsgId`` value of the corresponding pain.001 document.
+
+* ``submitted`` column of an initiated payment evolved into the following enum:
+  
+  .. code-block:: shell-session
+    
+    CREATE TYPE submission_state AS ENUM (
+      'unsubmitted'
+      ,'transient_failure'
+      ,'permanent_failure'
+      ,'success'
+      ,'never_heard_back'
+    );
+
+  * ``unsubmitted``: default state when a payment is initiated
+  * ``transient_failure``: submission failed but can be retried, for example after a network issue.
+  * ``permanent_failure``: EBICS- or bank-technical error codes were not EBICS_OK (nor any tolerated EBICS code like EBICS_NO_DOWNLOAD_DATA_AVAILABLE), never retry.  
+  * ``never_heard_back``: the payment initiation submission has **been** ``success`` but it was never confirmed by any outgoing transaction (from a camt.5x document) or any pain.002 report.  It is responsability of a garbage collector to set this state after a particular time period.
+
+* the initiated_outgoing_transactions table takes two more columns:
+  ``last_submission_date``, a timestamp in microseconds, and a
+  ``submission_counter``.  Both of them would serve to decide retry
+  policies.
+
+* the ``failure_text`` column at the initiated_outgoing_transactions table
+  should contain a JSON object that contains any useful detail about the problem.
+  That *could* be modeled after the Taler `ErrorDetail <https://docs.taler.net/core/api-common.html#tsref-type-ErrorDetail>`_, where at least the error code and the hint fields are provided.