15 July 2011
Alliance Access 7.0.20
Table of Contents
.Preface .............................................................................................................................................................................9
15 July 2011 3
Alliance Access 7.0.20
15 July 2011 5
Alliance Access 7.0.20
15 July 2011 7
Alliance Access 7.0.20
Preface
Purpose
This System Management Guide describes how to set up, configure, and manage Alliance
Access.
Audience
This guide presents information that is mandatory reading for Alliance Administrators or other
personnel who are responsible for setting up and configuring the essential components of
Alliance Access.
This guide does not describe operations that must be carried out in terms of support. Such
operations are described in detail in the Installation and Administration Guide.
Staff who are responsible for day-to-day management of the Alliance Access system must refer
to this guide regularly.
15 July 2011 9
Alliance Access 7.0.20
Part A
Introduction
15 July 2011 11
Alliance Access 7.0.20
• Workstation runs the Access Control application which is the entry point to the rest of
Alliance Access.
• Relicensing opens a program that enables you to license or relicense any additional
packages and features that your institution can purchase from SWIFT. For more information,
see "Relicensing" in the Installation and Administration Guide. This menu option only appears
if you have installed the Alliance Access server.
• System Administration groups applications that manage Alliance Access. This menu option
only appears if you are using Alliance Access at the server.
• Uninstall Alliance Access opens a window that enables you to remove Alliance Access.
This menu option only appears if you have installed the Alliance Access server.
• Uninstall Alliance Workstation opens a window that enables you to remove Alliance
Workstation. This menu option only appears if you have installed Alliance Workstation.
Note If you are running Alliance Workstation, then the Alliance Access server to which
you want to connect must have an "active" instance configuration, set up using the
Alliance Control application on your Alliance Workstation.
The Alliance Access server must also be started. If this is not the case, then please
consult your System Administrator.
15 July 2011 13
Alliance Access 7.0.20
One-time passwords
Operators and Security Officers can also use One-time passwords (OTP) for the authentication
(user name and password) of users. Operators can also be authenticated through LDAP
repositories.
4. Select the Workstation option from the sub-menu. The Sign-On screen appears.
6. If Active Instance Visible in Sign-On has been set in the Alliance Control application,
then the Active Instance field appears. If this is the case, then the "active" instance
configuration is shown. This is the Alliance Access server instance to which you connect.
You can also select and activate a different Alliance Access server instance by selecting its
instance configuration from the drop-down list in the Active Instance field. This feature is
mainly for Alliance Workstation users so they can connect easily to different servers.
Click Sign On .
Note If your sign-on attempt to an Alliance Access instance fails for any reason,
then the Active Instance field is not available because from this point on you
are not allowed to change the active instance. If the problem when signing on
was selecting the wrong instance, then you must quit this sign-on window and
restart Alliance Workstation and re-select the instance.
7. If your installation of the Alliance Access server has been configured to use user
passwords, and this is the first time that you have logged on as this operator, then the
Change Password dialog box prompts you to change the password.
8. Enter a new password in the New Password field. The requirements for passwords (how
long they must be, how long you can use the same password, and whether you can reuse
passwords that you have used before) are configured on the Alliance Access server. If you
are not sure what the requirements are, then check with your Alliance Security Officers.
Remember your password and keep it a secret. Do not write it down. You can change your
password at any time by selecting Change Password from the File menu in the Access
Control window.
9. Enter the new password again in the Retype New Password field, and then click OK .
Note If you do not use Alliance Access for a certain length of time (the Signon
Timeout period), then a dialog box appears. You cannot resume work with
Alliance Access until you re-enter your password in the dialog box and click
OK within a further period of time (the Signoff Timeout period). After the
Signoff Timeout period has passed, you are signed off automatically. The
System Administrator can change the Signon Timeout and Signoff Timeout
period if necessary.
Note The application icons that you see in the Access Control window may vary. The
available applications depend on your operator profile.
Overview of applications
The following provides a brief description of each Alliance Access application:
• The Application Interface application is used to import and export messages from and to
other sources in your institution.
15 July 2011 15
Alliance Access 7.0.20
• The Calendar application is used to manage calendar(s). Within other Alliance Access
applications, operators can use the calendar to schedule automatic operations.
• The Correspondent Information File application allows you to update the Correspondent
Information File (CIF) manually or by importing information from a SWIFT Alliance Bank File,
which contains details of financial institutions.
• The Event Journal application is used to search for events that occur in the system and help
diagnose any problems.
• The Message Approval application is used to verify and authorise SWIFT messages before
they are sent.
• The Message File application is used to monitor the location and status of messages within
Alliance Access.
• The Message Modification application is used to modify SWIFT FIN messages to correct
problems.
• The Monitoring application is used to display continually updated information about all
Alliance Access applications, servers, and message queues.
• The Routing application is used to define the rules controlling the flow of SWIFT messages
through Alliance Access.
• The Security Definition application is used to define operators on the system and configure
various security parameters (such as password controls).
• The SWIFT Interface application is used to connect you to the SWIFT network and send and
receive SWIFT messages.
• The SWIFT Support application provides general support for use of the Alliance Access
interface to SWIFTNet FIN.
• The SWIFTNet Interface application is used to create and manage emission and reception
profiles for the transmission and the reception of InterAct and FileAct messages.
• The System Management application is used to configure and administer your system.
Modes of operation
The mode in which Alliance Access is running can also affect the applications that are available
to you.
Alliance Access can run in either Operational Mode or Housekeeping Mode. Operational Mode
is the normal multi-user mode for operating Alliance Access. Housekeeping mode is a
maintenance mode. By default, only one user can sign on when Alliance Access is in
Housekeeping mode.
By default, only the Security Officers, Supervisors and the System Administrator can use the
System Management application to stop Alliance Access and restart it in a different mode. Other
operators can also be given this permission.
Some applications and some functions within applications can only be used when Alliance
Access is in a specific mode. Other applications and functions are available in both Operational
and Housekeeping mode. Where a specific mode is required to perform a task, this is indicated
at the start of the task.
The following applications are not available in Housekeeping mode:
• Application Interface
• Message Creation
• Message Approval
• Message Modification
• Monitoring
• Relationship Management
• SWIFT Interface
• SWIFTNet Interface
• SWIFTNet Support.
2. Click in the Value field and type the duration, in seconds, that you want the data to be
refreshed. The maximum refresh rate is 300 seconds. If you type 0 seconds, then the
refresh option is turned off.
Note You cannot use the Set Refresh Rate command to change the refresh rate if
your speed mode setting is set to low speed. See "Setting the Speed Mode"
on page 20 for details of how to set the speed mode setting.
15 July 2011 17
Alliance Access 7.0.20
• applies to all Alliance Access applications except the Application Interface application, which
has its own settings
• applies only to you, and is associated with your Alliance Access operator name.
Note If you install a new printer and set it up as the default printer within Windows while
Alliance Access is running, then you can use the printer from any Alliance Access
application. If you do not set the printer as the default, then you cannot access the
printer until you have used the Alliance Access Print Setup command to specify
the printer.
2. Select the Name of the printer that you want to use for printing. The Status, Type, Where
and Comment fields display the printer information as defined by the Windows Print
Manager. If you want to connect to a network printer, then click Network... and select the
network printer from those displayed. If you want to change the properties of the printer,
then click Properties and change the properties as required.
Note If you change the printer settings, then you must quit any applications that are
already running and restart them before you can use the new settings within
the applications.
The Page Setup dialog box appears, showing the default page setup details:
2. Change the default page setup details as required. If necessary, select the Size and
Source of the paper, specify the paper's Orientation, and enter the size of the margins.
Note If you change the page settings, then you must quit any applications that are
already running and restart them before you can use the new settings within
the applications.
2. Select the Font, Font style and Size of the printer font that you want to use. If necessary,
select the available language script that is appropriate for the language that your computer
is set up for.
Note If you select a proportional font, then different columns of text in your printed
outputs are not aligned properly. If you want text columns to be aligned, then
select a non-proportional font such as Courier.
15 July 2011 19
Alliance Access 7.0.20
Note If you change the font settings, then you must quit any applications that are
already running and restart them before you can use the new settings within
the applications.
If you want your Alliance Workstation to use low speed mode when connected to an
Alliance Access server, then select the Low Speed Mode option. This mode is
recommended if you are using a low bandwidth line, such as a telephone line, as it reduces
your Workstation's use of the line.
In this mode:
• the number of records retrieved each time that a list of objects appears, is reduced to 50,
as shown in the Size of pages field
• the Automatic refresh is enabled box is blank, showing that your screen display is not
refreshed automatically for most Alliance Access applications, except when a new object
is added. In the message preparation applications, lists of internal correspondents or
aliases are no longer provided. In the Application Interface application, the details for a
message partner are refreshed if you click the message partner list. Similarly, in the
SWIFT Interface application, Logical Terminal details are refreshed if you click the list.
For details of the Sort allowed on partial lists and Main lists have a grid aspect check
boxes, see steps 3 and 4.
Note If you select the Low Speed Mode option, then you can no longer use the Set
Refresh Rate command from the File menu to change the refresh rate.
2. If you want your Alliance Workstation to use high speed mode when connected to an
Alliance Access server, then select the High Speed Mode option.
This mode is recommended if you are using a high bandwidth line, such as a LAN line.
In this mode:
• the number of records retrieved each time that a list of objects appears, is increased to
1024, as shown in the Size of pages field
• the Automatic refresh is enabled box is checked, showing that your screen display is
refreshed automatically whenever any change occurs to the objects shown.
3. When a list of items appears in a window, you can sort the items by clicking a column
heading (for details, see "Sorting Items" on page 32). Alliance Access sorts a list
completely only if the number of items in the list are equal to or less than 1024 (or 50 in
Low Speed Mode).
You can specify how Alliance Access sorts lists of more than 1024 items (or more than 50
items in Low Speed Mode), by using the Sort allowed on partial list check box:
• if the box is checked, when you click a column heading, then Alliance Access sorts the
1024 items that are currently active (or 50 items in Low Speed Mode), so the list is only
partially sorted. If you display the next "page" of items, then these are correctly sorted,
and so on. Effectively, the list is sorted into separately sorted sets of 1024 items (or 50
items).
• if the box is not checked, when you click a column heading, then Alliance Access does
not sort the list at all.
4. If you want items listed in any window to appear within a grid, then check Main lists have a
grid aspect.
15 July 2011 21
Alliance Access 7.0.20
Note This command is not available if your operator definition is set to use One-Time or
LDAP passwords.
The same applies to the left security officer and right security officer if the
Password: Sec Officer One Time Pwd security parameter is set to Yes.
When you are changing your password, you must remember that good passwords:
• do not consist of the same characters repeated two or more times, for example, do not use
swiftswift as a password.
b. Type a new password in the New Password field. You must remember your password
and keep it a secret. Do not write it down.
c. Type the new password again in the Retype New Password field. This is to ensure
that you did not make an error when typing in the new password.
2. Click OK .
2. Click OK to confirm or Cancel to abort the sign-off process. If you confirm the sign-off, then
Alliance Access returns you to the operating system.
15 July 2011 23
Alliance Access 7.0.20
2 Using Applications
Introduction
This section gives a general overview about how to use the Alliance applications.
It also introduces some Alliance terms that are used frequently in the other Alliance guides.
• click an application icon and select Open from the Application menu (if you are not sure
how to select menus, see "Selecting Commands" on page 24).
You can set different default applications to run when Alliance is in Operational mode and
Housekeeping mode.
All applications operate in a similar way in terms of their windows, menus, and commands.
To use a command:
1. Click an application icon.
2. Click Application near the top of the Access Control window, to select the Application
menu. A list of the commands in the menu appears.
3. Click Open from the Application menu. The application opens and starts running.
When you open certain applications, a search dialog box appears first. For example, when you
run the Event Journal application, the Event Journal search dialog box appears, with the
search criteria fields organised over three different tabs.
15 July 2011 25
Alliance Access 7.0.20
After you enter details of the events you want to search for, Alliance searches for these events
and displays them within the main Event Journal window.
In some cases, there is more information than can be comfortably fitted into a window. In these
cases, you can use the View menu to select which details appear.
In many applications, you can double-click an item to see more details about it. The details are
displayed in a dialog box divided into tabs. The dialog box opens in the centre of the window.
You may want to rearrange the display so that the dialog box, toolbar, and menus are all visible
at once. You can also re-size or maximise the main window and save the new size as a setting
using the File/Save Current Setting command.
2.1.6 Toolbars
Overview
The toolbar gives direct access to the most commonly used actions within the application. The
Message Details toolbar in the Message Creation application, for example, has functions such
as disposing, routing, printing, switching between the header and text views, and so on.
If you are not sure what a particular button on a toolbar does, then position the mouse pointer
over the button. A short description appears below the button.
To display or hide a toolbar, select Toolbar from the Options menu. This toggles the toolbar on
or off.
Mnemonics
A mnemonic is a single character associated with a menu, or with a command within a menu.
When a menu or command has a mnemonic, the mnemonic appears as an underlined
character:
• If a menu has a mnemonic, then you can open the menu by pressing the meta key and the
mnemonic character simultaneously. The meta key is a key such as Alt, as defined by your
System Administrator. If you are not sure what the meta key is on your system, then check
with your System Administrator.
• If a command within an open menu has a mnemonic, then you can activate the command
simply by pressing the mnemonic character.
Accelerators
An accelerator is a combination of keys which appear next to a command on a menu. You can
activate the command without displaying the menu which contains the command by pressing
the accelerator keys simultaneously. For example, in the Access Control window, the Sign off
command on the File menu has the accelerator Ctrl-S, so you can activate the command by
holding down the Ctrl key and pressing S.
Use To
Save Current Settings Save settings and preferences. They become the default settings and
preferences for the application. The positions of any windows that are open at
the moment the Save Current Settings command is run are saved. If you
have rearranged the order of the information within a column (see "Sorting
15 July 2011 27
Alliance Access 7.0.20
Use To
Items" on page 32), or the columns in a list (see "Rearranging Columns" on
page 33), then the changed column information or column order is saved.
Use To
You can also select a single item by clicking it. The item becomes highlighted. You can deselect
the item by holding down the Ctrl key and clicking again on the item. In some lists, you can
select more than one item by holding down Ctrl and clicking each required item.
Use To
Help Topics Display the contents of the Help system. From here, you can access search
for help on specific topics.
If you have a problem with your system, then you may be asked to provide details of your
system to help diagnose the difficulty. Selecting the About option on the Help menu displays
useful information about your system, such as the type of server that you are using, and the
current server mode.
If the message is opened, then clicking the right mouse button displays a different shortcut
menu.
15 July 2011 29
Alliance Access 7.0.20
You select commands from a shortcut menu in the same way that you select commands from a
standard menu.
To print a report:
1. Run the application.
2. Search for the items you want a report on (if they do not already appear). Searching for
items is described for each application later on in this guide.
4. Select Print from the menu named after the item (for example, the Event menu or the
Message menu). The Print Report dialog box appears.
5. Click Items All to print all the items in a list or Selected to print only selected items. Click
Details All to print all the details for the items or None to print only the details shown in the
window.
6. Check Print Preview if you want to see the report before you print it out.
You can use the following buttons within the Print Preview window:
• Close quits the Print Preview window without printing the report.
7. If you want to print to a file, then check Print to File and enter the File name, or browse for
an existing file (which will be overwritten). The report file is printed to the Report sub-
directory, which is within the directory where Alliance Access is installed on your machine.
8. Click OK .
15 July 2011 31
Alliance Access 7.0.20
• for dates: D for days, M for months, and Y for years. -2D goes back two days, -2M goes back
two months, -2Y goes back two years from the current date
• for times: H for hours, M for minutes, and S for seconds. -2H goes back 2 hours, -2M goes
back 2 minutes, -2S goes back 2 seconds from the current time.
To sort items into a different column order, click the title of any column. The items are sorted
into descending order (this is shown by appearing next to Date & Time in the example
above). Clicking the same column title a second time sorts the items into ascending order. This
is shown by appearing next to the heading.
For example, clicking Operator sorts the events into descending alphabetical order of operator
name. Clicking Operator a second time sorts the events into ascending alphabetical order of
operator name.
Normally, when you click a column heading, Alliance sorts a list completely if there are 1024
items or less. This is because Alliance retrieves records in 'pages' of 1024 items. If the Low
Speed Mode option is set (see "Setting the Speed Mode" on page 20), then the page size is set
to 50, so Alliance sorts a list completely only if there are 50 items or less.
If there are more than 1024 items (or 50 items, in low speed mode), then Alliance sorts the
items according to the Sort allowed on partial list setting in the Low Speed Mode Settings
dialog box (see "Setting the Speed Mode Setting" step 3). Depending on this setting, you can
either sort a long list only partially by clicking a column heading, or you may not be able to sort
the list at all. For this reason, when you are searching for items, always refine your search
criteria carefully so that the number of items meeting the criteria is as small as possible.
Note In some applications (for example, the Message File application), you can use a
menu option to sort a list. Menu options sort a list completely, regardless of the
number of items in the list. However, if you use a sort menu option initially and then
sort the same list by clicking a column heading, the sort is subject to the restrictions
described above. To avoid confusion when sorting long lists of items, you may
prefer to use only one sorting method within an application.
Alliance allows each operator to save their sorting information settings for each individual
application. Select Save Current Settings from the File menu after all the changes have been
completed.
15 July 2011 33
Alliance Access 7.0.20
You would like the Operator column to be the first column on the left in the window.
2. Drag the column heading to its new position. You must drag the column heading completely
past the column heading already at the new position.
4. Select Save Current Settings from the File menu to save the new position of the column.
Clicking the browse button opens the file browser, which you can use to navigate through
directories, view files and sub-directories within them, and select the required file.
15 July 2011 35
Alliance Access 7.0.20
Some commands enable you to specify whether a file is located on the Workstation or on the
server.
Part B
Housekeeping Tasks
15 July 2011 37
Alliance Access 7.0.20
Note The Alliance Bank File is sometimes referred to as the BIC file.
• "Install automatically"
Important During the installation of Alliance Access, you must install a Full Bank File.
1. Download the Full Bank File or the Bank Update File to the BIC file directory.
For more information, see "Download an Alliance Bank File" on page 42.
15 July 2011 39
Alliance Access 7.0.20
2. Install the Bank File while the server is running in Housekeeping mode.
Install automatically
Installing a Full Bank File automatically involves the following tasks:
2. The bank file installs automatically at the next restart of the Alliance Access server.
Each time the Alliance Access servers are stopped, the system checks whether a Full Bank File
is present in the BIC file directory. If a file is present, then Alliance Access installs it after the
servers have been stopped and before the next restart.
After successful activation of the Bank File in the Alliance Access database, the file is deleted
from the BIC file directory. After this activation, or in case of a failure, an event is recorded in the
Event Journal the next time that the Alliance Access starts.
2. The installation of the Bank File will take place when the scheduled action is executed.
If an update file is available in the UpdateBIC directory, then the file is installed at the
scheduled time. You do not have to restart the servers after the file is installed.
After successful activation of the Alliance Bank File in the Alliance Access database, the file is
deleted from the UpdateBIC file directory. After this activation, or in case of a failure, an event is
recorded in the Event Journal.
2. Load the Bank Update File while the server is running in operational mode.
After successful activation of the Bank File in the Alliance Access database, the file is deleted
from the UpdateBIC file directory.
1. New record
Alliance Access adds new records in the Bank File to the CIF automatically.
2. Update of a record
If an existing correspondent record in the CIF has the Update on BIC Load field set to
Yes, and some information has changed (for example, a correspondent has a new
address), then the correspondent record is updated with the changes.
3. Deletion of a record
If the Bank File shows that a correspondent record must be deleted or if the correspondent
does not appear in the Bank File, then Alliance Access checks the record and the following
occurs:
• If at least one defined application is selected, then the correspondent record is not
deleted. An event is recorded in a journal explaining why the correspondent was not
deleted.
• If no defined application is selected, then Alliance Access checks the preferred network
applications used within the correspondent:
– If SWIFT is the only Preferred Network application, then the correspondent record is
deleted, and details of the correspondent are removed from any alias record
automatically.
– If SWIFT is not the only Preferred Network application, then the record is not deleted.
Alliance Access removes SWIFT from the list of Preferred Network applications for
the correspondent and creates an entry in the Event Journal. This entry informs you
that it was not possible to remove the correspondent automatically, and lists the
defined applications for the correspondent.
Note Even if an existing correspondent record in the CIF has the Update on
BIC Load field set to No, SWIFT is removed from the list of Preferred
Network Applications.
• If the SWIFTNet Interface is present, then SWIFTNet is also added as the preferred
network to all correspondents, except for internal correspondents and the BIC1
correspondents.
15 July 2011 41
Alliance Access 7.0.20
Note The Status of existing correspondent records remains unchanged when you install
a new Bank File, whether the Update on BIC Load field is set to Yes or No.
Therefore, if a record was made Inactive, it will still be Inactive after installing the
new Bank File.
2. Open an X-term from the OS Configuration menu in the System Administration window.
3. Create a temporary directory on the Alliance Access server, to which the all_adm user has
access. For example, /tmp.
4. Download the Bank File from the BIC Portal page on www.swift.com.
The file is packaged in .tar.Z format.
5. Change to the installation directory for the Full Bank File or Bank Update File, as follows:
6. Copy and uncompress the Full Bank file or Bank Update File from the temporary directory
to the installation directory for the Bank File, as follows:
cp /tmp/<file> .
uncompress <file>
• Unzip the contents of the file to the installation directory for the Full Bank File or Bank
Update File.
• Unzip the contents of the file to a temporary folder and use the Load BIC Files
command as explained in "Loading the Bank Files from Disk".
15 July 2011 43
Alliance Access 7.0.20
Important Do not stop the Alliance Access servers until the installation of the Bank File is
completed.
3. Select Load BIC Files... from the File menu. The Load BIC Files window appears.
5. In the File location field, use the browse button ( ... ) to locate the files.
Note Before copying the Bank File information, the system verifies that there is
sufficient space in the Alliance database. If sufficient disk space is not
available, then an error message appears.
15 July 2011 45
Alliance Access 7.0.20
Note To perform the tasks described in this section, the Alliance Access servers must be
restarted in Housekeeping mode.
• character sets
• field expansion.
SWIFT releases a new message syntax table version every year, that must be installed and
assigned to the logical terminals on Alliance Access.
3. From the View menu, select Mstv Id. The Message Table window appears, displaying the
list of installed message syntax tables.
4. From the Mstv Id menu, select Install. The Message Syntax Tables dialog box appears.
5. From the Version field, select the message syntax table version.
6. Every message within Alliance Access has a unique message identifier (UMID) that is
created from information in its header and its text. The unique message identifiers in
Alliance Access are built from either the Transaction Reference Number or the Message
User Reference of the related message.
In the Build Message Identifier (UMID) on field, select either TRN or MUR.
Note If you are running Alliance Access in Low Speed Mode, then you must single-
click the Message Syntax Table window, or press F5 to refresh it.
3. From the View menu, select Mstv Id. The Message Table window appears, displaying the
list of installed message syntax tables.
4. Select the Message Syntax table you wish to set as the default.
15 July 2011 47
Alliance Access 7.0.20
5. From the Mstv Id menu, select Set Default Live or Set Default T&T as appropriate.
• configuring logical terminals using the SWIFT Support and SWIFT Interface applications
• enabling automatic logical terminal allocation using the System Management application,
which provides a way to balance the load of queued messages across available logical
terminals.
The destinations that your institution is licensed to use are created during installation. Each
logical terminal is identified by a destination and a terminal code. When you first install Alliance
Access or when you purchase additional logical terminals, they must be defined using the
SWIFT Support application.
There are two types of logical terminals:
• Live
Note To create logical terminals, the servers must be running in Housekeeping mode.
4. From the View menu, select Logical Terminal. The Logical Terminal window appears,
displaying the list of defined logical terminals.
5. Create a logical terminal by selecting New from the Logical Terminal menu, or based on
an existing one by selecting a logical terminal and then selecting New As from the Logical
Terminal menu. The Logical Terminal Details window appears.
15 July 2011 49
Alliance Access 7.0.20
6. In the Destination field, select a destination. All the destinations that your institution is
licensed for are listed.
7. In the TC field, type a terminal code. This can be any alphanumeric character except 0, 1
or X. If you enter a terminal code that has already been assigned to a destination, then an
error message appears.
9. In the Window Size field, specify, for the logical terminal you are creating, the value of the
requested window size when a FIN session is opened.
This value is used when a FIN session is opened. The window size determines how many
messages can be sent to the network without having to wait for an acknowledgement from
FIN. Enter a value between 1 and 99, the default is 10.
The value in this field can be changed if necessary, by repeating this step.
Note This value must match the FIN window size requested to SWIFT for the logical
terminal.
10. In the Master BIC for T&T field (for Test and Training logical terminals only), select the
Master BIC (BIC8) from which Alliance Gateway determines which Authoriser DN to use
when you log in with your Test and Training logical terminal.
11. From the Logical Terminal menu, select Add. The list is updated.
Note If you are running Alliance Access in Low Speed Mode, then you must single-
click the Logical Terminal window or press F5 to refresh it (Windows servers
only).
You cannot remove a logical terminal once it is created. It remains in the
system as long as the destination is licensed.
Note Do not assign a new Message Syntax Table to a live logical terminal before it
actually becomes live on the network.
4. Double-click the logical terminal that you want to assign a table to. The Logical Terminal
Details dialog box appears.
4. Double-click the logical terminal for which you want to select a window size. The Logical
Terminal Details dialog box appears.
5. In the Window Size field, specify the value of the requested window size when a FIN
session is opened.
This value is used when a FIN session is opened. The window size determines how many
messages can be sent to the network without having to wait for an acknowledgement from
FIN.Enter a value between 1 and 99, the default being 10.
The value in this field can be changed if necessary, by repeating this step.
15 July 2011 51
Alliance Access 7.0.20
Note This value must match the FIN window size requested to SWIFT for the logical
terminal.
5.4.1 Limitations
Overview
In using automatic logical terminal allocation, the following limitations apply:
• Automatic logical terminal allocation is disabled for any destination that does have at least
one logical terminal not having a designated connection.
• Logical terminals used for automatic logical terminal allocation must use the same message
syntax table. This is verified each time the SIS component is started.
• All logical terminals of a given destination must have the same protocol version. This is
assumed, it is not validated by the software.
• During an interrupt, the messages handled by a logical terminal that have not received an
acknowledgement from the network are reserved until the logical terminal is reconnected.
Reserved messages can be released using the Abort command on the logical terminal. The
messages are returned to the message pool and transmitted by the next logical terminal
allocated by the system.
Note If you are using a back-office application, then read the considerations described
in "Automatic Logical Terminal Allocation" on page 297 before using automatic
logical terminal allocation.
2. If the configuration parameters are not shown, then select Configuration from the View
menu.
6. Restart the SWIFT Interface Services component if required (that is, if you are in
operational mode), as described in "Stopping and Restarting Components" on page 74. If
you are in Housekeeping mode, then the change takes effect at the next restart in
operational mode.
15 July 2011 53
Alliance Access 7.0.20
2. From the View menu, select Message Standards. The Message Standards main window
appears.
• Name
• Service Name
• Description
• Creation date.
To print the information, select the message standard and click Print.
3. In the Print dialog box that appears, select the required options and click OK .
For each message contained in the selected standard, the following information is printed
when Print All details is selected in the Print dialog box:
• Message name
• Description
• Patch number: this is the number of a patch that contained a correction for this message
definition (equal to 0 if no correction was issued on this message)
• Delivery mode (the value is extracted from the corresponding MX Message Standard,
and can be Real-time, Store-and-Forward, or empty)
• Obsolete ("True" indicates that a message has been removed from the standard).
3. From the View menu, select Message Standards. The Message Standards main window
appears.
4. From the Message Standards menu, select Install. The Install Message Standards
dialog box appears.
Enter the location and name of the deployment package (ZIP file) that contains the MX
Message Standards), or use the browse button ( ... ) to locate it. If the file is not located on
the current drive, then enter the drive name first.
5. Click Install .
The Install Message Standards window appears:
6. Compare the digest displayed with the one you received separately from SWIFT.
7. If the digests are the same, then click Continue to install the message standard. If the
message standards are installed successfully, then an event is logged. The event entry
contains the digest for the standard.
15 July 2011 55
Alliance Access 7.0.20
3. From the View menu, select Message Standards. The Message Standards main window
appears.
4. Select the required standard in the list and then select Remove in the Message Standards
menu. You are now prompted to confirm the removal.
5. Click OK to complete the operation and remove the Message Standard from the database.
Note To perform the tasks described in this section, the Alliance Access servers must be
restarted in housekeeping mode. You also require a specific operator entitlement
which, by default, is granted within the "SuperKey" and "Supervisor" operator
profiles.
• assign the FINCopy service to the LTs (own destinations) to be used to send and receive
copy messages
• Y-Copy mode
• T-Copy mode
• Bypassed.
15 July 2011 57
Alliance Access 7.0.20
Central Institution
Destination
Y Copy Facility
SWIFT
Sending Network Receiving
D0540048
Institution Institution
Before the message is delivered to the receiving institution, the Copy Service sends a partial, or
a full copy of the message to the central institution. The central institution analyses the
information contained in this message. Based on internal calculations, the central institution
decides whether the copy service can release the message to the receiving institution. In this
way, the receiving institution only receives authorised messages.
A Proprietary Authentication Code (PAC) trailer may be appended to the message before
delivery.
Central Institution
Destination
T Copy Facility
SWIFT
Sending Network Receiving
D0540049
Institution Institution
A Proprietary Authentication Code (PAC) trailer is not appended to the message before delivery.
7.1.3 Bypassed
Overview
This mode is essentially used in disaster situations. In bypassed mode, no copying to the
Central Institution Destination (CID) is performed. Messages are still intercepted by the copy
service, but they are not copied to the central institution. Subsequently, no authorisation is
required before the message is delivered.
A Proprietary Authentication Code (PAC) trailer is still appended to the message before
delivery, but it is empty to signify to the recipient that the message has not been authorised by
the central institution.
Note For T-Copy mode, only participants have to install the value-added service
parameter file. The central institution does not have to install it.
15 July 2011 59
Alliance Access 7.0.20
4. In the Application Service Profile Package field, enter the location and name of the file
(ZIP file) that contains the FIN Copy Profile to be installed (or use the browse button ( ... ) to
locate it). If the file is not located on the current drive, then enter the drive name first.
For more information, see "Managing Application Service Profiles" in the Installation and
Administration Guide.
5. Click Continue .
The following values are displayed for the FIN Copy profiles:
• Environment: the environment to which the FIN Copy profile refers (Production or ITB)
7. Click Install .
Note If you are running Alliance Access in Low Speed Mode, then you must single-
click the Value-Added Service window or press F5 to refresh it.
3. From the View menu, select Value-Added Service. The Value-Added Service window
appears, displaying the list of defined services.
Note If you are running Alliance Access in Low Speed Mode, then you must single-
click the Value-Added Service window or press F5 to refresh it (Windows
servers only).
Note For T-Copy mode, only participants have to activate a value-added service. The
central institution does not have to perform this task.
3. From the View menu, select Value-Added Service. The Value-Added Service window
appears, displaying the list of defined services.
5. From the Value-Added Service menu, select Activate. The State field in the Value-
Added Service window changes to Active for the selected service.
15 July 2011 61
Alliance Access 7.0.20
3. From the View menu, select Value-Added Service. The Value-Added Service window
appears, displaying the list of defined services.
5. From the Value-Added Service menu, select Deactivate. The State field in the Value-
Added Service window changes to Inactive for the selected service.
Following the deactivation of a value-added service, this service may once again be activated,
or may be removed altogether.
Note A destination cannot be assigned more than one value-added service with the
same name.
2. From the View menu, select Value-Added Service. The Value-Added Service window
appears, displaying the list of defined services.
3. Ensure that the value-added service is "inactive". No destination may be assigned to the
service while it is in the "active" state. For more information, see "Deactivating a Value-
Added Service" on page 61.
5. From the Value-Added Service menu, select Destinations. The Own Destination dialog
box appears.
For a description of the fields displayed in this window, see "Value-Added Service
Destinations Window" on page 63.
6. To assign a destination to the selected service, select the destination in the Available list
pane and then move it into the Selected list pane.
• There is a difference between the status of the copy service and the
selected destination, that is, destination is T&T and copy service is "live", or
vice versa.
Field descriptions
Service Name
Displays the name of the service.
Central Institution
Displays the BIC8 of the Central Institution.
15 July 2011 63
Alliance Access 7.0.20
Service Definition
Shows the operational status of the service. There are two possibilities:
• Live
• Required
• Not Required
Own Destination
A standard set of transfer list panes labelled Available and Selected. These two lists combined
contain all the licensed live destinations (own destinations) currently installed on your system.
2. From the View menu, select Routing Keyword. The Routing Keyword window appears,
displaying the list of defined routing keywords and assigned message syntax tables.
3. From the Routing Keyword menu, select New. The Routing Keyword Details dialog box
appears.
15 July 2011 65
Alliance Access 7.0.20
4. Keywords are already defined in the Routing application. For more information, see
"Routing Keywords" on page 317. Click the Routing Keyword option button to select the
routing keyword to be assigned.
The Description and Type fields display the details of the keyword.
5. Click the Mstv Id option button to select the required message syntax table version.
6. In the Route on pane, specify the precise SWIFT message field that is to be mapped to the
keyword in the Field Tag field.
7. If the SWIFT message field has subfields, then it is possible to select a specific subfield to
map to the keyword using the Select option button. When the field or subfield has been
selected, its expansion and syntax appear. It is also possible to place the keyword in the
middle of a field or subfield by entering the line and column range.
8. The Messages pane displays the SWIFT message types which contain the SWIFT
message field and for which the keyword is valid. Select the required SWIFT message
types by moving messages from the Available to the Selected list panes by selecting them
and clicking the forward arrow. You can move messages back from the Selected list pane
to the Available list pane by selecting them and clicking the reverse arrow.
9. From the Routing Keyword menu, select Add to assign the routing keyword to the
selected message types.
Note The routing keyword is not used for routing until the servers have been
restarted in operational mode.
You cannot assign a keyword of type Amount to a free format text field.
Note To modify the rules, add new rules or delete existing rules of the active routing
schema, the Alliance Access servers must be restarted in housekeeping mode.
Once a change has been made to the routing rules and assigned to a particular
schema, the schema is deactivated. It must then be reactivated so that the servers
can be restarted in operational mode. For more information about activating
schemas, see "Approving and Activating a Routing Schema" on page 316.
If you want to change a schema that is already "active" without switching to
housekeeping mode, then you must duplicate the schema and make changes to
the duplicate. This allows you to modify routing rules in operational mode. To apply
the changes you have made to the routing rules, the duplicate schema must be
made active.
For information about modifying, adding or deleting rules for an active routing schema, see
"Routing Rules" on page 318.
The Routing application is used to perform these tasks.
15 July 2011 67
Alliance Access 7.0.20
Part C
15 July 2011 69
Alliance Access 7.0.20
Note On UNIX systems, you can start Alliance Access automatically whenever the
system is booted. This is achieved by setting the system parameter Startup Mode
to Automatic in the System Management application. For more information, see
"Modifying Parameters" on page 158.
For this parameter setting to take effect, the bootstrap service must be configured
to start at boot time. This is configured using the saa_configbootstrap tool,
described in the Installation and Administration Guide.
On Windows systems, if you want Alliance Access to start at boot time, then you
must make Alliance Access run as a service and configure (via the Windows
Service Management interface) the Alliance Access Bootstrap service to start
automatically. Running Alliance Access as a Windows Service is achieved by
setting the system parameter 'Startup Mode' to 'Service' in the System
Management application. For more information, see "System" on page 169.
When Alliance Access is started as a Service, mapped network drives cannot be
used.
You use the System Management application to stop and restart the servers.
• Operational:
This is the normal multi-user mode for operating Alliance Access, allowing all functions of
Alliance Access to be used. It is the default operating mode.
• Housekeeping:
This is a maintenance mode where, by default, only one user can be signed on to Alliance
Access at a time. Queues are frozen and messages cannot be sent or received.
The following tasks can only be performed in housekeeping mode:
15 July 2011 71
Alliance Access 7.0.20
Note No scheduled processes take place when the servers are running in housekeeping
mode.
3. Double-click the Start Alliance icon. The following dialog box appears:
4. Select:
5. Click OK to start the servers. After a while, a message appears telling you that the servers
have started.
Note If there is no active routing schema when stopping the Alliance Access servers,
then a restart is only possible in housekeeping mode.
2. From the File menu, select Stop Alliance. The Stop Alliance window appears.
4. Click Stop .
When you click Stop , an alarm is broadcast to all operators who are signed on, to warn
them of the impending shutdown. Once the system is shut down, no more message
processing is allowed and offline utilities can be run to perform additional system
management functions.
2. From the File menu, select Restart Alliance. The Restart Alliance dialog box appears.
15 July 2011 73
Alliance Access 7.0.20
5. Click Restart .
Note Changes to some system parameters do not take effect until the servers have
been stopped and restarted.
Each restart involves a shutdown of the servers, followed by an automatic start in the selected
operating mode.
Following any maintenance work in housekeeping mode, you must use the Restart Alliance
command again to restart Alliance Access in operational mode.
For more information, see "Extended Reporting at Server Startup" in the Installation and
Administration Guide.
Note If you have licence option 07:STANDALONE REC, then 'SIS SWIFT Interface
Services' and 'SNIS SWIFTNet Interface Services' do not appear in the list of
components.
2. Select Stop Component from the File menu. The Stop Component window appears.
3. Click the component that you want to stop in this window and click Stop .
2. Select Start Component from the File menu. The Start Component window appears.
3. Click the component that you want to restart in this window and click Start .
15 July 2011 75
Alliance Access 7.0.20
You can prevent the SWIFT Interface Services (SIS), SWIFTNet Interface Services (SNIS),
SWIFTNet Support Services (SNSS), Application Interface Services (MXS), or any ADK
components from starting up when restarting the Alliance Access servers in operational mode
by using the following procedure.
15 July 2011 77
Alliance Access 7.0.20
Field Description
ADK tab
The ADK tab is present if the optional package 99:TOOLKIT RUN-TIME is licensed, and if the
component was installed using the Alliance Developers Toolkit.
Field Description
Assigned Units The unit _ALL_ is assigned by default to an ADK component, which
indicates that there are no restrictions by unit for this ADK component.
Allowed Categories The categories that the Alliance Developers Toolkit may use.
For more information, see the Installation and Administration Guide or the documentation
provided with the Alliance Developers Toolkit.
who belong to that same unit can view confidential information such as value date, currency and
amount. The system generates the unit None by default.
The Security Officers (LSO and RSO) cannot create units.
• select an existing unit and base the new unit on it, by selecting New As from the Unit
menu.
5. In the Full Description field, enter a description of the unit. The description may be up to
24 characters.
6. From the Unit menu, select Add. The new unit has the status Unapproved.
7. After a unit has been defined, it must be approved before it can be assigned to an operator
or a message instance. To approve a unit, select Approve from the Unit menu. If you do
not have the entitlements to approve units, then ask an appropriate operator (for example,
the System Administrator) to do it.
Note Once a unit has been approved, it cannot be unapproved or removed from the
system.
3. Select the unit that you want to remove. The unit must have the status Unapproved.
4. From the Unit menu, select Remove. Alliance Access asks you to confirm the removal.
15 July 2011 79
Alliance Access 7.0.20
Note You can save your current window settings by selecting Save Current
Settings from the File menu. The next time that you start the Security
Definition application, these settings are used automatically.
Note The default profiles provided by Alliance Access are described in Appendix A,
"Default Profiles" on page 369.
2. Double-click a profile (for example, R7.0_MsgEntry). The Profile Details window appears.
Some applications are in the Applications/Available column and some are in the
Applications/Selected column. Operators who are assigned this profile can only access
the applications in the Applications/Selected column.
You can select other profiles from the Profile window while the Profile Details window is
open. If you do so, then the details of the profile that you selected appear within the Profile
Details window. This is a fast way of seeing all the profile details.
4. Functions with an asterisk (*) next to their names have permissions associated with them.
Click one of these functions in the Functions/Selected column (for example the Dispose
Message function).
5. Select Permissions from the Profile menu or double-click Dispose Message in the
Selected column.
15 July 2011 81
Alliance Access 7.0.20
Permissions provide a further level of detail about exactly what an operator is entitled to do.
For example, the Dispose Message function has permissions that describe exactly which
types of message can have their approval bypassed.
Permissions are usually expressed in one of three ways:
• a Yes or No flag
• a list of one or more values (such as message types) that are either Prohibited or
Allowed.
Prohibited and Allowed are used as follows:
• If you select Prohibited, then the column to the right of the field can be used to specify a
range of values that is prohibited, such as destinations or message types.
• If you select Prohibited and enter nothing in the column, then nothing is prohibited, that
is, everything is allowed.
• If you select Allowed, then the column can be used to specify a range of values that is
allowed.
• If you select Allowed and enter nothing in the column, then nothing is allowed, that is,
everything is prohibited.
For example, the previous screen shows the first few permissions for the Dispose Message
function within the Message Creation application. These permissions mean that an operator
with the R7.0_MsgEntry profile has the following restrictions when trying to bypass approval
for newly created messages:
Permission Description
Bypass Verification Prohibited is selected and the column to the right is empty. This means
CCY/Amount that nothing is prohibited. The operator can bypass verification for a
message of any currency and any amount.
Permission Description
Bypass Authorisation Prohibited is selected and the column to the right is empty. This means
CCY/Amount that nothing is prohibited. The operator can bypass authorisation for a
message of any currency and any amount.
Bypass Verification Allowed is selected and 999 appears in the column to the right. This
SWIFT FIN User MT means that the operator is only allowed to bypass verification for Message
Type 999.
There are other permissions for the Dispose Message function, but these are not shown on
the example screen or in the permissions table. For complete details of the default profiles
and their associated applications, functions and permissions, see Appendix A, "Default
Profiles" on page 369.
Note If you modify a profile that is already assigned to one or more operators, then all
operators using that profile become Unapproved. The left security officer and right
security officer, or operators with the appropriate approval entitlement, must
approve the operators again. For more information, see "Approving and Enabling
Operator Definitions" on page 90.
To modify a profile:
1. From the View menu of Security Definition, select Profile.
3. Select the applications that you want the profile to contain from the Applications/Available
column.
4. Click the transfer button to move the applications that you have selected from the
Available column into the Selected column.
To move an application out of the Selected column back to the Available column, select it
and click the reverse transfer button.
Note You cannot transfer applications between the Selected and Available lists by
double-clicking them.
5. Click an application in the Selected column to see whether it has related functions. If the
application does have functions, then they appear in either the Available or Selected
columns. You can move functions between the two columns by selecting them and clicking
the transfer arrow or the reverse transfer arrow. If a function has an asterisk against it, then
it has permissions which you can also change, to restrict operators' access to that function.
Note You cannot transfer functions between the Selected and Available columns
by double-clicking them. If you double-click a function in the Selected list, and
that function has permissions, then the Permissions Details window appears.
15 July 2011 83
Alliance Access 7.0.20
2. In the Name field, type a name. This name must be unique and can have up to 150
alphanumeric characters.
3. Select the applications that you want the profile to contain from the Applications/Available
column.
4. Click the transfer button to move the applications that you have selected from the
Available column into the Selected column.
To move an application out of the Selected column back to the Available column, select it
and click the reverse transfer button.
5. Click an application in the Selected column to see whether it has related functions. If the
application does have functions, then they appear in either the Available or Selected
column. You can move functions between the two columns. If a function has an asterisk
against it, then it has permissions which you can also change.
Note If you use LDAP to authenticate users (user name and password verification), then
see "LDAP User Authentication" in the Security Guide for more information.
To define an operator:
1. Run the Security Definition application.
2. If operators do not appear, then select Operators from the View menu.
3. Either select New from the Operator menu, or if you want the new operator's details to be
based on those of an existing operator definition, then select the operator and select New
As from the Operator menu.
15 July 2011 85
Alliance Access 7.0.20
4. In the Name field, enter a name for the operator. This name can have up to 150
alphanumeric characters. The following characters are allowed: @, ., _, -, :.
SWIFT recommends selecting something simple, such as the operator's first name,
because they must enter it in the Operator Name field each time they sign on. The
operator must be told this name.
5. In the Full Name field, enter the full name of the operator.
As this is a new operator, the Approval Status is Unapproved and the Enable Status is
Disabled.
• Local. The user name and password are stored in the Alliance Access database.
• LDAP. The user name and password are validated against an LDAP authentication
server.
If you select LDAP, the LDAP User Identifier field appears. In this field, specify the user
name of the operator as defined in the LDAP directory. If you leave this field empty, then
the local Alliance Access operator name is forwarded to the LDAP server and used for
the authentication.
You can enter the same LDAP User Identifier for multiple operators. This allows for
multiple operator profiles having one LDAP user. The mapping between operator and
LDAP user allows for a gradual migration to LDAP
7. Select the Application check box if the user being defined is an application that will
connect to Alliance Access.
The available profiles appear in the Allowed Profiles/Available column. The list includes
the predefined profiles supplied with Alliance Access.
If the security configuration parameter "Restrict Delegation" is set to Yes and you are not a
right security officer or left security officer, then in some cases you can only select from a
predefined subset of available profiles.
If you have defined your own profiles, then these also appear in the Allowed Profiles/
Available column. For information about the default profiles provided, see Appendix A,
"Default Profiles" on page 369.
2. Select the profiles that you want to assign to the operator from the Allowed Profiles/
Available column.
Click the transfer button to move the operator profiles that you have selected from the
Allowed Profiles/Available column into the Allowed Profiles/Selected column. To move
an operator profile out of the Allowed Profiles/Selected column back to the Allowed
Profiles/Available column, select it and click the reverse transfer button.
Note Each profile that you move into the Selected list must not conflict with any
other selected profiles in terms of application functions and permissions. For
example, you must not assign two profiles to an operator if one profile allows
the operator to sign on at any time and the other only allows sign on during
working hours (the Access Control application controls sign-on times). Alliance
Access checks that there is no conflict between the profiles assigned to an
operator at the time that you add, modify, approve, or enable an operator
definition.
15 July 2011 87
Alliance Access 7.0.20
3. You can assign one or more units to an operator. Select the units that you want to assign to
the operator from the Assigned Units/Available column. The range of units available for
assignment depends on the setting of the Operator: Restrict Functions parameter. For
more information, see "Restricting Operator Functions" on page 112.
Click the transfer button to move the units that you have selected from the Assigned Units/
Available column into the Assigned Units/Selected column. To move a unit out of the
Assigned Units/Selected column back to the Assigned Units/Available column, select it
and click the reverse transfer button.
The unit None is a system-generated unit and is assigned to all new operators by default. If
required, it can be unselected.
Note The available printers are defined using the System Management application.
For more information, see "Defining New Printer" on page 124.
Note The left security officer and right security officer can create an operator profile
which may prohibit or allow access to a selected list of message partners, exit
points, or routing points. This feature is provided respectively by the Open/Print
Partner, Open/Print Exit Point, and Open Routing Point functions of the Application
Interface.
To activate the delegation feature, the following security configuration parameter must be set in
the Security Definition application:
Restrict Delegation = Yes
When this parameter is set to Yes, a third tab called Delegations is available to the left security
officer and right security officer in the selected Operator Details window.
When the parameter is set to No, then this tab is not visible and therefore the subset
assignments are not valid.
2. For each SWIFT user institution using the service bureau two local security officer profiles,
left and right, must be created. Go to "Adding New Operator Profiles" on page 84. Carry out
steps 1 to 6.
Note You have to decide which applications and associated functions your local
security officers have to access. Remember to add the Security Definition
application. You must add the associated permission for approving operators
(one profile for left, a second similar profile for the right).
When the Restrict Delegation parameter is set to Yes, new operator profiles
must be set up with allowed destinations, and existing operator profiles must
be changed to include the allowed destinations. Prohibited destinations are not
supported in this case. The list of allowed destinations in the operator profile
must contain BIC8 destinations and no wildcards.
2. Check that the security configuration parameter Restrict Delegation is set to Yes.
3. Define the local left security officer as a new operator. Go to "Defining Operators" on
page 85. When assigning profiles for the left local security officer, include the
corresponding left security officer profile that you created in "Creating a Local Security
Officer Profile" on page 89.
4. Click the Delegations tab. Specify the delegated Operator Profiles, Units, and Destinations
that this particular local security officer can assign to other operators.
The selections made restrict the local security officer's choice when operator profiles are
created. When creating or modifying an operator profile, the inclusion of a non-delegated
item results in an error message.
15 July 2011 89
Alliance Access 7.0.20
5. Select the Delegated profiles that you want to assign to the operator from the Available list.
6. Click the transfer button to move the operator profiles that you have selected from the
Available list into the Selected list. To move an operator profile out of the Selected list
back to the Available list, select it and click the reverse transfer button.
7. Select the Delegated Units that you want to assign to the operator from the Available list.
8. Click the transfer button to move the units that you have selected from the Available list
into the Selected list. To move a unit out of the Selected list back to the Available list,
select it and click the reverse transfer button.
9. Select the Delegated Destinations that you want to assign to the operator from the
Available list.
10. Click the transfer button to move the destinations that you have selected from the
Available list into the Selected list. To move a destination out of the Selected list back to
the Available list, select it and click the reverse transfer button.
12. Approve and Enable the local security officer. See "Approving and Enabling Operator
Definitions" on page 90.
When the local security officer logs in and selects the Security Definition application, only
the delegated profiles and units are available for Operator definition.
13. Repeat the process from step 1 for the right local security officer.
By default, left security officer can left-approve an operator, and right security officer can right-
approve an operator. The Approve Operator entitlement can also be assigned to other
operators. The entitlement includes a permission that either allows a user to left-approve other
operators or right-approve other operators. An operator cannot have permission both to left-
approve and to right-approve other operators at the same time.
An operator who is given the Approve Operator entitlement and permission to left-approve an
operator can also display and print the left half of an operator's system password. Similarly, an
operator with the entitlement to right-approve an operator can display and print the right half of
an operator's system password.
Any operator that can left-approve or right-approve operators can also reset an operator's user
password, except for the left security officer and right security officer operators' passwords.
Note If your operators are using One-Time Passwords (OTP) or LDAP authentication,
then this section is not applicable.
4. From the Operator menu, select View and select both Approval Status and Enable
Status. The new operator appears in the list as Unapproved and Disabled.
6. From the Operator menu, select Approve. The Approval Status changes to Wait RSO
Approval.
7. Check mark the Display Password box to the right of the Auto Password field. A two-
character, case-sensitive password appears. Note the password and pass it secretly to the
operator for whom the definition is being created.
8. Sign off.
4. From the Operator menu, select View and select both Approval Status and Enable
Status. The new operator appears in the list as Wait RSO Approval and Disabled.
15 July 2011 91
Alliance Access 7.0.20
6. From the Operator menu, select Approve. The Approval Status changes to Approved
and the Enable Status changes to Enabled.
7. Check mark the Display Password box to the right of the Auto Password field. A two-
character, case-sensitive password appears. Note the password and pass it secretly to the
operator for whom the definition is being created.
Effect on passwords
If user passwords are used on your system, then the modified operator can continue to sign on
with an existing password.
If you are using one-time passwords:
• If you change the Authentication Method to One-time Password, then the operator must
sign on using the one-time password generated by the hardware token, even if it is the first
sign-on.
• If One-time Password is selected and you select another authentication method, then the
operator must use the associated user password. If the new authentication method is Local,
then the user is prompted to change password.
If the authentication method is LDAP, then the operator must sign on with an LDAP password.
To modify an operator:
1. Ensure that the operator whose definition that you are modifying is logged out of the
system.
5. Move profiles to and from the Available and Selected columns as required.
6. Move units to and from the Available and Selected columns as required.
7. If you are using a UNIX server, then move printers to and from the Available and Selected
columns as required.
Note After modifying the operator, the operator becomes Unapproved. The left
security officer and right security officer, or operators with the appropriate
approval entitlements, must approve the operators again. For information
about how to approve modified operators, see "Approving and Enabling
Operator Definitions" on page 90.
Note There may be restrictions on exactly which operator details that you can list, search
for, and use other operator-related functions on. This depends on the setting of the
Operator: Restrict Functions and Restrict Delegation configuration parameters.
See "Restricting Operator Functions" on page 112.
The Operator column shows the name that each operator uses to sign on to Alliance Access.
The Operator Name column shows the full name of each operator. Each operator has an
Approval Status that shows whether they have been given permission to use the system.
Approved The operator is entitled to use the system in the way described in their
operator definition
Unapproved The operator cannot use the system until they are approved by left security
officer and right security officer, or by operators with the appropriate approval
entitlements
Wait LSO Approval The operator has been approved by the right security officer, but requires
approval by either the left security officer or an operator with the Approval
Operator entitlement and permission to left-approve
Wait RSO Approval The operator has been approved by the left security officer, but requires
approval by either the right security officer or an operator with the Approval
Operator entitlement and permission to right-approve
A new or modified operator definition always requires approval by both security officers, or by
operators with the appropriate approval entitlements.
The Enable Status column shows if the operator is enabled or disabled. New operators are
always disabled until they have been both left and right-approved, at which time they are
automatically enabled.
The Last Sign-on column shows the date and time that the operator most recently logged on.
The Authentication Method column shows which of the following methods is used to
authenticate the user: Local, One-time Password, or LDAP.
The Application column shows whether the user is an application that connects to Alliance
Access.
15 July 2011 93
Alliance Access 7.0.20
2. From the Operator menu, select Search. The Operator Search Criteria window appears.
Select To see
Wait LSO All the operators that need approval by the left security officer, or by an
Approval operator entitled to left-approve
Wait RSO All the operators that need approval by the right security officer, or by an
Approval operator entitled to right-approve
Select To see
Select To see
Time Disabled All the operators that are disabled for a fixed period of time rather than
indefinitely
In the Operator Name field, type an operator name. You can use the following wildcard
characters to search for a group of Operator Names:
_ to replace one character in a string. For example, type OPER0_ to match "OPER01",
"OPER02", "OPER03", and so on
% to replace zero or more contiguous characters in a string. For example, type OP%01 to
match both "OPERATOR01" and "OPER01"
Select To see
Local All the operators who are authenticated by the Local authentication method
LDAP All the operators who are authenticated by the LDAP authentication method
One-time All the operators who are authenticated by the One-time Password
Password authentication method
15 July 2011 95
Alliance Access 7.0.20
Select To see
Any Profile Operators who use the profile name entered in the Profile field. The wildcard
Matching String characters % and _ can be used in the profile name to widen the search so that
you can search for a group of names.
All Profiles In Operators who use the profile(s) in the Profiles/Selected column. Profile
Selected List names can be selected from the Profiles/Available column. If you select
several profiles, then Alliance Access only searches for operators who have all
your selected profiles.
Select To see
Any Unit Matching Operators who use the unit name entered in the Unit field. The wildcard
String characters % and _ can be used in the unit name to widen the search so
that you can search for a group of names.
All Units In Selected Operators who use the unit(s) in the Units/Selected column. Unit names
List can be selected from the Units/Available column. If you select several
units, then Alliance Access only searches for operators who have all your
selected units.
The printers used in the search appear in the Printers/Selected column. Printer names can
be selected from the Printers/Available column. If you select several printers, then
Alliance Access only searches for operators who are entitled to use all your selected
Printers.
7. Click Search . The operators that meet your search criteria appear within the window.
15 July 2011 97
Alliance Access 7.0.20
2. Select Create Op List... from the File menu. The Create Operators/Operator Profiles
List window appears.
3. Select the location where the file must be generated from the File on drop-down menu:
• Workstation, to create the file in a location of your choice. If you select Workstation,
then an additional field called File location appears to allow you to specify the file
location. You can either type a path name or click ... to locate a directory.
• Server, to create the file in your default report directory specified in the Root path
for Report File security configuration parameter. For details about this parameter,
see "Security Parameters" on page 102.
4. Click:
• On the Following Date, to disable the operator definition until the date, and time that
you specify, or until you enable the definition again with an Enable command.
• By Enable Command, to disable the operator definition until you enable the definition
again with an Enable command.
To remove an operator:
1. From the View menu of Security Definition, select Operator.
Note The password of an Application operator can only be regenerated by the Security
Officers using the Reset User Pwd function in the Security Definition application.
15 July 2011 99
Alliance Access 7.0.20
5. From the Operator menu, select Reset User Pwd. The operator's user password is
disabled and they can only sign on once a new password has been generated.
Check mark the Display Password box to the right of the Auto Password field. The
password (case-sensitive) is displayed. Take note of the password and pass it secretly to
the operator for whom the definition is being created.
6. Sign off.
• the other security officer resets the password. An operator with Approve Operator entitlement
cannot do so.
• the Password: Reset Peer Officer Pwd security parameter is set to Yes.
By default, the Password: Reset Peer Officer Pwd parameter is set to No, which means that
the security officers cannot reset each other's password. The security officers can use the
Security Definition application to change the value of this and other security parameters. For
details, see "Modifying Security Parameters" on page 101.
Note If the Password: Reset Peer Officer Pwd parameter is set to No, and a security
officer forgets a password, then the security officer's password cannot be reset.
Support must be contacted for further instructions.
3. From the Operator menu, select Reset LSO Pwd. The left security officer's password is
reset to the eight hexadecimal-character Master Password that SWIFT dispatched to the
left security officer at the most recent Alliance Access licensing. Your organisation must
have retained the original printed Master Password sent by SWIFT and stored it in a secure
place.
4. Sign off.
3. From the Operator menu, select Reset RSO Pwd. The right security officer's password is
reset to the eight hexadecimal-character Master Password that SWIFT dispatched to the
right security officer at the most recent Alliance Access licensing. Your organisation must
have retained the original printed Master Password sent by SWIFT and stored it in a secure
place.
4. Sign off.
• The user attempts to sign on outside the times specified in the assigned operator profile
• The user has not logged in within the maximum time allocated
• The operator has not signed on within the sign-on time limits defined within that operator's
profile, automatically disabling the operator
• Another user is currently signed on at the terminal at which the user is trying to sign on
Alarm Windows only. The full path name of the user-defined script executed on
Path of Script File occurrence of an alarm event.
It must be:
For UNIX only: The full path name of the user-defined UNIX shell script executed
Path of Script File on occurrence of an alarm event.
It must be:
Backup Backup integrity Specifies the type of digest that is calculated to ensure the
integrity integrity of archive backups.
Possible values are:
Message Journalise Msg Text If this parameter is set, then the text block from the message is
included in the message event description. A change to this
parameter will take effect after the SWIFT Interface component is
restarted.
Possible values are:
Message Message Repair Indicates the type of action that is performed by default on the
Action outstanding live messages, that are flagged with possible
duplicate emission (PDE), if a database is partially recovered:
Message MT398 message Specifies whether the SWIFT Interface component performs a
extraction proprietary authentication code verification (PAC) on messages
embedded in the MT 398. A change to this parameter will take
effect after the SWIFT Interface component is restarted.
Possible values are:
• Off
• On
Default value: Off.
Message Re-activation Scope Setting used to re-activate completed messages to any routing
point.
Reception Date:
Message Retrieved Message When set to On, the SWIFT Interface component extracts the
Extract contents of MT 021, if output messages, into separate messages.
A change to this parameter will take effect after the SWIFT
Interface component is restarted.
Possible values are:
• Off
• On
Default value: Off.
Operator Restrict Functions Specifies whether the operator-related functions (open, print, add,
modify, approve, or remove) are restricted. If this parameter is set
to No (the default), then these functions are not restricted, and an
operator with the appropriate entitlements can search for, open,
print, add, modify, approve, or remove operators belonging to any
unit. If the parameter is set to Yes, then an operator with the
appropriate entitlements can only use these functions on
operators who belong to a subset of the same units as the
operator carrying out the action. For more information, see
"Restricting Operator Functions" on page 112.
Possible values are:
• Yes
• No
Default value: No.
This parameter does not affect the left security officer and right
security officer, who always have unrestricted access to operator
functions.
Operator Restrict Delegation Indicates whether restrictions may be applied for Operator
profiles, Units, and Destinations when an LSO/RSO defines an
operator definition. The left security officer and right security
officer of a Service Bureau use this feature when creating local
security officers.
Possible values are:
Operator Software Owner Specifies the operator profile that is assigned as the owner of the
Profile software. An operator with that profile can perform specific actions
on Alliance Access, such as, exporting configuration data, or
querying the database for messages or events.
If this parameter is empty or invalid, then the software owner
operator is disabled.
The servers must be restarted for changes to this parameter to
take effect.
Password Illegal Patterns Patterns of characters that are not allowed in passwords. The |
symbol must be used to separate each string of characters that is
prohibited. For example, the string:
@|$|Bob
prohibits the use of the following characters in passwords:
@
$
Bob
Password Master Period Specifies the number of days after which the security officers
have to change the Master Passwords.
Possible values are:
• 0 through 365
Default value: 100.
A value of 0 means that the security officers are never forced to
change their passwords.
Password Max Bad Pwd Maximum number of times that a user can enter incorrect
passwords before sign-on is refused.
Possible values are:
• 0 through 100
Default value: 5.
• 4 through 20
Default value: 6.
Password Nbr Retained Pwd The number of user passwords retained by the system. Each time
a user changes a password, the old password is retained until this
number is reached. A user cannot create a password that is the
same as one that is retained.
Possible values are:
• 0 through 20
Default value: 10.
Password Reset Peer Officer Allows the left security officer to reset the right security officer's
Passwo password to the Master Password which was valid at the time of
installation, and vice versa. This is useful if a security officer
forgets a password. An event is written to the Event Journal each
time that a password is reset. The default is No, which means that
the security officers cannot reset each other's password.
Possible values are:
• Yes
• No
Default value: No.
Password Sec Officer One Time Activates the use of one-time passwords for the security officers.
Pwd If this parameter is set to Yes and a primary authentication server
• Yes
• No
Default value: No.
Password Strong Validation Verifies that password contains a combination of alphabetic and
numeric characters, and at least one numeric character. Changes
to this parameter become effective at the next password change.
Possible values are:
• Yes
• No
Default value: No.
Password User Period Number of days after which the user password has to be
changed.
Possible values are:
• 0 through 120
Default value: 30.
Reports Root Path for Report The path name which is the top level of the directory tree where
File report files are stored.
The default location is:
• UNIX - $ALLIANCE/usrdata/report
• Windows - %ALLIANCE%\usrdata\report
RMA Clean up Stale Auth. Specifies the minimum number of days that an authorisation or a
query must be kept in the data store before it can be removed.
Maximum: 365. Default value: 180.
RMA Needs Status Controls the explicit request to confirm the rejection of
Confirmation Authorisations to Send, and the revocation of Authorisations to
Receive. A change to this parameter takes effect immediately.
Default value: Yes.
RMA Auto Accept Updates Specifies whether updates received for enabled authorisations to
send are automatically accepted. A change to this parameter
takes effect immediately.
Default value: No.
Signoff Timeout Specifies the time (in seconds) after an inactivity timeout before
the workstation is automatically signed off.
Possible values are:
• 0 through 3600
Default value: 1800.
If 0 is selected, then the workstation is not signed off
automatically.
Signoff WS Session Timeout The number of seconds of inactivity after which Alliance Access
cleans up a web-service operator session. Minimum: 1800.
Maximum: 5400. Default value: 2700.
• 1 through 10
Default value: 1.
Signon Timeout Specifies the time (in seconds) that an operator can be inactive at
a workstation (while Alliance is running) before having to re-enter
a password.
Possible values are:
• 60 through 28800
Default value: 600.
System Authenticate MT971 Defines whether MT 971 messages must be authenticated or not.
A change to the parameter is taken into account immediately.
Possible values are:
• Yes
• No
Default value: Yes.
System Disable Period This parameter specifies the number of days (1 to 999) during
which an enabled operator must sign-on. If they do not do so,
then they are automatically disabled.
Possible values are:
• 0 through 999
Default value: 0.
If this parameter is set to 0, then operators are not automatically
disabled.
System RPC Authentication Defines whether the communication between Alliance Access and
Alliance Workstation is encrypted. Only when the parameter is set
to "Data Integrity" or "Data Confidentiality" can the Alliance
Access servers initialise the communication process with SSL
enabled. If SSL is enabled, then Alliance Workstation can also
use Server Authentication. For more information, see the Alliance
Workstation Installation and Administration Guide.
This parameter provides additional security checks on client
processes that make Remote Procedure Calls (RPC) to server
processes.
Possible values are:
– all message details that are derived from the message text.
Default value: Process Authentication.
Alliance must be restarted for changes to this parameter to take
effect.
If a large number of message templates are assigned to a unit,
then using the higher levels of RPC authentication affects the
performance of the Message Creation application. When the Data
Confidentiality option is used, an operator who belongs to that unit
will find that the Message Creation application opens very slowly.
If more than 50 message templates are in use, then it is
recommended that you use the low speed mode setting, which
allows fewer items to be displayed more quickly. At this setting,
only 50 records are retrieved each time that a list of items
appears. For information about how to set the speed mode, refer
to "Setting the Speed Mode" on page 20.
Warning
The Data Confidentiality mode is CPU-intensive. When selected,
it significantly decreases the overall throughput of Alliance
Access. This mode is therefore not recommended for high-
throughput configurations.
System Software Check at Determines whether the system runs the Integrity Verification Tool
Startup when Alliance Access is started, to check the integrity of the
Alliance Access software.
Possible values are:
• Yes
• No
Default value: Yes
User Mode Housekeeping User In housekeeping mode, either a Single Operator is allowed to sign
Mode on or Multiple Operators are allowed to sign on.
Possible values are:
• Single
• Multiple
Default value: Single.
Alliance Access must be restarted for changes to this parameter
to take effect.
User Space Root Path for User The location on the Alliance Access server where the user space
Space directories are created.
The default location is:
• UNIX - $ALLIANCE/usrdata/userspace
• Windows - %ALLIANCE%\usrdata\userspace
The directories are associated with operators using the Alliance
Web Platform.
• approved
• unapproved
3. Select Configuration from the View menu. The security parameters are listed by class and
name.
4. Double-click the parameter that you want to modify. The Security Parameter Details
window appears.
For a description of the fields displayed in this window, see "Security Parameter Details
Window" on page 110.
5. Type the value that you want the parameter to have once it is approved in the Future
Value field, or select the value from the drop-down list (some parameters have pre-defined
options).
8. Sign off.
12. Select Approval Status from the View menu and confirm that the status of the parameter
has changed to Approved.
Field descriptions
Class
The category to which the parameter belongs (for example, "Password").
Parameter
The name of the parameter.
Future Value
The value that you want the parameter to have when it has been approved by both security
officers.
Current Value
The current value of the parameter.
Approval Status
Indicates whether a modification of the parameter has been approved.
Default Value
The default value of the parameter. This value is pre-defined and applies when Alliance Access
is first installed. This value applies unless you modify the Current Value.
Minimum Value
The minimum value allowed for the parameter. This is only applicable to numeric values.
Maximum Value
The maximum value allowed for the parameter. This is only applicable to numeric values.
Description
A description of what the parameter does.
• an operator can only assign a subset of the units assigned to himself, to another operator.
• an operator A can only display information and use operator-related functions on another
operator B, if the set of units assigned to operator B is a subset of the units assigned to the
operator A. Operator A can use the following functions:
– list operator
– open/print operator
– approve operator
– enable operator
– disable operator
– add operator
– modify operator
– delete operator
– search operator
– reset password (if the operator has the Approve Operator entitlement).
For example, if operator Marc belongs to units A, B and C, and operator Luc belongs to units C
and D, neither Marc or Luc can display each other's operator details. Operator Dirk, who
belongs to units A, B, C, and D, can display the operator details for both Marc and Luc and use
operator-related functions on them. However, neither Marc or Luc can display Dirk's operator
details.
Note When the parameter Restrict Delegation is set to Yes, any profile assignments
made for units using the Security Definition application take precedence. This does
not affect the left security officer and right security officer.
The Operator: Restrict Functions parameter does not affect the left security
officer and right security officer, who always have unrestricted access to operator
functions.
• a secret key used by the protocol (Primary and Secondary, the secret key values are saved
encrypted within Alliance Access)
• local port number (the port number local to the Alliance Access host).
This configuration is necessary to support the protocol used between Alliance Access and the
supported authentication server. The configuration must be done before using the
authentication server.
• it must contain at least one upper-case and one lower-case alphabetic character
• a character cannot be repeated more than half of the length minus one.
2. From the File menu, select Configure Authentication Servers and then One-Time
Password.... The Configure One-Time Password Servers window appears, showing the
current configuration details. To modify them, complete the Future fields as described in
the following steps. Both the left security officer and the right security officer must approve
changes to the current configuration.
3. In the Future Mode field, select whether an authentication server must be used.
Select:
• Do not use Authentication Server if you do not want to use one-time passwords.
If you select Use Authentication Server, you must complete the fields as described in the
next steps.
Note You must complete the fields for the Primary Authentication Server before
you can start using one-time passwords.
4. In the Future Local Port Number field, specify the port number to reach the primary
authentication server. Enter a value between 1024 and 65535.
5. In the Primary Authentication Server area, enter the host name of the primary
authentication server in the Hostname field.
6. In the Port Number field, specify the port number to reach the primary authentication
server. Enter a value between 1024 and 65535.
7. In the Left Secret field, enter the left part of the secret of the primary authentication server.
It consists of 16 characters.
Note Depending on your permissions, the secrets are either displayed in clear or
substituted by '*'.
Secrets must be stored encrypted. They have a lifetime of two years, after
which they expire.
The following recommendations must be observed for the secrets:
• If you define two authentication servers, then the two secrets for both
servers must be different.
8. Click Save to save your changes. You can only save your changes if at least the
Hostname and the Port Number fields contain a value.
The Configuration Status field displays the current approval status, that is, Unapproved.
9. Click Approve to approve the changes. The status changes to Waiting RSO Approval.
The right security officer must now sign on and approve the changes.
Note Approve is only available to the left security officer and right security officer.
10. In the Right Secret field, enter the right part of the secret of the primary authentication
server. It consists of 16 characters.
11. Click Approve to approve the changes. The status changes to Approved and the Future
field settings become Current.
12. Check the Use Secondary Authentication Server box if you want to define a secondary
authentication server. This is optional. If you check this box, then complete the fields that
appear as described in the previous steps.
When the primary server cannot be connected to or if the connection is lost, a switch from
the primary authentication server to the secondary one occurs.
Note The left security officer and right security officer can clear the Future field settings
by clicking Reset . This option is available when the Configuration Status field
displays the following values:
• Unapproved
Overview
You can configure LDAP repositories for the authentication (user name and password) of users.
This task is performed from the Security Definition application and requires proper operator
permissions.
The Primary LDAP server settings must be completed to use an LDAP server. A Secondary
LDAP server may optionally be configured.
Alliance Access requires the following configuration information to reach the LDAP server:
• optionally, the user DN and password used to connect to the LDAP server: not used if the
LDAP server supports anonymous access.
Moreover, configuration information is also required to access the user information related to a
particular LDAP entry.
2. From the File menu, select Configure Authentication Servers and then LDAP.... The
Configure LDAP Servers window appears, showing the current configuration details. To
modify them, complete the Future fields as described in the following steps. Both the left
security officer and the right security officer, or two users with the Approve LDAP function,
must approve changes to the current configuration.
Note When you select Configure Authentication Servers and LDAP... for the first
time, that is, after installing or upgrading Alliance Access, the Current and
Future fields are empty and the Current Mode field displays Do not use
LDAP Server.
3. In the Future Mode field, select whether an LDAP server must be used.
Select:
Note You must complete the fields for the Primary LDAP Server and approve
this configuration before you can start using LDAP authentication.
• Do not use LDAP Server if you do not want to use LDAP authentication.
• Connection Parameters:
– In Host Name, you must specify the host name of the primary LDAP server.
– In Port Number, specify the port number to reach the primary LDAP server.
– Select Connection Security if you want to secure the connection to the LDAP server.
• User Parameters:
– In DN Entry Point in User Directory, specify the DN of the entry point in the user
directory. This field can contain 250 characters maximum.
In the LDAP search request, Alliance Access specifies that the whole subtree must be
searched, starting from the DN specified in DN Entry Point.
– In Object Class Name of User Node, optionally specify the type or class of the user
nodes within the directory. This is useful if there are different types of nodes in the
directory (that is, not only users). This field can contain 32 characters maximum.
– In User Name Attribute, specify the name of the attribute containing the user name
that is used during the logon operation. This field can contain 32 characters
maximum.
5. Click Save to save your changes. You can only save your changes if Hostname, Port
Number, DN Entry Point in User Directory, and User Name Attribute contain a value.
The Configuration Status field displays the current approval status, that is, Unapproved.
The status changes to Waiting RSO Approval or Waiting LSO Approval. This
depends on whether the user currently signed on has the Approve Left part or the
Approve Right part permission.
If the status is:
• Waiting LSO Approval, then the user with the Approve Left part permission must
sign on now and approve the changes
• Waiting RSO Approval, then the user with the Approve Right part permission must
sign on now and approve the changes.
Note Approve is only available if your operator profile contains the Approve LDAP
function.
7. Click Approve to approve the changes. The status changes to Approved and the Future
field settings become Current.
8. Check the Use Secondary LDAP Server box if you want to define a secondary LDAP
server. This is optional. If you check this box, complete the fields that appear as described
in the previous steps.
When the primary server cannot be connected to or if the connection is lost, a switch from
the primary server to the secondary one occurs.
Note The left security officer and right security officer, or users with the Approve
LDAP function, can clear the Future field settings by clicking Reset . This
option is available when the Configuration Status field displays the following
values:
• Unapproved
Introduction
You can use SSL to secure the connection to an LDAP authentication server. The LDAP server
must have SSL support enabled. The SSL certificate installed on the LDAP server can be either
a self-signed certificate or a certificate signed by a SWIFTNet Certification Authority.
The keystore that LDAP uses on Alliance Access must trust either the self-signed SSL
certificate or the SWIFTNet Certification Authority certificate.
Note You must restart the Alliance server after adding the certificate to the keystore.
Procedure on Windows
1. Log on to Alliance Access as Alliance Administrator.
4. Use File > Open to open the file <WINDOWS>/system32/certmgr.msc, where you
replace <WINDOWS> with the path to the Windows directory on the Alliance Access
server.
The Certificates - Current User window appears.
7. Follow the instructions in the Certificate Import Wizard to import either the self-signed
SSL certificate or the SWIFTNet Certification Authority certificate in the Trusted Root
Certification Authorities certificate store.
A Security Warning message appears.
8. Click Yes .
A Certificate Import Wizard message appears that confirms the successful import of the
certificate.
9. Click OK .
Procedure on AIX
1. Log on to Alliance Access as Alliance Administrator.
there is a firewall in use between Alliance Access and your workstation, make sure you
configure the firewall rules to allow X-Window communication.
4. Type a password and a confirmation of the password, and select the Stash the password
to a file option.
5. Click OK .
6. Add either the self-signed SSL certificate or the SWIFTNet Certification Authority certificate
to the keystore.
4. Add either the self-signed SSL certificate or the SWIFTNet Certification Authority certificate
to the keystore.
/usr/sfw/bin/certutil -A -n "<certificate_alias>" -i
<certificate_file> -a -t "C,C,C" -d $ALLIANCE/data/ldap
Replace <certificate_alias> with the name of the certificate.
Replace <certificate_file> with the path and filename of the certificate.
12 SWIFTNet Security
Overview
This section describes how MT and MX messages are authenticated.
Sender/Receiver name
Service Name = swift.fin
SWIFTNet Signature (PKI)
Message
(Authoriser DN)
MT
Message
(unchanged) MT103
Sender BIC
Receiver BIC
D0540083
When an Authoriser DN is created from within Alliance Access, the fin role is automatically
assigned to this DN. If you create your DNs from another Alliance interface, such as Alliance
Gateway or Alliance WebStation, then the fin role must be assigned when the DN is defined.
On Alliance Access, an Authoriser DN is associated to a SWIFTNet connection that must be
assigned to a logical terminal. When the logical terminal is assigned to a SWIFTNet connection
the selected Authoriser certificate for that connection is used for the signature of the SWIFTNet
envelope.
On Alliance Access, you can also have multiple Authoriser DNs on your system at any time.
Each DN can be assigned to one or more logical terminals. For example, Authoriser DN1 can
be assigned to logical terminal A and Authoriser DN2 can be assigned logical terminal B.
Sender/Receiver name
Service Name = "SWIFTNet Business"
SWIFTNet Signature (PKI)
Message
(Authoriser DN)
MX
Message
ifds.001.001.01
D0540084
When an Authoriser DN is created from within Alliance Access, the fin role is automatically
assigned to this DN. Therefore, you must create or assign the appropriate role and SWIFTNet
Business service for MX messaging to your DNs from the Alliance Gateway or Alliance
WebStation.
On Alliance Access, this Authoriser DN must then be adopted on a SWIFTNet connection which
is then assigned to SWIFTNet emission and reception profiles. When the emission and
reception profiles are assigned to a SWIFTNet connection, the selected Authoriser certificate for
that connection is used for the signature of the SWIFTNet envelope.
Alliance Access uses the certificate of the Responder DN (BIC8 match) to sign responses on
incoming MX messages. It is therefore required to Adopt from the Alliance Gateway system
onto your Alliance Access system, the DNs matching the BIC8 of all possible Responder DNs
for which MX messages can be received.
The same Authoriser DN can be assigned to different profiles. You can also have multiple
Authoriser DNs on your system at any time. In this case, each DN can be assigned to one or
more profiles. For example, Authoriser DN1 can be assigned to emission profile A and
Authoriser DN2 can be assigned to emission profile B.
2. If the Device list pane is not shown, select Device from the View menu.
3. Double-click the printer that you want to view in the Device list pane. The Device Details
window appears.
For a description of the fields displayed in this window, see "Device Details Window (UNIX
only)" on page 123.
Example
Field descriptions
Device Name
The name of the printer.
Device Type
Displays the type of device. This can only be a printer.
Description
Displays the text description of the device, for example, "Printer located in Supervisor's office".
Bold Emulation
Specifies how bold characters are printed.
Lines/page
Displays the number of lines per page for the printer.
Column
Displays the number of characters per line for printer devices.
2. If the Device list pane is not shown, then select Device from the View menu.
• New As with an existing printer highlighted in the Device list pane, to define a new
printer based on an existing one. The Device Details window appears.
For a description of the fields displayed in this window, see "Device Details Window (UNIX
only)" on page 123.
6. Specify how bold characters are printed in the Bold/ Emulation field.
The choices are:
• Character Overstrike
• Line Overstrike
• Disable Bold
• HP PCL Compatible
• IBM/EPSON Matrix.
9. From the Device menu, select Add to connect the new printer. The Device main window is
automatically refreshed and displays the details of the new printer.
Note Once you have defined a printer, it must be enabled under UNIX.
• RMA-related parameters
• End-to-end signing required and what format the signature can have
• Store-and-forward usage
• HeaderInfo element required and usage of this element for the service
• ApplProf.dig, which contains the digest of each file contained in the ASP package
For more information about traffic filtering using RMA, see the RMA Service 7.0 Service
Description.
Procedure
1. Download the ASP package from www.swift.com to a dedicated directory.
4. Navigate to the bin directory, one level below the directory where you installed Alliance
Access.
5. Run the saa_manageasp command. For details, see "saa_manageasp" in the Installation
and Administration Guide.
2. If not already displayed, then select Emission Profile from the View menu. The Emission
Profile window appears, displaying the list of defined emission profiles.
3. Select New from the Emission Profile menu, or to define one based on an existing
emission profile, select the required profile and then New As from the Emission Profile
menu. The Emission Profile Details window appears.
4. Enter the details of the emission profile. For details, see "Emission Profile Details - Profile
Details Tab" on page 129.
Note When you specify the service in the Service Name field, the values in the
fields are initialised based on the Application Service Profile associated to this
service.
5. When you have entered all the required details for the emission profile, select Add from the
Emission Profile menu. The new profile now appears in the list of profiles in the Emission
Profile View window.
To modify an emission profile, select the emission profile and then Open from the Emission
Profile menu. You can then change the required fields. Select Modify from the Emission
Profile menu to save your modifications.
To remove an emission profile, select the emission profile and then Remove from the Emission
Profile menu. You are asked to confirm the removal. Click Yes to complete the process.
Note To modify or remove an emission profile, the profile must be in the Disabled state.
Example
The following is an example of a SWIFTNet Emission Profile, for the live Relationship
Management Service:
Field descriptions
Profile Name
Name of the emission profile. This is the identifier of the profile and cannot be modified after
creation.
The profile name can be up to 20 alphanumeric characters. No spaces are allowed in the name.
Profile Status
A read-only field which shows the current status of the profile.
Service Name
Code for the SWIFTNet service that you are using.
The code and associated Requestor DN (see the next field) are used as the basic selection
criteria for emission for this profile. This information cannot be modified after profile has been
created.
Messaging Service
You can select InterAct (default), FileAct, or Both.
Requestor DN
Requestor DN you are using for the SWIFTNet Service selected. This information cannot be
modified after the profile has been created.
Delivery Mode
SWIFTNet delivery mode for the emission profile.
This can be Real-time (default) or Store-and-forward. The selection must match the
SWIFTNet Service characteristics as provisioned centrally.
Use Input Channel
This option is available only if the Delivery Mode is Store-and-forward.
Input Channel
This field is only available if the Delivery Mode is Store-and-forward and Use Input Channel
is selected.
The list of input channel names contains all the input channels available in the database.
Window Size
The window size used for the emission. This must be in the range 1 to 10 (default 5).
This field is not available if the Use Input Channel option is selected.
Retry Limit
The number of retries for each message (retransmission after emission failure). When the retry
limit is reached, the message is routed with a Transmission Failure result. The value must be in
the range 0 to 5 (default 2).
Signing Required
Messages sent using this profile must be signed, unless specified explicitly in the message.
Select the check box to enable.
If the check box is enabled, then you can select whether to sign MX messages using the
Crypto element or the Signature element.
Note The InterAct messages that relate to relationship management authorisations are
always signed.
Non-Repudiation Required
Non-repudiation is required for messages sent using this profile, when specified explicitly in the
message. Select the check box to enable.
The Service Name must be configured with NR Optional or NR Mandated, otherwise the
message is rejected. If non-repudiation is required then messages must also be signed. When
the Non-Repudiation Required box is selected, the Signing Required box is automatically
selected.
This field is only visible if Delivery Notification Required is selected for real-time Delivery
Mode.
2. If not already displayed, then select Reception Profile from the View menu. The
Reception Profile window appears, displaying the list of defined reception profiles.
3. Select New from the Reception Profile menu, or to define one based on an existing
reception profile, select the required profile then New As from the Reception Profile menu.
The Reception Profile Details window appears.
4. Enter the details of the reception profile. For details, see "Reception Profile Details - Profile
Details Tab" on page 133.
A read only Profile Status field is also displayed which indicates the current status of the
profile.
5. When you have entered all the required details for the reception profile, select Add from the
Reception Profile menu. The new profile now appears in the list of profiles in the
Reception Profile View window.
To modify a reception profile, select the reception profile and then Open from the Reception
Profile menu. You can then change the required fields. Select Modify from the Reception
Profile menu to save your modifications.
To remove a reception profile, select the reception profile and then Remove from the
Reception Profile menu. You are asked to confirm the removal. Click Yes to complete the
process.
Note To modify or remove a reception profile, the profile must be in the Disabled state.
Example
The following is an example of a SWIFTNet Reception Profile, for the live Relationship
Management Service:
Field descriptions
Profile Name
Name of the reception profile. This is the identifier of the profile and cannot be modified after
creation.
The profile name can be up to 20 alphanumeric characters. No spaces are allowed in the name.
Profile Status
A read-only field which shows the current status of the profile.
Delivery Mode
SWIFTNet delivery mode for the reception profile.
This can be Real-time or Store-and-forward. The selection must match the SWIFTNet Service
characteristics as provisioned centrally.
Important Do not change the delivery mode of the Reception profiles for the Relationship
Management service.
Queue Name
Name of the store-and-forward queue that used with this reception profile. Queue names can be
up to 30 characters. Note that this field is only visible if Delivery Mode is Store-and-forward.
Subset and Order
Allows you to select the type of traffic (maximum 6 subsets), and the order that the traffic is
delivered. The default order is: System, InterAct, and then FileAct.
Note To receive delivery notifications, ensure that the Interact and System subsets are
selected. For a description of the different types of delivery notifications, see the
SWIFTNet Messaging Operations Guide.
Alliance Gateway message partner Contain certificates which are valid for
• If the logical terminal belongs to a live destination, then the certificate of the authoriser DN
must be a business certificate and must be stored on a Hardware Security Module (HSM)
with policy ID 1.3.21.6.2.
• If the logical terminal belongs to a Test and Training destination, then the certificate of the
authoriser DN can be:
– a business certificate
– a Lite certificate
This certificate can be stored in an HSM or on disk.
Note It is not possible to specify the Authoriser DN for real-time reception profiles.
1. Alliance Gateway selects the first DN certificate from the list of related Gateway message
partner that matches the level-2 DN (BIC8).
2. Alliance Gateway only selects a certificate for which a security context can be created (for
example, the certificate is not revoked or expired).
Important Ensure that the certificate that Alliance Gateway selects based on the criteria
above has the proper RBAC roles for the type of traffic.
2. Select Open from the Emission Profile menu. The Emission Profile Details window
opens.
4. Select the SWIFTNet connection that you want to set up for this emission profile and then
select Assign Connection from the Emission Profile menu. The Gateway Connection
Details dialog box appears.
5. Select the required connection from the Connection Name field. You must define at least
one connection before the emission profile can be enabled.
If the Delivery Mode is Store-and-forward, then four connections can be defined.
Note The Authoriser DN must belong to the same institution as the Requestor DN
(that is, the BIC8 in both DNs must be the same).
7. Click OK .
You are prompted to confirm your choice.
8. Click OK to complete the process. The selected SWIFTNet connection is now available to
this profile.
Field descriptions
Sequence
Number (1 to 4) that indicates the order in which the connections are used when connecting to
SWIFTNet, or in case of failure.
You must define at least one connection before the emission profile can be enabled.
Conn Name
Name of the SWIFTNet connection.
Authoriser DN
Authoriser DN associated with this connection.
2. Select Open from the Reception Profile menu. The Reception Profile Details window
opens.
4. Select the SWIFTNet connection that you want to set up for this reception profile and then
select Assign Connection from the Reception Profile menu. The Gateway Connection
Details dialog box appears.
5. Select the required connection from the Connection Name field. You must define at least
one connection before the reception profile can be enabled.
If the Delivery Mode is Store-and-forward, then four connections can be defined.
If the Delivery Mode is Real-time, then only one connection can be defined.
If you change the Delivery Mode of a reception profile from Store-and-forward to Real-
time, then only the connection with sequence 1 remains. The other connections are
removed.
Note If the Delivery Mode is Store-and-forward, then the Authoriser DN must have
been granted access to the queue with name Queue Name from an external
RBAC application.
7. Click OK .
You are prompted to confirm your choice.
8. Click OK to complete the process. The selected SWIFTNet connection is now available to
this profile.
Field descriptions
Sequence
Number (1 to 4) that indicates the order in which the connections are used when connecting to
SWIFTNet, or in case of failure.
You must define at least one connection before the reception profile can be enabled.
Conn Name
Name of the SWIFTNet connection.
Authoriser DN
Authoriser DN associated with this connection.
Important Deactivating an emission or reception profile aborts all ongoing file transfers. In
such a case, you are prompted to confirm the deactivation request.
2. Select Enable from the Emission Profile menu. The profile status changes to Enabled.
2. Select Activate from the Emission Profile menu. The profile status changes to Activated.
2. Select Enable from the Reception Profile menu. The profile status changes to Enabled.
2. Select Activate from the Reception Profile menu. The profile status changes to
Activated.
Introduction
The introduction of input channels and input sequence numbers (ISNs) in store-and-forward
provides Sender-to-Receiver FIFO, gap detection, and duplicate detection.
InterAct store-and-forward messages exchanged over these input channels are numbered
sequentially. In the event of a transmission failure, the transmission is retried, using the same
sequence number (without any additional PDE indication).
For each input channel, store-and-forward maintains a sliding window of statuses of received
messages and gaps between received messages. Within that window, it can identify duplicates
and replay its original responses (accepted messages only, rejected messages are ignored by
store-and-forward and considered as gaps).
Requirements
Alliance Access uses input channels in an exclusive manner. This means that an Alliance
Access instance cannot share an input channel for message transfer with any other application.
When an emission profile is activated, the associated input channel may be opened in forced
mode. This means that any message transfer by other applications using this channel are
interrupted.
Attempting to use the same input channel by several applications may cause a message
transmission to be positively acknowledged even if the message was not actually sent over
SWIFTNet.
15.4.2 Procedures
15.4.2.1 Create Input Channel
Purpose
This procedure enables you to create an input channel on SWIFTNet for one of your licensed
BIC8.
Procedure
1. Run the SWIFTNet Interface application.
Prerequisites
In Alliance Access, you can delete an input channel from SWIFTNet.
The emission profiles configured with the selected input channel must be removed before the
input channel can be deleted. Once deleted, the input channel cannot be recreated.
Procedure
1. Run the SWIFTNet Interface application.
8. Click Yes .
Introduction
You can adopt an input channel created by another application so that Alliance Access can use
it.
Procedure
1. Run the SWIFTNet Interface application.
5. Click Adopt .
Introduction
Removing an input channel from Alliance Access does not delete it from SWIFTNet. The input
channel remains on SWIFTNet, but it is no longer known by Alliance Access.
Procedure
1. Run the SWIFTNet Interface application.
5. Click Yes .
Definition
Output channels are used to identify output sessions with SWIFT. An output session is used to
control the way and the order in which messages or files are delivered by SWIFT to the
receiver.
During an output session SWIFT delivers traffic to a messaging interface with an output
sequence numbering which allows to control the order of delivery and to identify missing
messages.
Output sessions existed already before the concept of output channels was introduced. Output
sessions were in fact queue sessions. At a given time only one session existed for a given
queue.
Starting an output session was equivalent to acquiring the queue. Stopping an output session
was equivalent to releasing the queue.
The concept of output channel allows multiple output sessions on a queue in such a way that
these output sessions are easily identified and managed. Indeed, without output channels, there
is only one output session possible at a given time for a queue, and there is only one output
sequence numbering for that queue. That output sequence numbering is maintained across the
output sessions, so that the order of the messages delivered from that queue can be
established.
When using output channels, each output channel has its own output sequence numbering
maintained across output sessions for that output channel. When opening an output channel,
traffic is delivered from the queue specified within the opening of the output channel.
15.5.2 Procedures
15.5.2.1 Delete an Output Channel
Purpose
This procedure enables you to delete an output channel from SWIFTNet.
This procedure only deletes the output channel from SWIFTNet, the output channel remains in
Alliance Access.
You cannot recreate an output channel on SWIFTNet once it is deleted from SWIFTNet.
Prerequisites
You must remove the emission profiles configured with the selected output channel before you
can delete the output channel from SWIFTNet.
Procedure
1. Run the SWIFTNet Interface application.
Purpose
This procedure enables you to adopt an output channel from another application so that
Alliance Access can use it.
Procedure
1. Run the SWIFTNet Interface application.
4. Select the BIC8 that you require from the drop-down list in the first part of the Output
Channel field.
5. Enter the remainder of the output channel name in the second and third parts of the Output
Channel field, as necessary.
6. Click Adopt .
The Adopt Output Channel window closes.
Purpose
This procedure enables you to remove an output channel from Alliance Access.
This procedure only deletes the output channel from Alliance Access, the output channel
remains on SWIFTNet.
Procedure
1. Run the SWIFTNet Interface application.
5. Click Yes .
– "Assigning SWIFTNet Connections to SWIFTNet Profiles" on page 134 for emission and
reception profiles.
For a description of the SWIFTNet environment and an explanation of SWIFTNet terms, see the
Certificate Administration Guide, which is part of the SWIFTNet Link documentation.
After installation, initial access to the SWIFTNet Support application is limited to the two Alliance
Security Officers who have received the initial secrets, so it is the responsibility of these
operators to configure the SWIFTNet environment. New operators can be defined, to allow the
delegation of the different configuration aspects using entitlements and permissions.
Note Alliance Access communicates with Alliance Gateway using the Relaxed
SWIFTNet Link format. Tasks related to the management of certificates are
performed on Alliance Gateway. For more information about these tasks, see the
Alliance Gateway Operations Guide.
For more information about certificates, see the Certificate Administration Guide.
Definitions
The following are terms used for SWIFTNet within Alliance Access:
• SWIFTNet Connection: is the system (host name or IP Address and port number of the
system running Alliance Gateway) on which the SWIFTNet Link software is installed.
• CID Signing DN: is the Distinguished Name of the PKI certificate holder in the context of FIN
Copy
For information about setting up operator profiles and permissions, see "Managing Alliance
Access Security" on page 77.
Field descriptions
Connection Name
The user-defined name of the SWIFTNet connection.
Hostname
The host name of the machine on which Alliance Gateway is installed.
Status
The status of the connection.
2. Select the required SWIFTNet connection from the list and then Open from the SWIFTNet
Connection menu. The SWIFTNet Connections Details window appears. The SWIFTNet
Connections Details window lists the details for the selected SWIFTNet connection. For a
description of the fields displayed in this window, see "The SWIFTNet Connection Details
Window" on page 151.
2. Stop the SWIFT Interface Services (SIS) and SWIFTNet Interface Services (SNIS)
components as described in "Stopping and Restarting Components" on page 74.
4. Select New... from the SWIFTNet Connection menu or click a connection in the list and
select New As....
The SWIFTNet Connection Details window appears.
6. When you have entered the required data, select Add from the SWIFTNet Connection
menu.
7. Restart the SWIFT Interface Services (SIS) and SWIFTNet Interface Services (SNIS)
components as described in "Stopping and Restarting Components" on page 74.
Field descriptions
Connection Name
Enter an identifier for the connection that you are defining. It must be unique.
Hostname
Enter the host name or IP address of the (remote) Alliance Gateway host.
Port Number
Enter the TCP port of the Alliance Gateway host.
SSL (in SSL Settings pane)
Select the type of security required for the communication between Alliance Access and
Alliance Gateway (SSL is used to secure transactions using PKI). This can be:
• Data Encryption (default) - provides two-way encryption of data sent between Alliance
Access and Alliance Gateway
SSL Certificate DN
Enter the distinguished name of the SSL Certificate used by the Alliance Gateway Transport
Agent.
CA Certificate
Enter the name of the file (without path) containing the CA certificate. A different CA certificate
can be used for the authentication of each Alliance Gateway connection. The CA certificate
must be available locally to Alliance Access:
• Windows: %alliance%\data
• UNIX: $ALLIANCE/data
This certificate is used when establishing the low-level connection between Alliance Access and
Alliance Gateway.
LAU (in LAU Settings pane)
LAU secures the link between Alliance Access and the SWIFTNet Link host, where the PKI
signatures for FIN message authentication are calculated (on an HSM).
LAU Key First Part / Second Part
The LAU key consists of 32 printable characters and must be entered in two 16-character
strings. This key must be the same as the one that is entered in the Alliance Gateway system
and must be renewed at regular intervals. Only Alliance Access and Alliance Gateway or
Alliance Starter Set know the LAU key that is exchanged with messages over this link.
Each part of the LAU key must comply with the following password complexity rules:
– A-Z
– a-z
– 0-9
• the key must contain at least one upper-case and one lower-case alphabetic character
• the number of occurrences of the same character must be equal to or less than half the
number of characters in it, minus one.
Connection Status
Indicates whether the connection between Alliance Access and the SWIFTNet Link host is
Reliable or Not Reliable. This parameter cannot be modified in this window. The SWIFTNet
connection status can be monitored and modified from the SWIFTNet Connection window in
the SWIFTNet Support application. The status can only be modified when the SIS and SNIS
components are stopped.
Port number (in FileAct Settings pane)
Numeric input field. Default value is 48003.
• No additional security
2. Stop the SWIFT Interface Services (SIS) and SWIFTNet Interface Services (SNIS)
components as described in "Stopping and Restarting Components" on page 74.
4. Click the connection which you want to update and from the SWIFTNet Connection menu
select Open....
The SWIFTNet Connection Details window appears with the configuration information for
this connection.
For a description of the fields displayed in this window, see "The SWIFTNet Connection
Details Window" on page 151.
5. The information in the following fields can be updated (depending on your configuration):
• Hostname
• Port Number
• SSL
• SSL Certificate DN
• CA Certificate
• LAU
6. When you have entered the required data, select Modify from the SWIFTNet Connection
menu.
The connection is now updated. All modifications to the SWIFTNet connection are logged in
the event journal.
7. Restart the SWIFT Interface Services (SIS) and SWIFTNet Interface Services (SNIS)
components as described in "Stopping and Restarting Components" on page 74.
2. Stop the SWIFT Interface Services (SIS) and SWIFTNet Interface Services (SNIS)
components as described in "Stopping and Restarting Components" on page 74.
4. Click the connection to be removed and select Remove from the SWIFTNet Connection
menu.
5. You are prompted with a dialog box to confirm the removal of the SWIFTNet connection.
Click Continue to complete the process.
6. Restart the SWIFT Interface Services (SIS) and SWIFTNet Interface Services (SNIS)
components as described in "Stopping and Restarting Components" on page 74.
2. Stop the SWIFT Interface Services (SIS) and SWIFTNet Interface Services (SNIS)
components as described in "Stopping and Restarting Components" on page 74.
4. Click the connection marked as Not reliable and select Mark Connection as Reliable from
the SWIFTNet Connection menu.
5. Restart the SWIFT Interface Services (SIS) and SWIFTNet Interface Services (SNIS)
components as described in "Stopping and Restarting Components" on page 74.
Prerequisites
The servers must be running in Operational mode.
To prevent Alliance Gateway from using a non-FIN certificate for FIN messages, and vice versa,
the Alliance Gateway message partners must be configured with the correct type of certificate,
as follows:
Alliance Gateway message partner Contain certificates which are valid for
3. If the Logical Terminal list pane is not shown, then select Logical Terminal from the View
menu.
4. Select a logical terminal in the list by double-clicking it or by using Open in the Logical
Terminal menu. This opens the Logical Terminal Details window.
Four connections can be defined for the logical terminal. The sequence number (1 to 4)
indicates the order in which the connections are used when connecting to FIN, or in case of
failure.
6. Select the SWIFTNet connection that you want to use for this logical terminal by clicking its
entry in the list. Then select Assign Connection from the Logical Terminal menu. The
Gateway Connection Details window appears.
8. Select the Use specific Authoriser DN option to specify the Authoriser DN.
Type the Authoriser DN value, which must comply with the DN format described in the
SWIFTNet Naming and Addressing Guide.
For more information about the result of selecting this item, see the "Authorisor DN and CID
Signing DN" on page 157.
9. Select the Use specific CID Signing DN to specify the CID Signing DN.
This DN is used in the context of FIN Copy for the central institution. If you select this box,
then the CID Signing DN field appears. Enter the required CID Signing DN.
For more information about the result of selecting this item, see the "Authorisor DN and CID
Signing DN" on page 157.
10. Click OK . The selected SWIFTNet connection is now available to this logical terminal.
11. Restart the SWIFT Interface Services (SIS) component, as described in "Stopping and
Restarting Components" on page 74.
Note You can schedule different actions for logical terminals. For more information, see
"Scheduling FIN Select or Logout from SWIFT" on page 205.
If you select
✓ The distinguished name that user provided for the CID signing
DN is assigned only to the CID signing DN. The field becomes
the value of Authoriser DN remains unchanged.
• Authoriser DN
The level 2 of the DN selected by Alliance Gateway must
match the BIC8 provided by Alliance Access
• CID signing DN
The level 2 of the DN selected by Alliance Gateway matches
the BIC8 provided by Alliance Access for the FIN Copy
service.
2. If the configuration parameters are not shown, then select Configuration from the View
menu. The parameters are listed within a window. The following details are displayed for
each configuration parameter:
Field Description
Object The class to which the parameter belongs, such as display format, alarm, or
disk space
3. Double-click the parameter that you want to modify from the Configuration list. A
Configuration Details window appears.
For a description of the fields displayed in this window, see "Configuration Details Window"
on page 159.
Note For changes to take effect, it is sometimes necessary to restart the application,
to restart the servers, to wait for a delay, and so on. For more information, see
the specific parameter descriptions in "Classes of Configuration Parameters"
on page 159.
Field descriptions
Component
The application affected by the setting of the parameter.
Object
A general classification given to the parameter.
Parameter
The name of the parameter.
Value
The attribute of the parameter that can be modified.
Default
The default value of the parameter. SWIFT set this value and it cannot be modified or set during
installation.
Min allowed
The minimum value allowed for the parameter. This is only applicable to numeric values.
Max allowed
The maximum value allowed for the parameter. This is only applicable to numeric values.
Description
A description of what the parameter does.
Note Some parameters described in this section are only available if you have licensed
the relevant option for your system.
17.3.1 Alarm
List of alarm parameters
Parameter Description
Maximum The maximum number of alarms that can be popped up on a Workstation at one
time. Default value: 3.
Changes to this parameter take effect at the next Workstation login.
Timeout The number of minutes an alarm popup remains on screen. Default value: 15.
Changes to this parameter take effect at the next Workstation login.
Parameter Description
Sender LT Specifies the logical terminal (BIC12: LT followed by XXX) used to send alarm
messages to Internal Correspondents.
Changes to this parameter take effect at the Next Alarm Message/Frequency
check.
17.3.3 Backup
List of backup parameters
Parameter Description
Archive Backup The Oracle database requires this parameter to create the Data Pump files
Dir Object containing the backups of archives.
Maximum value: 30.
A change to this parameter will be taken into account at the next backup or restore
operation.
This parameter is only available when the Alliance Access database is hosted.
DB Backup Dir The Oracle database requires this parameter to create the Data Pump files
Object containing the backups of the Alliance Access database.
Maximum value: 30.
A change to this parameter will be taken into account at the next backup or restore
operation.
This parameter is only available when the Alliance Access database is hosted.
Parameter Description
Location This parameter defines the file directory wherein the Alliance Access backups are
Backups created. This directory must be shared between the Alliance Access host and the
database host. If the parameter has no value, then no backup or restore can take
place.
The parameter has no value by default.
A change to this parameter will be taken into account at the next backup or restore
operation.
This parameter is only available when the Alliance Access database is hosted.
Location This parameter defines the file directory remotely accessed from the database host
Backups DB Host wherein the Alliance Access backups are created. If this parameter has no value,
then the value specified for the Location Backups parameter is used.
The parameter has no value by default.
A change to this parameter will be taken into account at the next backup or restore
operation.
This parameter is only available when the Alliance Access database is hosted.
Parameter Description
History Period The number of days to keep history records for batch duplication check and to
keep the files in the file transfer adapter backup and error directories. Default
value: 10.
Changes to this parameter take place at the next poll.
Automatic - The Session Autostarter Polling Timer in seconds. Default value: 60.
Polling Timer Changes to this parameter take place at the next poll.
Log Directory The location where report files generated for XML version 2 (MT/MX) input are
stored.
Parameter Description
LTA Timeout Defines the Local Transfer Agent completion time in minutes. This is the time that
Alliance allows for the Local Transfer Agent to process a batch output file. If the
Local Transfer Agent has not finished its task within this time, then an event is
written to the Event Journal. Default value: 5.
LTA waiting Specifies whether Alliance can wait for Local Transfer Agent completion before
mode closing the session. Default value: Off.
17.3.6 Database
List of database parameters
This parameter is not available when the licence package 13:HOSTED DATABASE is present.
Parameter Description
Location Location of the daily Messages database files. A change to this parameter is taken
Messages into account on creation of the next database file.
Note: if the user enters an invalid path or if the server processes have no write
access to the specified location, then the new database files are created in the
following directory:
• On UNIX: $ALLIANCE/database/datafiles/MESG
• On Windows: %ALLIANCE%\database\datafiles\MESG
Location Journal Location of the daily Journal Events database files. A change to this parameter
Events takes effect at the next database file creation time.
Note: if the user enters an invalid path or if the server processes have no write
access to the specified location, then the new database files are created in the
following directory:
• On UNIX: $ALLIANCE/database/datafiles/JRNL
• On Windows: %ALLIANCE%\database\datafiles\JRNL
Parameter Description
ADK Storage This parameter defines the directory in which Alliance Access Developers Kit
applications can store their specific information. The contents of this directory are
considered during the backup and restore operations.
The default path for this directory is as follows:
• On Windows: %ALLIANCE%\data\ADK_DIR
• On UNIX: $ALLIANCE/data/ADK_DIR
Parameter Description
Operational Trace When this parameter has a value On, a journal entry is written for every call that is
made to an Alliance Access Developers Kit (Toolkit) function. The journal entry
describes in full the call made by the Alliance Access Developers Kit function.
Default value: Off.
A change to this parameter takes effect when an Alliance Access Developers Kit
application is restarted.
Parameter Description
Frequency The interval in seconds (in multiples of 60) at which disk space is checked.
Default value: 300. Minimum: 120. Maximum: 3600.
Change to this parameter takes effect at the next check.
A warning will be given if free disk space drops below a Warning parameter.
Repeat warnings are given at 10 times the interval.
Recovery Alliance Access shuts down when the free space of the Recovery Backup Disk
Shutdown - MB becomes less than this number of megabytes. If the value is 0, then no action is
taken.
Default value: 1000. Minimum: 0. Maximum: 4190000.
This parameter is available when 14:DATABASE RECOVERY is licensed.
Recovery Alliance Access issues a warning when the free space of the Recovery Backup
Warning - MB Disk becomes less than this number of megabytes. If the value is 0, then no action
is taken.
Default value: 5000. Minimum: 0. Maximum: 4190000.
This parameter is available when 14:DATABASE RECOVERY is licensed.
Shutdown - MB Sets the absolute minimum free disk space (in MB) that must be available on the
file systems hosting the database. If the free disk space available for one of these
file systems falls below this value, then Alliance Access shuts down.
Default value: 1000, to which the system automatically adds (for recovery
purposes) the size of the largest database file stored in the database, plus the size
of the database index file. Minimum: 0. Maximum: 4190000.
The frequency at which this parameter is checked is set using the Disk Space -
Frequency parameter.
Alliance must be restarted before a change to the value of this parameter becomes
effective.
Shutdown - Shutdown Alliance Access when available space on the disk of the source tree is
Release Dir less than this value (in Kbytes). Default value: 20000.
Changes to this parameter take effect at the next disk space check.
Warning - MB Alliance Access issues a warning when the free space of one of the monitored file
systems hosting the database becomes less than this number of megabytes. The
file system is set in an exception state in the resources monitoring.
Default value: 5000. Minimum: 0. Maximum: 4190000.
If the value is 0, then no action is taken.
Changes to this parameter take effect at the next disk space check.
Warning - Alliance Access issues a warning when available space on the disk of the Release
Release Dir Directory is less than this value.
Default value: 50000 (Kbytes).
Changes to this parameter take effect at the next disk space check.
Parameter Description
UNIX only: Alliance Access issues a warning when available space on the /tmp disk is less
Warning - Printer than this value (in Kbytes).
Spool Default value: 10000. Minimum: 1024. Maximum: 200000.
Changes to this parameter take effect at the next disk space check.
Parameter Description
Amount Specifies the convention used to separate decimals and units of a thousand:
Date The display format of the date: American date format is MM/DD/YY, European date
format is DD/MM/YY, ISO date format is YY/MM/DD. A change to this parameter takes
effect when Alliance Workstation is restarted. Default: European.
• Day of 24 Hours, which uses 24-hour clock notation, for example, 13:15:00. This is
the default option.
• Day of 12 Hours, which uses 12-hour clock notation, for example, 01:15:00 p.m.
17.3.10 Display/Print
Display/Print parameter
Parameter Description
FIN User Specifies whether to display or print the FIN User Header (block 3) of MT messages.
Header
The allowed values are:
• Yes - display block 3 in the message details in the Text tab of theMessage File
Application, and in the results of a message search. In addition, print block 3 in the
printed reports of message details, both from the GUI and from a Print message
partner.
• No - do not display block 3 in the message details, and do not print it in reports that
provide message details.
The default value is No.
17.3.11 Emission
List of emission parameters
Parameter Description
Retry Timer Indicates the timeout period (in seconds) between 2 retries to emit a message. The
value entered can be from 0 to 120 seconds. Default value: 60.
The SNIS component must be restarted before changes to this parameter take effect.
17.3.12 Event
Event parameter
Parameter Description
SNMP Max Indicates the maximum size of the event text distributed to SNMP managers. 0 means
Event Size that there is no maximum size. Default value: 2000.
17.3.13 File
File parameter
Parameter Description
File Digest Indicates the default file digest algorithm that Alliance Access uses to compute the
Algorithm digest on the payload file of the FileAct message if no file digest algorithm is provided by
the back-office application. The following values exist: SHA-1 and SHA-256. Default
value: SHA-256.
Changes to this parameter take effect immediately.
17.3.14 Message
List of message parameters
Parameter Description
Expansion Specifies the language that message expansion fields are displayed in. Default value:
Language English.
A change to this parameter takes effect when an application is restarted.
• Off - the logical terminal specified in the message transmits the message.
Default value: Off.
Changes to this parameter only take effect after the SIS component is restarted.
Parameter Description
RMA Specifies whether RMA Authorisation is required for FIN Test and Training
authorisation messages. Possible values are:
for T&T
• Not required
• Required
Default value: Not required.
Changes to this parameter will only take effect after the SIS component is restarted.
RTV Routing Controls the RTV routing information in a retrieved message. When this parameter is
set to:
Common Ref Controls the calculation of the Common Reference, which is part of field 22 of Block
Calculation 4, in FIN messages that are input through message partners and that have the data
format CAS, RJE, DOS-PCC, or XML version 2. Alliance Access always calculates
the Common Reference in messages that a user enters manually.
The values are:
• Yes - Alliance Access calculates the Common Reference, even it exists in field 22.
• No - does not calculate the Common Reference in field 22. In this case, the values
of Validation level and Message Modification allowed are ignored, and a NAK
may be received if field 22 of the message contains incorrect information.
Default value: Yes.
The MXS component must be restarted for changes to this parameter to take effect.
17.3.15 Network
List of network parameters
Parameter Description
SWIFTNet Maximum delay (in seconds) that Alliance buffers an input message before it is
Batching Timeout sent. SWIFT determines the final value used. Default value: 2.
The SIS component must be restarted before changes to this parameter take
effect.
SWIFTNet Max Maximum number of FIN APDUs that can be sent in a single DATA PDU. SWIFT
batch count determines the final value used. Default value: 30.
The SIS component must be restarted before changes to this parameter take
effect.
Reconnect Timer Indicates the time (in minutes) after which the SWIFTNet Interface component
(SNIS) attempts to reconnect an interrupted profile. Default value: 20. Minimum: 1.
Maximum: 300.
The SWIFTNet Interface component must be restarted for changes to this
parameter to take effect.
Parameter Description
Preferred Order Used by the Message Preparation application to propose a default value for the
preferred network when the receiver is a wild address, that is, the network address
is not in the correspondent file. The default display order is SWIFT, APPLI,
OTHER.
A change to this parameter takes effect when the application is restarted.
Usersync - Max Specifies the number of attempts that are allowed to reconnect a failed
Retries communication session with the SWIFT network. Default value: 20.
The SWIFT Interface component must be restarted for changes to this parameter
to take effect.
Usersync - Max Specifies the duration (in minutes) for which attempts to reconnect a failed
Time communication session with the SWIFT network are made. Default value: 30.
The SWIFT Interface component must be restarted for changes to this parameter
to take effect.
Usersync - Retry Specifies the time-out period (in seconds) between reconnect retries. Default value:
Timer 120.
The SWIFT Interface component must be restarted for changes to this parameter
to take effect.
Delivery Notif via Specifies whether SWIFTNet delivery notifications for InterAct or FileAct messages
SysMsg can be received as system messages. If this parameter is set to No, then
SWIFTNet delivery notifications are received as internal messages. Default value:
No.
The SWIFTNet Interface component must be restarted for changes to this
parameter to take effect.
17.3.16 Performance
List of performance parameters
Parameter Description
Active Controls whether correspondents are checked to see whether they have an active
Correspondent status, before sending a message. The possible values are "On" or "Off". Default
value: On.
The SWIFT Interface Services must be restarted for changes to this parameter to
take effect.
FIN Keyword Controls whether keywords are extracted from incoming (output) MT messages.
Extraction The possible values are "On" or "Off". Default value: On.
The SWIFT Interface Services must be restarted for changes to this parameter to
take effect.
Maximum Read Disk I/O in MB/sec used to read from the database disks when a Recovery Backup
Rate is created. Minimum: 0. Maximum: 1024. Default value: 0. If the value is 0, then
maximum disk I/O is used.
A change to this parameter takes effect at the next recovery backup creation.
This parameter is ignored unless the Alliance servers are running and option
14:DATABASE RECOVERY is licensed.
MQSA Controls whether the writing of some interventions is suppressed. The possible
Interventions values are "None", "All", or "System". Default value: None.
The SMQS component must be restarted for changes to this parameter to take
effect.
This parameter applies to MQSA. It does not apply to the WebSphere MQ Host
Adapter.
Parameter Description
MX Keyword Controls whether keywords are extracted from incoming (output) MX messages.
Extraction The possible values are "On" or "Off". Default value: On.
The SWIFTNet Interface Services must be restarted for the changes to this
parameter to take effect.
Routing Controls what types of interventions are suppressed. The possible values "All",
Intervention "System generated only", or "None". Default value: None.
17.3.17 Print
List of print parameters
Parameter Description
Message Search Specifies the maximum number of items that can be printed in a Message Search
Results Report. Default value: 1024. The value "0" means that no limit is set.
Skip Specifies whether Printer message partners print notifications without system or
Interventions user interventions. This does not apply to transmission notifications. The default
value is No, with notifications being printed with system or user interventions.
Setting this parameter to Yes saves paper when notifications are printed.
17.3.18 Queue
Queue parameter
Parameter Description
Threshold Frequency of alarm generation - the number of messages that can be added above
a queue threshold or the number of overdue message instances before a new
alarm will be generated. Minimum: 20. Maximum: 100. Default value: 20.
Changes to this parameter take effect at the next alarm.
17.3.19 Receiver
List of receiver parameters
Parameter Description
Default HQ for Specifies the receiver for system messages 074. Default value: SWHQBEBBBCT.
MT074
Default HQ for Specifies the receiver for system messages 090. Default value: SWHQNLNLXXX.
MT090
17.3.20 RMA
RMA parameter
Parameter Description
Auto Refresh If this parameter is set to No, then the automatic refresh of the view lists is disabled
in the Relationship Management application. Default value: Yes.
Changes to this parameter take effect after restarting the Relationship
Management application.
17.3.21 Shutdown
List of shutdown parameters
Parameter Description
Delayed After a request to stop the servers, this is the number of seconds delay before the
GUI applications are terminated. Default value: 120.
Forced After a request to stop the servers, this is the number of seconds delay before the
server processes are terminated. Normally the server processes stop before this
time has elapsed. Default value: 240.
17.3.22 System
System parameter
Parameter Description
Startup Mode On UNIX, this parameter can have the following values:
Parameter Description
Delivery Notif If set to Yes, then Traffic Reconciliation generates notifications for each matched
message instance. Default value: Yes.
17.3.24 WebSphere MQ
List of WebSphere MQ parameters
If the licence package 13:MQ HOST ADAPTER is installed, then the following parameters are
available in the System Management application:
Parameter Description
Connection Mode Specifies the mode that the MQ interface of Alliance Access uses to connect to a
Queue Manager. The options are:
• Client - The MQ interface can connect to multiple Queue Managers which are
located on the same host or on a different host as the MQ Adapter.
Input Message Limits the number of messages that Alliance Access reads per second from all the
Rate Limit WebSphere MQ queues that are configured in Alliance Access.
The default value is 0, which means that the incoming MQ traffic is not limited.
Mininum: 0. Maximum: 999.
Before you change this parameter, you must disable all the MQ message partners.
Recovery Time - The time interval, in seconds, after which the first attempt to reopen the
Initial communication session with WebSphere MQ is made in case of a broken
connection. Default value: 60.
Recovery Time - The increase of the time interval, in seconds, between consecutive attempts to
Increment reopen a WebSphere MQ session. Default value: 30.
Recovery Time - The maximum time interval, in seconds, between consecutive attempts to reopen a
Max WebSphere MQ session. Default value: 600.
If you do not want some events to be distributed because they contain confidential information,
then you must set up your distribution lists accordingly. In addition, it is possible to not log the
FIN message payload in the events. Security officers can set the related security configuration
parameter.
2. From the View menu, select Event Distribution. The Event Distribution window appears,
displaying the list of event types.
Field description
Comp.
The applications in Alliance Access where the event occurred.
Number
A unique number that identifies the Event in Alliance Access.
Name
The name of the event.
Class
The functional domain to which the event belongs.
Alarm
Specifies whether the event has the status of an alarm or not.
If the value is True, then two separate fields, Type and Distribute Alarm appear in the Alarm
Info tab.
Distribution
The values can be:
• Fixed: fixed events are always logged in the Event Journal. If an event has Fixed as its
default setting, then it cannot be modified.
Description
The General Info tab displays the attributes of the event type.
Field descriptions
Component
The applications in Alliance Access where the event occurred.
Number
A unique number that identifies the Event in Alliance Access.
Config Mgmt
This allows you to mark the event as being related to Configuration Management. In the Event
Journal, it is possible to search on events based on this criterion.
Name
The name of the event.
Class
The functional domain to which the event belongs.
Severity
Indicates the severity of an event. An event can have one of the following levels of severity:
• Information
• Warning
• Severe
• Fatal
Distribution
This option button is used to specify the distribution of events within the system and the values
are:
• Fixed: Fixed events are always logged in the Event Journal. If an event has Fixed as its
default setting, then it cannot be modified
Description
The Alarm Info tab can be selected from the Event Distribution Details window.
This tab is only present if the event that you selected is an alarm.
Field descriptions
Type
If the event is an alarm, then you can select Action to indicate that action must be taken by the
operator to clear the event, or Information to indicate that the event is for information only, and
no action needs to be taken.
Distribute Alarm
To specify whether the alarm is to be distributed. If you select True, then the To Distribution
List field appears.
To Distribution List
Click this option button to display the available distribution lists. To select a list, highlight it and
click Select.
2. From the Event Distribution menu, select Modify to update the event details.
• Fixed: fixed events are always logged in the event journal. If an event has Fixed as its
default setting, then it cannot be modified.
It is possible to reset the attributes for event distribution back to their default settings. Events
already logged in the Event Journal are not affected by this command.
Note If the following events are promoted to alarm status, then they can be distributed to
internal correspondents. However, they cannot be distributed to specific operators.
2. From the View menu, select Event Distribution. The Event Distribution window appears,
displaying the list of event types.
3. From the Event Distribution window, select and open an event type. The Event
Distribution Details window appears.
4. Click the General Info tab, then click Alarm and select True
5. Click the Alarm tab, then click Type and select one of the following:
• Action, to indicate that the operator must take action to clear the alarm
• Information, to indicate that the event is for information only and that no action needs to
be taken.
7. Click To Distribution List and select a distribution list to which the alarm must be
broadcasted. For more information about distribution lists, see "Alarm Distribution" on
page 178.
8. Click Modify .
• on AIX: $ALLIANCE/BSS/data/AIX
• on Windows: %ALLIANCE%\BSS\data/win32
All information concerning a single event is mapped to a structure that can be interpreted by the
SNMP Manager based on the object identifier (or OID).
Note Version 1 of the SNMP protocol does not offer specific protection such as
encryption.
Unique identifier of the .1 Differentiates events coming from more than one Alliance instance
SAA instance
Note The default distribution lists are based on the class of the event. They can contain
a maximum of 52 operators.
2. From the View menu, select Distribution List. The Distribution List window appears,
displaying the available distribution lists.
The distribution lists are shown with a number of options, such as the name of the list. You
can choose not to display these options by selecting View from the Distribution List
menu. If you select Save Current Settings from the File menu, then all your current
settings are saved. The next time that you start the System Management application these
settings are displayed automatically.
Example
Field descriptions
Distribution List
The name of the distribution list, which describes the class of the selected event.
Distribute Event to
From this option box, you can select:
• All operators: This sends an alarm to all operators who are signed on
• Specific operators: This sends the alarm to operators who are signed on and specified as
selected in the operator list pane.
Operators
This pair of transfer panes is used to specify the operators who are to receive the alarms
belonging to the distribution list. If an alarm is marked For Action, then the first operator in the
list, who is signed on, automatically receives this alarm. All other operators in the list, who are
signed on, receive the alarm for information purposes only.
Example
Field descriptions
Internal Correspondents
This pair of transfer panes is used to specify the internal correspondents who are to receive
alarms. The Available list displays all the internal correspondents defined in Alliance Access.
Example
Field descriptions
Distribute event to SNMP Server(s):
The destinations are expressed in the format <IP>:<port>, each occurrence on a separate
line.
Up to 16 destinations can be specified.
2. If you select Specific Operators, then the Operators list pane appears. The operators that
have already been assigned appear in the Selected column. Those that are not assigned
appear in the Available column.
3. To add an operator to the distribution list, double-click the operator in the Available list
pane to move this operator to the Selected list pane. The first operator in the Selected list
who is signed on, automatically receives the For Action alarm whilst all the other operators
receive the alarm For information only. To remove an operator from the distribution list,
double-click the operator in the Selected list pane to move this operator to the Available
list pane.
4. Click the Internal Correspondents tab. The Internal Correspondents transfer pane is
used to specify the internal correspondents who are to receive alarms. The Available list
displays all the internal correspondents defined in Alliance Access. To add an internal
correspondent to the Selected list pane, double-click the Internal Correspondent in the
Available column to move it to the Selected list pane. To remove an internal
correspondent from the Selected list pane, double-click the Internal Correspondent in the
Selected list pane to move it to the Available list pane.
5. Click the SNMP Servers tab. This tab allows you to specify one or more value pairs for the
IP address, and port on which the SNMP Manager is listening for events. You can enter up
to 16 destinations in the format <IP>:<port>. Each occurrence must be on a separate
line.
6. Click Modify .
2. From the View menu, select Distribution List. The Distribution List window appears,
displaying the available distribution lists.
3. Either select New from the Distribution Lists menu, or highlight a distribution list and
select New As from the Distribution Lists menu. The Distribution List Details window
appears.
4. Complete the fields as required. For descriptions of these fields, see "Distribution List
Details Window" on page 180.
5. Click Add.
• None of the operators specified in the alarm distribution list are currently signed on
• The assigned operator for acting on the alarm decides to treat the alarm later by clicking
Treat Later in the alarm pop-up window
• The assigned operator for action did not treat the alarm, that is, they did not click Treated ,
before the alarm message window timed out. In such cases, the alarm is logged as untreated
in the Event Journal.
2. From the View menu, select Event Distribution. The Event Distribution window appears,
displaying the available event types.
3. Double-click the relevant event. The Event Distribution Details window appears.
5. With the Alarm option button, select True and the Alarm Info tab appears. To treat the
alarm in the background, select False in the Distribute Alarm field.
Note An incorrect script may cause major problems on your system as processing an
unusual number of alarms may cause a timing problem, and consequently, the
system to hang. Instead of sending all alarms to a file, you may consider using
event distribution to send specific alarms to a file. You can then use an external
program to process this file.
Alarm script
The following example script shows where alarms are copied to a file alarm.out in the tmp
directory:
Note During any period when the servers are running in housekeeping mode, no
scheduled actions take place.
• Holiday
• Weekend.
Note If you modify a calendar year to include changes that affect the current day, then
you must restart Alliance Access for your changes to take effect. Otherwise
changes take effect automatically at midnight.
To create a calendar:
1. Run the Calendar application.
3. Enter a unique name for the Calendar (maximum 20 alphanumeric characters) and then
click New .
Note A Year for the current year is automatically created in this calendar.
2. Select the calendar that you want to base your new calendar on, then select New As from
the Calendar menu.
3. Enter a new, unique name for the Calendar (maximum 20 alphanumeric characters) and
then click New .
2. If multiple calendars have been defined, then select the calendar for which you want to add
a new calendar year, and select Open from the Calendar menu.
The following window appears (with the year listed here if it has been defined):
4. Enter the year using the format (YYYY) in the Year field. Note that you can only add the
current year or the next year. The Calendar Year Details window appears.
Note During the startup of the Alliance Access servers, each Calendar is checked to see
whether the current year has been defined. For each Calendar for which no current
year is defined, an alarm event is generated.
2. If multiple calendars have been defined, then select the calendar from which you want to
remove a Year, and select Open from the Calendar menu.
The following window appears (with the year listed here if it has been defined):
3. Select the Year that you want to remove and then select Remove from the Year menu.
Overview
Depending on the profiles that you have defined for the days in a calendar, such as holidays
and weekends, Alliance Access automatically assigns the following system attributes to the
days:
• First working day of month. This is assigned to the first day of the month that is not a
Holiday or a Weekend.
• Middle working day of month. This is assigned to the 16th of the month, or the next day
that is not a Holiday or a Weekend.
If you assign the profile Weekend to a day, Alliance Access automatically calculates the
following system attributes:
• First working day of week. This is assigned to the first day following a Weekend which is
not a Holiday or a Weekend.
• Last working day of week. This is assigned to the first day before a Weekend that is not a
Holiday or a Weekend.
At the end of the year, a week can fall partly in one year and partly in the following year. In this
case, the First working day of week refers to the first day in the current year following a
Weekend which is not a Holiday or a Weekend.
Similarly the Last working day of week refers to the last day in the current year before a
Weekend that is not a Holiday or a Weekend.
The following examples explain the scenario.
Definitions:
• WD = Working day
• Mon = FWDW
• Tue = Normal
• Wed = LWDW
• Thu = FWDW
• Fri = LWDW
Example 2
If 31 December is a Monday, 1 and 2 January (Tuesday and Wednesday) are holidays, then the
days are considered as follows:
• Mon = FWDW
• Tue = Hol
• Wed = Hol
• Thur = FWDW
• Fri = LWDW
Example 3
If 31 December is Wednesday and 1 January (Thursday) is a holiday, then the days are
considered as follows:
• Mon = FWDW
• Tue = Normal
• Wed = LWDW
• Thu = Hol
• Fri = FWDW
Note If you make any changes to a calendar, then once the changes are saved, Alliance
Access re-assigns the First and Last working day of the week and the First and
Middle working day of the month accordingly.
Overview
You use the Redefine command to globally change the day profile for a given day throughout
the year. For example, you can redefine every Friday as a Weekend, or every Saturday as a
Normal working day.
• Weekend.
Overview
To complete your calendar customisation, you must specify which days are Peak working days
and which are holidays. Note that a Weekend is automatically defined as a holiday and cannot
be specified as a Peak working day.
3. In the Day Profile list, select one profile for the day.
The following profiles exist:
• Holiday
The day is highlighted with the default colour that is assigned to that day profile. Note that
the change applies only within the month currently displayed.
To change the default colours that identify weekends and day profiles:
1. Click Show Legend to display the Color Legend box. Note that the Show Legend button text
changes to Hide Legend .
2. Click the colour that you want to change and select a new colour from the palette.
3. If you want to restore the default colours at any time, then click Default.
4. Click Hide Legend to close the Color Legend box and apply the new colours.
2. Select the calendar that you want to set as the new default. The default calendar must
contain an entry for the current year.
Note If you want the new default calendar to be activated immediately, then restart
Alliance Access. Otherwise, the new default calendar will be activated on the next
day.
• If one or more Calendars are selected and you select to print "with details", then the details
are printed for all the defined Years for each selected Calendar.
• If one or more Calendars are selected and you select to print "without details", then a list of
the defined Years is printed for each selected Calendar.
If you are printing from the details of a given calendar:
• If one or more Years are selected and you select to print "with details", then the details are
printed for all the selected Years for the open Calendar.
• If one or more Years are selected and you select to print "without details", then a list of the
defined Years is printed for the open Calendar.
2. From the View menu, select Profile. The Profile - Security Definition window appears
with a list of profiles available.
3. Double-click the profile that you want to modify, or select the profile and from the Profile
menu, select Open. The Profile Details window appears.
Note When moving applications between the Available and Selected list boxes in
the Profile Details window, you must use the transfer buttons. Do not double-
click an application name to move it between boxes.
4. Select the applications in which you want to enable scheduling by moving them from the
Available list box to the Selected list box.
Select from:
• System Management
• Event Journal
• SWIFT Interface
• SWIFTNet Interface
• Message File
5. Select the application name in the Selected list box. The functions available in this
application then appear in the Available list box for Functions.
6. Select functions by moving them from the Available list box to the Selected list box (for
example Archive for the Event Journal).
7. Double-click the function name in the Available list box. The Security Definition -
Permission Details window appears.
8. Set the 1) Store schedule and 2) Modify operating mode fields to Yes.
Note This is only possible with functions that can be scheduled (for example,
archiving of the Event Journal).
9. Click OK .
10. From the Profile menu select Modify, to save the profile.
11. Get the operator definitions for the modified profile approved by the right security officer
and left security officer.
To define a schedule:
When you define a schedule for automating an Alliance Access process, you must:
1. Select a category to indicate when the action is going to occur.
For example, you may want the action to occur every Business Month.
2. If there is more than one calendar defined (as in the SWIFT Interface application or
SWIFTNet Interface application), then you must specify which calendar to use.
Note Only calendars that have the current year defined are available for selection.
3. Specify the day and time when the action is to occur. The available types of day depend on
the category that you have selected.
For example, if you schedule the archiving of live messages to occur every Business
Month, you may decide to archive twice each month: once on the First Working Day of
Month and again on the Middle Working Day of Month.
Note When scheduling processes from an Alliance Workstation, ensure that its time
zone setting is the same as the time zone setting on the Alliance Access
server.
• Back up the archives of the Event Journal and the Message File
• remove archives
• activate and de-activate the emission and reception profiles in the SWIFTNet Interface
application
• import and export RMA authorisations (for more information, see the Relationship
Management Application User Guide).
For information about the permissions required to schedule these functions, see Appendix A,
"Default Profiles".
• Searching for events is faster if old events have been archived. SWIFT recommends that you
keep event data in the Alliance Access database. However, you may keep less if required.
• Events cannot be moved off the system unless they have been archived.
• You risk running out of disk space if events are not archived and removed from the hard disk.
2. From the File menu, select Archive. The Event Archive window appears.
3. Select Automatic from the Event archive operating mode list. The Event Archive -
Schedule Details window appears.
4. Type the number of days for which to keep events available in the database in the field
Number of Traffic Days to keep in the Database (including current day).
All other events are archived. For example, if you type 2, Alliance Access keeps today's
events and the events from the previous day in the database, and archives all events with
earlier dates.
Note Since events are archived for a full day, it is not possible to archive the events
from the current day.
• Every day
• Specific day
• Business day
• Business week
• Business month.
• in the On Every field, select the type of day (the available choices depend on the
Schedule Category selected).
• in the Earliest Start field, specify the time (HH:MM:SS) at which the action is to occur.
• in the Latest Start field, specify the latest time (HH:MM:SS) at which the action is to
occur. The action is initiated if the earliest start time is missed and a restart of the system
occurs after the time specified in the Earliest Start field but before that in the Latest
Start field.
7. To specify another action, select In use from the Second (or Third) Action list.
8. When you have completed the schedule details, click Store to save the settings.
2. From the File menu, select Archive. The Message Archive window appears.
3. Select Automatic from the Message archive operating mode menu. The Message
Archive Schedule Details window appears.
4. Type the number of days which you want to keep messages available in the database in
the field Number of Traffic Days to keep in the Database (including current day).
All other messages are archived (providing all messages for that day are complete). For
example, if you type 3, Alliance Access keeps today's messages and the messages from
the previous two days in the database, and archives all messages with earlier dates. If you
type 1, the minimum value, then all messages older than today, are archived if they are
completed (for that particular day).
• Every day
• Specific day
• Business day
• Business week
• Business month
• in the On Every field, select the type of day (the available choices depend on the
Schedule Category selected).
• in the Earliest Start field, specify the time (HH:MM:SS) at which the action is to occur.
• in the Latest Start field, specify the latest time (HH:MM:SS) at which the action is to
occur. The action is initiated if the earliest start time is missed and a restart of the system
occurs after the time specified in the Earliest Start field but before that in the Latest
Start field.
Note Simultaneous backups of the same entity (messages or events) cannot be run.
Therefore, you must take care when setting the earliest and latest times for
different backups so that they do not coincide.
7. To specify another action, select In use from the Second (or Third) Action list.
8. When you have completed the schedule details, click Store to save the settings
• You cannot create backups of archives that were created using Alliance Access
6.0 or earlier.
• Journal Archive
• Message Archive
4. In the Backup operating mode field, select Automatic from the list.
5. The Backup Directory field specifies the location where Alliance Access stores the backup
file. If required, click ... to specify a different location.
Tip If you intend to copy the backup to tape or a hard disk, then make a note of
this directory path for future reference.
• Every day
• Specific day
• Business day
• Business week
• Business month
Field Action
Earliest Start Specify the time (HH:MM:SS) at which the action is to occur.
Latest Start Specify the latest time (HH:MM:SS) at which the action is to occur if the Earliest
Start time is missed.
If Alliance Access restarts after the time specified in the Earliest Start field but
before the time specified in the Latest Start field, then Alliance Access performs
the scheduled action.
Mode Specify the action (all archives except for Database), as follows:
• Backup & Remove, to back up the archive and then remove the original.
Note Simultaneous backups of the same entity (messages or events) cannot be run.
Therefore, you must take care when setting the Earliest Start and Latest
Start times for different backups so that they do not coincide.
8. To specify another action, select In use from the Second (or Third) Action list.
9. When you have completed the schedule details, click Store to save the settings.
A scheduled backup of any of the archive types (messages or events) always backs up all
available archives (with the status "Ready") of that type defined at the moment the backup
process starts. If the Mode is Backup & Remove, then archives are removed from the system
after being successfully backed up.
If an archive is being read by an application whilst a backup procedure begins, then the backup
is performed but the archive is not deleted (an error message is raised but not displayed).
If you do not remove the archive, then the archive stays in the database and its status is
changed to Backed Up. Therefore, it is not backed up at a later stage. This prevents the same
archives being backed up at every scheduled backup. If the Mode is Backup & Remove, then
the archive is removed from the system after Alliance Access creates the backup successfully
and the same conditions apply as for manual archive backups.
The Backup/Restore application creates backups of archives according to a schedule. If a
backup or restore action is running when the backup is started, then Alliance Access does not
create the backup. It creates an event for this backup failure.
5. The Backup Directory field specifies the location where Alliance Access stores the backup
file. If required, click ... to specify a different location.
Tip If you intend to copy the backup to tape or a hard disk, then make a note of
this directory path for future reference.
• Every day
• Specific day
• Business day
• Business week
• Business month
Field Action
Latest Start Specify the latest time (HH:MM:SS) at which the action is to occur if the Earliest
Start time is missed.
If Alliance Access restarts after the time specified in the Earliest Start field but
before the time specified in the Latest Start field, then Alliance Access performs
the scheduled action.
Note Because simultaneous backups cannot be run, take care when setting the
Earliest Start and Latest Start times for different backups to ensure that they
do not coincide.
8. To specify another action, select In use from the Second (or Third) Action list.
9. When you have completed the schedule details, click Store to save the settings.
3. Select Automatic from the Stop operating mode list. This displays the System
Management - Stop Alliance window, where you can specify details of how you want to
stop Alliance Access automatically.
• Every day
• Specific day
• Business day
• Business week
• in the On Every field, select the type of day (the available choices depend on the
Schedule Category option selected).
• in the at field, specify the time (HH:MM:SS) at which the action is to occur.
6. To specify another action, select In use from the Second (or Third) Action list.
7. When you have completed the schedule details, click Store to save the settings, and then
click Quit to quit the dialog box.
3. In the Restart mode field, select the mode in which you want Alliance Access to restart.
The options are:
4. Select Automatic from the Restart operating mode list. This displays the System
Management - Restart Alliance window, where you can specify details of how you want to
automate the restart.
• Every day
• Specific day
• Business day
• Business week
• in the On Every field, select the type of day (the available choices depend on the
Schedule Category list option selected).
• in the at field, specify the time (HH:MM:SS) at which the action is to occur.
7. To specify another action, select In use from the Second (or Third) Action list.
8. When you have completed the schedule details, click Store to save the settings, and then
click Quit to quit the dialog box.
Operation Mode
In Alliance Access, there are two modes in which a logical terminal can operate: Manual and
Automatic. The Automatic mode enables you to schedule operations. When a logical
terminal is operating in Manual mode, none of the scheduled operations are activated.
If the logical terminal is operating in manual mode, and if one or more of the following conditions
are true, then Alliance Access does not change the operational mode of the logical terminal to
automatic:
• No scheduled action is defined to occur at 00:01 am for each type of day for which at least
one action has been defined
Note The scheduled action at 00:01 am is mandatory for recovery reasons. You can
either define a real action for that time or use the same action as the last action
of the previous day.
When you schedule Specific Days, make sure that an entry exists for 00:01 for
every day that you want the Logical Terminal to be Selected.
• The logical terminal is in a session and the connection that the logical terminal is using is
currently suspended.
Note If a logical terminal is running in automatic mode and an operator manually tries to
log on, log off, select, or quit it, then the logical terminal switches back to manual
mode.
This happens even if the operator does not have specific permissions to change
the mode of operation for a logical terminal. However, the system warns the
operator and requires a confirmation before continuing.
2. If the Logical Terminal list pane is not shown, then select Logical Terminal from the View
menu.
The Logical Terminal - SWIFT Interface main window appears:
3. Double-click the logical terminal for which you want to make a schedule. The Logical
Terminal Details window appears, with tabs for information for the logical terminal that you
selected.
• Every day
• Specific day
• Business day
• Business week
7. From the Action menu, select New. The Action Details window appears. Define at least
one action for the schedule.
9. In the On Every field, select the type of day from the list. The available choices depend on
the Category selected.
Note The On Every field is disabled if you selected Every Day in the Category field
of the Logical Terminal Details screen.
• Select Input, to perform a login to APC, Select FIN and send messages.
• Select Output, to perform a login to APC, Select FIN and receive messages.
• Select Input/Output, to perform a login to APC, Select FIN and send and receive
messages.
When you select Select Output or Select Input/Output, a transfer list box appears
where you can select the delivery subsets to be assigned to the logical terminal.
Note Alliance Access automatically applies the scheduled state, even after a line
failure.
14. Repeat the previous steps until all actions are defined.
2. Ensure that the Emission Profile View appears. If the Emission Profile View window is
not shown, then select Emission Profile from the View menu. The Emission Profile View
displays a list of the currently defined emission profiles.
3. Select the emission profile for which you want to create a schedule and actions and then
Open from the Emission Profile menu. The Emission Profile Details window opens.
5. From the Category field, select a category for the schedule. The choices available are:
• Every day
• Specific day
• Business day
• Business week.
8. Next you must create actions. From the Actions menu, select New (if you have existing
schedules, you can highlight an existing schedule shown in the Schedule Details tab and
from the Action menu select New As to base the new schedule on the existing one).
The Action Details window appears:
9. In the Action Id field, type a numeric identifier of up to nine digits for the schedule.
10. In the On Every field, select the type of day on which you want the scheduled action to
occur. The choices available depend on the selection that you made in the Category field
of the Schedule Details tab.
Note If you select Every Day in the Category field, then the On Every field in the
Action Details window is disabled.
11. In the At field, type the time at which you want the action to occur.
12. In the Do field, select the action that you want to occur.
Choices are:
13. From the Action menu, select Add to save your schedule.
Note If you want to modify a schedule, then double-click the action in the Schedule
Details tab to display the Action Details window. You can modify all fields except
for the Action Id field. Select Modify from the Action menu to save your
modifications.
If you want to delete a scheduled action, then double-click the action in the
Schedule Details tab to display the Action Details window. Then select Remove
from the Action menu to save your modifications.
2. Ensure that the Reception Profile View appears. If the Reception Profile View window is
not shown, then select Reception Profile from the View menu. The Reception Profile
View displays a list of the currently defined reception profiles.
3. Select the reception profile for which you want to create a schedule and actions and then
Open from the Reception Profile menu. The Reception Profile Details window opens.
5. From the Category field, select a category for the schedule. The choices available are:
• Every day
• Specific day
• Business day
• Business week.
8. Next you must create actions. From the Actions menu, select New (if you have existing
schedules, then you can highlight an existing schedule shown in the Schedule Details tab
and from the Action menu select New As to base the new schedule on the existing one).
The Action Details window appears:
9. In the Action Id field, type a numerical identification of up to nine digits for the schedule.
10. In the On Every field, select the type of day on which you want the scheduled action to
occur. The choices available depend on the selection that you made in the Category field
of the Schedule Details tab.
Note If you select Every Day in the Category field, then the On Every field in the
Action Details windows is disabled.
11. In the At field, type the time at which you want the action to occur.
12. In the Do field, select the action that you want to occur.
Choices are:
13. From the Action menu, select Add to save your schedule.
Note If you want to modify a schedule, then double-click the schedule in the
Schedule Details tab to display the Action Details window. You can modify
all fields except for the Action Id field. Select Modify from the Action menu to
save your modifications.
If you want to delete a scheduled action, then double-click the schedule in the
Schedule Details tab to display the Action Details window. Then select
Remove from the Action menu to save your modifications.
Prerequisite
The Bank Update File must be located in the following directory:
• Windows - <Alliance_Install_Dir>\data\UpdateBIC
• UNIX - $ALLIANCE/data/UpdateBIC
For more information about putting the Bank Update File in this directory, see "Download an
Alliance Bank File" on page 42.
5. Enter the scheduling details, that is, when you want the operation to be performed. Click
Store .
If an update file is available at the location specified in File location, then the file is installed at
the scheduled time. The servers do not have to be restarted after the file is installed.
3. Specify the type of event which triggers a database recovery backup in the Recovery
Backup Trigger field. Select:
• Thresholds, to create a recovery backup when the total size of the archived redo log
files or of the incremental backups reach predefined values. To define thresholds, see
"Thresholds settings" on page 214.
4. The Recovery Mode field is a read-only field that displays the current value of the
Recovery Mode: Activated or Deactivated.
5. The Recovery Backup Directory field is a read-only field that displays the directory where
the database recovery backups are created.
6. Select the Include Archive Backups check box if you want backups of archives
(messages or journal events) to be included in the generated recovery backups. By default,
these archive backups are not included in the recovery backups.
7. Select the Compress Recovery Backups check box if you want created recovery backups
to be compressed, which reduces the disk space required for their storage.
8. When you have completed the Thresholds or Time Schedule settings, click Store to save
your settings.
Thresholds settings
When you select Thresholds in the Recovery Backup Trigger field, the following field settings
are available.
Field Action
Active From and To Specify the period of the day (hour, minute, and second) during which
recovery backups may be triggered.
The default values are 02:00:00 and 06:00:00.
Archived Logs Total Specify a threshold (in MB) for the total size of the archived redo log files. If
Size (MB) the size of the archived redo logs is greater than this value, then the total size
of the incremental backups is compared with the size of the latest full
database backup. If the total size of the incremental backups is greater, then
a full backup is taken.
If not, the total size of the incremental backups is compared with its threshold
(see Incremental Backups Total Size parameter).
The default value of this parameter is 1024. The value must be included in the
range [64, 999999].
Incremental Backups Specify a threshold (in MB) for the total size of the existing incremental
Total Size (MB) backups. If the size of the existing incremental backups is less than this value,
then an incremental backup is taken. If it is greater, then a full backup is
taken.
This parameter is used to trigger an incremental or a full backup. It is not used
to control the maximum size of the total incremental backups, which can be
greater than this specified threshold.
The default value of this parameter is 2048. The value must be included in the
range [64, 999999].
Field Action
Schedule Category Select one of the following schedules: Every day, Business day, Business
Week, Business month, Specific day.
Earliest Start time Specify the time (HH:MM:SS) at which the recovery backup is to start.
Latest Start time Specify the latest time (HH:MM:SS) at which a recovery backup is to start if
the Earliest Start time is missed.
Mode Specify which type of recovery backup must be created: Full Backup or
Incremental Backup.
Groups of correspondents
CIFA includes features that make it easy to create and maintain groups of related
correspondents. For example, if a department is at the same address as the institution to which
it belongs, you can specify that the department correspondent inherits its address details from
the existing institution correspondent. If the institution and department move to a new address,
then you only have to change the address of the institution correspondent. The department
correspondent inherits the changed address automatically.
You can also create and maintain aliases (alternative names) for a correspondent or for a group
of correspondents in the CIF. When an operator creates a message, the operator can specify
that the message is sent to an alias. If the alias is for a group of correspondents, then this
enables the operator to send a single non-financial message to a group of correspondents.
• Double-click the Correspondent Info icon in the Access Control window. The
Correspondent File - Search Criteria window appears so that you can search for and list
correspondents.
For details of how to search for correspondents, see "Searching for Correspondents" on
page 220.
• Correspondents
• Aliases
• Currencies
• Countries.
You can use the Correspondent File window to display a list of one type of these records at a
time.
To display correspondents:
1. Run the Correspondent Information File application from the Access Control window.
2. Select Currency from the View menu. All the currency records in the CIF are listed in the
Correspondent File window.
The list consists of all the records imported from the Bank File, plus any new currency
records that have been added manually.
Field descriptions
• Code
The unique three-character ISO standard currency code, as recorded in the CIF.
• Name
The full name of the currency, as recorded in the CIF.
2. Select Country from the View menu. All the country records in the CIF are listed in the
Correspondent File window.
The list consists of all the records imported from the Bank File, plus any new country
records that have been added manually.
You can make the View options that you select the default settings for the Correspondent
Information File application. When you select Save Settings from the File menu, all your
current settings are saved. From then on, whenever you start CIFA and view this window,
Alliance Access uses the saved settings when displaying information.
Field descriptions
• Code
The unique two-character ISO standard country code, as recorded in the CIF.
• Name
The full name of the country, as recorded in the CIF.
2. Double-click the correspondent, country, currency or alias for which you want to display
details.
If you select:
• a correspondent, the Correspondent Details window opens. For details of the fields in
this window, see "Creating Correspondents"
• an alias, the Alias Details window opens. For details of the fields in this window, see
"Creating Aliases" on page 237
• a currency, the Currency Details window opens. For more information about the fields
in this window, see "Creating Currency Records" on page 239
• a country, the Country Details window opens. For more information about the fields in
this window, see "Creating Country Records" on page 241.
Note You can also search for correspondents when you are create an alias. For details,
see "Searching for Aliases" on page 236.
The window contains several tabs. You use the fields within the tabs to define your search
criteria. The Correspondent File window has no correspondents listed in it until you use
the Correspondent File - Search Criteria dialog box to run a search. To do this you must
specify search criteria, as described in "Specifying Search Criteria" on page 220.
3. In the Institution field, type the BIC-11 address of the Institution to search for. Use of wild
cards is allowed.
4. If the Correspondent Type is set to Any, Department or Individual, then the Department
field appears. In this field, enter the name of the department within the Institution that you
are searching for. Use of wild cards is allowed.
5. If the Correspondent Type is set to Any or Individual, then the Last Name and First
Name fields appear. In the Last Name field, enter the last name of the individual who you
are searching for, and in the First Name field, enter the individual's first name. Use of wild
cards is allowed.
• Internal to search only for internal correspondents. These are correspondents owned by
the Institution.
• External to search only for external correspondents. These are correspondents not
owned by the Institution.
3. In the Institution Name field, enter the full name of the institution. Use of wild cards is
allowed.
4. In the Branch field, enter the full name of the branch. Use of wild cards is allowed.
5. In the City Name field, enter the name of the city in which the correspondent is located.
Use of wild cards is allowed.
6. In the Country Code field, enter the ISO standard country code for the country in which the
correspondent is based. Use of wild cards is allowed.
• Inactive to search only for correspondents with an Inactive status. You cannot send a
message using the SWIFT network to an inactive correspondent.
3. In the Modified Since field, enter a date. Only correspondent records which have been
modified since this date are included in the search.
4. You can now specify the application details for which you are searching, using the
Integrated Application tab. Different correspondents use different applications, and have
different details defined in the CIF.
Select:
• APPLI to search only for correspondents that have APPLI as one of their defined
applications. APPLI is the Alliance application interface to external message partners
(such as back-office banking systems). Go to "Specifying the Details when APPLI is
Selected" on page 224 to specify the details when APPLI is selected.
3. After entering the search criteria, click Search to start the search.
Overview
In the Integrated Application tab, if you select APPLI to search only for correspondents that
have APPLI as one of their defined applications, additional fields appear so that you enter
specific search criteria for your selected application.
2. Click Exit Point and select the Alliance Access exit point to which any messages for the
correspondent are routed.
Field descriptions
Institution
The BIC-11 address of the Institution. The BIC-8 destination address is followed by either a
specific 3-character branch code or by a default branch code of "XXX".
Department
If the correspondent is a Department or Individual, this is the name of the Department within the
Institution. Otherwise, it is blank.
Last Name
If the correspondent is an Individual, this is the last name of the Individual. Otherwise, it is
blank.
First Name
If the correspondent is an Individual, this is the first name of the Individual. Otherwise, it is
blank.
Status
The status of the correspondent. This can be active or inactive. You can send a message to an
active correspondent. You cannot send a message to an inactive correspondent using the
SWIFT network.
Type
The correspondent type. This can be either an Institution, a Department, or an Individual.
City Name
The name of the city in which the correspondent is located.
Institution Name
The name of the Institution.
Country
The 2-character ISO standard code for the country in which the correspondent is based - the
same as characters 5 and 6 of the BIC-11 address in the Institution field.
• which of the correspondent's Alliance Access integrated applications have their details
defined in the correspondent record
• the preferred network application Alliance Access must use when sending messages to the
correspondent
Note If the SWIFTNet Interface is present, then SWIFTNet will be added as the
preferred network to all correspondents, except for internal correspondents and
the BIC1 correspondents.
2. Either select New from the Correspondent menu or if you want the new correspondent to
be based on an existing correspondent, highlight the existing correspondent and select
New As from the Correspondent menu.
The Correspondent Details - New window appears.
2. In the Institution field, enter the BIC-11 address of the Institution. Enter the BIC-8
destination address followed by either a specific 3-character branch code or by a default
branch code of "XXX".
Special characters are not allowed in this field.
4. If the Correspondent Type is set to Department or Individual, then the Department field
appears. Enter the name of the department in this field (special characters are not allowed).
5. If the Correspondent Type is set to Individual, then the Last Name and First Name fields
appear. Enter the individual's last name in the Last Name field, and first name in the First
Name field (special characters are not allowed).
6. Optionally, in the Sub Type field, enter a more specific description of the correspondent
type. For example, "BANK" (special characters are not allowed).
7. Click Profile to specify whether the correspondent profile is specific to this correspondent
or is inherited from an existing correspondent. The available choices depend on the
correspondent type.
Select:
• Specific if the profile is specific to the correspondent and is not inherited from a parent
correspondent
8. Complete the fields in the Details pane. You may use special characters in these fields:
• In the Branch Info field, enter the full name of the branch
• In the City Name field, enter the name of the city in which the correspondent is located
• The Country field shows the ISO standard country code for the country in which the
correspondent is based. This is characters 5 and 6 of the BIC-11 address in the
Institution field. This is a display-only field.
• In the POB Number field, enter the Post Office Box number of the correspondent.
• In the POB Location field, enter the location of the Post Office Box.
• No if you do not want the correspondent record to be updated when a new Bank File is
loaded. This means that if the Bank File shows that the correspondent must be modified,
the CIF record is not modified. If the Bank File shows that the correspondent must be
deleted, then the CIF record is not deleted, but SWIFT is removed from the list of
Preferred Networks for the correspondent. By default, any new manually created record
has this option set to No.
• Yes if you want the correspondent record to be updated when a new Bank File is loaded.
The CIF record may be modified or deleted as a result of the update.
4. The Correspondent Status field shows whether the correspondent is Active or Inactive.
You cannot send a message using the SWIFT network to an inactive correspondent. This is
a display-only field. For details on how to change the Correspondent Status, refer to
"Activating and Deactivating Correspondents" on page 235.
5. Click Preferred Language to specify the preferred language that Alliance Access must use
when expanding messages sent to the correspondent.
6. In the Comments field, enter any general comments about the correspondent.
7. The Last Modified Date field shows the date on which the correspondent record was last
modified. This is a display-only field.
2. The Defined Applications/Available column shows all the applications that your
organisation is licensed to use. SWIFT is not listed, as it is always licensed. You use the
Defined Applications column list panes to define which of your applications can be used
to communicate with the correspondent.
Click the transfer button to move the applications that you have chosen from the Defined
Applications/Available column into the Selected column.
To move an application out of the Selected column back to the Available column, select it
and click the reverse transfer button.
3. The Preferred Networks/Available column shows all the defined applications for the
correspondent that are also network applications. By default, Alliance Access sends any
message to the correspondent using the first network application in this list that can handle
the message format, unless you specify a different network application during message
creation or modification. Your correspondent may prefer you to use the applications in a
specific order.
For example, a correspondent may prefer that messages are sent on the SWIFT network,
and if this fails, that messages are sent on another network. You can specify the
correspondent's preferred order of applications by moving applications from the Selected
column to the Available column and then moving them back to the Selected column in a
different order.
Click the transfer button to move the applications that you have chosen from the Preferred
Networks/Available column into the Selected column.
To move an application out of the Selected column back to the Available column, select it
and click the reverse transfer button.
Note The OTHER network is available from the list of preferred networks if the
Application Development Toolkit Runtime is licensed. If a correspondent has
been assigned the OTHER network, then this is shown in the Message
Preparation applications. The network choice is made in the Network tab in
the Message Creation and Message Modification applications.
4. Alliance Access displays additional tabs in the Correspondent Details window for each
defined application that you selected.
For information about how to complete:
• the APPLI tab, see "Completing the APPLI Tab" on page 231
5. After entering details for each defined application,select Add from the Correspondent
menu to add the new correspondent record to the CIF.
2. Click Profile to specify whether the application interface profile is specific to this
correspondent or is inherited from an existing correspondent. The available choices depend
on the correspondent type.
Select:
• Specific if the profile is specific to the correspondent and is not inherited from a parent
correspondent.
3. Click Exit Point and select the name of the Alliance exit point to which any messages for
the correspondent are to be routed. This is useful primarily for messages received for
internal correspondents. For an example of this, in the case of alarm messages, see
"Displaying Alarm Distribution" on page 179.
Another use is when you cannot send a message directly to an external correspondent.
You can define an exit point for messages to that correspondent. Alliance Access routes
any message to the correspondent to the exit point automatically. You can then transmit
the message to the correspondent by some other communication method. For information
about defining exit points, see "Managing Exit Point Profiles" on page 302.
• either enter every detail for the correspondent - you must always do this when you create an
Institution correspondent
• or specify that some details are inherited (copied) from an existing correspondent with which
the new correspondent is associated. These details are called a profile. Only Department or
Individual correspondents can inherit details.
Using profiles makes it easier for you to create and maintain correspondents that have common
features.
For example, suppose you create an Institution correspondent. The Institution has a
Department at the same address, and the Department is also a correspondent. When you
create the Department correspondent, you click Profile in the Details area and specify that the
correspondent profile is Same as Institution. This means that the Department correspondent
inherits details such as the city, country, address, and so on from the Institution correspondent,
and you do not need to enter them again. Another advantage is that if you make changes to any
of these details for the Institution correspondent, the details for the Department correspondent
change automatically.
In the above example, the Institution correspondent acts as a parent to the Department
correspondent. The Department correspondent is a child correspondent, because its
correspondent profile is inherited from the Institution. A Department can itself be a parent to
Individual correspondents, even if the Department is also a child to an Institution, as this more
complex example shows:
CHILD to Institution
Department A Department B
PARENT to Individuals A and B
D0540051
Within the Correspondent Details window, the Correspondent Profile and APPLI, tabs each
have a Profile field. If you select Same as Institution or Same as Department in this field,
then all the other fields become display-only. When details have been associated in this way,
any changes made to the parent record are automatically applied to the child record. The fields
in the Other tab cannot be inherited.
Parent/child records are useful for sharing common details between records whilst maintaining
important differences. The following procedure describes how to create such correspondents.
6. Select Same as Institution from the Profile field. This means that the Department A
correspondent inherits the Institution's address and location details. The inherited fields
change to display-only.
13. Select Same as Institution from the Profile field. This means that the Department B
correspondent inherits the Institution's address and location details. The inherited fields
change to display-only.
Department A Department B
D0540052
If you now change the address of the Institution, then Departments A and B both inherit the
changed address, and so you do not have to update their details.
Note A child correspondent can only inherit profiles from an existing correspondent,
so always try to create a parent correspondent before you create any of its
children. If, for some reason, you create the child correspondents first and then
the parent, you must update the child correspondent records later so that they
inherit their profiles from the parent.
2. Change the correspondent details as required. For information about the fields, and
options, see "Creating Correspondents".
3. Select Modify from the Correspondent menu to save the modified record to the CIF.
You can move up and down the list of correspondents with the Correspondent Details
window open. The details of each correspondent appear automatically in the
Correspondent Details window as you do so.
To move up or down the list of correspondents:
• Select Previous or Next from the Correspondent menu, or click the equivalent buttons
in the toolbar.
To remove correspondents:
1. Click one or more of the correspondents listed.
2. Select Remove from the Correspondent menu. You are prompted to confirm the
correspondents' removal. If you remove a correspondent, then it cannot be recovered.
Note You can only remove a parent correspondent if you first either remove all its
child correspondents, or you modify the child correspondents so that they no
longer inherit the parent's profiles. For details about parent and child
correspondents, see "Parent and Child Correspondents" on page 232.
2. Select Search from the Alias menu. The Correspondent File - Search Criteria window
appears.
4. Click Type.
Select:
5. In the Institution field, enter the BIC-11 address of the Institution to search for. Use of wild
cards is allowed.
6. If the Type field is set to Any, Department or Individual, then the Department field
appears. In this field, enter the name of the department within the Institution that you are
searching for. Use of wild cards is allowed.
7. If the Type field is set to Any or Individual, then the Last Name and First Name fields
appear. In the Last Name field, enter the last name of the individual who you are searching
for, and in the First Name field, enter the individual's first name. Use of wild cards is
allowed.
8. Click Search . The aliases meeting all your specified criteria are displayed in the
Correspondent File window.
2. Either select New from the Alias menu or if you want the new alias to be based on an
existing one, highlight the existing alias and select New As from the Alias menu.
The Alias Details - New window appears.
3. In the Alias Name field, enter the name of the alias that you want to give to a
correspondent, or group of correspondents.
4. The Number of Correspondents field displays the number of correspondents to whom the
alias is assigned. This is a read-only field.
5. To create an alias for one or more correspondents, you must first search for and list those
correspondents in the Alias Details window.
To search for correspondents, click Search Correspondents... in the Alias menu. The
Correspondent File - Search Criteria dialog box appears.
6. Enter your search criteria for the correspondents in the Correspondent File - Search
Criteria dialog box.
For details of the fields, see "Specifying Search Criteria" on page 220.
7. Click Search in the Correspondent File - Search Criteria dialog box. The correspondents
meeting all your specified criteria appear in the Correspondents/Available column in the
Alias Details window.
If a large number of correspondents are listed, then you can use the Starting with field to
find correspondents quickly. Simply enter the first few characters of the Institution name in
the Starting with field. The Correspondents/Available column displays a list of
correspondent names, starting with the first correspondent name whose first few characters
match those in the Starting with field. For example, if you enter ALB, the first
correspondent with an Institution name starting with ALB appears at the top of the column.
Click the transfer button to move the correspondents to whom the alias applies from the
Correspondents/Available column into the Selected column.
To move a correspondent out of the Selected column back to the Available column, select
it and click the reverse transfer button.
8. Select Add from the Alias menu to add the new alias to the CIF. The alias is assigned to
the correspondent, or group of correspondents shown in the Selected column.
You can move up and down the list of aliases while the Alias Details window is open. The
details of each alias appear automatically in the window as you do so.
• Select Previous or Next from the Alias menu, or click the equivalent buttons in the
toolbar.
2. Change the details as required. The fields and buttons are described in "Creating Aliases"
on page 237.
3. Select Modify from the Alias menu to save the modified record to the CIF.
2. Select Remove from the Alias menu. You are prompted to confirm the removal. If you
remove an alias, then it cannot be recovered.
2. Either select New from the Currency menu or if you want the new currency record to be
based on an existing record, highlight the existing code and select New As from the
Currency menu.
The Currency Details - New window appears. Fill in the relevant fields.
For a description of the fields displayed in this window, see "Currency Details Window" on
page 240.
3. Select Add from the Currency menu to add the new currency record to the CIF.
After the Currency Details window is open, you can move up and down the list of currency
records. The details of each currency appear automatically in the window as you do so.
• Select Previous or Next from the Currency menu, or click the equivalent buttons in the
toolbar.
Field descriptions
Currency Code
A unique 3-character ISO standard currency code for the currency.
Currency Name
The full name of the currency.
Number of Digits
The maximum number of digits needed to correctly display fractional amounts of the currency.
This can be any number between 0 and 6.
Update on BIC Load
Select:
• No if you do not want this currency record to be updated when a Bank File is loaded.
• Yes if you want the record to be updated when a Bank File is loaded. This means that the
record may be changed or even deleted as a result of the update.
By default, every new record has this button set to No.
2. Change the details as required. The fields and buttons are described in "Currency Details
Window" on page 240.
3. Select Modify from the Currency menu to save the modified record to the CIF.
2. Select Remove from the Currency menu. You are prompted to confirm the removal. If you
remove a currency record, then it cannot be recovered.
2. Either select New from the Country menu in the Correspondent File window or, if you
want the new country record to be based on an existing record, highlight the existing code
and select New As from the Country menu.
The Country Details - New window appears. Fill in the relevant fields.
For a description of the fields displayed in this window, see "Country Details Window" on
page 241.
3. Select Add from the Country menu to add the new country record to the CIF.
After the Country Details window is open, you can move up and down the list of country
records. The details of each country appear automatically in the window as you do so.
To move up or down the list of country records:
• Select Previous or Next from the Country menu, or click the equivalent buttons in the
toolbar.
Field descriptions
Country Code
A unique 2-character ISO standard country code for the country.
Country Name
The full name of the country.
Update on BIC Load
Select:
• No if you do not want this country record to be updated when a Bank File is loaded.
• Yes if you want the record to be updated when a Bank File is loaded. This means that the
record may be changed or even deleted as a result of the update.
By default, every new record has this button set to No.
2. Change the details as required. The fields and buttons are described in "Country Details
Window" on page 241.
3. Select Modify from the Country menu to save the modified record to the CIF.
2. Select Remove from the Country menu. You are prompted to confirm the removal. If you
remove a country record, then it cannot be recovered.
• control and monitor communication sessions between Alliance Access and a message
partner.
Note When operating Alliance Access in low-speed mode, the message partner details
are refreshed after you click in the message partner list.
INPUT SESSION
MESSAGE PARTNER
Application
Interface
AI_from_APPLI
MESSAGE PARTNER
D0540053
Incoming messages from a message partner are placed in a common AI_from_APPLI queue
until they are processed by a message processing function. This queue is referred to as the
"Application Interface (AI) inbound" queue.
This queue is used to route all incoming messages from all message partners using the
connection methods, Direct FileAct, File Transfer, Interactive, WebSphere MQ, or SOAP.
OUTPUT SESSION
Application
Interface
exit point 1
Alliance MESSAGE PARTNER
D0540054
Outgoing messages to a message partner are placed in the exit point queue that is assigned to
that message partner. The messages remain in the exit point until they are processed by a
message processing function.When more than one exit point is assigned to a message partner
during an output session, then a polling mechanism services each exit point queue in turn.
An operator can create or remove exit points, or assign an exit point to a message partner.
OUTPUT SESSION
exit point 2
Alliance MESSAGE PARTNER
exit point 3
D0540055
Note All sessions that use the Interactive, WebSphere MQ, and SOAP connection
methods are run on the server.
• Interactive
• File Transfer
• SOAP
• Direct FileAct
• File Transfer
• SOAP
• WebSphere MQ
• 1
• 2 Revision Original, 1, 2,
or 3
Printer Spooled
Direct FileAct
The Direct FileAct connection method enables the transfer of a payload file between Alliance
Access and a back-office application. A payload file contains the data that is to be transferred.
The FileAct transmission parameters are deduced from the message partner profile. You do not
need to send an XML version 2 message or a file that contains the FileAct transmission
parameters when you send each payload file. Dedicated Direct FileAct input and output file
directories are accessible to both Alliance Access and the back-office application or operator.
The back-office application or an operator put the payload files in these directories to send the
files over SWIFTNet, or they get the payload files received from SWIFTNet from these
directories.
Direct FileAct also enables back-office applications to benefit from simplified reporting of
network acknowledgements and of reconciled delivery notifications.
A message partner profile with the Direct FileAct connection method must exist for each
correspondent that will use Direct FileAct to transmit files between each other.
The Direct FileAct connection method requires the licence package 22: DIRECT FILEACT.
The file-transfer session can be started automatically or manually. For example, if a back-office
application stores a payload file in a pre-configured input directory, then the presence of the file
in the directory can automatically start a file-transfer session.
You can define a message partner profile for Direct FileAct only through the Alliance
Configuration package on Alliance Web Platform. You can also view a message partner profile
for Direct FileAct through the Alliance Monitoring package on Alliance Web Platform.
File Transfer
The File Transfer method enables the transfer of batch files containing multiple FIN, FileAct, or
InterAct messages between Alliance Access and a back-office application. For FileAct
messages, in addition to transferring a payload file, Alliance Access or a back-office application
also transfers an XML version 2 message containing the FileAct settings which control the file
transfer, and an optional parameter file. The file-transfer session can be started automatically or
manually.
Note For FileAct messages, the body of the XML version 2 message does not contain
the payload of the message to be transmitted. Instead, the body of the message
points to the location of the payload file.
To exchange FileAct messages, XML version 2 with revision 2 or 3 is required.
For each message format, the communication media are file system directories. Alliance Access
can read or write a batch message file from or to a directory in a local or remote file system.
The File Transfer connection method supports the following message file data formats:
Common Application Server CAS standards 1 and 2 which support the sub-formats ASN.1 or text
(CAS) encoding (only CAS version 2)
used for Network Dependent Format (NDF) or Network Independent
Format (NIF)
DOS-PCC used for batch input and output of messages, which enables you to
read or write an ST200 DOS message file
MERVA/2 used for batch transfer (to and from Mainframes) in IBM MERVA/2
format
Remote Job Entry (RJE) used for batch input and output of messages in ST200 RJE format
XML used for batch input and output of MX or FileAct messages, or for
FpML documents
You can find examples of the data formats that you can use with the File Transfer method in the
following directory, which is beneath your installation directory:
Windows: <Alliance installation directory>\mxs\batch_examples
UNIX: $ALLIANCE/MXS/batch_examples
Interactive
The Interactive method supports bidirectional message transfer with back-office applications
according to the Common Application Server (CAS) standards 1 and 2 that support sub-formats
ASN.1 or text encoding (only CAS version 2) for Network Dependent Format (NDF) or Network
Independent Format (NIF).
Print
The Print method enables you to specify how to print messages in batch from Alliance Access
to either a printer or a file in a user-specified directory. The file or printer is specified as a
connection point in a message partner profile.
For Alliance Workstation, it is possible to specify the host name of the machine where the
printer is connected, that is, on the local machine or on the server machine.
Output messages can also be printed in ST200-like format, which can also include warning
indications, or eye-catchers, in the header of the output.
SOAP
The SOAP connection method enables the exchange of MT, XML-based messages, and FileAct
messages between Alliance Access and back-office applications. The SOAP connection
method requires the licence package 14:SOAP ADAPTER and supports only the XMLv2 data
format.
The parameters that control the file transfer include a pointer to the payload file, service,
receiver of the file, header information, and notification options. These file-transmission
parameters are carried in an XMLv2 message.
The SOAP Host Adapter supports the exchange of FileAct messages over HTTPS in two
modes:
• Full FileAct mode, where file transmission parameters and the FileAct payload are
transferred in XMLv2 format and the data exchange uses Web services over HTTPS.
• Mixed FileAct mode, where the file transmission parameters are carried in an XML version 2
message that is transferred using Web services over HTTPS, whereas the FileAct payload is
transferred over the local file system
WebSphere MQ
The WebSphere MQ connection method enables FIN, XML-based, or FileAct messages to be
exchanged between Alliance Access and back-office applications through IBM WebSphere MQ.
This connection method requires the licence package 13:MQ HOST ADAPTER.
The WebSphere MQ method supports the following data formats:
• MQ-MT
• Full FileAct mode - where both the XML version 2 message and the FileAct payload are
transferred over WebSphere MQ.
• Mixed FileAct mode - where the XML version 2 message is transferred over WebSphere MQ,
whereas the FileAct payload is transferred over the local file system.
Tip To view the details of a message partner that uses the Direct FileAct connection
method, you must use the Alliance Access Configuration package on the Alliance
Web Platform.
Field descriptions
Partner Name
The name of the message partner profile.
Partner Id
An internal system ID of the message partner profile. This ID is used together with the session
number to form the name of both the parameter file and the message file for automatic file-
output sessions.
Status
A message partner profile can have one of the following statuses:
• Disabling - at the end of its current session, the profile has the status Disabled.
Note An Interactive Message Partner that is in the state "disabling" only becomes
disabled after the current session is stopped.
Session Status
Indicates whether the message partner has a session active, and the status of that
communication session. For more information about the statuses, see "Status of Message
Partner Sessions" on page 251.
Session
Indicates the number of the latest session in which a message partner was participating or is
still participating in.
Description
A description of the message partner profile.
Status Description
Aborting The session is closing down as a result of an Abort command being issued or a
serious failure, such as an authentication error. Interactive sessions may also be
aborted by the message partner.
You can use the Event Journal to examine the details of all abort events. Such events
are classified as System, and are described with an abort reason and an abort text. For
sessions involving the CAS protocol, the description of an event may include the
expected session or sequence number.
Closed No transfer of messages is currently taking place with the message partner.
Closing The session is closing down for one of the following reasons:
• All the messages queued at the exit points when the Run Session command was
issued have been transferred in this batch output session
• A Stop Session command was issued. Note that interactive sessions may also be
stopped by the message partner.
Interrupted The message partner has lost the connection to WebSphere MQ.
Only applicable to WebSphere MQ message partners.
Recovering The session is recovering from a session failure, such as an abort request or a system
restart.
Warning During day-to-day operations, do not open the message partner profiles or exit
point profiles unless you need to modify them or add new profiles.
All message files or parameter files that are referenced in an automatic message partner profile
must be local to the server.
The operator profile of the operator who loads or moves files to the server must have the Files
on Server permissions assigned for the Access Control application. By default, these
permissions are assigned to the Superkey and Supervisor operator profiles.
2. Ensure that the routing is defined and active. For example, to route messages and files to
an exit point associated with a message partner profile, you must have routing rules defined
to do this.
3. To change the existing default exit point profiles, you can create an exit point which stores
files or message before they are transferred to a message partner.
4. Run the Application Interface and start a message partner session to transfer files or
messages between Alliance Access and the message partner.
Tip To create a message partner that uses the Direct FileAct connection method, you
must use the Configuration package on the Alliance Web Platform.
To define a profile:
1. Start the Application Interface application.
4. In the Profile tab, type the name of the profile in the Message Partner field. Enter up to 14
alphanumeric characters for the profile name.
6. Specify the connection method and the direction of the message flow for the connection
method. Then define the parameters of that method. For more instructions, see "Specifying
the Connection Method" on page 253.
7. Set local authentication in the Authentication tab, if required. For more instructions, see
"Specifying Local Authentication" on page 291.
8. Depending on the direction of the message flow (Allowed direction), complete the
emission or reception parameters in the following tab or tabs:
• From Message Partner - Reception tab. See "Specifying the Reception Parameters"
on page 285.
• To & From Message Partner - Emission tab and the Reception tab. See "Specifying
the Emission Parameters" on page 281 and "Specifying the Reception Parameters" on
page 285.
9. Select Add from the Message Partner menu, to save the message partner profile. The
profile is saved with the status "Disabled".
To discard a profile, select Close. After selecting Close, confirm that you want to exit
without saving the new entries.
10. Enable the profile before Alliance Access can use it in a communication session. See
"Enabling a Message Partner Profile" on page 296.
• You do not have to specify the session direction at session run time.
• The risk of transmitting a message in the wrong direction at session run time is reduced.
Transmission of a message in the wrong direction can result in mistakes, such as the
overwriting of an existing message file.
Note A file name cannot have more than 255 characters in length (including path names
to the files), and must not contain blanks.
• When connecting to UNIX servers, the print devices defined in SMA are proposed.
• When connecting to Windows servers, all printers available to the server machine are
proposed.
• If the Workstation machine is selected, then all printers available to the Workstation machine
are proposed.
For a detailed description of the concepts of the Print connection method, see Appendix F,
"Connection Methods in AI" on page 553.
2. In the Profile tab, select the Print connection method. Additional fields appear in the
Profile tab.
For a description of the fields displayed in this window, see "Print Connection Details
Window" on page 256.
The number of messages that In the Number of messages = field, type the number of
are queued at the assigned exit messages that must be queued to trigger a session.
point(s)
One or more specific times of the In the Or at (hh.mm) field, enter the time(s) at which the
day automated sessions must start.
After you specify a start time, click the transfer button to add the
time to the list box. You can add several times.
The activation list displays the times at which automated
sessions are scheduled to start.
To start a session automatically, you can combine the criteria of "number of messages
queued" together with a specified time. For example, you can specify that the session must
start after ten messages are queued, or at 10:00, 11:00, and 12:00.
This setting would result in the following:
• a session starts between 10:00 and 11:00 each time that ten or more messages are
queued
1. Start the session using either the Start Session or Run Session commands.
A print job is not submitted until after the batch session is complete.
2. If you started the session using the Start Session command, then you have to stop it
using the Stop command before a print job is submitted to the printer.
3. In the On field, specify whether the session is to run on the server or workstation.
Description
To select Print as a connection method, click Connection Method in the Profile tab and select
Print.
Field descriptions
Session Initiation
Select:
• Automatic, if you want sessions to run automatically. The Alliance Access servers must be
running and the message partner enabled. Note that, when connecting with Workstation,
automatic print sessions can only be run on the printer connected to the server machine.
Print to
Use this button to direct printer output to either a known printer, or alternatively to an ASCII file.
Filename pattern
Type the full path of the directory where the print file is to be located.
Local transfer command
Type the name of the user-defined executable which handles the message files once they reach
the back-office application.
Printer hostname
This field must contain the name of the server or local machine which has the printer connected
to it.
Printer name
Select a printer by typing a system printer name. For more information about printer names,
consult your system administrator.
Page setup
Use this field to set up the page paper size, orientation, and margins.
Printer font
Use this field to set up the print font style.
Number of messages =
Type the number of messages in the message partner's output queue. When the value
specified here is reached, printing starts automatically.
This field appears only for automatic printing.
Or at (hh.mm)
Enter the time(s) (using the format 2200 or 22.00) for automatic print sessions to start. You can
specify multiple times during a 24-hour period. The times that you enter are automatically
adjusted to the nearest 5-minute interval.
This field appears only for automatic printing.
• To Message Partner
• To & From Message Partner - For the File Transfer method, this means 'To or From
Message Partner'.
2. Click the Connection method button in the Profile tab and select File Transfer. Additional
fields appear in the Profile tab.
For a description of the fields displayed in this window, see "File Transfer Connection
Details Window" on page 258.
Description
To select File Transfer as a connection method, click the Connection method button in the
Profile tab and select File Transfer.
Example
Field descriptions
Transfer PKI Signatures
Select this option when you want Alliance Access to transfer PKI signatures when it exchanges
FIN messages with a message partner. The PKI signature is always transferred for messages in
XML version 2 format.
If a back-office application is ready to receive and store PKI signatures, then you must select
the Transfer PKI Signatures option.
This option becomes available when:
• the Allowed direction is set to To Message Partner or To & From Message Partner, and
• the Allowed direction is set to To Message Partner or To & From Message Partner, and
Warning If you change Session Initiation from Manual to Automatic, then empty the input
directory to ensure that messages are not sent twice. This applies to input
sessions, where Allowed direction is set to From Message Partner or To &
From Message Partner.
Parameter File
Select Required or Not Required. A parameter file contains the location of message files and
other information including CRC results.
If you want to create and use parameter files, then see Appendix G, "Parameter Files in AI" on
page 633.
Format Recognition
Select whether the format of input files is recognised automatically:
• Auto-recognition recognises input files if they are in DOS, RJE, MERVA/2, CAS 2
(Common Application Server format version 2), ASN.1 encoded, or XML (version 1 and 2)
format. The sub-formats NIF and NDF for CAS are recognised automatically.
• Forced only recognises the format selected in the Data Format field. Files in any other
formats are rejected during input.
To recognise CAS 1 or CAS 2 text encoded, you must select Forced and specify the relevant
parameters.
Data Format
Select from:
• RJE (Remote Job Entry) files contain messages separated by dollar signs. They have no
additional formatting.
• DOS-PCC is the PC Connect file format. DOS-PCC files contain messages that begin with an
ASCII Start of Header code and end with an End of Text code.
• CAS is the format associated with the CAS (Common Application Server) protocol.
• XML is the format used to support FpML documents, and batch input and output of MX and
FileAct messages.
Appendix D, "Message Formats Used in AI" on page 411 illustrates each of these formats.
Sub-format
If you selected CAS as the data format, then select either:
• 1
• Original
• 1
• 3 (supports the SWIFTNet 7.0 distribution and dynamic copy features for messages and files)
Note The revision specified is only used for output formatting ('To Message Partner'
direction, and generating reports on the 'From Message Partner' direction). For the
'From Message Partner' direction, the revision is automatically detected regardless
of the value specified.
• * indicates that all files in the input directory must be input. For manual sessions, you can
browse the input directory.
• *.inp transfers all files with the extension .inp. This is the standard file extension for input
files. You can also use any other file extension. For manual sessions, you can browse the
input directory.
• *.par if you are using parameter files. For manual sessions, you can browse the input
directory.
During file transfers, the directory is scanned and all files that match the specified file type are
transferred.
Do not use the same input directory for more than one automatic message partner.
Output path name
Type the output path, and then add a file pattern specifier to it:
• * for manual sessions, the exact file name can be specified at session run time.
• *.out gives all output files the extension ".out." This is the standard file extension for output
files. You can also use any other file extension.
• the Allowed direction is From Message Partner or To & From Message Partner, and
Option Purpose
Failure or success to generate a report if the input file is processed successfully or if the
processing fails
Note If LAU is applicable, then it is also applied to the DataPDUs within the report file
when generating the report (using the configured LAU keys). The receive key in the
message partner definition is used to sign ReportPDUs for a message partner
defined with unidirectional keys.
If a message partner is defined with direction To & From Message Partner and a
bidirectional key, then the send/receive key is used.
The report is generated in the location specified in the Log Directory configuration
parameter. For more information, see "Batch Input " on page 161.
Number of messages = The number of In the Number of messages = field, type the
messages that are number of messages that must be queued to
trigger a session.
Or at (hh.mm) One or more specific In the Or at (hh.mm) field, enter the times (using
times of the day the format 2200 or 22.00) at which a print
session must start automatically. You can specify
multiple times during a 24-hour period. The times
that you enter are automatically adjusted to the
nearest 5-minute interval.
Overview
Before starting to define your profile, consider the following options.
Note Messages transferred using the CAS 2 protocol are accepted only when Input File
Format Recognition is set to Forced.
Introduction
The File Transfer connection method is the only method in which you must specify a connection
point for your message files.
Note An overview of the various options for the file transfer connection method is shown
in "Summary of Profile Settings" on page 570.
The connection point for a File Transfer session is a pathname to either a parameter file or a
message file.
For input sessions, the directory containing this file is specified in the Input path name field.
For output sessions, the directory containing this file is specified in the Output path name field.
The format used in each of these fields is the same and can be expressed as follows:
<connection point>\<matching pattern>
Example for message files:
C:\input\*.msg
Example for parameter files:
• on Windows: C:\input\*.par
• on UNIX: /tmp/input/*.par
The first step in defining the connection point for File Transfer depends upon the type of session
that you require, that is, automated input or output, or manual input or output.
For automated file transfer input or output session to take place, the software package
16:FILE AUTOMATED must be licensed on the system
For automated output sessions, the Output path name field specifies where the message file
and parameter file (if required) are placed after they are automatically generated.
Note Sessions using automatic message partners only run on the server machine.
For more information about automated output sessions, see "Defining the Connection Point for
Automated Output Sessions" on page 265.
For manual output sessions, the Output path name field specifies where the existing parameter
file is situated (if required) and where the message file is placed after generation. In addition to
this, the <matching pattern> part of the string can be used to specify a template for the filename
or the parameter file. The user provides the full filename at session run time by means of the
Start/Run Session dialog box.
For details about manual output sessions, see "Defining the Connection Point for Manual
Output Sessions" on page 267.
For automated input sessions started by the input polling mechanism, the <connection point>
part of the Input path name field specifies the directory where existing message or parameter
files (if required) can be found.
For details about automated input sessions, see "Defining the Connection Point for Automated
Input Sessions" on page 269.
For manual input sessions started with the Run/Start Session command, the actual parameter
file or message file name is specified in the Connection Point field in the Start/Run Session
window. When used with parameter files, the location of the message file is found when the
software examines field tag 050314 of the parameter file.
Note For manual sessions when connected through a Workstation, the Connection
Point field contains the default UNIX path. To browse to a different location, first
clear this field.
For details about manual input sessions, see "Defining the Connection Point for Manual Input
Sessions" on page 270.
"Summary of Profile Settings" on page 570 shows these options in a table.
Note
Automatic sessions cannot be run on the Workstation machine.
2. In the Output path name field, type the name of the directory where the parameter file or
message file are to be placed when the session is completed.
Example:
• on Windows: C:\tmp\output\*
• on UNIX: /tmp/output/*
This must be an existing file path. A field validation process checks this string when the
profile is modified. The <matching pattern> part of the Output path name field is ignored in
this case, but has to be set to *.
3. Click the Data format button and select the message format that you require.
Select from:
• CAS
• DOS-PCC
• RJE
• MERVA/2
• XML
If you select CAS, then proceed to step 4.
If you select XML, then proceed to step 6.
For more information about the available formats, see Appendix D, "Message Formats
Used in AI" on page 411.
4. When you select CAS, two additional menus appear, called Subformat and CAS version.
Appendix D, "Message Formats Used in AI" on page 411 illustrates each of the available
formats.
Select a Subformat.
5. For CAS version, you must decide between CAS 1 and CAS 2.
For an introduction to the CAS protocol in AI, see "CAS Protocol" on page 574.
• 1
• 3 (supports the SWIFTNet 7.0 distribution and dynamic copy features for messages and
files)
7. If your message files require a particular file extension, then specify this in Output file
extension. If you do not provide an extension, then AI automatically appends the
extension .out.
1. In the Or at (hh.mm) field, enter the time(s) for your automated sessions to start.
2. When you have finished specifying a start time, click the transfer button to add this
time to the list box. This activation list displays the times at which automated sessions
are scheduled to start.
Note To start a session automatically, you can combine the criteria of "number
of messages queued" together with a specified time. For example, you
can specify that the session is to be started when ten messages are
queued, or at 10:00, 11:00, 12:00, and so on.
This setting would result in the following:
• a session starts between 10:00 and 11:00 each time that more than ten
messages are queued
• and so on.
2. In the Output path name field, type the name of the directory where the message and
parameter file (if required) has to be placed. The message file and parameter file (if
required) are placed in this directory when the session is complete.
Example:
• on Windows: C:\output\*
• on UNIX: /tmp/output/*
A character-matching file filter starts immediately after the last slash in the string. The
purpose of this filter is to ensure a level of authorisation on the names of parameter files.
You use this part of the field to specify a file pattern. The actual parameter file name is
selected explicitly at session runtime - in the Start/Run Session window. In the example
shown above, the asterisk (*) is used as a file pattern. This is the system default and it
specifies that no file pattern constraints have been made. In such a case, the filename of
the parameter file specified at session run time can follow any convention that you select.
You can also use the filter to specify just part of the proposed name of the parameter or
message file. For example, this can be used to ensure that files are generated with a
particular extension:
Example:
• on Windows: C:\output\*.msg
• on UNIX: /tmp/output/*.msg
This pattern would ensure that message files are generated with the extension .msg.
3. Click the Data format button and select the message format that you require.
Select from:
• CAS
• DOS-PCC
• RJE
• MERVA/2
• XML
If you select CAS, then proceed to step 4.
If you select XML, then proceed to step 6.
For more information about the available formats, see Appendix D, "Message Formats
Used in AI" on page 411.
4. When you select CAS, two additional buttons appear, called Subformat and CAS version.
Appendix D, "Message Formats Used in AI" on page 411 illustrates each of the available
formats.
Select a Subformat.
The following options exist:
5. For CAS version, you must decide between CAS 1 and CAS 2.
If you select version 2, then the Transfer PKI Signatures and Always Transfer MAC/PAC
fields are available.
Back-office applications must be ready to receive and store PKI signatures.
For an introduction to the CAS protocol in AI, see "CAS Protocol" on page 574.
• 1
You, as a user, are entirely responsible for the content and the behaviour of this executable.
The Local transfer command field is provided for the user to supply the name of the
executable. When a batch script file is used, the following specific syntax must be applied:
Example: cmd /Q /C start /B /WAIT /MIN <Drive letter>: \batch\lta.bat
A separate field Parameters is also provided where parameters for the executable file may be
included.
Example: -o -copy_to_dir
Note: Alliance Access automatically appends the name of the parameter or message file as the
last argument in this field.
There are two configuration parameters, managed in the System Management application,
which govern the relationship between the LTA program and the output session:
• Batch Output - LTA Timeout: this parameter contains a time value (in minutes) for the
maximum duration of the LTA program. If the LTA waiting mode parameter is activated, then
the LTA program is closed (if it has not already done so naturally) after this time has elapsed.
• Batch Output - LTA waiting mode: this parameter activates or deactivates the forced
closing of the LTA program. If this parameter is activated, then the LTA program is
terminated after the period specified by the LTA Timeout parameter. If this parameter is set to
ON, then it is good policy to include the command exit at the end of the .bat script. In this
way, the session is closed promptly after the script has completed.
For more information about these two parameters, see "Configuring System Parameters" on
page 158.
Overview
Automated input sessions are started by the input polling mechanism. The <connection point>
part of the Input path name field specifies the directory where existing message or parameter
files can be found. The polling mechanism checks the directory specified in the Input path
name field at regular intervals. The polling timer parameter is set using the System
Management application and defines the time interval between polling operations. If a file is
present and no session is currently active, then the `auto-start' process starts an input session.
Following a successful input session the messages are routed, and then the batch file (and
parameter file if used) is moved into the `FTAbackup' directory. This directory is specified in the
Batch Input - Automatic Backup Directory configuration parameter.
For more information about configuration parameters, see "Configuring System Parameters" on
page 158.
The batch error file can be found in the directory determined by the configuration parameter
MXS - Automatic - Error Directory.
Note When selecting the DOS-PCC message format, specify the disk device files of
Alliance Access using DOS notation.
• on Windows: C:\tmp\input\*
• on UNIX: /tmp/input/*
A character-matching file filter starts immediately after the last slash in the string. The purpose
of this filter is to ensure a level of authorisation on the names of message or parameter files. It is
designed so that you specify a file pattern in this field first, and the required file name explicitly
at session runtime in the Start/Run Session window.
In the example shown above, the single asterisk (*) is used as a pattern. This is the system
default and its practical effect is that no constraints are placed on the file name. You can also
use this filter to specify just part of the name of the parameter or message file. For example, this
can be used to ensure that only files with a particular extension are accepted.
Example of an input path name using a file extension:
• on Windows: C:\tmp\infiles\*.par
• on UNIX: /tmp/infiles/*.par
Using this pattern would ensure that only parameter files with the extension .par are accepted.
The output of this filter is taken as the input to a file selector which is available from the Start
Session window. Here you are presented with all files in the specified directory which match the
file pattern that you specified in Input path name.
• To Message Partner
2. In the Profile tab, select Interactive from the Connection method field. Additional fields
appear in the Profile tab.
3. Type a value for the required message window size in the Window Size field. The window
size determines how many messages may be transmitted before a logical reply is required.
This value is used for as long as the session is active. The default value is 1, the maximum
window size is 16.
If the window size is not valid, that is, not within the valid range, then the session is
aborted. More information about interactive window size is provided in Appendix F,
"Connection Methods in AI" on page 553.
Note: this field is only displayed when the CAS 2 protocol is selected. With the CAS 1
protocol, the messaging window size is 1.
The Data format field displays the current message format used in the session.
5. From the Subformat field, select the network format that you require. The options are:
6. Select the required version of the CAS protocol from the CAS version field. Choices are 1
or 2.
If you select version 2, and the Allowed direction is To Message Partner or To & From
Message Partner, then the Transfer PKI Signatures and Always Transfer MAC/PAC
fields becomes available.
Back-office applications must be ready to receive and store PKI signatures.
7. From the CAS encoding field, select the required CAS encoding method. The options are:
8. From the Can be started by field, select the party that is allowed to start a session. The
options are:
10. In the Connection Id field, specify the connection identifier. A TCP/IP connection identifier
identifies a message partner. The name of each connection identifier that used in the
system must be unique.
Tip If you need more than five CAS interactive message partners, then manually
update the C:\Windows\system32\drivers\etc\services file (on Windows), or
the /etc/services file (on UNIX).
If Alliance Access is operating in a cluster environment, then you must update
these files on both nodes of the cluster.
For more information about these files, see "TCP/IP connection identifier" on
page 274.
11. The hostname of the message partner must be supplied. This field accepts a maximum of
31 characters. This field is only displayed if you selected By Operator or By Operator &
Message Partner in the Can be started by field. The hostname of the message partner
must be included, together with its IP address, in the /etc/hosts file of the machine where
Alliance Access is installed.
12. Type the name of the local Receive transaction program in the Local RECEIVE TP Name
field. This field is mandatory in all cases.
13. If you selected By Operator or By Operator & Message Partner in the Can be started by
field, then type the name of the remote Receive transaction program in the Remote
RECEIVE TP Name field.
When Alliance Access starts the session, it allocates a conversation with the remote
RECEIVE tp, the message partner then allocates a second conversation with the local
RECEIVE tp.
14. Type the name of the local send transaction program in the Local SEND TP Name field.
This field only requires mandatory input if you selected By Operator or By Operator &
Message Partner in the Can be started by field.
When the message partner starts the session, the message partner allocates a
conversation with the local SEND tp, and a second conversation with the local RECEIVE tp.
15. Next, set the session opening authentication keys (session keys). Session keys form an
optional session authentication feature which safeguard the session from fraudulent setup.
The session authentication process is a peer-to-peer process intended to verify the identity
of the session initiator, that is, the sender of the OpenRequest or OpenConfirm Session
Protocol Data Unit (SPDU). For more information about what happens at session
invocation, see Appendix F, "Connection Methods in AI" on page 553.
16. To specify that you require session authentication, check the Session authentication
required option.
Use this option to activate session authentication between the Application Interface and the
message partner. When this option is selected, a second button appears which allows you
to distinguish between unidirectional and bidirectional keys.
When one key is used to authenticate Session Protocol Data Units (SPDUs) sent, and
another key is used to validate the authentication of SPDUs received, then each key is
known as a unidirectional key.
When the same key is used to both authenticate SPDUs sent, and to validate authenticated
SPDUs received, then the key is known as a bidirectional key.
The SPDU is authenticated by an algorithm which uses a secret key - the access key.
The result of the authentication check is placed in the SPDU, and upon reception, AI
reauthenticates the SPDU using the same access key as the message partner. There is
only one access key per message partner.
17. If you selected Session authentication required, then a panel appears which allows you
to distinguish between unidirectional and bidirectional keys.
Select either:
• Unidirectional, to use different keys to authenticate sessions to and from the message
partner. Go to step 18 to proceed.
• Bidirectional, to use the same key to authenticate sessions to and from the message
partner. Go to step 19 to proceed.
18. In the Send Key field, type the session key used to authenticate an OpenRequest or an
OpenConfirm SPDU (Service Protocol Data Unit) sent. The two parts together form a 32-
character hexadecimal string.
Complete the fields in the Send Key panel as follows:
• In the First part field, type the first 16 characters of the send key.
• In the Second part field, type the second 16 characters of the send key.
In the Receive Key field, type the session key used to validate the authentication of an
OpenRequest or an OpenConfirm SPDU received. The two parts together form a 32-
character hexadecimal string. The receiver of the SPDU must use the same key string as
the sender or the authentication process fails.
Complete the fields in the Receive Key panel as follows:
• In the First part field, type the first 16 characters of the Receive key
• In the Second part field, type the second 16 characters of the Receive key.
19. In the Send/Receive Key field, type the session key used when sending or receiving an
OpenRequest or an OpenConfirm SPDU. The two parts together form a 32-character
hexadecimal string. The receiver of the SPDU at either side must use the same key string
as the sender or the authentication process fails.
Complete the fields in the Send/Receive Key panel as follows:
• In the First part field, type the first 16 characters of the key
• In the Second part field, type the second 16 characters of the key.
If session authentication fails, then the session is aborted and an error event is generated.
• On windows: C:\Windows\system32\drivers\etc\services
• On UNIX: /etc/services
At installation time, five connection identifiers are defined in your services file:
MPconn1 5101/tcp
MPconn2 5102/tcp
MPconn3 5103/tcp
MPconn4 5104/tcp
MPconn5 5105/tcp
The connection identifier is the string in the left-hand column, for example, MPconn1. The right-
hand column specifies the logical port number and protocol type associated with that port.
The port number is used on both sides of the connection, that is, the system on which Alliance
Access is running, and the system on which the message partner is running. When Alliance
Access or a message partner starts a session, the other side must "listen" to the correct port for
an incoming request.
Important If you change a port number, for example, 5101, then you must inform the relevant
message partner about the change.
• To Message Partner
2. In the Profile tab and select the connection method WebSphere MQ.
4. If you selected To Message Partner, then you can select the following options, if required
and appropriate:
Transfer PKI Signatures To transfer PKI signatures Not available for selection.
when sending FIN messages to PKI signatures are always
this message partner. transferred for XML version 2.
Back-office applications must
be ready to receive and store
PKI signatures.
Always transfer MAC/PAC Alliance Access adds a dummy value (00000000) if a back-office
application requires MAC/PAC trailers but the message does not
contain them.
This option supports back-office applications that require MAC/
PAC trailers.
• Automatic, if you want the communication session with the message partner to start
automatically. The Alliance Access servers must be running and the message partner
enabled. Automatic sessions cannot be run on the Workstation machine.
If you select Automatic, and the Allowed direction is:
– "To Message Partner" - the Run Output session panel becomes available.
– "From Message Partner" - the Keep Session Open option is selected automatically.
6. Enter the names of the following items, or leave the fields blank to use their default values:
• Queue Manager Name - the name of the WebSphere MQ queue manager where the
WebSphere MQ queue is defined
• Error Queue Name - the name of the MQ Error queue. If you leave this field empty, then
the default error queue is used.
You can enter names of up to 48 characters in length.
Note If you do not specify the Queue Manager Name and Queue Name, then you
can create a message partner profile, but you cannot enable it. You must add
values in these fields before you can enable the profile.
7.
Parameter Purpose, if selected Notes
Use MQ Descriptor To send the Alliance If you clear this option, then the MQ Message
Access information in Data part carries the Alliance Access
the MQ Message information.
Descriptor to the For more information, see "MQ Message
message partner Descriptor" on page 623.
8. If you select Keep Session Open, then Alliance Access automatically recovers a failed
connection with WebSphere MQ.
For more information about recovery of the WebSphere MQ connection method, see
"Recovery of a WebSphere MQ Connection" on page 631.
9. Use the Run Output Session panel to define how you want the session to start, by
specifying either:
The number of messages that In the Number of messages = field, type the number of
are queued at the assigned exit messages that must be queued to trigger a session.
point(s)
One or more specific times of the In the Or at (hh.mm) field, enter the time at which the
day automated sessions must start. After you specify a start time,
click the transfer button to add the time to the list box. You can
add several times. The activation list displays the times at which
automated sessions are scheduled to start.
To start a session automatically, you can combine the criteria of "number of messages
queued" together with a specified time. For example, you can specify that the session must
start after ten messages are queued, or at 10:00, 11:00, and 12:00.
This setting would result in the following:
• a session starts between 10:00 and 11:00 each time that ten or more messages are
queued
10. If you are defining the message partner profile to exchange information over FileAct (using
Revision 2 or 3 of XML version 2), then configure the following parameters as appropriate:
• From Message Partner - Reception tab. See "Specifying the Reception Parameters" on
page 285.
• in case of reception by the back-office application, the maximum number of messages that
are still waiting for the back-office application to acknowledge them
For more information, see "Window Size" on page 596.
• To Message Partner
The data format is always XMLv2 for message partner profiles that use SOAP:
3. Type a value for the required message window size in the Window Size field.
• 2
• 3
5. If you are defining the message partner profile to exchange information over FileAct, then
configure the following parameters as appropriate:
6. Select the FIFO option, to specify that Alliance Access receives the messages from the
back-office application to be added in First In First Out (FIFO) order.
This option appears when you select From Message Partner or To & From Message
Partner.
• To Message Partner or To & From Message Partner - Emission tab. See "Specifying the
Emission Parameters" on page 281.
• From Message Partner or To & From Message Partner - Reception tab. See "Specifying
the Reception Parameters" on page 285.
• specifying the emission format for messages using the CAS, MQ-MT, or XML version 2 data
formats
The fields that are available in the Emission tab depend on the connection method and data
format that you select in the Profile tab.
Field descriptions
Exit Points
Select the exit points where the messages for sending are located, as follows:
• Selected - displays the exit points that are assigned to this message partner.
• Available - displays all exit points which are not currently assigned to this and other
message partners.
Routing code transmitted
Select this option, to transmit the routing code to the message partner. The routing code is
specified in the routing rules for the routing point that is associated with the Exit point.
For more information, see "Routing Code Trailer" on page 541.
Message emission format
Only displayed for messages using the CAS, MQ-MT, or XML version 2 data formats.
Select:
• Complete Text to output headers and text in non-expanded layout, for example:
:20:12345
:32A:011212USD10000,
:50:John
:59:Jim
• Expanded to output headers and text. Only the message text is in expanded layout, for
example:
20: transaction reference number: 12345
32A: value date, currency and amount
Date: 12 December 2001
Currency: USD (US DOLLAR)
Amount: - #10,000.#
50: ordering customer: John
59: beneficiary customer: Jim
Notification emission
• Send original message - used to include the original message in the notification message.
For more information, see "Specifying the Notification Content" on page 284.
• Format of original message - used to select a format for the original message. For more
information, see "Specifying the Notification Content" on page 284.
Transfer UUMID
If you select this option, then Alliance Access transfers the UUMID with the message to the
message partner.
This option is only available for the data format MQ-MT.
Include TRN
Select Include TRN to send the transaction reference number of the original message to the
message partner.
This option is only available for the data format MQ-MT, and if Send Original Message is not
set to Always.
Remove S-Block
Select Remove S-Block to remove the S-Block from the MQ Message Data part of the
message, which is transferred over FileAct to the message partner. The S-block is also
removed from the original message if it is transferred.
This option is only available for the data format MQ-MT.
Include all FIN blocks
Select this option for FIN messages, to include all the FIN blocks (Block 1, 2, 3, 4, and 5) in the
Body element of the XML version-2 message. If you do not select this option, then only the FIN
block 4 is included in the Body element of the FIN message. The blocks are base-64 encoded.
This option appears if you select revision 3 of XML version 2.
2. Select the required exit point, and then click transfer button to move it to the Selected list. If
you select the Add or Modify menu option, then the selected exit point(s) are assigned to
the message partner.
Note All default exit points (exit queues) are described in Appendix C, "Queues and
Message Processing Functions" on page 394.
• Complete Text: send the header and the message text in NIF, MQ-MT, or XML (version 2)
format
• Expanded: send the message text in NIF, MQ-MT, XML version 2, or network output format
(SWIFT). Only the message text is in expanded layout. For an example of expanded text, see
"Message emission format" on page 282.
When using connection method WebSphere MQ with data format XML version 2, this option
has no effect.
• Format of original Message - only used for messages in MQ-MT or XML format.
• For example, such message partners may be a group of individuals within a bank
delegated to reconcile network acknowledgements received for each individual message
sent. For this purpose, they need a copy of the message.
• When message modified: include a copy of the original message if the message is
modified in any way.
• Never: do not include the original message with any notification. The headers of the
original message are always included.
2. The Format of original message field is used to specify how much content of the original
message is included in the notification.
This field applies when Send original message has a value that is not Never.
Select from the following options:
• Expanded: send the header and the message text. Only the message text is expanded
layout
• Minimum Info: send minimum information needed for traffic reconciliation with the
message partner. This option is only available for the XML version 2 data format.
The information provided is based upon the following attributes of the message:
– format
– sub-format
– sender address
• permission profile governing the actions that can be applied to the incoming message
Field descriptions
Validation level
Select the level of validation that you want performed on the text block of each input message.
For more information about the validation levels, see "Levels of Validation" on page 544 and
Appendix E, "Message Validation and Disposition" on page 543.
Profile name
Select a security definition profile. The entitlements and permissions of this profile allow the
message partner profile to create and route input messages within Alliance Access.
Note The creation of messages by a message partner is subject to the restrictions that
are defined in the SDA profile that is assigned to the message partner, and not the
profile assigned to the operator who starts a session under Application Interface.
• Abort on Rejection aborts a session if an error occurs. The file is moved into the "FTAError"
directory and an event is recorded in the Event Journal.
The reference is included as part of the S block of the ACK or NAK, and contains the following:
Disposition
The Disposition field is used to determine the default message disposition to be applied to
messages during an automatic input session. It is used together with the Message in field. If
Route is selected, then the current routing rules at AI_from APPLI handle the message.
Report Format
This option is available only for the WebSphere MQ connection method with the data format
MQ-MT.
Selecting one or several of the following items allows you to include them in a report message:
• Transfer UUMID - Alliance Access transfers the UUMID with the message
• Original Message - Alliance Access appends the original message request to a notification
• Validation Error Code - Alliance Access includes an error code in a response message if an
error occurred during processing.
• Dispose: Dispose the messages in the message preparation queues as specified by the
message in field.
The message in field is used to select the queue to which a message is to be disposed. This
is only used when the Dispose option is selected. Available queues are:
– Modification (MP_mod_text)
– Verification
– Authorisation
– Ready-to-send
• Route: this is the default value for this field. Messages are routed according to routing rules
specified at the AI Inbound queue. Security bypasses in the permission profile are
disregarded.
Note Permission to bypass the verification and authorisation stages is provided by the
message partner profile. This becomes not valid when the Route option is
selected.
The unit is assigned to the message before the message is routed or disposed to a queue. The
assignment of a unit is not binding, a different unit can be assigned to the message by the
routing rules.
For more information about assigning a unit, see "Defining Units" on page 78.
• Abort on Rejection: abort the entire session if any errors occur in validation. If this is an
automatic session, then the message file is moved into the `FTAerror' directory and a record
is made in the Event Journal application (EJA).
• Continue on Rejection: do not abort the session if errors occur which are specific to the
following.
The errors can be of the following types:
When Continue on Rejection is selected, and the message is flagged as modifiable, erroneous
messages are passed to the MP_mod_text queue for manual recovery. If the message is
flagged as not modifiable, then the message is completed and a record is made in the Event
Journal.
Using the content of the "REF:" trailer, the mainframe application sending the batch file can
reconcile the ACK or NAK for each message and notify the originator.
There are only two options available from this button:
• All destinations
• All currencies
• Permission to bypass message verification. This becomes relevant when the Dispose option
is selected from the Disposition field.
Note that in the selected profile, it is possible to prohibit or permit the bypass of verification
based on messages of certain currencies or/and certain "MTXXX" types. It is not possible to
prohibit or permit bypassing verification based on the amount.
• Permission to bypass authorisation. Note that in the selected profile, it is possible to prohibit
or permit the authorisation of messages of certain currencies or/and certain "MTXXX" types.
It is not possible to prohibit or permit bypassing authorisation based on the amount.
This profile 'MsgPartner' is not locked - it may be changed with the Security Definition
application. In this way, it may be used to permit or deny actions according to the nature of the
message partner and its relevance to Alliance Access.
Note that the following permissions of the message partner profile are always checked at the
creation of a message:
• Own destination
• Message type
• Bypass verify MT
• Bypass auth MT
The message is authenticated by an algorithm which uses a secret key - the authentication key.
The authentication value is placed in the block S of the message and is identified as the Local
Authentication trailer. For CAS NDF/NIF formatted messages, it is placed in the Application
Protocol Data Unit (APDU) field - apduLocalAuth. For XML formatted messages, it is placed in
the Data Protocol Data Unit field - DataPDU, just before the XML declaration. Upon receipt of
the message, the Application Interface re-authenticates the message using the same local
authentication key as the message partner. There is only one local authentication key per
message partner.
Local Authentication parameters are set in the Authentication tab.
For a description of the fields displayed in this window, see "Authentication Tab" on page 293.
Unidirectional and bidirectional keys are both made up of two parts - a first part and a second
part. This is done to meet the requirement of users that want to have dual control on the
maintenance of local authentication keys for security reasons. The permission to add/modify/
remove the first part of the local authentication key can be granted to one operator whilst the
same permission on the second part can be granted to another operator.
Other types of keys used in Alliance Access, that is, session keys, and so on, are split in a
similar manner to address the same security concerns. If you want to grant individual
permissions on each part of the local authentication key, then use the Security Definition
application (SDA). If you do so, then two separate operators are required to enter the complete
key.
Field descriptions
Unidirectional
Select this option to use different keys to authenticate input and output messages.
Bidirectional
Select this option to use the same key to authenticate input and output messages. This option is
only available when the allowed session direction is To & From Message Partner.
Send Key
These fields are available when the allowed session direction is To Message Partner or To &
From Message Partner. Type a send authentication key and pass it to the back office. The key
is used by the back office to check the unique values in the Local Authentication trailers of
messages during file output. If the text of these messages is complete, then the unique value is
reproduced and the messages pass local authentication. The back office must decide how
authentication failures are handled.
Receive Key
These fields are available when the allowed session direction is From Message Partner or To
& From Message Partner. Type the receive authentication key that is provided by the back
office. The key is used to check the unique values in the Local Authentication trailers of
messages during file input. If the text of these messages is complete, then the unique value is
reproduced and the messages pass local authentication. If a single message fails
authentication, then the entire file is aborted. The aborted file is moved to the Error directory.
Send/Receive Key
This field is available when the bidirectional key type is selected. The receiver of the messages
at either side must use the same key as the sender.
2. If authentication is required, then select Local authentication required. When this option
is selected, two additional check boxes appear for to select between unidirectional and
bidirectional communication sessions.
21.12.2.1 Unidirectional
Overview
Unidirectional communication uses two keys: one for authenticating sent messages, the other
for supporting the authentication of received messages.
For security reasons, each of these keys is subdivided into two halves:
• Send Key
• Receive Key
Note For the WebSphere MQ Connection method, you can select only unidirectional
option.
Send Key
This string of characters is the local authentication key used to authenticate a message sent.
The two parts together form a 32-character hexadecimal string (if the data format that you select
is XML, see "XML Selected as Data Format " on page 295).
The two parts must be entered as follows:
Receive Key
This string of characters is the local authentication key used to validate the authentication result
of a message received. The two parts together form a 32-character hexadecimal string (if the
data format that you select is XML, see "XML Selected as Data Format " on page 295). The
receiver of the message must use the same key string as the sender or the authentication
process fails.
The two parts must be entered as follows:
The Receive Key field appears when the Allowed direction button is set to From Message
Partner or To & From Message Partner.
21.12.2.2 Bidirectional
Send/Receive Key
Bidirectional communication uses only one authentication key. This key is used both to
authenticate sent messages and to corroborate the authentication of received messages.
The Send/Receive Key is the local authentication key that is used when sending and receiving
messages. For security reasons, this key is subdivided into two parts, which together form a 32-
character hexadecimal string (if the data format that you select is XML, see "Rules for Local
Authentication key" on page 295). The receiver of the message at either side must use the
same key string as the sender or the authentication process fails.
With the Send/Receive setting, the sender passes the key to the receiver as an external
operation. In fact, it does not matter who produces and passes the key just as long as the two
parties are using the same key when a transmission is started. If local authentication fails then
the session is aborted and an error event is generated.
Complete the parts of the Send/Receive Key as follows:
• A string of exactly 16 US-ASCII printable characters (from characters 32 to 126) that include:
– A-Z
– a-z
– 0-9
• The key must contain at least one upper-case and one lower-case alphabetic character
• The number of occurrences of the same character must be equal to or less than half the
number of characters in it, minus one.
Note Auto-recognition must not be used for Message Partners with local authentication
defined and the data format is XML.
2. Make any necessary changes to settings in the profile. When finished, select Modify from
the Message Partner menu. It is important to remember to do this before re-enabling the
profile.
3. Re-enable the profile. For details, see "Enabling a Message Partner Profile" on page 296.
2. Select Disable from the Message Partner menu. The Status attribute displayed in the
Message Partner view changes to Disabled. The profile must be re-enabled before it can
be used in a communication session.
2. Select Enable from the Message Partner menu. The Status attribute displayed in the
Message Partner view changes to Enabled.
For more information about running and managing a communication session with a message
partner, see "Managing Message Exchange Sessions" in the Daily Operations Guide.
• You cannot remove a message partner profile while it is assigned to an exit point
• All routing rules must be checked to see whether the message partner (keyword "Src_entity")
is referenced in the trigger condition criteria. For more information, see "Routing Rules" on
page 318.
Note Since the name of the message partner is used for recovery purposes during
Alliance Access startup, a message partner may not be removed and re-created
with the same name until all messages sent or received by the initial message
partner have been archived.
• When back-office applications send to Alliance Access FIN messages with as sender logical
terminal, the code "X", Alliance Access validates the messages with the Message Syntax
Table set as default Live or default Test & Training, and then distributes these messages
over the logical terminals available for input. The actual logical terminal used to send the
messages is logged within the emission appendix of these messages.
• Through the System Management application, Alliance Access also provides a facility to
automatically allocate a logical terminal to FIN messages independently from the original
logical terminal sender: messages received from message partner applications may be
transmitted by a logical terminal other that the one specified in the message.
In both features, the acknowledgement message returned to the message partner application
may also not match that of the sender logical terminal.
If the message partner uses the sender logical terminal for message reconciliation rather than
the destination, then errors in the back-office application may result. Automatic logical terminal
allocation must not be used in this case.
Users that already have a back-office application that implements load balancing may
experience a negative impact on performance and must ensure that the LT load balancing
parameter is turned off.
• Configuration 1: The need to run batch sessions with the same message partner one at a
time.
• Configuration 2: The need to run batch sessions with more than one message partner at a
time, together with the need to perform message search in the Message File application
(MFA), based on the names of message partner profiles.
• Configuration 3: The need to keep input and output batch files in separate locations.
• Configuration 4: The need to run interactive sessions using the CAS protocol.
21.15.1 Configuration 1
Overview
If you only need to run manual batch sessions one at a time, then you can confine yourself to
using a single message partner profile. In this profile, the connection method specifies that
Allowed direction is set to To & From Message Partner, so at session establishment time,
you have to be more specific about the session direction and specific message file.
Profile: mp3
D0540056
With this method, there is only one profile for each message partner, however you can use the
Output path name field to specify the destination of output messages (to message partner) and
the Input path name field to specify the location of input messages.
21.15.2 Configuration 2
Overview
If you want to run a batch input session and a batch output session concurrently, then you must
create separate input and output profiles. Using a separate profile for each message partner
can also help you to search and locate a message in the message file, for example, a search
using the Message File application based on the attribute field "Session Holder".
In the output profile, the Allowed direction field is set to To Message Partner and in the input
profile, this field is set to From Message Partner. At session run time, you only have to specify
the name of the message file.
D0540057
mp1 mp2
• Output_mp2.
Note You cannot have batch sessions with the same message partner concurrently, that
is, transmit and receive messages in the same session.
21.15.3 Configuration 3
Overview
If you want to keep input and output batch files in separate locations, then you can use the
same configuration as described in "Configuration 2" on page 299, with the following additions:
• For input, specify the required input directory on your file system in the Input path name field
of the Profile tab.
• For output, specify the required output directory on your system in the Output path name
field of the Profile tab.
21.15.4 Configuration 4
Overview
The Interactive connection method enables the concurrent transmission and reception of
messages with a message partner.
For this bidirectional communication, you only need one profile, but remember that the Allowed
direction must be set to To & From Message Partner.
Profile: Interactive
"To and From..."
Message Partner
D0540059
21.16 Configuration for Sanctions Screening over
SWIFT
Overview
This section provides an overview of the configuration tasks that are required before Alliance
Access can support the screening of messages as part of Sanctions Screening over SWIFT.
For more information about how Sanctions Screening works, see the Sanctions Screening over
SWIFT Service Description.
• A string in an MT message matches an element of your selected sanctions list. In this case,
the result is one of the following:
• message search
The Message Details - Header tab displays the following warning message: Sanctions
screening - Message blocked.
Depending on the value of the configuration parameter Display/Print FIN User Header, the
Message Details - Text tab displays block 3 of MT messages.
• message print
The first sentence of the warning header contains the following: Sanctions screening -
Message blocked.
Depending on the value of the configuration parameter Display/Print - FIN User Header, the
printed report of the Message Details displays block 3 of MT messages.
Configuration tasks
1. Change the value of the configuration parameter, Display/Print - FIN User Header to
always display block 3 in the Message details, and to always print block 3.
For more information about the configuration parameters, see "Display/Print" on page 164.
2. You can define conditional routing rule using the keyword FIN_user_header to route any
message that Sanctions Screening over SWIFT flags as a true hit.
For more information about message keywords, see "List of Message Keywords" on
page 331.
• from scratch
Column descriptions
Name
The name of the exit point.
Assigned to MP
Indicates the currently selected message partner.
Processing Order
Shows the value of the "Processing Order" field.
Field descriptions
Exit point
The name of the exit point.
Queue threshold
The number of messages that may be present in the exit point before an alarm is generated.
Assigned to message partner
Shows the current message partner assigned to this exit point (if one is assigned) and lists all
available message partners.
Processing Order
The order in which messages are processed. Two values are possible: "FIFO" or "Priority". The
default value is "FIFO".
• from scratch
• If using an existing exit point as a template, then select New As from the Exit Point
menu. The details window for the selected exit point opens.
• If creating an exit point from scratch, then select New from the Exit Point menu. An
empty Exit Point Profile window opens.
3. Type the name of the new profile in the Exit Point field.
4. Insert a value for the queue threshold by typing in an integer value in the Queue
Threshold field. This field determines the number of messages that may be present in the
exit point before an alarm is generated.
5. Assign the exit point to a message partner, in the Assigned to message partner field.
Select the required message partner from the list.
When a message partner is already assigned in this field, selecting another message
partner breaks the existing connection and assigns the new message partner. Only one
message partner may be assigned to an exit point at any time.
Note Associated message partners must be disabled before changing an exit point
assignment.
6. Select the order in which messages are processed, in the Processing Order field. Two
values exist: "FIFO" or "Priority".
Note By default, a new exit point is used in all defined routing schemas, see "Routing
Schemas" on page 314. By default, all exit points are valid routing targets for
routing points.
Procedure
The following steps outline briefly what you have to do:
1. Sign on in the required mode. If you want to modify the routing rules attached to the "active"
routing schema and the default action for a routing point, then you must sign on in
housekeeping mode (for more information, see "Starting, Stopping, and Restarting the
Servers" on page 71). If you are making a duplicate of the "active" schema and you are
making the changes to this, then you can sign on in operational mode.
3. If you want to modify the default routing of the new exit point, then select it from the
Routing Point view. In the Routing Point details window, modify the default routing (for
more information about modifying routing, see "Message Routing" on page 314).
4. Return to the Routing application main window and select the routing point from the
Routing Point view that will route messages to the new exit point.
5. In the Routing Point view, select the routing rule(s) that will route the message to the new
exit point and modify the rule(s), or add a new rule to the routing point. For more
information about modifying a routing rule, see "Routing Rules" on page 318.
6. Repeat this for other routing points which will route messages to the new exit point.
7. Ensure that the routing rules are assigned to the routing schema which is to be "active".
8. Approve and Activate the routing schema. For details, see "Approving and Activating
Routing Rules" on page 326.
9. If you are currently running in Housekeeping mode, then switch the system back to
Operational mode.
• the exit point is not referenced by any existing rule in the current routing schema
2. Select the exit point from the Exit Point view in the main window.
3. Open the Exit Point pull-down menu and select Remove. The exit point is removed from
the system.
23 Configuring Queues
Introduction
This section describes how to configure the Alliance Access queues using the System
Management application.
For information about the default queues in Alliance Access, see Appendix C, "Queues and
Message Processing Functions" on page 394
To display queues:
1. Run the System Management application.
Queues are listed by assigned function, whether a queue is an exit point, and current state.
You can choose not to display these options by selecting View from the Queue view. If you
select Save Current Settings from the File menu, then all your current settings are saved.
The next time that you start the System Management application these settings are
displayed automatically.
The number of queues listed is dependent on whether you are using a high-speed or low-
speed connection. If more than the defined number of queues are present, then there will
be more than one list.
To navigate between queue lists:
2. The Queue Details window has two tabs, General Info and Routing Info, that can be
selected to see details about a queue. When the Queue Details window opens, the
General Info tab is shown.
3. Click the Routing Info tab to display information about the routing rules associated to
routing points and about the valid routing targets.
For a description of the fields displayed in this window, see "Queue Details Window -
Routing Info Tab" on page 310.
Field descriptions
Name
The name of the queue.
Exit Point
Indicates whether the queue is an exit point.
An exit point is a special routing point linked to a network application (for example, APPLI),
which can be assigned to a message partner for delivering messages to banking applications,
individuals or various departments in the bank.
Function assigned
The name of the message processing function (MPF) assigned to the queue. Each MPF
performs a specific process on the messages in the queue.
Instances in queue
The number of message instances in the queue.
Instances reserved
The number of messages in the queue that are being processed by a Message Processing
Function (MPF).
Queue Threshold
The number of messages that can be held in the queue before an alarm is broadcast.
Queue State
The queue can be held or released. If the queue is held, then messages in it cannot be
processed by the associated MPF.
Field descriptions
Rules at this RP - Modify Rules Allowed
This parameter determines whether the routing rules associated with this routing point can be
modified using the Routing application.
For more information about the default settings for routing rule modification, see Appendix B,
"Default Settings" on page 389.
Rules at this RP - Display Rules Allowed
This parameter determines whether the routing rules associated with this routing point are
displayed using the Routing application.
When a queue is not visible to the Routing application, then queue modification is also denied.
For more information about the default queue visibility, see Appendix B, "Default Settings" on
page 389.
Note All exit points are considered as valid routing targets and are therefore not
displayed in the Available/Selected panels.
2. From the Queue menu, select Hold or Release. Only one of these options is available,
depending on the present state of the queue. After a few moments, the state of the queue
changes to the selected state.
Note Only queues which process messages can be held. Queues which create new
messages cannot be held (for example, _SI_from_SWIFT, _AI_from_APPLI).
2. From the Queue menu, select New. The Queue Details - New window appears.
4. Select Add from the Queue drop-down menu. The new queue is added to the Queue -
System Management window list.
Note User-defined queues can only be removed if no instances are in the selected
queues and if the queue is not used by any routing rule. If the selected set of
queues also contain non-user-defined queues, then the Remove command is not
available.
3. From the Queue drop-down menu select Remove, or press Ctrl + R. The System
Management - Removing Queue window appears.
24 Message Routing
Introduction
This section describes how to route messages.
• keywords.
Routing schemas are used to group routing rules for activation within the system. Each routing
rule may be a member of several schemas, or belong to none. However, only rules that belong
to the "active" schema are used for processing (only one schema can be active at a time).
When setting up routing rules, you must first define a routing schema. Keywords must be set up,
if user-defined keywords are required, and then linked to a particular Message Syntax Table.
Keywords are used to simplify the definition of a trigger condition for routing rules. Routing rules
must now be set up, conditional statements defined, and the rules assigned to the routing
schema. Note that routing rules must be placed in the order they are to be applied. When all this
is complete, the routing schema must be "approved" and then made "active".
The tasks associated with message routing are performed using the Routing application.
• duplicate an existing routing schema to modify "active" routing rules, without having to restart
the servers in housekeeping mode.
2. From the View menu, select Routing Schema. The Routing Schemas window appears,
displaying the list of defined routing schemas.
3. Click the active routing schema that you want to modify, for example, A.
4. From the Routing Schema menu, select Duplicate. The Routing Schema Duplicate
window appears.
6. In the Routing Schema menu, select Add. All rules that are used by the source schema
(for example, A) are now added to the duplicate schema (for example, B).
7. From the View menu, select Routing Point, and open the routing point for which you want
to modify the routing.
8. From the Routing Rule panel, click the routing rule that you want to modify.
10. Change the proposed sequence number to a number just preceding the sequence number
of the rule that you have just copied (for example, if it was rule number 100, give it a
sequence number of 99).
11. In the Description field, type a description of the routing rule. In the Used in Routing
Schema(s) list pane, only the duplicate schema (for example, B) should be displayed in the
Selected list pane.
13. From the Routing Rule panel, open the original routing rule that you have just copied (for
example, 100).
14. In the Used in Routing Schema(s) panel, move the duplicate schema (for example, B)
from the Selected list pane to the Available list pane.
18. Approve and activate the duplicate routing schema (for example, B). For more information,
see "Approving and Activating a Routing Schema" on page 316.
For more information about creating and assigning the routing rules associated with a
routing schema, see "Routing Rules" on page 318.
2. From the Routing Schema menu, select Approve to change the status of an "unapproved"
routing schema to "approved".
3. From the Routing Schema menu, select Activate to make the routing schema active.
• to assign routing keywords to message types using the SWIFT Support application
• when creating a conditional routing statement using the Criteria Definition window.
2. From the View menu, select Routing Keyword. The Routing Keywords window appears,
displaying the list of user-defined routing keywords.
3. From the Routing Keyword menu, select New. The Routing Keyword New window
appears.
5. In the Description field, type a free text description of the keyword. For example, you can
describe how the keyword will be used.
7. Click Add .
After defining a new routing keyword, the Keyword must be assigned to a Message Syntax
Table, a Message Type, a Message Field, or even Message sub-field.
• "Trigger" conditions that determine whether the rule actions are to be applied to a message
instance
• Actions to be carried out on the message instance if the trigger conditions are met.
Note To modify rules, add rules, or delete existing rules of the active routing schema,
the Alliance Access servers must be restarted in Housekeeping mode. Once a
change is made to the routing rules and assigned to a particular schema, the
schema is deactivated. You must reactivate it before the servers can be
restarted in Operational mode. For more information about activating a schema,
see "Approving and Activating a Routing Schema" on page 316.
To change a schema that is already "active" without switching to Housekeeping
mode, you must duplicate the schema and make changes to the duplicate. This
allows you to modify routing rules in Operational mode. To apply the changes
you have made to the routing rules, the duplicate schema must be made active.
2. Run the Routing application. The Routing Points window appears, displaying the list of
available routing points.
Note Only queues that can be viewed and modified by the Routing application
appear in this window. For more information, see "Configuring Queues" on
page 307.
These options can be set in the System Management application.
3. From the main Routing Points window, double-click a queue, or click a queue to select it,
and from the Routing Point menu, select Open. Note that a new menu called Routing
Rule is added to the menu bar when you open a queue. The details of the selected routing
point appear.
4. From the Routing Rule menu, select New to create a routing rule. Alternatively, select a
rule from the Routing Rule list pane, and from the Routing Rule menu select Open or
New As, to change an existing rule. The Routing Rule Details window appears.
6. Any rules that have message criteria must be validated to ensure that the entry on the
Message On field is valid. To do this, select Validate from the Routing Rule menu.
Example
Field descriptions
Routing point
The name of the routing point where the displayed rule is active.
Sequence number
The "order of activation" of the displayed rule in the set of rules for this routing point. Use this
field to specify the sequence number of the rule in the routing table.
By default, the first routing rule is given the number 100 and each subsequent rule added is
given a number incremented by 100.
Description
A brief description of the rule.
Used in Schema(s)
Assigns this routing rule to the selected routing schemas. The Available list contains a list of all
the routing schemas in Alliance Access. Selecting one or more schemas from this list pane and
clicking the appropriate Transfer button switches the selected schemas to the Selected list. The
routing rule is now assigned to all schemas in the selected list.
Field descriptions
Condition on
Select from the following:
• Always: allows you to define an action that is always performed if none of the previous
routing rules have been positively evaluated and original completed. The Function Result
and the Message panels are not available.
• Function Result: opens a transfer list pane. For more information, see "Function Result" on
page 322.
• Message: opens a text input field where conditional statements referring to specific message
attributes can be built. For more information, see "Message" on page 323.
• Function Result and Message: opens the Function Result transfer list pane and Message
text input field. For more information, see "Function Result" on page 322 and "Message" on
page 323.
Function Result
The routing result that the assigned MPF can return for a message instance. The Available list
contains a list of all processing results the MPF can return. Selecting a result from this list pane
and clicking on the appropriate transfer button switches the result to the Selected list. The
selected result now becomes a trigger condition for the rule. You may select more than one
processing result from the Available list pane. The routing action is performed if one of the
processing results specified in the trigger condition matches the processing result returned by
the MPF.
A function result of Success means that the transmission was successful (not authentication).
Message
This field is used to build one or more conditional statements. A conditional statement is a rule
criterion based upon a list of approved message attributes called keywords.
Each conditional statement constructed in this field must follow a predefined syntax which uses
keywords and Boolean operators. Help on creating a conditional statement using this syntax is
available by using the Assist command. For more information about building a conditional
statement, see "Using the Criteria Definition Window" on page 328.
Field descriptions
Action on
To specify what actions are triggered when conditional criteria are satisfied. An action is
directed towards the source instance or a new instance or both. The Action on option button is
used to select the type of message instance which will be the target of the rule action.
The possible values are:
• Source and New Instance: opens the New Instance and Source Instance sub-panels.
Source Instance
This sub-panel is used to specify the target routing point of the source. It also allows you to
define the type of intervention that you want to append to the instance, and to change the unit
assignment of the instance.
Action
Specifies the action to be taken on the source instance. If an action is taken on the source
instance then no further rules are tried.
The options are:
• Complete, the life cycle of the message is finished. No further processing is required.
• Route to, specifies the target routing point of the source instance. Select a routing point from
the list of valid targets.
• Free Formatted Intervention, selecting this option opens a text input data field where you
can input the text of the intervention.
Unit
Select from:
• Keep current, if you do not want to change the current unit assignment.
Routing code
The routing code that the Routing application adds to a message instance, when the routing
rule is applied. This code is transmitted to a back-office application (that is, a message partner)
for routing purposes within that application.
If the message is to be sent to the back office using the CAS protocol, then the length of the
routing code must be no more than six characters.
Priority
Select:
• Keep current, if you do not want to change the current Instance Priority value
• a new value for the Instance Priority. The possible values are: 1 (Highest), 2, 3 (System), 4, 5
(Urgent), 6, 7 (Normal), 8, 9 (Lowest).
New Instance
This sub-panel is used to create and specify the destination and intervention text for new
instance (notifications and copy instances).
Type
Select from:
• Copy: a copy instance must always be routed to another routing point, or to an addressee
– Transmission, to indicate that the instance has been sent over a network
• Route to, specifies the target routing point of the instance. Select a routing point from the list
of valid targets.
Append intervention
You may select from:
• Free Formatted Intervention, selecting this option opens a text input data field where you
can input the text of the intervention.
Unit
Select from:
• Assign To, to assign one of the approved units to the new instance
• Keep current: use this option if you do not want to change the current unit assignment.
Note Notifications always inherit the unit assignment of their original or copy instance
and this cannot be changed, therefore only Keep current can be selected.
Routing code
The routing code that the Routing application adds to a message instance, when the routing
rule is applied. This code is transmitted to a back-office application (that is, a message partner)
for routing purposes within that application.
If the message is to be sent to the back office using the CAS protocol, then the length of the
routing code must be no more than six characters.
Priority
Select:
• Keep current, if you do not want to change the current Instance Priority value
• a new value for the Instance Priority. The possible values are: 1 (Highest), 2, 3 (System), 4, 5
(Urgent), 6, 7 (Normal), 8, 9 (Lowest).
Note An active schema must exist to start the servers in Operational mode.
Note When a new routing rule is added to a user-defined queue, the Condition On field
(within the Condition tab) defaults to Always. However, if the Function option is
selected, then the Function Result Available and Selected boxes are displayed
without a routing result.
2. From the View list menu, select Queue. The Queue-System Management window
appears.
3. From the Queue list menu, double-click the user-defined queue. The Queue Details
window appears.
4. Select the Routing Info tab and select the Modify Rules Allowed and Display Rules
Allowed check boxes.
7. Close the Queue Details window and the Queue - System Management window.
8. Run the Routing application. The Routing Points - Routing window appears.
10. From the Routing Point list menu, select Open, or press Ctrl + O to display the relevant
user-defined queue's routing details.
2. From the View list menu, select Queue. The Queue - System Management window
appears.
4. From the Queue list menu, select Remove, or press Ctrl + R. The System Management -
Removing Queue window appears.
• Keywords
• Operators
• Boolean expressions
• Values, which vary depending on which keyword is selected. For example, if the keyword is
amount, the value must be numeric; if the keyword is currency code, the value must be a
currency code in the standard 3-character ISO format, and so on.
• The attributes of a message instance, listed as keywords. These keywords can be selected
and used with other operators and expressions to form a conditional statement.
To see the criteria definition window:
• From the Condition tab of the Routing Rule Details window, click Assist or select Assist
from the Routing Rule menu. The Criteria Definition window appears.
For a description of the fields displayed in this window, see "Routing - Criteria Definition
Window" on page 328.
Field descriptions
Keyword
A list of all approved message keywords that can be used to form a conditional statement. This
list contains all pre-defined keywords (see "List of Message Keywords" on page 331), and the
keywords that you have customised (see "Routing Keywords" on page 317). To display a
description for the keyword in the Keyword Description field, click a keyword in the list. To
select a keyword to use in a conditional statement, double-click the keyword. Depending upon
the keyword selected from the list, either a special input data field or a list pane appears in the
top right corner of the window.
In the case of a text input field, the type of input expected appears as a label above the field. In
the case of a list pane, it shows each of the values that may be assigned to the keyword. For
more information about the meaning of each keyword, see "List of Message Keywords" on
page 331.
Available Values
Appears after selecting a keyword. It displays each of the values that may be assigned to the
selected keyword. You can only make an assignment after selecting a relational operator from
the Operator buttons.
Operator
All relational and arithmetic operators that may be used within a conditional statement. Each
operator appears as a button. Clicking on any operator button inserts the operator at the cursor
position in the Criteria field. The available relational operators are:
• <
Term to the left of the operator is less than the term to the right.
• !=
Terms either side of the expression are not equal.
• >
Term to the left of the operator is greater than the term to the right.
• <=
Term to the left of the operator is less than or equal to the term to the right.
• =
Terms either side of the expression are equal.
• >=
Term to the left of the operator is greater than or equal to the term on the right.
• like
This operator is used to find a match between one character string and another. Permitted
wildcards are:
• +
Add terms either side of the operator.
• -
Subtract term to the right of the operator from the term on the left.
• /
Divide the term on the left of the operator by the term on the right.
• *
Multiply the term on the left of the operator by the term on the right.
String Value
The special characters that can be used within a conditional statement are:
• \n
New line
• \r
Carriage return
• \t
Tab
• \'
Single quote
• \\
Single backslash
Expression
The expressions that can be used within a conditional statement are:
• and
Logical "and" function.
• or
Logical "or" function.
• not
Does not equal.
• (
Establish precedence open parenthesis.
• )
Establish precedence close parenthesis.
Undo
Removes the last entry that was inserted in the Criteria field.
Clear
Warning Do not use the keywords, Date, Time, Amount, or Today, in a conditional
statement. These keywords are reserved for use by the system only.
Addressee_information
This keyword represents the Server-to-Receiver instructions and allows Alliance Access to route
on field 115 of block 3.
The content and the usage of this field depend on the FINCopy service provider.
Addressee_integrated_appl
This keyword represents the name of the network that receives the instance. For example,
SWIFT or APPLI.
Warning Do not use this keyword in the routing conditions of the _AI_from_APPLI queue.
Amount
This keyword represents the amount of currency.
The format for representing the amount is: 16 positions to the left of the decimal point (without
the thousand separators) and 6 positions to the right of the decimal point:
Warning Do not use the Amount keyword in a conditional statement. It is reserved for use
by the system only.
Note When you enter an amount, Alliance Access does not validate the value that you
enter.
Authentication
When Alliance Access receives a message, it authenticates the message. This keyword
represents the result of the authentication and it applies to incoming messages only.
The values are:
• Auth_Failure
• Bypassed
• Invalid_CertID
• Invalid_Digest
• Invalid_SignDN
• Not_Needed
• Sig_Failure
• Success
This keyword can be used for routing FileAct messages.
Authorisation_result
When Alliance Access receives a message, it checks that the message is authorised (if
authorisation is required for that message). This keyword represents the result of the
authentication and it applies to incoming messages only.
The values are:
• Autho_NotInValidPeriod
• Authorisation_Bypassed
• Authorisation_Failure
• Authorisation_NotEnabled
• Authorisation_NotNeeded
• Authorisation_Success
• No_Authorisation
• Not_authorised
Authorising_operator_name
This keyword represents the username of the operator that authorised the instance.
This keyword can be used for routing FileAct messages.
Banking_priority
This routing keyword allows Alliance Access to route a message on field 113 in block 3.
Business_area
This keyword represents the business area code of an MX or FileAct message.
Checksum
This keyword represents the result of the checksum algorithm for a message that Alliance
Access receives. This keyword applies to incoming messages only.
The value is: Chck_Failure.
Class
This keyword represents the class of the message.
The values are:
• Broadcast
• Message
• Template
This keyword can be used for routing FileAct messages.
Copy_recipient_DN
This keyword represents the recipient DN of the SWIFTNet Copy message or file.
This keyword can be used for routing FileAct messages.
Copy_state
This keyword represents the state of the SWIFTNet Copy service.
The values are:
• Active
• Bypass
• TCopyFallback
Copy_type
This keyword represents the type of the SWIFTNet Copy.
The values are:
• Full
Creating_application
This keyword represents the application that created the message instance.
This keyword can be used for routing FileAct messages.
Creating_mpfn
This keyword represents the message processing function that created the message instance.
This keyword can be used for routing FileAct messages.
Creating_operator_name
This keyword represents username of the operator that created the message.
This keyword can be used for routing FileAct messages.
Creation_date
This keyword represents the date on which the message instance was created.
The format is DD/MM/YYYY. For example, 22/02/2011.
This format is specific to the Routing application and has no relationship with the date format
used in the System Management application (SMA).
This keyword can be used for routing FileAct messages.
Creation_queue
This keyword represents the name of the queue where the message or message instance was
created.
This keyword can be used for routing FileAct messages.
Creation_time
This keyword represents the time the message was created.
The format is HH:MM:SS. For example, 08:15:30.
This format is specific to the Routing application and has no relationship with the time format
used in the System Management application (SMA).
This keyword can be used for routing FileAct messages.
Currency
This keyword represents the currency that is specified in the message. The ISO currency format
is used, for example, USD, GBP, EUR.
Note Alliance Access may extract the Currency value from the following fields of the
message text: 32A:,32B:, 32P:, 32R:, 32K:, 33A:, 33K:, 34A:, 34B: and
F68A
Delivery_requested
This keyword indicates whether a delivery notification was requested. The value of the keyword
is either true or false.
This keyword can be used for routing FileAct messages.
Disposition_address_code
This keyword represents a disposition address code and allows Alliance Access to route
messages based on the content of the routing code.
If the configuration parameter RTV Routing is set to ON, then this keyword automatically takes
the value RTV for retrieved messages.
Duplicate
This keyword indicates whether the message is a possible duplicate. This applies to incoming
messages only.
The values are:
File_logical_name
This keyword represents the logical name of the file.
This keyword can be used for routing FileAct messages.
File_size
This keyword represents the size of the file in bytes.
This keyword can be used for routing FileAct messages.
FIN_user_header
This keyword represents the complete FIN User Header (block 3) of an MT message.
You can use this keyword to route messages that are validated through the Sanctions service.
For example, you can configure a routing rule that routes the messages which Sanctions
Screening over SWIFT reports as true hits. In this case, the condition must check whether the
value of the field 433 contains a true hit, as follows, "%{433:/NOK/%".
Format
This keyword represents the format of the message, for example, Swift.
This keyword can be used for routing FileAct messages.
Full_text
This keyword represents the Message Text (Block 4 for SWIFT format) of a message. This
allows Alliance Access to route a message based on the content and the values in a message.
Warning Using this keyword dramatically reduces the overall performance of Alliance
Access.
Instance_type
This keyword represents the type of message instance.
The values are:
• Copy
• Notification
• Original
This keyword can be used for routing FileAct messages.
Last_operator_name
This keyword represents the username of the operator that last worked with the instance.
This keyword can be used for routing FileAct messages.
Live_mesg
This keyword represents the distinction between "live" or "test" messages. The value of the
keyword is either true or false.
This keyword can be used for routing FileAct messages.
Mesg_type
This keyword represents the FIN or System message type. Format is nnn.
Note No prefix is required, only the message type number must be entered. For
example, for an MT 103, enter 103, or for a QUIT message (APDU 05), enter 05.
Message Identifier
This keyword represents the message identifier.
This keyword can be used for routing FileAct messages.
Modifying_operator_name
This keyword represents the username of the last operator that modified the message text.
MUR
This keyword represents the Message User Reference.
MX_keyword_1
This keyword represents the first keyword for an MX message.
MX_keyword_2
This keyword represents the second keyword for an MX message.
MX_keyword_3
This keyword represents the third keyword for an MX message.
NAK_reason
This keyword represents a NAK reason code, which explains why the message was not
acknowledged. Alliance Access can perform additional routing based on this keyword, which is
applicable to messages sent over the SWIFT network.
Nature
This keyword represents the nature of the message.
The values are:
• Secure
• Service: MT 05 (QUIT)
Network_application
This keyword represents the SWIFT application that handles the message, for example, FIN,
APC, LTC.
This keyword can be used for routing FileAct messages.
Network_delivery_status
This keyword represents delivery status of the message to the network.
The values are:
• Network_Aborted
• Network_Acked
• Network_N_A
• Network_Nacked
• Network_RejectedLocally
• Network_TimedOut
• Network_WaitingAck
This keyword can be used for routing FileAct messages.
Network_priority
This keyword represents the priority of the message over the network.
The values are:
• System
• Urgent
• Normal
This keyword can be used for routing FileAct messages.
Non_delivery_requested
This keyword indicates whether a Non-Delivery Warning was requested. The value of the
keyword is either true or false.
Pac
This keyword represents the result of the secondary authentication that Alliance Access
performs on a message that it receives. This keyword applies to incoming messages only.
The values are:
• Auth_Failure
• Bypassed
• Invalid_CertID
• Invalid_Digest
• Invalid_SignDN
• Not_Needed
• Sig_Failure
• Success
Partial
This keyword indicates whether the message is a partial message. The value of the keyword is
either true or false.
Possible_duplicate
This keyword indicates whether the message is possibly a duplicate of another message.
This keyword can be used for routing FileAct messages.
Priority
This keyword represents the priority of the message instance within Alliance Access. The values
are 9 (lowest priority) through 0 (highest priority).
This keyword can be used for routing FileAct messages.
Receiver
This keyword represents the full 11-character BIC address (Institution Identifier) of the receiver
of the message.
If the message was input to SWIFTNet (Sub-format I), then the receiver is the correspondent to
whom the message is being sent. The field contains the correspondent's address.
If the message was output from the SWIFTNet (Sub-format O), then you are the receiver of the
message, which was sent by your correspondent to one of your own destinations.
This keyword can be used for routing FileAct messages.
Related_TRN
This keyword represents the related Transaction Reference Number. For SWIFT messages, this
is located in field 21 of the message text.
Requestor_DN
This keyword represents the Requestor DN of an MX or FileAct message.
Responder_DN
This keyword represents the Responder DN of an MX or a FileAct message.
Routing_code
This keyword represents free-format text to influence routing. The field can be manually filled for
a message in the Reception Modification Queue. When the configuration parameter RTV
Routing is set to OFF, the routing code is automatically set to RTV for a retrieved message.
The routing code has a maximum length of six characters.
The field is visible in the Message Instance Details in the Message File application.
This keyword can be used for routing FileAct messages.
RT_SNL_endpoint
This keyword represents the real-time SWIFTNet Link endpoint. It applies to incoming MX or
FileAct messages only.
Sender
This keyword represents the 11-character BIC address (Institution Identifier) of the sender of the
message.
If the message was input to the network (Sub-format = "I"), then you are the sender of the
message and your own address appears in the field.
If the message was output from the network (Sub-format = "O"), then the sender is the
correspondent who sent you the message and the sender address appears in the field.
This keyword can be used for routing FileAct messages.
Sender_reference
This keyword represents the message reference for messages that are entered by APPLI.
This keyword can be used for routing FileAct messages.
Service_name
This keyword represents the SWIFTNet Service to which an MX or FileAct message belongs.
SnF_queue
This keyword represents the name of the store-and-forward queue. This keyword applies to
incoming MX or FileAct messages only.
Src_entity
This keyword represents the name of the entity through which Alliance Access received a
message from a message partner.
Entity Value
Status
The keyword indicates whether the message is live or completed.
This keyword can be used for routing FileAct messages.
Sub_format
This keyword indicates whether the message was input or output to SWIFTNet after it was
created.
The values are:
• Input
• Output
This keyword can be used for routing FileAct messages.
SWIFT_copy_service
This keyword represents the SWIFT copy service identifier (3 characters in length).
SWIFT_receiver_address
This keyword represents the SWIFT address of the receiver (12 characters in length).
SWIFT_sender_address
This keyword represents the SWIFT address of the sender (12 characters in length).
Note If the Routing application must check a sender with logical terminal X, then it must
check the Sender instead of the SWIFT_sender_address.
Time
This keyword represents the time of routing.
The format is: HH:MM:SS. For example, 08:15:45.
This format is specific to the Routing application and has no relationship with the time format
specified by the Display Format parameter in the System Management application.
Warning Do not use the Time keyword in a conditional statement. It is reserved for use by
the system only.
Today
This keyword represents the date of routing.
The format is: DD/MM/YYYY. For example, 20/01/2011.
This format is specific to the Routing application and has no relationship with the date format
specified by the Display Format parameter in the System Management application.
Warning Do not use the Today keyword in a conditional statement. It is reserved for use by
the system only.
TRN
This keyword represents the Transaction Reference Number. For SWIFT messages, this is
located in field 20 of the message text.
UMID
This keyword represents the Unique Message Identifier.
This keyword can be used for routing FileAct messages.
Unit_name
This keyword represents the name of the unit that owns the message instance.
This keyword can be used for routing FileAct messages.
Validation
This keyword represents the validation level that the message passed successfully.
The values are:
• Intermediate
• Maximum
• Minimum
This keyword can be used for routing FileAct messages.
Validation_flag
This keyword represents the Message User Group.
This routing keyword allows Alliance Access to route a message on field 119 in block 3.
For example, it allows Alliance Access to route MT 103, MT 103.STP and MT 103.REMIT in
different ways. In this case, the condition on a message can be set to:
((Msg_type = '103') and (Validation_flag = 'STP'))
Note STP must be entered capital letters for the routing rule to be applied.
Value_date
This keyword represents the date (as a string) on which funds are at the disposal of the
receiver.
Note Alliance Access may extract the Value_date from fields 32A: or 32B: of the
message text.
Value_date2
This keyword represents a date on which funds are at the disposal of the receiver. The format
is: DD/MM/YYYY.
This keyword can be used with the variables "yesterday", "today", or "tomorrow" to route
messages based on whether the value date in the message is less than, equal to or greater
than the date of yesterday, today, or tomorrow.
This format is specific to the Routing application and has no relationship with the date format
specified by the Display Format parameter in the System Management application.
Note Alliance Access may extract the Value_date2 from fields 32A: or 32B: of the
message text.
Verifying_operator_name
This keyword represents the username of the last operator that verified the message.
5. Click Assist.
Tip Use Clear to remove the existing entries and activate the Keyword list pane,
or Undo to remove the last entry.
7. Click = .
8. In the String value field, type GBP, then click anywhere in the Criteria field.
This part of the expression appears in the Criteria field with quotes automatically inserted
(for example, Currency='GBP').
9. Click and .
11. Click = .
13. Click OK .
The condition is copied to the Message field in the Routing Rule Details window.
• System
• Urgent
• Normal.
Alliance Access provides you with the possibility of specifying User-defined Delivery Subsets for
a destination using the SWIFT Interface application.
2. From the View menu, select Destination. The Destination main window appears.
3. From the Destination main window, double-click the Destination for which you want to
define a future delivery subset. The Destination Details window appears.
For a description of the fields displayed in this tab, see "Future Subsets Tab" on page 348.
5. If you require date ordering, then select the Value Date Ordering check box.
6. If you wish to share the subset, then select Share with Overflow or Share with Load
Balancing from the Subset Sharing field menu.
• Create a subset. Make sure that no existing subsets are selected, and select New from
the Future Subset menu.
• Base a new subset on an existing one. Select an existing subset from the Future
Subsets tab, and select New As from the Future Subset menu.
The Future Subset Details window appears.
For a description of the fields displayed in this tab, see "Future Subset Details - Part 1
Tab" on page 349.
8. In the Part 1 tab, select the required message priority from the Priority list.
9. If you selected Urgent or Normal in the Priority field, then you may define options in the
Message Categories, Message Types, Branch Codes panels and also the Field 13C
selection.
Select from:
• the category of message, by selecting the message category boxes for the message
categories that you want to include
• the individual message type, by typing the message type identification in the message
type boxes
• the branch codes by typing the required codes into the branch code boxes
• the detection of messages that contain field 13C by ticking the Field 13C box
• FINCopy service, by typing the service code in the message type box
Note If you select System in the Priority field, then only message types can be
selected.
10. In the Future Subsets menu, either select Modify to save a future subset based on an
existing one, or select Add to save a new future subset.
12. If you want to add another priority, then click the Part 2 tab.
For a description of the fields displayed in this tab, see "Future Subset Details - Part 2 Tab"
on page 351.
13. In the Part 2 tab, select the required message priority from the Priority list.
15. If you selected Urgent or Normal in the Priority field, then you may define options in the
Message Categories, Message Types, Branch Codes panels and also the Field 13C
selection.
For details on how to configure these options, see step 9.
18. If you want to add another priority, then click the Part 3 tab.
For a description of the fields displayed in this tab, see "Future Subset Details - Part 3 Tab"
on page 352.
Note The Part 3 tab is not available in the future subset if the Part 2 tab is not
completed and the Used box is selected. Information in the Part 2 and Part 3
tabs is included in the future subset only if the Used check box is selected for
the Parts that you want to include.
19. In the Part 3 tab, select the required message priority from the Priority list.
21. If you selected Urgent or Normal in the Priority field, then you may define options in the
Message Categories, Message Types, Branch Codes panels and also the Field 13C
selection.
For details on how to configure these options, see step 9.
Note If you are running Alliance Access in Low Speed Mode, then you must single-click
on the Destination list to refresh it after adding a delivery subset.
Field descriptions
Destination (shown in window title bar)
The destination for which the current and future subsets appears.
Name
Contains the name for this delivery subset (six characters).
State
Defines the status of preparation of future delivery subsets.
• Wait MT 047 Resp, waiting for a response to the MT 047 message (Delivery Instructions
Redefinition Request) generated by Alliance Access and sent to the network to request the
replacement of the currently used delivery subset by those in this panel
• Modified, a modification to the future subsets has occurred since the last MT 047 message
was sent
• Invalid, a delayed NAK (MT 015) to the MT 047 request was sent by FIN to inform the user
that the request was cancelled. Refer to the SWIFT User Handbook, FIN System Messages.
Value Date Ordering
If you select the check box, then the messages are delivered in value date order within each
subset.
The order of delivery is:
• Value-date-sensitive messages with the earliest value date are delivered first
• If a message contains more than one value date field, then the field with the earliest value
date is considered for value date ordering
• If there are several messages queued with the same value date, then delivery is according to
priority and time of queuing.
Shared Subset
You can specify if the subset of the destination is to be shared across LTs when receiving
output.
You can select one of the following options:
Field descriptions
Destination (shown in the window title bar)
The destination for which the current and future subsets appears.
Name
The user-defined name of the future subset (this must be six characters long).
Combined Criteria
This field specifies whether criteria defining the delivery subset needs to be combined or not by
SWIFT when queuing the output messages.
You can select one of the following options:
• Do Not Combine
• Combine
When Combine is selected, the following constraints are applicable (for each Part tab):
– Either one value (at least) must be entered in the Message Categories pane or one value
(at least) must be entered in the Message Types pane (can also contain service codes),
or both.
Part 1 Priority
Select one of the following options from the list:
• System
• Urgent
• Normal.
Field descriptions
Destination (shown in the window title bar)
The destination for which the current and future subsets appears.
Part 2 Priority
Select one of the following options from the drop-down list:
• System
• Urgent
• Normal.
Part 2 Used
To include Part 2 of the panel as part of the delivery subset, select the Used check box.
Part 2 Message Categories
This field enables you to select the message category (or categories) to be contained in the
delivery subset. Message types belonging to the message category selected here may not be
entered below. Message Categories are disabled if you selected System in the Priority field.
Part 2 Message Types
This field enables you to specify a maximum of 10 message types and FINCopy service, to be
contained in the delivery subset. Type in the message type and service code (three
alphanumeric characters). If an entry is made in this field, then the message category to which
this message type belongs may not be specified in the message categories field.
Note that no check is performed on the validity of the message type entered in this field.
Part 2 Branch Codes
This field enables you to specify a maximum of 10 message Branch Codes, for the selected
destination, to be contained in the delivery subset. Type in the Branch Code (three
alphanumeric characters). Note that Branch Codes are optional, "XXX" cannot be entered as a
Branch Code, and Branch Codes cannot be used with priority "System". Also Branch Codes
must be valid for the destination (not validated by Alliance Access).
Part 2 Field 13C
This field allows you to restrict the Delivery Subset to FIN messages that contain field 13C. Tick
the Field 13C box to enable this option.
Note that this option cannot be used with priority "System".
Field descriptions
Destination (shown in the window title bar)
The destination for which the current and future subsets appears.
Part 3 Priority
Select one of the following options from the drop-down list:
• System
• Urgent
• Normal.
Part 3 Used
To include Part 3 of the panel as part of the delivery subset, select the Used check box.
Part 3 Message Categories
This field enables you to select the message category (or categories) to be contained in the
delivery subset. Message types belonging to the message category selected here may not be
entered below. Message Categories are disabled if you selected System in the Priority field.
Part 3 Message Types
This field enables you to specify a maximum of 10 message types (or FINCopy service), to be
contained in the delivery subset. Type in the message type or service code (three alphanumeric
characters). If an entry is made in this field, then the message category to which this message
type belongs may not be specified in the message categories field.
Note that no check is performed on the validity of the message type entered in this field.
Part 3 Branch Codes
This field enables you to specify a maximum of 10 message Branch Codes, for the selected
destination, to be contained in the delivery subset. Type in the Branch Code (three
alphanumeric characters).
Note that Branch Codes are optional, "XXX" cannot be entered as a Branch Code, and Branch
Codes cannot be used with priority "System". Also Branch Codes must be valid for the
destination (not validated by Alliance Access).
Part 3 Field 13C
This field allows you to restrict the Delivery Subset to FIN messages that contain field 13C. Tick
the field 13C box to enable this option.
Note that this option cannot be used with priority "System".
2. In the Name field, type a name for the delivery subset, for example, TRACHK.
3. To specify all urgent priority messages in Category 8, select 8 in the Message Categories
section of the Part 1 tab.
7. To select normal priority messages, click the Message Priority option button and select
Normal.
To send an MT 047:
1. Run the SWIFT Interface application.
3. Open the destination for which you want to send an MT 047 to redefine the delivery
subsets. The Destination Details window appears.
5. From the Destination menu, select Redefine Delivery. The Redefine Delivery Subsets
window appears.
6. In the MT 047 Sender Logical Terminal field, select a logical terminal belonging to the
destination. The Redefine button is enabled.
7. In the MT 047 Sender Branch code field, you can optionally specify a branch code
otherwise this field defaults to XXX.
Note Because SWIFT cannot run an MT 047 while there are FIN sessions open for
that destination, it sends a Request to Quit service request (MT 008) to all the
destination's logical terminals indicating the time at which the MT 047 is
processed. FIN sessions that remain open at that time are aborted.
To select the same delivery subset with different logical terminals from the same destination, the
selection mode for these logical terminals in the SWIFT Interface application has to be modified
from exclusive mode to shared mode.
• delivery subsets already selected by logical terminals that are also defined as shared.
Exclusive delivery subsets already selected by logical terminals cannot be selected.
• Exclusive Mode to change a logical terminal from shared mode to exclusive mode
• Shared Mode to change a logical terminal from exclusive mode to shared mode.
3. From the File menu, select Import Message Templates. The Import Message Templates
window appears.
Note The File on: field is only displayed if you are performing the operation from a
Workstation. This field enables you to specify whether the file to be imported is
on the Workstation or on the server.
4. If you are on a Workstation, then specify the location of the template file by selecting either
Server or Local from the File on: drop-down menu.
5. Either type the pathname of the template file to be imported in the Template File field or
click the browse button ( ... ) to locate it.
6. Select the format of the message templates to be imported in the Format field.
7. If you selected All or MT in the Format field, then specify the syntax version against which
the MT message templates must be imported. Select the appropriate syntax version from
the Syntax Version field.
The following illustrates the result which can occur in practice based on this syntax.
:20:TRN The result is a valid prompt template. The order and syntax of
:32A:980228USD100, the fields match the expected syntax.
:53B:SWIFT
:32A:980303NOK250,
:20:TRN The result is a fast template, because the syntax of field 32A
:32A:980228 does not match the expected syntax.
:53B:SWIFT
:32A:980303NOK250,
Extracting the data for block 4, however, can result in some fields being mapped differently in
the newly created template, compared to their relative positions in the exported template. Some
of the mapping differences can also result in invalid templates. The circumstances under which
mapping differences may occur are best illustrated with a few examples.
Example
If part of the syntax is as follows:
Start of loop
MF35B
...
OF18A
End of loop
MF18A
then the input template is valid, but the resulting prompt template would be invalid. As soon as
the import program finds field 18A, it maps to the first occurrence of that field in the expected
syntax - which, in this case, is an optional field. The mandatory field is missing in this example.
Example
A similar situation exists if the syntax includes the following fields:
Start of optional sequence B
MF32F
MF87 A, B or D
MF34P
OF53A, B or D
MF57A, B or D
End of sequence B
Start of optional sequence C
MF32F MF87A, B or D
MF34R MF57A, B or D
End of sequence C
The input template is valid, however, the resulting prompt template would be invalid. Fields 32F
and 87A match the beginning of sequence B, and then the mandatory field 34P is missing.
Example
Similar ambiguities in message syntax can result in a template that is valid, but in which the
data is mapped to a different position after the template is imported. For example, consider the
following syntax:
Start of mandatory sequence A
MF30
OF31F
OF87A, D
... some optional fields
End of sequence A
Start of optional sequence B
... some optional fields
OF87A, D
End of sequence B
also, assume that the template was created in prompt mode with field 87A in sequence B. After
export and import, 87A would be part of sequence A instead.
Example
Consider also the following syntax with the following fields:
Start of repetitive optional sequence B
MF35B
Start of loop
OF83A, C or D
OF23
End of loop
End of sequence B
Start of repetitive optional sequence C
MF23
Start of loop
OF83A, C or D
OF35B
End of loop
End of sequence C
and the input template is created in prompt mode and contains the following fields:
:35B:<correct syntax>
:23:<correct syntax>
:83A:<correct syntax>
Before export, field 35B was in sequence B, and fields 23 and 83A were in sequence C. After
export and import the template would still be valid, but fields 23 and 83A would be in sequence
B.
3. From the File menu, select Export Message Templates. The Export Message
Templates window appears.
4. Either type the pathname of the template file to be exported in the Template File field or
click the browse button ( ... ) to locate it.
5. Select the format of the message templates to be exported in the Format field.
6. If you selected All or MT in the Format field, then two additional fields are displayed. Both
fields are optional and applicable to MT messages only.
• Sender LT. Complete this field with a BIC12 sender logical terminal if you want only
message templates for this BIC to be exported. Leave the field empty if you want all MT
message templates to be exported.
• Replacement LT. If you completed the Sender LT field, then this field determines the
BIC12 that replaces the selected sender logical terminal during export.
• the reception, storage, and acknowledgement of messages from the SWIFT network and the
transfer of those messages to a back-office application
• the reception of messages from a back-office application and the sending of those messages
to the SWIFT network, plus sending back the acknowledgements to back-office application.
2. From the View menu, select Event Distribution. The Event Distribution window displays
all available event types.
Double-click one of the above listed events. The Event Distribution Details window
appears.
3. Click Distribution and select Ignore, to specify that the event is not journalised.
4. From the main Routing window, highlight the _SI_from_SWIFT queue in the Routing Point
window.
From the Routing Point menu, select Open. The Routing Point Details window appears.
5. Ensure that the Assigned to Schema field has the active schema selected.
6. Highlight routing rule 100 and select Remove from the Routing Rule menu.
Note It is less efficient to use one line for input and the other line for output.
For information about how to configure your logical terminals, see "Managing Alliance Access
Security" on page 77.
• an output message partner to send all other output messages to a back-office application.
For more information about configuring message partners, see "Managing Message Partner
Profiles" on page 243.
Part D
Appendices
Appendix A
Default Profiles
Introduction
To assist new users with initial configuration, Alliance Access provides a number of default
operator profiles which are pre-configured to represent the typical duties of the following types
of user:
• Operator
• Supervisor
• RMA operator
• RMA supervisor
• System Administrator.
These profiles may be selected when defining new operators and used as provided, or used as
a template for creating personalised operator profiles.
Default operator profiles may be modified, as required, or used as templates for the creation of
profiles for other operators for specific duties.
The tables in this section show the various entitlements and permissions, for each Alliance
Access application, that are provided by the default profiles supplied with Alliance Access.
See the following sections for details of the entitlements, and permissions for the standard
Alliance applications.
Note that, once the entitlement to "Open" an application has been granted, this also allows the
use of various general facilities within that application to be used - which are not the subject of
further entitlements. For example, in the Event Journal application, all operators with entitlement
to open this application may search for specific events, and Open/Print those events. However,
only those with a specific additional entitlement may archive the Event Journal.
In the tables, the term 'Open/Print' is used where an entitlement or permission is granted, which
enables an operator to open an object details window and to view (display) and, optionally, print
the details currently assigned to that object.
The terms "Add" or "Mod" or "Rem" are used where an entitlement or permission allows an
operator to make changes to the definition of a particular object: either by adding a new object,
by modifying the details of an existing object, or by removing an object altogether.
Note For clarity, the 'R7.0_' prefix is omitted from the profile names in the headings of
the tables.
applications. The Administrator can use the same application functions as a Supervisor, and
is additionally able to create, verify, authorise, or modify messages.
• R7.0_Supervisor: The default profile R7.0_Supervisor is associated with the Alliance Access
Supervisor. If an operator is assigned the R7.0_Supervisor profile, then this gives the
operator access to all standard Alliance Access applications, the Message Creation
application, and the Message Modification application.
• R7.0_Operator: This profile enables an Alliance Access operator to sign on to the SWIFT
network and process messages passing between Alliance Access and other systems.
• R7.0_MsgEntry: This profile enables an Alliance Access operator to create and process
messages within Alliance Access, but does not allow the operator to connect to the SWIFT
network or control the message flow.
• Some functions have additional permissions, and these functions have an asterisk (*) after
their name in Alliance Access. The additional permissions are listed in the Specific
permissions column in the tables, and their default values are listed in the operator profile
columns.
• A checkmark (✓) or value in the column of an operator profile means that the operator profile
has entitlements to access or use the application or function.
• A dash (-) in the column of an operator profile means that the operator has no entitlements to
access or use the application or function.
• If an operator profile is not listed for an application, it signifies that there are no default
entitlements for that profile.
Embedded None - ✓ ✓ - - -
Checks
MT None - - - None
(Allowed/Prohibited) prohibited prohibited
Remove None ✓ ✓ - -
Correspondent
Approve Message Own destination None prohibited None prohibited None prohibited
(Allowed/Prohibited)
Create Message List of Own-Destination None prohibited None prohibited None prohibited
(Allowed/Prohibited)
• LSO/RSO
• Supervisor
• Operator
• R7.0_Import_Export
• MsgEntry
• R7.0_MsgPartner
Bypass Approval No No -
(Yes/No)
Bypass Approval No - No
(Yes/No)
Bypass Approval No No -
(Yes/No)
Mod Signing BIC T&T Destinations Allowed/ None prohibited None prohibited -
Prohibited
Bypass Approval No - No
(Yes/No)
Open/Print Auth Det Destinations None prohibited None prohibited None prohibited
(Allowed/Prohibited)
Bypass Approval No No -
(Yes/No)
Bypass Approval No No -
(Yes/No)
(1) This parameter is only applicable for users of the Relationship Management package on the Alliance Web
Platform.
Open Routing Point Routing Points - None prohibited None prohibited None prohibited
Approve Unit - - ✓ ✓ -
(1) These entitlements cannot be re-assigned directly to other operators. However, if an operator is given the
entitlement to Approve Operators, this also allows the operator to display and print other operators' system
passwords and reset operators' user passwords. The Mod Security Parameters and Reset Peer Officer Password
entitlements are unique to the LSO/RSO and cannot be assigned to other operators. Also, the LSO/RSO can only
use the Reset Peer Officer Password entitlement if the Password: Reset Peer Officer Pwd security parameter has
previously been set to Yes.
Login/Select None ✓ ✓ - ✓
Modify LT None ✓ ✓ ✓ -
Own Destination List List Own Destinations None None None None
(Allowed/Prohibited) prohibited prohibited prohibited prohibited
Add LT None ✓ ✓ ✓ -
Modify LT None ✓ ✓ ✓ -
Appendix B
Default Settings
Introduction
This section describes the default settings in Alliance Access.
• fixed settings
• non-fixed settings.
• alarm distribution
• operator profiles
• routing rules
• queue parameters.
Note When changes are made to the non-fixed settings supplied with the system, the
original setting is overwritten. There is no way to revert back to the original settings
automatically. However, one exception to this is the event distribution settings.
2. Select Reset default distribution from the File menu. After this command is run, all
existing settings for event distribution for every event type are replaced by the default
settings.
Each profile specifies particular applications and functions which become available when
assigned to an operator. These functions are designed to match the business level activities
that the assigned operator performs.
In addition to the operator profiles, the system is supplied with two profiles for the left security
officer and right security officer. These profiles are fixed and cannot be accessed or changed by
any user of Alliance Access.
For more information about default operator profiles within each Alliance Access application,
see Appendix A, "Default Profiles" on page 369.
Appendix C
• system queues
• exit queues
System queues are defined at installation time and are necessary for Alliance Access to operate
properly. Users cannot remove system queues.
An exit queue is user-definable and specific to an Alliance Access site. Exit queues are
attached to Network Interfaces, such as APPLI, SWIFT. In the case of APPLI, exit queues can
be created and removed by users. There is only one Message Processing Function associated
with all the exit queues attached to APPLI (_AI_to_APPLI). The exit queues described in this
section are those provided by default.
Messages in Alliance Access are said to be queued at routing points where Message
Processing Functions process them. A Message Processing Function can perform the following
actions:
With the default routing rules, this MPF returns the following result:
• Success: The message was added successfully onto the AI inbound queue.
This MPF can also return the following results:
• Failure
• Disposition Error: The message partner details do not allow the message to be disposed in
the AI inbound queue.
• Original Broadcast
_AI_waiting_ack
This queue holds the messages sent from a standalone Alliance Access system. This queue is
only visible if you have licence option 07:STANDALONE REC.
Acceptance criteria: Any message is accepted.
Assigned MPF: AI_from_APPLI
With the default routing rules, this MPF returns the following result:
• Success: The message was added successfully onto the AI inbound queue.
This MPF can also return the following results:
• Failure
• Disposition Error: The message partner details do not allow the message to be disposed in
the AI inbound queue.
• Original Broadcast
• Messages verified by the Message Approval application (the default message flow). These
messages include those NAK'd by SWIFT and routed to verification from the modification
queue.
• SWIFT MT 999 messages, SWIFT FIN System Messages, and SWIFT APC system
messages created by an operator through the Message Creation application.
• Messages in CAS format received through the Application Interface when the disposition
state requested by the CAS protocol specifies "Authorise" or when routing point
"MP_authorisation" is requested.
• Messages received through the Application Interface, if the message partner does not have
the permission to bypass authorisation.
Acceptance criteria: Message instance cannot be a notification.
Assigned MPF: mpa
With the default routing rules, this MPF returns the following result:
• Failure
• Success: The message was successfully processed (created) and added onto the queue.
By default, a SWIFT financial message producing this processing result is routed to the
verification queue. SWIFT text messages are sent to _MP_authorisation.
This MPF can also return the following results:
• Failure
• Discard
• Invalid message.
With the default routing rules, this MPF returns the following result:
• Failure
• Discard
• Invalid message.
• Success
• Failure
• Discard
• Invalid message.
• Success
• Failure
• Discard
• Invalid message.
message is added to the Text Modification queue, in most cases, if any of the following
conditions apply:
• If one or more errors exist in the construction, or syntax of a message, making it syntactically
incorrect as far as Alliance Access is concerned
• If an error in the content of a message (for example, an incorrect amount) was identified
during verification or authorisation
• If a SWIFT message has been NAK'd by SWIFT due to the message being sent to an
unknown address.
Note that any SWIFT message sent to an unknown address is NAK'd by SWIFT. The NAK'd
message is added to the Text Modification queue, not the Transmission Modification queue.
Acceptance criteria: Message instance cannot be a notification.
Assigned MPF: mpm
With the default routing rules, this MPF returns the following result:
• Failure
• Discard
• Invalid message.
• Failure
• Discard
• Invalid message.
_MP_recovery
In the event of a FIN cold start, all completed messages that are not yet identified as delivered
are re-activated and routed to this queue.
Acceptance criteria: Message instance cannot be a notification.
Assigned MPF: mpa
This MPF can return the following results:
By default, a message producing this processing result is routed to the authorisation queue
(MP_authorisation).
• Failure.
_MP_verification
The queue of messages awaiting verification consists of:
• SWIFT messages in CAS format received from the Application Interface when the disposition
state requested by the CAS protocol specifies "Verify" or when routing point "MP_verification"
is requested
• SWIFT messages received from the Application Interface, if the message partner does not
have the permission to bypass verification.
Acceptance criteria: Message instance must be an input message and must be an original
instance.
Assigned MPF: mpa
This MPF can return the following results:
• Failure.
• Notification related to an incoming MT 015 - Delayed NAK. SWIFT cancelled the MT 047
request due to an invalid definition of subset criteria. The notification updates the status of
future subsets.
• Notification related to an outgoing MT 047. This notification updates the status of future
subsets.
Acceptance criteria: Message format must be SWIFT
Assigned MPF: _SI_delivery_subset
• Success
• Failure.
• FINCopy service Bypassed: When a Central Institution maintaining a FINCopy service has a
problem, one of the fallback options for the Central Institution is to ask SWIFT to set the
service into bypass mode. For more information, see "FINCopy service Fallback" in the
FINCopy Service Description.
In such a case, the PAC trailers contain no value. It is this criteria that is caught by the
routing when you select the result FINCopy service Bypassed.
• Failure: The incoming message failed authentication, using all three receive keys.
By default, an incoming message producing this processing result is routed to the re-
authentication queue (_MP_mod_rec_secu).
• Invalid digest:
By default, an incoming message producing this processing result is routed to the re-
authentication queue (_MP_mod_rec_secu).
• Not Authorised by RMA: A valid enabled authorisation was found, but the message was not
permitted.
By default, an incoming message producing this processing result is routed to the re-
authentication queue (_MP_mod_rec_secu).
• Signature Auth. failure: The signature verification failed, this result can be applicable to the
MAC equivalent or PAC equivalent signature.
By default, an incoming message producing this processing result is routed to the re-
authentication queue (_MP_mod_rec_secu).
• No authorisation
• Failure.
• Success. The alarm message can be successfully routed to the message addressee.
This MPF can also return the following result:
• Failure.
• Delivered
• Not delivered
• Delayed delivery.
This MPF can also return the following result:
• Not matched
• Delivered
• Not delivered
• Not matched
• Delayed delivery.
• Success
• Failure.
• Success: The message has been delivered successfully to the message partner.
By default, a message producing this processing result is completed.
• Failure: The MPF is unable to reconstruct the message correctly. Such a problem may occur,
for example, when the version number of the Message Syntax Table assigned to the LT
through which a SWIFT message was received (and accepted because minimum validation
was applied) is incorrect.
By default, a message producing this processing result is routed to the follow-up queue
(ToBeInvestigated).
BatchMXAcks
This is the queue of ACK notifications related to outgoing MX messages created by message
partners and entered into Alliance Access through the Application Interface. The AI input
session uses the File Transfer connection method.
These notifications are created at the SWIFTNet outbound routing point and routed to this exit
queue when the message is ACK'd. The reception of a positive acknowledgement causes the
MPF associated with the SWIFT outbound queue (_SI_to_SWIFTNet) to return a processing
result equal to "Success".
BatchMXRejects
This is the queue of NAK notifications related to outgoing MX messages created by message
partners and entered into Alliance Access through the Application Interface. The AI input
session uses the File Transfer connection method.
These notifications are created at the SWIFT outbound routing point and routed to this exit
queue when the message is NAK'd. The reception of a negative acknowledgement causes the
MPF associated with the SWIFT outbound queue (_SI_to_SWIFTNet) to return a processing
result equal to "Failure".
DeliveryNotifAcks
The following traffic reconciliation notification instances are routed from the _TR_NOTIF routing
point to this queue:
DeliveryNotifNaks
The following traffic reconciliation notification instances are routed from the _TR_NOTIF routing
point to this queue:
FileActAcks
This is the queue of ACK notifications related to outgoing FileAct messages created by
message partners and entered into Alliance Access through the Application Interface. The AI
input session uses the File Transfer connection method.
These notifications are created at the SWIFTNet outbound routing point and routed to this exit
queue when the message is ACK'd. The reception of a positive acknowledgement causes the
MPF associated with the SWIFT outbound queue (_SI_to_SWIFTNet) to return a processing
result equal to "Success".
FileActReceived
This is the exit queue to which all incoming FileAct messages received from SWIFTNet are
routed with success from the SWIFTNet inbound routing point.
FileActReject
This is the queue of NAK notifications related to outgoing FileAct messages created by
message partners and entered into Alliance Access through the Application Interface. The AI
input session uses the File Transfer connection method.
These notifications are created at the SWIFT outbound routing point and routed to this exit
queue when the message is NAK'd. The reception of a negative acknowledgement causes the
MPF associated with the SWIFT outbound queue (_SI_to_SWIFTNet) to return a processing
result equal to "Failure".
FileDeliveryNotifAck
The following traffic reconciliation notification instances are routed from the _TR_NOTIF routing
point to this queue:
FileDeliveryNotifNak
The following traffic reconciliation notification instances are routed from the _TR_NOTIF routing
point to this queue:
LocalMXAcks
This is the queue of ACK notifications related to outgoing MX messages generated by Alliance
Access or outgoing MX user-to-user messages created manually through Alliance Messenger
(available on Alliance Web Platform).
The notifications are created at the SWIFTNet outbound routing point and routed to this exit
queue when the message is ACK'd. The reception of a positive acknowledgement causes the
MPF associated with the SWIFTNet outbound queue (_SI_to_SWIFTNet) to return a processing
result equal to "Success".
LocalMXRejects
This is the queue of NAK notifications related to outgoing MX messages generated by Alliance
Access or outgoing MX user-to-user messages created manually through Alliance Messenger
(available on Alliance Web Platform).
The notifications are created at the SWIFTNet outbound routing point and routed to this exit
queue when the message is NAK'd. The reception of a negative acknowledgement causes the
MPF associated with the SWIFTNet outbound queue (_SI_to_SWIFTNet) to return a processing
result equal to "Failure".
• MT 101 through MT 999: FIN messages created manually through the Message Preparation
component.
The notifications are created at the SWIFT outbound routing point and routed to this exit queue
when the message is ACK'd by APC/FIN. The reception of a positive acknowledgement causes
the MPF associated with the SWIFT outbound queue (_SI_to_SWIFT) to return a processing
result equal to "Success".
MXDeliveryNotifAcks
The following traffic reconciliation notification instances are routed from the _TR_NOTIF routing
point to this queue:
• MXDeliveryNotifAcks. MX notifications.
The MPF at this routing point is _AI_to_APPLI. From this exit point, you can send the delivery
notification instances to a message partner with connection method printer or File Transfer
XML.
MXDeliveryNotifNaks
The following traffic reconciliation notification instances are routed from the _TR_NOTIF routing
point to this queue:
• MXDeliveryNotifNaks. MX notifications.
The MPF at this routing point is _AI_to_APPLI. From this exit point, you can send the delivery
notification instances to a message partner with connection method printer or File Transfer
XML.
MXReceived
This is the exit queue to which all incoming MX messages received from SWIFTNet are routed
with success from the SWIFTNet inbound routing point.
MXSystem
This is the exit queue to which all incoming MX delivery notifications received from SWIFTNet
are routed from the SWIFTNet inbound routing point. A copy is sent to _TR_REC for matching
the notification with the original message instance.
• FIN messages in CAS format received from the Application Interface when the disposition
state requested by the CAS protocol specifies "Ready" or when routing point _SI_to_SWIFT
is requested.
• FIN messages received from the Application Interface, if the message partner has the
permissions to bypass verification and authorisation.
• FIN messages entered into the system by the Application Interface and routed from the AI
inbound queue by internal default routing.
• APC and FIN System Messages created using the Message Creation application.
• MT 047 message created by the Redefine Delivery command available in the SWIFT
Interface application. The message is routed from the system outbound queue
(_SI_system_msg) as well.
• Messages created using the Message Creation application. In general, these messages are
routed to the SWIFT outbound queue from the authorisation queue (MP_authorisation).
However, when the operator has the proper bypass permissions, messages may also be
moved directly to the SWIFT outbound queue from any of the other queues involved in the
preparation of messages, for example:
• Failure
• Not authorised by RMA: A valid enabled authorisation was found, but the message was not
permitted. By default, an outgoing message producing this processing result is routed to the
re-authentication queue (_MP_mod_emi_secu).
• Failure: The processing of the outgoing message fails. By default, an outgoing message
producing this processing result is routed to the follow-up queue (ToBeInvestigated).
An outgoing message whose processing fails for one of the reasons mentioned above is routed
by default to the follow-up queue (ToBeInvestigated).
Function assigned
The RouteMsg function is applied to any messages in the _OI_to_OTHER queue.
Note An operator must add the queue, _OI_to_OTHER, as a valid target to every
routing point that has rules which route messages to _OI_to_OTHER.
Appendix D
MAC/PAC values
If a message to be transferred to the back-office application contains a MAC and/or PAC, then
the MAC/PAC values are transferred in the MAC/PAC trailers in block 5.
If there are no MAC/PAC values and if the option Always Transfer MAC/PAC has been set for
the message partner, then a dummy value ("00000000") is transferred in the MAC/PAC trailers
in block 5.
PKI signatures
If the Transfer PKI Signatures flag is set for the message partner, then the PKI signature is
transferred in a new trailer in block S, identified by the SIG: identifier. It contains the complete
Signature element (as provided by SWIFTNet Link) that is relevant to the message, as
follows:
{S:{SIG:<SwSec:Signature>... </SwSec:Signature >}}
If both the PKI signature replacing the MAC, and PAC1 if present, (MAC-equivalent signature)
and the PKI signature replacing the PAC2 (PAC2-equivalent signature) are present, then the
PAC2-equivalent is appended to the MAC-equivalent signature in one SIG trailer.
Note Back-office applications must be ready to receive and store PKI signatures.
Signature result
If the message to be transferred to the back-office application is MAC-equivalent PKI-signed,
then the verification result is passed with the message in block S.
• The disk that stores the message files must be formatted and write enabled (in the case of
Batch Output).
• Each message within a file starts with "01" hex and ends with "03" hex. Space between the
end of the message and the end of a sector (512 bytes), are filled with the hex character "20"
or null "00".
• Each message starts on a sector boundary and may take up more than one sector.
• Windows: %alliance%\SWIFT\SERVER\MXS\batch_examples
• UNIX: $ALLIANCE/Mxs/batch_examples
Example
The following example is provided in both hexadecimal and ASCII so that the details are clear.
D.2 RJE
D.2.1 Description of RJE Format
Overview
Message files processed through the RJE connection method follow a standard format for both
input, and output. The RJE message file is in ST200 RJE format.
Alliance Access accepts "real" ST200 RJE format messages without any modification required
to the existing format. Alliance Access handles the following:
• Synonym notations for CRLF (such as EM ITB, EM ETB, \n, nl, Cr, Lf)
MAC/PAC values
If a message to be transferred to the back-office application contains a MAC and/or PAC, then
the MAC/PAC values are transferred in the MAC/PAC trailers in block 5.
If there are no MAC/PAC values, and if the field Always Transfer MAC/PAC has been set for
the message partner, then a dummy value ("00000000") is transferred in the MAC/PAC trailers
in block 5.
PKI signatures
If the Transfer PKI Signatures flag is set for the message partner, then the PKI signature is
transferred in a new trailer in block S, identified by the SIG: identifier. It contains the complete
Signature element (as provided by SWIFTNet Link) that is relevant to the message, as follows:
{S:{SIG:<SwSec:Signature>... </SwSec:Signature >}}
Note Back-office applications must be ready to receive and store PKI signatures.
Signature result
If the message to be transferred to the back-office application is MAC-equivalent PKI-signed,
then the verification result is passed with the message in block S.
• Windows: %alliance%\SWIFT\SERVER\MXS\batch_examples
• UNIX: $ALLIANCE/Mxs/batch_examples
Overview
Each message within an RJE message file is delimited using the "$" character.
The format for input and output files is identical, although input messages do not generally
contain the MAC trailer. The following example shows a batch output file containing two
messages.
All messages must be in 8-bit ASCII. The following example is printed in both hexadecimal and
ACSCII so that the details are clear.
Note The input sequence number of the RJE message in block 1 is overwritten by
Alliance when the message is passed on to the SWIFT network.
PKI signatures
If the Transfer PKI Signatures option is set for the message partner, then the PKI signature is
transferred in a new trailer in block S, identified by the SIG: identifier. It contains the complete
Signature element (as provided by SWIFTNet Link) that is relevant to the message, as
follows:
{S:{SIG:<SwSec:Signature>... </SwSec:Signature >}}
Note Back-office applications must be ready to receive and store PKI signatures.
Signature result
The verification result is not passed with the message in the block S.
Example
Each message in a file starts with a 4-byte count of the message length in hexadecimal. Here is
an example of part of a SWIFT input message file:
MERVA/2 Format
• Windows: %alliance%\SWIFT\SERVER\MXS\batch_examples
• UNIX: $ALLIANCE/Mxs/batch_examples
Note The CAS1 data format does not allow transmission of any authentication results.
PKI signatures are not transmitted.
In the Application Interface, two connection methods currently support Common Application
Server (CAS):
• File Transfer (CAS). File Transfer using the CAS message format permits you to send and
receive batch message files in either Network Dependent Format (NDF) or the Network
Independent Format (NIF).
• Interactive. Interactive permits you to send and receive individual messages either Network
Dependent Format (NDF) or the Network Independent Format (NIF).
Using the NIF syntax enables financial institutions to use Alliance Access to exchange and
process messages which are coming from SWIFT or non-SWIFT networks, for example,
CHIPS, CHAPS, Fedwire, SIC, and so on.
Network Format
Note The example shows only the more commonly used fields. It does not contain all
possible PDU fields available to the protocol.
Note Back-office applications must be ready to receive and store PKI signatures.
MAC/PAC values
If the Always Transfer MAC/PAC option has been selected for the message partner profile,
and the message contains no MAC/PAC values, then dummy MAC/PAC trailers are added to
the MT message and sent to the back-office application. The value of these dummy MAC and
PAC trailers is 00000000.
Signature result
The MAC-equivalent signature verification result is passed by means of the field authResult.
The PAC-equivalent signature verification result is passed by means of the field pacResult.
For dual-signed messages of type MT 096, the signature verification result of the PKI signatures
will be passed in the existing pacResult tag.
The verification result has one of the following values:
• successCurrent
• bypassed
• failed
Note Back-office applications must be ready to receive and store PKI signatures.
MAC/PAC trailers
If the Always Transfer MAC/PAC option is not selected in the message partner profile, then
MAC/PAC trailers are not added to the MT message and are not sent to the back-office
application.
If the Always Transfer MAC/PAC option has been selected for the message partner profile,
then dummy MAC/PAC trailers are added to the MT message and sent to the back-office
application. The value of these dummy MAC and PAC trailers is 00000000.
Signature result
The MAC-equivalent signature verification result is passed in the existing field AUTR.
The PAC-equivalent signature verification result is passed in the existing field PACR.
For dual-signed messages of type MT 096, the signature verification result of the PKI signatures
will be passed in the existing PACR tag.
• successCurrent
• bypassed
• failed
• Windows: %alliance%\SWIFT\SERVER\MXS\batch_examples
• UNIX: $ALLIANCE/Mxs/batch_examples
Description
The application and Alliance Access exchange PDUs that are sequences of bytes with the
following structure:
• Length (6 bytes): length (in bytes) of the Signature and DataPDU fields. This length is
base-10 encoded as six ASCII characters, and is left-padded with zeros, if needed.
• Signature (24 bytes) : signature computed on the DataPDU using the HMAC-SHA256
algorithm: the first 128 bits are base-64 encoded.
This signature authenticates the originator of the DataPDU (the application or Alliance
Access) and guarantees the integrity of the DataPDU. This action is referred to as local
authentication (LAU). If Alliance Access is configured to not require LAU, then the field must
contain NULL characters.
A DataPDU field that Alliance Access send to the application may contain structured data that is
received from SWIFTNet, Therefore, the field may contain the following additional namespace
declarations:
xmlns:Sw="urn:swift:snl:ns.Sw"
xmlns:SwInt="urn:swift:snl:ns.SwInt".
xmlns:SwGbl="urn:swift:snl:ns.SwGbl"
xmlns:SwSec="urn:swift:snl:ns.SwSec"
<?xml version="1.0" encoding="utf-8"?>
The signature is computed on the complete DataPDU field, that includes the string <?xml
version="1.0" encoding="utf-8"?>. The XML representation must not be altered
between the signature computation and the verification.
A batch file can contain one or more consecutive PDUs.
Conventions used
This section describes the various XML elements that can be present in the DataPDU field. The
description uses a table format, and the elements are ordered top-down.
The corresponding schema is located in the following directory in the Alliance Access release
tree:
\MXS\xsd\SAA_XML_v1_0.xsd
/MXS/xsd/SAA_XML_v1_0.xsd
In the following tables, the columns From and To indicate whether the element is mandatory
(M), optional (O) or not applicable (--) for the corresponding direction of a message or report
exchange. The directions are defined as follows:
DataPDU
Message
• MX
• Input
• Output
From: only Input is allowed.
• FinancialNature
• TextNature
• NetworkNature
• SecurityNature
• ServiceNature
(1) If an Application Header is required, then the schema of the Application Header for each message that is part of a
Solution is listed in the Implementor section of the Standards Handbook for that specific Solution.
MessageLPI
• None
• Minimum
Extract routing keywords from message
text
• Intermediate
(same as minimum)
• Maximum
(same as minimum)
• Verify
(_MP_verification)
• (_Authorise_MP_authorisation)
• Modify
(_MP_mod_text)
• Ready
based on the preferred network settings
of the Receiver in the Alliance Access
Correspondent Information File
Taken into account if
TargetApplicationRule (see
"TargetApplication") is "CBTApplication".
Not applicable to MQSA.
(1) The Alliance Workstation Message Modification application does not support editing MX messages.
NetworkAttribute
SWIFTNetRequestAttribute
For Standards MX messages, the PKI signature, if present, is transferred using the
SWIFTNetRequestAttribute:AuthValue elements. The PKI signature verification result is passed
in the SWIFTNetRequestAttribute:AuthResult elements.
• SvcOpt
• SvcMand
Where:
• Success
• Bypassed
• Failed
(1) For previous delivery attempts, this SWIFTNet specific data element provides the delivery attempt history. See
"Additional Information" for a description of this structure.
(2) These fields contain SWIFTNet data elements that are provided for purposes of completeness. Further processing
of these elements is not required.
SWIFTNetResponseAttribute
• SvcOpt
• SvcMand
Real-time messages only.
• None
• PDE
Real-time messages only.
• Success
• Bypassed
• Failed
Real-time messages only.
(1) These fields contain SWIFTNet data elements that are provided for purposes of completeness. Further processing
of these elements is not required.
SecurityAttribute
SWIFTNetSecurityAttribute
MessageTPI
• ApplicationNetwork
• SwiftNetNetwork
• OtherNetwork
• Normal
• Urgent
If the field CBTPriority is not present (see
"MessageLPI"), then its value is derived as
follows:
• Normal maps to 7
• Urgent maps to 5
Default value: Normal
• None
• PDM
• PDE
• PDE_PDM
MessageSRI
Report
• NoOriginal
• Minimum
• Condensed
• Full
• Expanded
In this release, there is no distinction
between the last 4 possibilities.
OrigMessage always contains the full
message details, including the
MessageText.
ReportLPI
TransmissionReport
• ApplicationNetwork
• SwiftNetNetwork
• OtherNetwork
• NetworkAcked
• NetworkNacked
• NetworkRejectedLocally
The message was rejected by Alliance
Access before emission.
• NetworkAborted
The message emission was aborted due
to a communication error before the
acknowledgement was received.
• NetworkTimedOut
The acknowledgement for the message
was not received within the allowed
time.
• NetworkWaitingAck
Transient state.
Unless the Alliance Access routing is
configured to do so, the last 3 values are
not reported to the application.
DeliveryReport
• ApplicationNetwork
• SwiftNetNetwork
• RcvUnknown
• RcvOverdue
• RcvDelivered
• RcvAborted
• RcvDelayedNak
• RcvAcked
• RcvNacked
• RcvTruncated
Intervention
• TransmissionReport
• DeliveryReport
(1) This field contains SWIFTNet data elements for Alliance intervention categories DeliveryReport and
TransmissionResponse. For more information, see "Additional Information", "Creation of an Emission Appendix",
"User Delivery Notifications from SWIFTNet Store-and-forward", and "Business Response for SWIFTNet Real-
Time".
LogicalReply
This element is used exclusively by MQSA.
Address
AddressFullName
• Department
• Application
• Individual
• Application
contains routing information
• Individual
contains the last name
TargetApplication
This element is not used by MQSA.
• InternalRouting
The target routing point is determined by
the Alliance Access routing rules.
• CBTApplication
The target routing point is determined by
the value of DispositionState (see
"MessageLPI").
MessageOrigin
• ApplicationInterface
• SwiftnetInterface
• MessengerAdapter
• Other
FormatAttribute
FormatAttributeMX
Introduction
The elements described in this section are not included in the DataPDU schema described in
"Structure of the DataPDU".
• AckNack
• SwGbl:Status
• Sw:SnFPDMHistory
• Sw:NotifSnFRequestHandle
• SwInt:ValidationDescriptor
These are Alliance Access or SWIFTNet specific data elements that Alliance Access provides to
the application for completeness. Further processing of these elements is not required, but their
structure is listed below. Note that the structure of these elements can evolve with future
releases of SWIFTNet.
AckNack
SwGbl:Status
SwGbl:StatusAttributes
• Fatal
• Transient
• Logic
• Success
• Warning
SwGbl:Details
An example of the SwGbl:Status can be found in the TranmissionReport samples listed in "File
Transfer Examples".
Sw:SnFPDMHistory
Sw:SnFDeliveryHistory
Sw:SnFDeliveryInfo
Sw:NotifySnFRequestHandle
• InterAct
• SwGbl.MessageExpired
• SwGbl.MaxRetryExceeded
An example of this can be found in the DeliveryReport listed in "File Transfer Examples".
SwInt:ValidationDescriptor
• Success
• Warning
Example:
<SwInt:ValResult>Warning</SwInt:ValResult>
<SwInt:ValStatus>
<SwGbl:StatusAttributes>
<SwGbl:Severity>Warning</SwGbl:Severity>
<SwGbl:Code><!--SWIFTStandards error code--></SwGbl:Code>
<SwGbl:Text><!--additional diagnostic information--></SwGbl:Text>
</SwGbl:StatusAttributes>
</SwInt:ValStatus>
Description
An appendix holds the details of the emission or the reception of a message. This appendix is
used to generate the Transmission Notification as described earlier in the Intervention Text of
the TransmissionReport.
– if no reconciliation: '-'
Upon (successful or unsuccessful) transmission response, the ack/nak text field of the emission
appendix is updated and the <SwGbl:Status> is appended to the PseudoAckNack as follows:
<AckNack><PseudoAckNack>{1:F21<BIC8(Sender_X1)>A<Branch(Sender_X1)
<SessionNbr><SequenceNbr>}{4:{177:<LocalTime(YYMMDDHHMM)>}
{451:0(Ack)/1(Nack)}[{405:<Code>}]{311:ACK/NAK\r\n<Text>}
{108:<Message_User_Reference(1..16)>}}</PseudoAckNack>
<SwGbl:Status>...</SwGbl:Status></AckNack>
Description
After successful emission to the store-and-forward central system, the following delivery
notification can be received:
• Failed delivery notification: A User Delivery Report message (REJECTED) is created and
routed to the Traffic Reconciliation component.
Deliver notifications are reconciled with the original request.
If the original message is found, then the emission appendix is updated with the delivery status.
If TRS is configured to generate a delivery notification (Traffic recon - Delivery Notif), a pseudo
User Delivery notification message (internal to Alliance Access) is created in the _TR_NOTIF
routing point (with message nature NETWORK_MSG, Sender = DYLRXXXXXXX (in case of
delivery notification) or ABLRXXXXXXX (in case of delayed NAK or abort notification), unit =
None), and routed to the _TR_REC routing point with "Delivered" (positive delivery notification)
or "Undelivered" (failed delivery notification) as processing result through an updated internal
routing rule.
Details of the delivery notification, as contained in the SWIFTNet data element
NotifySnFRequestHandle of the received delivery notification, are also added as an intervention
of category Deliveryreport to the original message instance by the standard TRREC
functionality.
The NotifySnFRequestHandle structure for SWIFTNet release 6.0.0 is shown in the following
example (note the structure of this element can evolve with future releases of SWIFTNet):
<Sw:NotifySnFRequestHandle>
<Sw:SnFRef>SWITCH90-2005-05-25T15:51:14.9525.238697Z</Sw:SnFRef>
<Sw:SnFRefType>InterAct</Sw:SnFRefType>
<Sw:AcceptStatus>Accepted</Sw:AcceptStatus>
<Sw:AckSwiftTime>2005-05-25T15:48:33Z</Sw:AckSwiftTime>
<Sw:AckInfo>Acked</Sw:AckInfo>
</Sw:NotifySnFRequestHandle>
Transmission to Back-Office
The Alliance Delivery Notification instance created by TRREC is transmitted to the Back Office
through a Delivery Report. Reconciliation at the back office can be done based on the
UserReference.
Transmission to Back-Office
The business response can be transmitted to the back-office application through Transmission
Report.
It is the back-office responsibility to process the intervention accordingly.
Description
Messages are created in the _SI_from_SWIFTNet routing point and are immediately made
available for processing (routed) to the back office.
An empty InterAct response is generated for each message.
Reception Appendix
A reception appendix is created with the following key information:
• Session Holder: SWIFTNet Link Endpoint on which the message was received (present in
the SWIFTNet Link header)
Description
Store-and-forward messages can be received as soon as the queue is Active (acquired).
Upon reception:
• Messages are created in the _SI_from_SWIFTNet routing point and are immediately made
available for processing (routed) to the back office.
• Each message is acknowledged positively in the response sent to the central store-and-
forward engine.
Reception Appendix
A reception appendix is created for a requests delivery notification with the following key
information:
• Session Number: Session Number taken from the store-and-forward Session Identifier
• Sequence Number: Sequence Number taken from the store-and-forward output sequence
number
Introduction
The following sections show DataPDU examples for:
• Store-and-forward:
– Transmission Report (ACK) including the original message sent by Alliance Access to the
application
• Real time:
D.5.1.4.1 Store-and-forward
<Saa:NRIndicator>true</Saa:NRIndicator>
</Saa:SWIFTNetRequestAttribute>
</Saa:NetworkAttribute>
<Saa:SecurityAttribute>
<Saa:SWIFTNetSecurityAttribute>
<Saa:SigningRequired>true</Saa:SigningRequired>
</Saa:SWIFTNetSecurityAttribute>
</Saa:SecurityAttribute>
</Saa:MessageLPI>
<Saa:MessageTPI>
<Saa:NetworkDelivNotify>true</Saa:NetworkDelivNotify>
<Saa:NetworkPriority>Normal</Saa:NetworkPriority>
</Saa:MessageTPI>
<Saa:MessageSRI>
<Saa:UserReference>Sample-XMLv1-0609141402</Saa:UserReference>
</Saa:MessageSRI>
<Saa:MessageText>
<AppHdr xmlns="urn:swift:xsd:$ahV10">
<MsgRef>Sample-XMLv1-0609141402</MsgRef>
<CrDate>2006-09-14T02:02:11.414</CrDate>
</AppHdr>
<Document xmlns="urn:swift:xsd:swift.if.ia$setr.016.001.02">
<setr.016.001.02>
<RltdRef>
<Ref>Ref123-1</Ref>
</RltdRef>
<IndvOrdrDtlsRpt>
<Sts>PACK</Sts>
<OrdrRef>Ref123-1</OrdrRef>
</IndvOrdrDtlsRpt>
</setr.016.001.02>
</Document>
</Saa:MessageText>
</Saa:Message>
</Saa:DataPDU>
<Saa:Service>swift.if.ia</Saa:Service>
<Saa:RequestType>setr.016.001.02</Saa:RequestType>
<Saa:NonRepType>SvcMand</Saa:NonRepType>
<Saa:SwiftRef>SWITCH90-2006-09-14T13:21:26.25214.2015075Z</Saa:SwiftRef>
<Saa:SwiftRequestRef>SNL10391-2006-09-14T13:21:24.55820.000505Z
</Saa:SwiftRequestRef>
<Saa:CBTReference>a7e67cde-e52a-4b0c-a3ad-af3f97dbaa6e</Saa:CBTReference>
<Saa:SnFInputTime>0102:2006-09-14T13:13:12</Saa:SnFInputTime>
</Saa:SWIFTNetRequestAttribute>
<Saa:SWIFTNetResponseAttribute>
<Saa:ResponderDN>cn=messaging,o=swift,o=swift</Saa:ResponderDN>
<Saa:SwiftResponseRef>snp00006-2006-09-14T13:21:48.25306.002002Z
</Saa:SwiftResponseRef>
</Saa:SWIFTNetResponseAttribute>
</Saa:NetworkAttribute>
<Saa:NetworkSessionNr>000005</Saa:NetworkSessionNr>
<Saa:NetworkSeqNr>000000001</Saa:NetworkSeqNr>
<Saa:NetworkDeliveryStatus>NetworkAcked</Saa:NetworkDeliveryStatus>
<Saa:Interventions>
<Saa:Intervention>
<Saa:IntvCategory>TransmissionReport</Saa:IntvCategory>
<Saa:CreationTime>060914152112</Saa:CreationTime>
<Saa:ApplicationOrigin>SWIFTNet Interface</Saa:ApplicationOrigin>
<Saa:OperatorOrigin>SYSTEM</Saa:OperatorOrigin>
<Saa:Text>
<AckNack>
<PseudoAckNack>{1:F21SAADBEBBAXXX000005000000001}{4:{177:0609141521}
{451:0}{311:ACK}{108:Sample-XMLv1-0609141402}}</PseudoAckNack>
</AckNack>
</Saa:Text>
</Saa:Intervention>
</Saa:Interventions>
</Saa:TransmissionReport>
</Saa:Report>
</Saa:DataPDU>
<Saa:Service>swift.if.ia</Saa:Service>
<Saa:RequestType>setr.016.001.02</Saa:RequestType>
<Saa:CBTReference>a7e67cde-e52a-4b0c-a3ad-af3f97dbaa6e</Saa:CBTReference>
</Saa:SWIFTNetRequestAttribute>
<Saa:SWIFTNetResponseAttribute/>
</Saa:NetworkAttribute>
<Saa:NetworkSessionNr>000002</Saa:NetworkSessionNr>
<Saa:NetworkSeqNr>000000008</Saa:NetworkSeqNr>
<Saa:NetworkDeliveryStatus>NetworkNacked</Saa:NetworkDeliveryStatus>
<Saa:Interventions>
<Saa:Intervention>
<Saa:IntvCategory>TransmissionReport</Saa:IntvCategory>
<Saa:CreationTime>061011143408</Saa:CreationTime>
<Saa:ApplicationOrigin>SWIFTNet Interface</Saa:ApplicationOrigin>
<Saa:OperatorOrigin>SYSTEM</Saa:OperatorOrigin>
<Saa:Text>
<AckNack>
<PseudoAckNack>{1:F21SAADBEBBAXXX000002000000008}{4:{177:0610111435}
{451:1}{405:T02}{311:NAK Sw.WFE.eMVALError}{108:Sample-XMLv1-0609141402}}</
PseudoAckNack>
<SwGbl:Status>
<SwGbl:StatusAttributes>
<SwGbl:Severity>Transient</SwGbl:Severity>
<SwGbl:Code>Sw.Gbl.NetworkTransmissionError</SwGbl:Code>
<SwGbl:Parameter>16899</SwGbl:Parameter>
<SwGbl:Parameter>message validation failed with error</
SwGbl:Parameter>
<SwGbl:Text>Network Transmission Error</SwGbl:Text>
<SwGbl:Details>
<SwGbl:Code>Sw.WFE.eMVALError</SwGbl:Code>
<SwGbl:Text>MVAL component error., message validation failed with
error</SwGbl:Text>
</SwGbl:Details>
<SwGbl:Details>
<SwGbl:Code>Sw.WFE.ExecuteRequestFail</SwGbl:Code>
<SwGbl:Text>Execute Request failed in WFE , MVAL</SwGbl:Text>
</SwGbl:Details>
<SwGbl:Details>
<SwGbl:Code>Sw.WFE.ExecuteRequestFail</SwGbl:Code>
<SwGbl:Text>Execute Request failed in WFE </SwGbl:Text>
</SwGbl:Details>
</SwGbl:StatusAttributes>
<SwGbl:StatusAttributes>
<SwGbl:Severity>Fatal</SwGbl:Severity>
<SwGbl:Code>Sw.MVAL.SyntaxError</SwGbl:Code>
<SwGbl:Parameter>SwInt:RequestPayload//Document[1]/setr.
016.001.02[1]/IndvOrdrDtlsRpt1[1]</SwGbl:Parameter>
<SwGbl:Text>unexpected content "{urn:swift:xsd:swift.if.ia$setr.
016.001.02}IndvOrdrDtlsRpt1"; expected "{urn:swift:xsd:swift.if.ia$setr.
016.001.02}MstrRef" or "{urn:swift:xsd:swift.if.ia$setr.
016.001.02}IndvOrdrDtlsRpt" or "{urn:swift:xsd:swift.if.ia$setr.
016.001.02}OrdrDtlsRpt" or "{urn:swift:xsd:swift.if.ia$setr.
016.001.02}RltdRef"</SwGbl:Text>
</SwGbl:StatusAttributes>
<SwGbl:StatusAttributes>
<SwGbl:Severity>Fatal</SwGbl:Severity>
<SwGbl:Code>Sw.MVAL.SyntaxError</SwGbl:Code>
<SwGbl:Parameter>SwInt:RequestPayload//Document[1]/setr.
016.001.02[1]/IndvOrdrDtlsRpt1[1]
</SwGbl:Parameter>
<SwGbl:Text>no declaration for element "{urn:swift:xsd:swift.if.ia
$setr.016.001.02}IndvOrdrDtlsRpt1"</SwGbl:Text>
</SwGbl:StatusAttributes>
<SwGbl:StatusAttributes>
<SwGbl:Severity>Fatal</SwGbl:Severity>
<SwGbl:Code>Sw.MVAL.SyntaxError</SwGbl:Code>
<SwGbl:Parameter>SwInt:RequestPayload//Document[1]/setr.
016.001.02[1]/IndvOrdrDtlsRpt1[1]/Sts[1]</SwGbl:Parameter>
<SwGbl:Text>no declaration for element "{urn:swift:xsd:swift.if.ia
$setr.016.001.02}Sts"</SwGbl:Text>
</SwGbl:StatusAttributes>
<SwGbl:StatusAttributes>
<SwGbl:Severity>Fatal</SwGbl:Severity>
<SwGbl:Code>Sw.MVAL.SyntaxError</SwGbl:Code>
<SwGbl:Parameter>SwInt:RequestPayload//Document[1]/setr.
016.001.02[1]/IndvOrdrDtlsRpt1[1]/OrdrRef[1]</SwGbl:Parameter>
<SwGbl:Text>no declaration for element "{urn:swift:xsd:swift.if.ia
$setr.016.001.02}OrdrRef"</SwGbl:Text>
</SwGbl:StatusAttributes>
<SwGbl:StatusAttributes>
<SwGbl:Severity>Fatal</SwGbl:Severity>
<SwGbl:Code>Sw.MVAL.SyntaxError</SwGbl:Code>
<SwGbl:Parameter>SwInt:RequestPayload//Document[1]/setr.
016.001.02[1]</SwGbl:Parameter>
<SwGbl:Text>unexpected end of content</SwGbl:Text>
</SwGbl:StatusAttributes>
</SwGbl:Status>
</AckNack>
</Saa:Text>
</Saa:Intervention>
</Saa:Interventions>
</Saa:TransmissionReport>
</Saa:Report>
</Saa:DataPDU>
<Saa:CBTReference>a7e67cde-e52a-4b0c-a3ad-af3f97dbaa6e</
Saa:CBTReference>
<Saa:SnFInputTime>0102:2006-09-14T13:13:12</Saa:SnFInputTime>
</Saa:SWIFTNetRequestAttribute>
<Saa:SWIFTNetResponseAttribute>
<Saa:ResponderDN>cn=messaging,o=swift,o=swift</Saa:ResponderDN>
<Saa:SwiftResponseRef>snp00006-2006-09-14T13:21:48.25306.002002Z
</Saa:SwiftResponseRef>
</Saa:SWIFTNetResponseAttribute>
</Saa:NetworkAttribute>
<Saa:SecurityAttribute>
<Saa:SWIFTNetSecurityAttribute>
<Saa:SignerDN>cn=rma2,o=saadbebb,o=swift</Saa:SignerDN>
</Saa:SWIFTNetSecurityAttribute>
</Saa:SecurityAttribute>
<Saa:MessageOrigin>
<Saa:CBTApplication>ApplicationInterface</Saa:CBTApplication>
<Saa:MessagePartner>MXInput</Saa:MessagePartner>
<Saa:SessionNr>0005</Saa:SessionNr>
<Saa:SeqNr>000001</Saa:SeqNr>
</Saa:MessageOrigin>
<Saa:CBTRoutingInfo>MXAck</Saa:CBTRoutingInfo>
</Saa:MessageLPI>
<Saa:MessageTPI>
<Saa:Network>SwiftNetNetwork</Saa:Network>
<Saa:NetworkPriority>Normal</Saa:NetworkPriority>
<Saa:NetworkSessionNr>000005</Saa:NetworkSessionNr>
<Saa:NetworkSeqNr>000000001</Saa:NetworkSeqNr>
</Saa:MessageTPI>
<Saa:MessageSRI>
<Saa:UserReference>Sample-XMLv1-0609141402</Saa:UserReference>
</Saa:MessageSRI>
<Saa:MessageText>
<AppHdr xmlns="urn:swift:xsd:$ahV10">
<MsgRef>Sample-XMLv1-0609141402</MsgRef>
<CrDate>2006-09-14T02:02:11.414</CrDate>
</AppHdr>
<Document xmlns="urn:swift:xsd:swift.if.ia$setr.016.001.02">
<setr.016.001.02>
<RltdRef>
<Ref>Ref123-1</Ref>
</RltdRef>
<IndvOrdrDtlsRpt>
<Sts>PACK</Sts>
<OrdrRef>Ref123-1</OrdrRef>
</IndvOrdrDtlsRpt>
</setr.016.001.02>
</Document>
</Saa:MessageText>
</Saa:OrigMessage>
<Saa:ReportLPI>
<Saa:MessageOrigin>
<Saa:CBTApplication>ApplicationInterface</Saa:CBTApplication>
<Saa:MessagePartner>MXInput</Saa:MessagePartner>
<Saa:SessionNr>0005</Saa:SessionNr>
<Saa:SeqNr>000001</Saa:SeqNr>
</Saa:MessageOrigin>
<Saa:Modified>false</Saa:Modified>
<Saa:OriginalRelatedMessage>true</Saa:OriginalRelatedMessage>
<Saa:ReportingApplication>SWIFTNet Interface</Saa:ReportingApplication>
<Saa:BackToNonOriginator>true</Saa:BackToNonOriginator>
</Saa:ReportLPI>
<Saa:TransmissionReport>
<Saa:Network>SwiftNetNetwork</Saa:Network>
<Saa:NetworkAttribute>
<Saa:SWIFTNetRequestAttribute>
<Saa:RequestorDN>o=saadbebb,o=swift</Saa:RequestorDN>
<Saa:ResponderDN>o=saadbebb,o=swift</Saa:ResponderDN>
<Saa:Service>swift.if.ia</Saa:Service>
<Saa:RequestType>setr.016.001.02</Saa:RequestType>
<Saa:NonRepType>SvcMand</Saa:NonRepType>
<Saa:SwiftRef>SWITCH90-2006-09-14T13:21:26.25214.2015075Z</Saa:SwiftRef>
<Saa:SwiftRequestRef>SNL10391-2006-09-14T13:21:24.55820.000505Z
</Saa:SwiftRequestRef>
<Saa:CBTReference>a7e67cde-e52a-4b0c-a3ad-af3f97dbaa6e</Saa:CBTReference>
<Saa:SnFInputTime>0102:2006-09-14T13:13:12</Saa:SnFInputTime>
</Saa:SWIFTNetRequestAttribute>
<Saa:SWIFTNetResponseAttribute>
<Saa:ResponderDN>cn=messaging,o=swift,o=swift</Saa:ResponderDN>
<Saa:SwiftResponseRef>snp00006-2006-09-14T13:21:48.25306.002002Z
</Saa:SwiftResponseRef>
</Saa:SWIFTNetResponseAttribute>
</Saa:NetworkAttribute>
<Saa:NetworkSessionNr>000005</Saa:NetworkSessionNr>
<Saa:NetworkSeqNr>000000001</Saa:NetworkSeqNr>
<Saa:NetworkDeliveryStatus>NetworkAcked</Saa:NetworkDeliveryStatus>
<Saa:Interventions>
<Saa:Intervention>
<Saa:IntvCategory>TransmissionReport</Saa:IntvCategory>
<Saa:CreationTime>060914152112</Saa:CreationTime>
<Saa:ApplicationOrigin>SWIFTNet Interface</Saa:ApplicationOrigin>
<Saa:OperatorOrigin>SYSTEM</Saa:OperatorOrigin>
<Saa:Text>
<AckNack>
<PseudoAckNack>{1:F21SAADBEBBAXXX000005000000001}{4:{177:0609141521}
{451:0}{311:ACK}{108:Sample-XMLv1-0609141402}}</PseudoAckNack>
</AckNack>
</Saa:Text>
</Saa:Intervention>
</Saa:Interventions>
</Saa:TransmissionReport>
</Saa:Report>
</Saa:DataPDU>
<Saa:ResponderDN>o=saadbebb,o=swift</Saa:ResponderDN>
<Saa:Service>swift.if.ia</Saa:Service>
<Saa:RequestType>setr.016.001.02</Saa:RequestType>
<Saa:NonRepType>SvcMand</Saa:NonRepType>
<Saa:SwiftRef>SWITCH90-2006-09-14T13:21:26.25214.2015075Z</Saa:SwiftRef>
<Saa:SwiftRequestRef>SNL10391-2006-09-14T13:21:24.55820.000505Z
</Saa:SwiftRequestRef>
<Saa:CBTReference>a7e67cde-e52a-4b0c-a3ad-af3f97dbaa6e</Saa:CBTReference>
<Saa:SnFInputTime>0102:2006-09-14T13:13:12</Saa:SnFInputTime>
</Saa:SWIFTNetRequestAttribute>
<Saa:SWIFTNetResponseAttribute>
<Saa:ResponderDN>cn=messaging,o=swift,o=swift</Saa:ResponderDN>
<Saa:SwiftResponseRef>snp00006-2006-09-14T13:21:48.25306.002002Z
</Saa:SwiftResponseRef>
</Saa:SWIFTNetResponseAttribute>
</Saa:NetworkAttribute>
<Saa:NetworkSessionNr>000005</Saa:NetworkSessionNr>
<Saa:NetworkSeqNr>000000001</Saa:NetworkSeqNr>
<Saa:ReceiverDeliveryStatus>RcvDelivered</Saa:ReceiverDeliveryStatus>
<Saa:Interventions>
<Saa:Intervention>
<Saa:IntvCategory>DeliveryReport</Saa:IntvCategory>
<Saa:CreationTime>060914152453</Saa:CreationTime>
<Saa:ApplicationOrigin>TRS</Saa:ApplicationOrigin>
<Saa:OperatorOrigin>SYSTEM</Saa:OperatorOrigin>
<Saa:Text>
<Sw:NotifySnFRequestHandle>
<Sw:SnFRef>SWITCH90-2006-09-14T13:21:26.25214.2015075Z</Sw:SnFRef>
<Sw:SnFRefType>InterAct</Sw:SnFRefType>
<Sw:AcceptStatus>Accepted</Sw:AcceptStatus>
<Sw:AckSwiftTime>2006-09-14T13:21:50Z</Sw:AckSwiftTime>
<Sw:AckInfo>Acked</Sw:AckInfo>
</Sw:NotifySnFRequestHandle>
</Saa:Text>
</Saa:Intervention>
</Saa:Interventions>
</Saa:DeliveryReport>
</Saa:Report>
</Saa:DataPDU>
<Saa:Service>swift.if.ia</Saa:Service>
<Saa:RequestType>setr.016.001.02</Saa:RequestType>
<Saa:NonRepType>SvcMand</Saa:NonRepType>
<Saa:SwiftRef>SWITCH90-2006-09-14T13:21:26.25214.2015075Z</Saa:SwiftRef>
<Saa:SwiftRequestRef>SNL10391-2006-09-14T13:21:24.55820.000505Z
</Saa:SwiftRequestRef>
<Saa:CBTReference>e6af835e-1dd1-11b2-9214-092595955b82</Saa:CBTReference>
<Saa:SNLEndPoint>sni_sms6560</Saa:SNLEndPoint>
<Saa:SnFQueueName>saadbebb_ifia</Saa:SnFQueueName>
<Saa:ValidationDescriptor>
<SwInt:ValResult>Success</SwInt:ValResult>
</Saa:ValidationDescriptor>
<Saa:AuthResult>Success</Saa:AuthResult>
<Saa:AuthValue>
<SwSec:CryptoInternal>
<SwSec:CipherKey>UEVNRkBQcm9jLVR5cGU6IDQsTUlDLU9OTFkNCkNvbnRlbnQtRG9tYWluOiBSR
kM4MjINCkVudHJ1c3RGaWxlLVZlcnNpb246IDIuMA0KT3JpZ2luYXRvci1ETjogY249cm1hMixvPXN
hYWRiZWJiLG89c3dpZnQNCk9yaWctU046IDExNDc3ODU1NjYNCk1JQy1JbmZvOiBTSEExLCBSU0EsD
QogcnhjSVAzWEdjRVdOWnBTYjJ0Y2tjenFOc25nMG5rRk15R0FrSDhkRHZhM203MlR1ellQUjl1VFl
mRWNUb1VTZA0KIHlVR3ROVkV1eWFkM2ltblA5akJiQVhjN0c4ekpmVUlnaWgyWVgwcWc0QTF6UFV5T
EJXcmVOOGdNWFBiVndKd1YNCiBEdXFKK0svdk9PM2VwY2VEeEYzWkhIS1BKY000Y0NSYkFMQXBlYWl
1ZGxyUWRLZVV5Q3lsOThpOHNuNFQ4UWhpDQogUjB3VFZJeWk0RTNnY3FFSC9ubFV5M082ZnBtNFlCN
kl6TWYxNVEzVVZONHdMVnhCNEpkSjJveGVpelBIYlVqVg0KIENabUNmSEg5dTBsb0pWTjd4TlpKWXh
sRmRybjFPd2Jlc3RETTlTSmNPUjY1OFg5WFhKV3NWWXphT08xQTg1cCsNCiAwNFFzU0k2NlVZR2ZXe
m1TaStIVVRnPT0NCg==</SwSec:CipherKey>
<SwSec:CryptoProtocol>4.0:3.0</SwSec:CryptoProtocol>
</SwSec:CryptoInternal>
<SwSec:CryptoDescriptor>
<SwSec:MemberRef>RequestPayload</SwSec:MemberRef>
<SwSec:MemberRef>RequestHeader</SwSec:MemberRef>
<SwSec:MemberRef>RequestDescriptor.SwiftRequestRef</SwSec:MemberRef>
<SwSec:SignDN>cn=rma2,o=saadbebb,o=swift</SwSec:SignDN>
<SwSec:CertPolicyId>1.3.21.6.2</SwSec:CertPolicyId>
</SwSec:CryptoDescriptor>
</Saa:AuthValue>
</Saa:SWIFTNetRequestAttribute>
<Saa:SWIFTNetResponseAttribute/>
</Saa:NetworkAttribute>
<Saa:SecurityAttribute>
<Saa:SWIFTNetSecurityAttribute>
<Saa:SignerDN>cn=rma2,o=saadbebb,o=swift</Saa:SignerDN>
</Saa:SWIFTNetSecurityAttribute>
</Saa:SecurityAttribute>
<Saa:MessageOrigin>
<Saa:CBTApplication>SwiftnetInterface</Saa:CBTApplication>
</Saa:MessageOrigin>
<Saa:CBTRoutingInfo>MXRecv</Saa:CBTRoutingInfo>
</Saa:MessageLPI>
<Saa:MessageTPI>
<Saa:Network>SwiftNetNetwork</Saa:Network>
<Saa:NetworkPriority>Normal</Saa:NetworkPriority>
<Saa:NetworkSessionNr>979896</Saa:NetworkSessionNr>
<Saa:NetworkSeqNr>000001559</Saa:NetworkSeqNr>
<Saa:DuplCreation>PDE</Saa:DuplCreation>
</Saa:MessageTPI>
<Saa:MessageSRI>
<Saa:UserReference>Sample-XMLv1-0609141402</Saa:UserReference>
</Saa:MessageSRI>
<Saa:MessageText>
<AppHdr xmlns="urn:swift:xsd:$ahV10">
<MsgRef>Sample-XMLv1-0609141402</MsgRef>
<CrDate>2006-09-14T02:02:11.414</CrDate>
</AppHdr>
<Document xmlns="urn:swift:xsd:swift.if.ia$setr.016.001.02">
<setr.016.001.02>
<RltdRef>
<Ref>Ref123-1</Ref>
</RltdRef>
<IndvOrdrDtlsRpt>
<Sts>PACK</Sts>
<OrdrRef>Ref123-1</OrdrRef>
</IndvOrdrDtlsRpt>
</setr.016.001.02>
</Document>
</Saa:MessageText>
</Saa:Message>
</Saa:DataPDU>
</Saa:MessageText>
</Saa:Message>
</Saa:DataPDU>
<SwSec:CipherKey>UEVNRkBQcm9jLVR5cGU6IDQsTUlDLU9OTFkNCkNvbnRlbnQtRG9tYWluOiBSR
kM4MjINCkVudHJ1c3RGaWxlLVZlcnNpb246IDIuMA0KT3JpZ2luYXRvci1ETjogY249cm1hNCxvPXN
hYXRiZWJiLG89c3dpZnQNCk9yaWctU046IDExNDE5Mzg1MjINCk1JQy1JbmZvOiBTSEExLCBSU0EsD
QogVmFTNlpqMC9rYnQrZVF0dHRhNmQvcnpPdVhmL3prc1NTeXBSc1RGWUxQOHAzazFLSDFOVnZacGF
XWDhoVTY4bg0KIFo4a1h3a2g1Q3VYNFgvenNQZUdtS1pKWTBvWVZXM3c1cmdyYm5YMjVzQml5cURVc
y9MYlRxci8wV0dIaUI4ZWQNCiBzR0xRenFRNFh3VmxGRmlUN0FxWjErUHovQURmQlFmemd2N1JibWp
HWWxrTk54NVNpMUk4ajZ5VjU3bnBpSCtVDQogM21MWmhuUFNvcThZbEZIVEhzS3dCOExWNko0U25yb
zd1NWRVc2ZjZUVqbUVZeERGK21qaXlwSytXaUdTVWZlWg0KIE01R21nUk9rb0k5N2k4STZ4d2J4QUd
lL3UrZ0M4enJ5NUd1SHVtTElXcHpRUEsvejVGWmRSTEpqajNGaXJKZW0NCiAyU2pucXo5OXNEWUF1b
WJBT0E5N25RPT0NCg==</SwSec:CipherKey>
<SwSec:CryptoProtocol>4.0:3.0</SwSec:CryptoProtocol>
</SwSec:CryptoInternal>
<SwSec:CryptoDescriptor>
<SwSec:MemberRef>ResponsePayload</SwSec:MemberRef>
<SwSec:MemberRef>ResponseHeader</SwSec:MemberRef>
<SwSec:MemberRef>ResponseDescriptor.SwiftResponseRef</SwSec:MemberRef>
<SwSec:SignDN>cn=rma4,o=saatbebb,o=swift</SwSec:SignDN>
<SwSec:CertPolicyId>1.3.21.6.2</SwSec:CertPolicyId>
</SwSec:CryptoDescriptor>
</Saa:AuthValue>
</Saa:SWIFTNetResponseAttribute>
</Saa:NetworkAttribute>
<Saa:NetworkSessionNr>000005</Saa:NetworkSessionNr>
<Saa:NetworkSeqNr>000000002</Saa:NetworkSeqNr>
<Saa:NetworkDeliveryStatus>NetworkAcked</Saa:NetworkDeliveryStatus>
<Saa:Interventions>
<Saa:Intervention>
<Saa:IntvCategory>TransmissionReport</Saa:IntvCategory>
<Saa:CreationTime>060918171236</Saa:CreationTime>
<Saa:ApplicationOrigin>SWIFTNet Interface</Saa:ApplicationOrigin>
<Saa:OperatorOrigin>SYSTEM</Saa:OperatorOrigin>
<Saa:Text>
<AckNack>
<PseudoAckNack>{1:F21SAASBEBBAXXX000005000000002}{4:{177:0609181712}
{451:0}{311:ACK}{108:REF-1-0609181711}}</PseudoAckNack>
</AckNack>
</Saa:Text>
</Saa:Intervention>
<Saa:Intervention>
<Saa:IntvCategory>TransmissionResponse</Saa:IntvCategory>
<Saa:CreationTime>060918171242</Saa:CreationTime>
<Saa:ApplicationOrigin>SWIFTNet Interface</Saa:ApplicationOrigin>
<Saa:OperatorOrigin>SYSTEM</Saa:OperatorOrigin>
<Saa:Text>
<Ah:AppHdr xmlns:Ah="urn:swift:xsd:$ahV10">
<Ah:MsgRef>ra01</Ah:MsgRef>
<Ah:CrDate>2006-09-18T17:12:30</Ah:CrDate>
</Ah:AppHdr>
<Doc:Document xmlns:Doc="urn:swift:xsd:swift.cashrepv1$returnaccount"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Doc:returnaccount>
<Doc:QryRef>
<Doc:Ref>SCRRQ01</Doc:Ref>
</Doc:QryRef>
<Doc:RtrRef>
<Doc:Ref>RS01</Doc:Ref>
</Doc:RtrRef>
<Doc:Accts>
<Doc:AcctRpt>
<Doc:AcctId>
<Doc:DmstAcct>789DA123</Doc:DmstAcct>
</Doc:AcctId>
<Doc:Acct>
<Doc:Ccy>EUR</Doc:Ccy>
<Doc:Bal>
<Doc:Amt>99733.03</Doc:Amt>
<Doc:CdtDbtInd>CRDT</Doc:CdtDbtInd>
<Doc:ValDt>
<Doc:Dt>2006-09-18</Doc:Dt>
</Doc:ValDt>
<Doc:Tp>AVLB</Doc:Tp>
</Doc:Bal>
</Doc:Acct>
</Doc:AcctRpt>
</Doc:Accts>
</Doc:returnaccount>
</Doc:Document>
</Saa:Text>
</Saa:Intervention>
</Saa:Interventions>
</Saa:TransmissionReport>
</Saa:Report>
</Saa:DataPDU>
Introduction
The following sections show DataPDU examples for:
• Store-and-forward
• Real time
D.5.1.5.1 Store-and-forward
<Saa:NetworkDelivNotify>true</Saa:NetworkDelivNotify>
<Saa:NetworkPriority>Normal</Saa:NetworkPriority>
</Saa:MessageTPI>
<Saa:MessageSRI>
<Saa:UserReference>Sample-XMLv1-0609141402</Saa:UserReference>
</Saa:MessageSRI>
<Saa:MessageText>
<AppHdr xmlns="urn:swift:xsd:$ahV10">
<MsgRef>Sample-XMLv1-0609141402</MsgRef>
<CrDate>2006-09-14T02:02:11.414</CrDate>
</AppHdr>
<Document xmlns="urn:swift:xsd:swift.if.ia$setr.016.001.02">
<setr.016.001.02>
<RltdRef>
<Ref>Ref123-1</Ref>
</RltdRef>
<IndvOrdrDtlsRpt>
<Sts>PACK</Sts>
<OrdrRef>Ref123-1</OrdrRef>
</IndvOrdrDtlsRpt>
</setr.016.001.02>
</Document>
</Saa:MessageText>
</Saa:Message>
</Saa:DataPDU>
<Saa:ResponderDN>o=saadbebb,o=swift</Saa:ResponderDN>
<Saa:Service>swift.if.ia</Saa:Service>
<Saa:RequestType>setr.016.001.02</Saa:RequestType>
<Saa:NonRepType>SvcMand</Saa:NonRepType>
<Saa:SwiftRef>SWITCH90-2006-09-19T12:38:41.25857.1220138Z</Saa:SwiftRef>
<Saa:SwiftRequestRef>SNL10391-2006-09-19T12:38:41.6596.000073Z
</Saa:SwiftRequestRef>
<Saa:CBTReference>39d39f5a-fc26-4e5d-92f8-3bb42f4352f6</Saa:CBTReference>
<Saa:SnFInputTime>0102:2006-09-19T12:30:25</Saa:SnFInputTime>
</Saa:SWIFTNetRequestAttribute>
<Saa:SWIFTNetResponseAttribute />
</Saa:NetworkAttribute>
<Saa:NetworkSessionNr>000003</Saa:NetworkSessionNr>
<Saa:NetworkSeqNr>000000001</Saa:NetworkSeqNr>
<Saa:NetworkDeliveryStatus>NetworkAcked</Saa:NetworkDeliveryStatus>
<Saa:Interventions>
<Saa:Intervention>
<Saa:IntvCategory>TransmissionReport</Saa:IntvCategory>
<Saa:CreationTime>060919143839</Saa:CreationTime>
<Saa:ApplicationOrigin>SWIFTNet Interface</Saa:ApplicationOrigin>
<Saa:OperatorOrigin>SYSTEM</Saa:OperatorOrigin>
<Saa:Text>
<AckNack>
<PseudoAckNack>{1:F21SAADBEBBAXXX000003000000001}{4:{177:0609191438}
{451:0}{311:ACK}{108:Sample-XMLv1-0609141402}}</PseudoAckNack>
</AckNack>
</Saa:Text>
</Saa:Intervention>
</Saa:Interventions>
</Saa:TransmissionReport>
</Saa:Report>
</Saa:DataPDU>
</Saa:NetworkAttribute>
<Saa:NetworkSessionNr>000001</Saa:NetworkSessionNr>
<Saa:NetworkSeqNr>000000001</Saa:NetworkSeqNr>
<Saa:NetworkDeliveryStatus>NetworkNacked</Saa:NetworkDeliveryStatus>
<Saa:Interventions>
<Saa:Intervention>
<Saa:IntvCategory>TransmissionReport</Saa:IntvCategory>
<Saa:CreationTime>061011153702</Saa:CreationTime>
<Saa:ApplicationOrigin>SWIFTNet Interface</Saa:ApplicationOrigin>
<Saa:OperatorOrigin>SYSTEM</Saa:OperatorOrigin>
<Saa:Text>
<AckNack>
<PseudoAckNack>{1:F21SAAIBEBBAXXX000001000000001}{4:{177:0610111538}
{451:1}{405:T02}{311:NAK Sw.WFE.eMVALError}{108:Sample-XMLv1-0609141402}}
</PseudoAckNack>
<SwGbl:Status>
<SwGbl:StatusAttributes>
<SwGbl:Severity>Transient</SwGbl:Severity>
<SwGbl:Code>Sw.Gbl.NetworkTransmissionError</SwGbl:Code>
<SwGbl:Parameter>3979</SwGbl:Parameter>
<SwGbl:Parameter>message validation failed with error</
SwGbl:Parameter>
<SwGbl:Text>Network Transmission Error</SwGbl:Text>
<SwGbl:Details>
<SwGbl:Code>Sw.WFE.eMVALError</SwGbl:Code>
<SwGbl:Text>MVAL component error., message validation failed with
error</SwGbl:Text>
</SwGbl:Details>
<SwGbl:Details>
<SwGbl:Code>Sw.WFE.ExecuteRequestFail</SwGbl:Code>
<SwGbl:Text>Execute Request failed in WFE , MVAL</SwGbl:Text>
</SwGbl:Details>
<SwGbl:Details>
<SwGbl:Code>Sw.WFE.ExecuteRequestFail</SwGbl:Code>
<SwGbl:Text>Execute Request failed in WFE</SwGbl:Text>
</SwGbl:Details>
</SwGbl:StatusAttributes>
<SwGbl:StatusAttributes>
<SwGbl:Severity>Fatal</SwGbl:Severity>
<SwGbl:Code>Sw.MVAL.SyntaxError</SwGbl:Code>
<SwGbl:Parameter>SwInt:RequestPayload//Document[1]/setr.016.001.02[1]/
IndvOrdrDtlsRpt1[1]</SwGbl:Parameter>
<SwGbl:Text>unexpected content "{urn:swift:xsd:swift.if.ia$setr.
016.001.02}IndvOrdrDtlsRpt1"; expected "{urn:swift:xsd:swift.if.ia$setr.
016.001.02}MstrRef" or "{urn:swift:xsd:swift.if.ia$setr.
016.001.02}IndvOrdrDtlsRpt" or "{urn:swift:xsd:swift.if.ia$setr.
016.001.02}OrdrDtlsRpt" or "{urn:swift:xsd:swift.if.ia$setr.
016.001.02}RltdRef"</SwGbl:Text>
</SwGbl:StatusAttributes>
<SwGbl:StatusAttributes>
<SwGbl:Severity>Fatal</SwGbl:Severity>
<SwGbl:Code>Sw.MVAL.SyntaxError</SwGbl:Code>
<SwGbl:Parameter>SwInt:RequestPayload//Document[1]/setr.
016.001.02[1]/IndvOrdrDtlsRpt1[1]</SwGbl:Parameter>
<SwGbl:Text>no declaration for element "{urn:swift:xsd:swift.if.ia
$setr.016.001.02}IndvOrdrDtlsRpt1"</SwGbl:Text>
</SwGbl:StatusAttributes>
<SwGbl:StatusAttributes>
<SwGbl:Severity>Fatal</SwGbl:Severity>
<SwGbl:Code>Sw.MVAL.SyntaxError</SwGbl:Code>
<SwGbl:Parameter>SwInt:RequestPayload//Document[1]/setr.
016.001.02[1]/IndvOrdrDtlsRpt1[1]/Sts[1]</SwGbl:Parameter>
<SwGbl:Text>no declaration for element "{urn:swift:xsd:swift.if.ia
$setr.016.001.02}Sts"</SwGbl:Text>
</SwGbl:StatusAttributes>
<SwGbl:StatusAttributes>
<SwGbl:Severity>Fatal</SwGbl:Severity>
<SwGbl:Code>Sw.MVAL.SyntaxError</SwGbl:Code>
<SwGbl:Parameter>SwInt:RequestPayload//Document[1]/setr.
016.001.02[1]/IndvOrdrDtlsRpt1[1]/OrdrRef[1]</SwGbl:Parameter>
<SwGbl:Text>no declaration for element "{urn:swift:xsd:swift.if.ia
$setr.016.001.02}OrdrRef"</SwGbl:Text>
</SwGbl:StatusAttributes>
<SwGbl:StatusAttributes>
<SwGbl:Severity>Fatal</SwGbl:Severity>
<SwGbl:Code>Sw.MVAL.SyntaxError</SwGbl:Code>
<SwGbl:Parameter>SwInt:RequestPayload//Document[1]/setr.016.001.02[1]
</SwGbl:Parameter>
<SwGbl:Text>unexpected end of content</SwGbl:Text>
</SwGbl:StatusAttributes>
</SwGbl:Status>
</AckNack>
</Saa:Text>
</Saa:Intervention>
</Saa:Interventions>
</Saa:TransmissionReport>
</Saa:Report>
</Saa:DataPDU>
<Saa:SWIFTNetSecurityAttribute>
<Saa:SignerDN>cn=rma2,o=saadbebb,o=swift</Saa:SignerDN>
</Saa:SWIFTNetSecurityAttribute>
</Saa:SecurityAttribute>
<Saa:MessageOrigin>
<Saa:CBTApplication>Other</Saa:CBTApplication>
</Saa:MessageOrigin>
<Saa:CBTRoutingInfo>SMQS_To_MQSeries</Saa:CBTRoutingInfo>
<Saa:DuplEmission>false</Saa:DuplEmission>
</Saa:MessageLPI>
<Saa:MessageTPI>
<Saa:Network>SwiftNetNetwork</Saa:Network>
<Saa:NetworkPriority>Normal</Saa:NetworkPriority>
<Saa:NetworkSessionNr>000003</Saa:NetworkSessionNr>
<Saa:NetworkSeqNr>000000001</Saa:NetworkSeqNr>
</Saa:MessageTPI>
<Saa:MessageSRI>
<Saa:UserReference>Sample-XMLv1-0609141402</Saa:UserReference>
</Saa:MessageSRI>
<Saa:MessageText>
<AppHdr xmlns="urn:swift:xsd:$ahV10">
<MsgRef>Sample-XMLv1-0609141402</MsgRef>
<CrDate>2006-09-14T02:02:11.414</CrDate>
</AppHdr>
<Document xmlns="urn:swift:xsd:swift.if.ia$setr.016.001.02">
<setr.016.001.02>
<RltdRef>
<Ref>Ref123-1</Ref>
</RltdRef>
<IndvOrdrDtlsRpt>
<Sts>PACK</Sts>
<OrdrRef>Ref123-1</OrdrRef>
</IndvOrdrDtlsRpt>
</setr.016.001.02>
</Document>
</Saa:MessageText>
</Saa:OrigMessage>
<Saa:ReportLPI>
<Saa:OrigSenderReference>QU1RIFFNLk1YUyAgICAgII7oNUUgAF8E
</Saa:OrigSenderReference>
<Saa:MessageOrigin>
<Saa:CBTApplication>Other</Saa:CBTApplication>
</Saa:MessageOrigin>
<Saa:Modified>false</Saa:Modified>
<Saa:ReportingApplication>SWIFTNet Interface</Saa:ReportingApplication>
<Saa:DuplEmission>false</Saa:DuplEmission>
</Saa:ReportLPI>
<Saa:TransmissionReport>
<Saa:Network>SwiftNetNetwork</Saa:Network>
<Saa:NetworkAttribute>
<Saa:SWIFTNetRequestAttribute>
<Saa:RequestorDN>o=saadbebb,o=swift</Saa:RequestorDN>
<Saa:ResponderDN>o=saadbebb,o=swift</Saa:ResponderDN>
<Saa:Service>swift.if.ia</Saa:Service>
<Saa:RequestType>setr.016.001.02</Saa:RequestType>
<Saa:NonRepType>SvcMand</Saa:NonRepType>
<Saa:SwiftRef>SWITCH90-2006-10-18T09:13:49.15784.012942Z</Saa:SwiftRef>
<Saa:SwiftRequestRef>SNL10391-2006-10-18T09:13:48.3040.001280Z
</Saa:SwiftRequestRef>
<Saa:CBTReference>0aad3ea0-2d15-4d2d-8ce5-e6dfe47cdb4c</Saa:CBTReference>
<Saa:SnFInputTime>0102:2006-10-18T09:05:21</Saa:SnFInputTime>
</Saa:SWIFTNetRequestAttribute>
<Saa:SWIFTNetResponseAttribute />
</Saa:NetworkAttribute>
<Saa:NetworkSessionNr>000003</Saa:NetworkSessionNr>
<Saa:NetworkSeqNr>000000001</Saa:NetworkSeqNr>
<Saa:NetworkDeliveryStatus>NetworkAcked</Saa:NetworkDeliveryStatus>
<Saa:Interventions>
<Saa:Intervention>
<Saa:IntvCategory>TransmissionReport</Saa:IntvCategory>
<Saa:CreationTime>061018111349</Saa:CreationTime>
<Saa:ApplicationOrigin>SWIFTNet Interface</Saa:ApplicationOrigin>
<Saa:OperatorOrigin>SYSTEM</Saa:OperatorOrigin>
<Saa:Text>
<AckNack>
<PseudoAckNack>{1:F21SAADBEBBAXXX000003000000001}{4:{177:0610181113}
{451:0}{311:ACK}{108:Sample-XMLv1-0609141402}}</PseudoAckNack>
</AckNack>
</Saa:Text>
</Saa:Intervention>
</Saa:Interventions>
</Saa:TransmissionReport>
</Saa:Report>
</Saa:DataPDU>
<Saa:Text>
<Sw:NotifySnFRequestHandle>
<Sw:SnFRef>SWITCH90-2006-09-19T12:38:41.25857.1220138Z</Sw:SnFRef>
<Sw:SnFRefType>InterAct</Sw:SnFRefType>
<Sw:AcceptStatus>Accepted</Sw:AcceptStatus>
<Sw:AckSwiftTime>2006-09-19T12:39:34Z</Sw:AckSwiftTime>
<Sw:AckInfo>Acked</Sw:AckInfo>
</Sw:NotifySnFRequestHandle>
</Saa:Text>
</Saa:Intervention>
</Saa:Interventions>
</Saa:DeliveryReport>
</Saa:Report>
</Saa:DataPDU>
<SwSec:CipherKey>UEVNRkBQcm9jLVR5cGU6IDQsTUlDLU9OTFkNCkNvbnRlbnQtRG9tYWluOiBSR
kM4MjINCkVudHJ1c3RGaWxlLVZlcnNpb246IDIuMA0KT3JpZ2luYXRvci1ETjogY249cm1hMixvPXN
hYWRiZWJiLG89c3dpZnQNCk9yaWctU046IDExNDc3ODU1NjYNCk1JQy1JbmZvOiBTSEExLCBSU0EsD
QogdUlTY2tYSkV1akFUQSt5bWFnaWJRU1I3b3B5Q3JheGV0L0ExZ2QzRy9mQkdyT0JZZmc1LzZIbzY
4S1hjdjFyRg0KIDQ5aHgxWWRWeDlyMElLMHZld2xHRnBVRUErdzhUcktzMG95QTFDbXd3am5iR1I5T
U92aWtGK01hNTQ2N3dXSHMNCiAxZU5Odk5zY0tNVHYyb2grU0RrcW9xS1hUUy8zQXpNNFphL2NCR25
PYUN2MEFocXFaQUFTazFneTE3c3dZMURlDQogNzhYYi9tdnMvRVZBT1o0RnY4MUhzWWhnM2lwNHRUO
EVlYnVNdFpvZDMycVkwemFLVVMrcUtGL2VwVjRQM2syMA0KIGMvaWJJc3ZKc1pCTTlQbzAyT1JyNXB
sS1p1elVsS2tYcWhyZ1J6V0g1UEJoNEdjd0hqa0JFTTQ4dXVOQS96bUgNCiBCRnZSc0Q1ZVBuY0lsN
nM2ZHgwOXZnPT0NCg==</SwSec:CipherKey>
<SwSec:CryptoProtocol>4.0:3.0</SwSec:CryptoProtocol>
</SwSec:CryptoInternal>
<SwSec:CryptoDescriptor>
<SwSec:MemberRef>RequestPayload</SwSec:MemberRef>
<SwSec:MemberRef>RequestHeader</SwSec:MemberRef>
<SwSec:MemberRef>RequestDescriptor.SwiftRequestRef</SwSec:MemberRef>
<SwSec:SignDN>cn=rma2,o=saadbebb,o=swift</SwSec:SignDN>
<SwSec:CertPolicyId>1.3.21.6.2</SwSec:CertPolicyId>
</SwSec:CryptoDescriptor>
</Saa:AuthValue>
</Saa:SWIFTNetRequestAttribute>
<Saa:SWIFTNetResponseAttribute />
</Saa:NetworkAttribute>
<Saa:SecurityAttribute>
<Saa:SWIFTNetSecurityAttribute>
<Saa:SignerDN>cn=rma2,o=saadbebb,o=swift</Saa:SignerDN>
</Saa:SWIFTNetSecurityAttribute>
</Saa:SecurityAttribute>
<Saa:MessageOrigin>
<Saa:CBTApplication>SwiftnetInterface</Saa:CBTApplication>
</Saa:MessageOrigin>
<Saa:CBTRoutingInfo>SMQS_To_MQSeries</Saa:CBTRoutingInfo>
<Saa:DuplEmission>false</Saa:DuplEmission>
</Saa:MessageLPI>
<Saa:MessageTPI>
<Saa:Network>SwiftNetNetwork</Saa:Network>
<Saa:NetworkPriority>Normal</Saa:NetworkPriority>
<Saa:NetworkSessionNr>003389</Saa:NetworkSessionNr>
<Saa:NetworkSeqNr>000001560</Saa:NetworkSeqNr>
<Saa:DuplCreation>PDE</Saa:DuplCreation>
</Saa:MessageTPI>
<Saa:MessageSRI>
<Saa:UserReference>Sample-XMLv1-0609141402</Saa:UserReference>
</Saa:MessageSRI>
<Saa:MessageText>
<AppHdr xmlns="urn:swift:xsd:$ahV10">
<MsgRef>Sample-XMLv1-0609141402</MsgRef>
<CrDate>2006-09-14T02:02:11.414</CrDate>
</AppHdr>
<Document xmlns="urn:swift:xsd:swift.if.ia$setr.016.001.02">
<setr.016.001.02>
<RltdRef>
<Ref>Ref123-1</Ref>
</RltdRef>
<IndvOrdrDtlsRpt>
<Sts>PACK</Sts>
<OrdrRef>Ref123-1</OrdrRef>
</IndvOrdrDtlsRpt>
</setr.016.001.02>
</Document>
</Saa:MessageText>
</Saa:Message>
</Saa:DataPDU>
</Saa:Sender>
<Saa:Receiver>
<Saa:FullName>
<Saa:X1>SAATBEBBXXX</Saa:X1>
</Saa:FullName>
</Saa:Receiver>
<Saa:MessageNature>FinancialNature</Saa:MessageNature>
<Saa:MessageLPI>
<Saa:NetworkAttribute>
<Saa:SWIFTNetRequestAttribute>
<Saa:RequestorDN>o=saasbebb,o=swift</Saa:RequestorDN>
<Saa:ResponderDN>cn=beso,cn=tg229,o=saatbebb,o=swift</Saa:ResponderDN>
<Saa:Service>swift.cashrepv1</Saa:Service>
<Saa:RequestType>getaccount</Saa:RequestType>
</Saa:SWIFTNetRequestAttribute>
</Saa:NetworkAttribute>
</Saa:MessageLPI>
<Saa:MessageTPI>
<Saa:NetworkPriority>Normal</Saa:NetworkPriority>
</Saa:MessageTPI>
<Saa:MessageSRI>
<Saa:UserReference>REF-1-0609181711</Saa:UserReference>
</Saa:MessageSRI>
<Saa:MessageText>
<Ah:AppHdr xmlns:Ah="urn:swift:xsd:$ahV10">
<Ah:MsgRef>SCRRQ01</Ah:MsgRef>
<Ah:CrDate>2006-09-18T17:11:28.359</Ah:CrDate>
</Ah:AppHdr>
<Doc:Document xmlns:Doc="urn:swift:xsd:swift.cashrepv1$getaccount"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Doc:getaccount>
<Doc:NstrAcctSchCrit>
<Doc:AcctId>
<Doc:DmstAcct>789DA123</Doc:DmstAcct>
</Doc:AcctId>
<Doc:BalTp>AVLB</Doc:BalTp>
</Doc:NstrAcctSchCrit>
<Doc:QryPrcg>
<Doc:QryRef>
<Doc:Ref>SCRRQ01</Doc:Ref>
</Doc:QryRef>
</Doc:QryPrcg>
</Doc:getaccount>
</Doc:Document>
</Saa:MessageText>
</Saa:Message>
</Saa:DataPDU>
<SwSec:CipherKey>UEVNRkBQcm9jLVR5cGU6IDQsTUlDLU9OTFkNCkNvbnRlbnQtRG9tYWluOiBSR
kM4MjINCkVudHJ1c3RGaWxlLVZlcnNpb246IDIuMA0KT3JpZ2luYXRvci1ETjogY249cm1hNCxvPXN
hYXRiZWJiLG89c3dpZnQNCk9yaWctU046IDExNDE5Mzg1MjINCk1JQy1JbmZvOiBTSEExLCBSU0EsD
QogZEF4b3VROFRFbldNNW03T2VOczZDdC8vTjFzOU9tUlo0cTFPdWI4ZnppT2xIQS95RDJhc2h5L2l
KU2VOcjBuYg0KIHpJUnV5M09LczJ1TUlxT2p3MnVKSEZvb0hKYmtQTUdPOGtIZG91clo4K0tVeGFHM
E5QSWtCTVJKYlZ0alRVdGgNCiBVcEw1TUJlSE5wcGtuN09VY2FUenFMT1ZQSnZ4Z2NrRUt4d25CNzd
5THRuay83YlRMVFhRR3FOVks2N0ROVS9rDQogcHZWZlUwWGxxNVVQWGoxMTVvWndxUS9HVzVHcGMxb
1hBYXpWdVJMTTFpa054UHRXejg0Sm9iT0FTVlR1VjFQYw0KIG9nNmRmUkRySGtSZWt2elh1V0pzazR
sQjFiWGYrOVpCWTF0aWNIUCtiaTd2akV5bDZ5Mk1Ca1dWWXVGVzJ4TWsNCiBjMTEzam5EQjhad255T
2kzMU5jV3ZBPT0NCg==</SwSec:CipherKey>
<SwSec:CryptoProtocol>4.0:3.0</SwSec:CryptoProtocol>
</SwSec:CryptoInternal>
<SwSec:CryptoDescriptor>
<SwSec:MemberRef>ResponsePayload</SwSec:MemberRef>
<SwSec:MemberRef>ResponseHeader</SwSec:MemberRef>
<SwSec:MemberRef>ResponseDescriptor.SwiftResponseRef</SwSec:MemberRef>
<SwSec:SignDN>cn=rma4,o=saatbebb,o=swift</SwSec:SignDN>
<SwSec:CertPolicyId>1.3.21.6.2</SwSec:CertPolicyId>
</SwSec:CryptoDescriptor>
</Saa:AuthValue>
</Saa:SWIFTNetResponseAttribute>
</Saa:NetworkAttribute>
<Saa:NetworkSessionNr>000003</Saa:NetworkSessionNr>
<Saa:NetworkSeqNr>000000002</Saa:NetworkSeqNr>
<Saa:NetworkDeliveryStatus>NetworkAcked</Saa:NetworkDeliveryStatus>
<Saa:Interventions>
<Saa:Intervention>
<Saa:IntvCategory>TransmissionReport</Saa:IntvCategory>
<Saa:CreationTime>060920170319</Saa:CreationTime>
<Saa:ApplicationOrigin>SWIFTNet Interface</Saa:ApplicationOrigin>
<Saa:OperatorOrigin>SYSTEM</Saa:OperatorOrigin>
<Saa:Text>
<AckNack>
<PseudoAckNack>{1:F21SAASBEBBAXXX000003000000002}{4:{177:0609201703}
{451:0}{311:ACK}{108:REF-1-0609181711}}</PseudoAckNack>
</AckNack>
</Saa:Text>
</Saa:Intervention>
<Saa:Intervention>
<Saa:IntvCategory>TransmissionResponse</Saa:IntvCategory>
<Saa:CreationTime>060920170326</Saa:CreationTime>
<Saa:ApplicationOrigin>SWIFTNet Interface</Saa:ApplicationOrigin>
<Saa:OperatorOrigin>SYSTEM</Saa:OperatorOrigin>
<Saa:Text>
<Ah:AppHdr xmlns:Ah="urn:swift:xsd:$ahV10">
<Ah:MsgRef>ra01</Ah:MsgRef>
<Ah:CrDate>2006-09-18T17:12:30</Ah:CrDate>
</Ah:AppHdr>
<Doc:Document xmlns:Doc="urn:swift:xsd:swift.cashrepv1$returnaccount"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Doc:returnaccount>
<Doc:QryRef>
<Doc:Ref>SCRRQ01</Doc:Ref>
</Doc:QryRef>
<Doc:RtrRef>
<Doc:Ref>RS01</Doc:Ref>
</Doc:RtrRef>
<Doc:Accts>
<Doc:AcctRpt>
<Doc:AcctId>
<Doc:DmstAcct>789DA123</Doc:DmstAcct>
</Doc:AcctId>
<Doc:Acct>
<Doc:Ccy>EUR</Doc:Ccy>
<Doc:Bal>
<Doc:Amt>99733.03</Doc:Amt>
<Doc:CdtDbtInd>CRDT</Doc:CdtDbtInd>
<Doc:ValDt>
<Doc:Dt>2006-09-18</Doc:Dt>
</Doc:ValDt>
<Doc:Tp>AVLB</Doc:Tp>
</Doc:Bal>
</Doc:Acct>
</Doc:AcctRpt>
</Doc:Accts>
</Doc:returnaccount>
</Doc:Document>
</Saa:Text>
</Saa:Intervention>
</Saa:Interventions>
</Saa:TransmissionReport>
</Saa:Report>
</Saa:DataPDU>
• Windows: %alliance%\SWIFT\SERVER\MXS\batch_examples
• UNIX: $ALLIANCE/Mxs/batch_examples
D.5.2.1.1 Versioning
Summary
Since Alliance Access 6.2, a new approach to the versioning of the XML format is used for
message exchange with back-office applications. In addition to the existing versioning of an
XML schema, several revisions of the same version can exist.
Taking into account the consequent revisions, the existing XML version 2.0 evolves as 2.0.1,
2.0.2, and so on.
Changes in the definition of the XML v2 schema for revisions greater than zero
• The version element is added to the schema definition for information purposes (the element
is not used for format validation).
Specifically, xs:schema:version element is added, indicating the revision of the schema.
For example, for revision 2.0.1, the schema definition is (changes are in bold):
<xs:schema version="2.0.1" elementFormDefault="qualified"
xmlns="urn:swift:saa:xsd:saa.2.0"
xmlns:xs=http://www.w3.org/2001/XMLSchema
targetNamespace="urn:swift:saa:xsd:saa.2.0">
Overview
This section provides a brief overview of the changes to the data element in revision 2.0.1.
• Message
• DeliveryNotification
• HistoryReport
• TransmissionReport
• DeliveryReport
• MessageStatus
The limitation that only Original or Copy message instances can have the RoutingCode field
present is removed. The field can be optionally present for any type of message instance.
Overview
This section provides a brief overview of the changes to the data elements in revision 2.0.2.
• To support the Overdue Warning feature of SWIFTNet 6.3, the OverdueWarningTime and
OverdueWarningDelay sub-elements have been added.
Overview
This section provides a brief overview of the changes to the data elements in revision 2.0.3.
• The following sub-elements have been added to support the message and file distribution
feature:
– RecipientList
– IsRecipientListPublic
– DistributionInfo
• The ThirdPartyList sub-element has been added to support the message and file dynamic
copy feature.
ThirdPartyDN The DN which identifies the third party for ThirdPartyDN [1..30] O O
the copy of a message or file.
Description
The application and Alliance Access exchange PDUs that are sequences of bytes with the
following structure:
• Length (6 bytes): length (in bytes) of the Signature and DataPDU fields: this length is
base-10 encoded as six ASCII characters, and is left-padded with zeros, if needed.
• Signature (24 bytes): signature computed on the DataPDU using the HMAC-SHA256
algorithm, base-64 encoded (see "Computing the Signature of a DataPDU").
This signature authenticating the originator of the DataPDU (the application or Alliance
Access) and guarantees the integrity of the DataPDU. This action is referred to as local
authentication (LAU). If Alliance Access is configured to not require LAU, then the field must
contain NULL characters.
• DataPDU: XML structure containing the information relevant for processing (message or
report) encoded in UTF-8 format.
The first byte of this field must be the character, < (0x3C). A byte-order marker is not
supported.
The structure of the DataPDU is described in the rest of this section.
A DataPDU field has an overall XML structure that looks like:
<?xml version="1.0" encoding="utf-8"?>
<Saa:DataPDU xmlns:Saa="urn:swift:saa:xsd:saa.2.0">
...
</Saa:DataPDU>
A DataPDU field that Alliance Access sends to the application may contain structured data that
is received from SWIFTNet. Therefore, the field may contain the following additional namespace
declarations:
xmlns:Sw="urn:swift:snl:ns.Sw"
xmlns:SwInt="urn:swift:snl:ns.SwInt".
xmlns:SwGbl="urn:swift:snl:ns.SwGbl"
xmlns:SwSec="urn:swift:snl:ns.SwSec"
The signature is computed on the complete DataPDU field, that includes the string <?xml
version="1.0" encoding="utf-8"?>. The XML representation must not be altered
between the signature computation and the verification. The namespace includes a version
number (2.0).
Introduction
This section describes the various XML elements that can be present in the DataPDU field. The
description uses a table format.
The corresponding schema is located in the following directory in the Alliance Access release
tree:
On Windows: \MXS\xsd\SAA_XML_v2_0.xsd
On UNIX: /MXS/xsd/SAA_XML_v2_0.xsd
The columns "From" and "To" indicate whether the element is mandatory ('M'), optional ('O'), or
not applicable ('--') for the corresponding direction of a message or report exchange. The
directions are defined as follows:
D.5.2.3.1 DataPDU
DataPDU elements
(1) If an Application Header is required, then the schema of the Application Header for each Standard that is part of a
Solution is listed in the Implementor section of the Standards Handbook for that specific SWIFTStandard.
(3) Example: a FIN block 4 containing "{4:20:TRN MSG1000:79:MESSAGE TEXT}" is included as follows in the
Body element "<CRLF>:20:TRN MSG1000<CRLF>:79:MESSAGE TEXT", base-64 encoded.
• Message: when the DataPDU carries a message sent by the application to Alliance Access
or by Alliance Access to the application.
• HistoryReport: when the DataPDU carries a report used by Alliance Access to send a
History or Information Notification to the application.
• TransmissionReport: when the DataPDU carries a report used by Alliance Access to send a
Transmission Notification to the application.
• DeliveryReport: when the DataPDU carries a report used by Alliance Access to send a
reconciled Delivery Notification to the application. Alliance Access sends such a report only if
the Traffic Reconciliation component of Alliance Access is used to reconcile Delivery
Notifications with original messages.
• MessageStatus: when the DataPDU carries the status of the message processing sent by
Alliance Access to the application. In case of error, it contains an error code that indicates
why the message was rejected by Alliance Access.
• SessionStatus: when the DataPDU carries the status of a session sent by Alliance Access
to the application. This is not applicable to MQSA.
D.5.2.3.2 Message
Message elements
• for an MT message: MT
• for an MX message: MX
• Output
Both values can be used for the "From" as
well as the "To" direction.
(2) When the type Enumeration is used, possible values are defined in the Description column.
(3) Optional for an MT message, mandatory for an MX message (contains the Service).
D.5.2.3.2.1 InterfaceInfo
InterfaceInfo elements
This structure contains all the network-related information managed by Alliance Access to
process messages.
• None
• Minimum
Extract routing keywords from message
text
• Intermediate
MT messages: Minimum + syntax
validation
• Maximum
Same as Intermediate
If specified, has precedence over the
Alliance Access configuration.
• ApplicationInterface
• SWIFTNetInterface
• FINInterface
• Workstation
• Messenger
• Other
• Original
• Copy
• Report
From: the value is ignored(1).
• Financial
• Text
• Network
• Security
• Service
For MX messages, the value Financial
must be used.
From: only for Output messages.
(1) This field is optional in the From direction to allow a DataPDU received from Alliance Access to be sent to Alliance
Access again without changing it. However, Alliance Access ignores its value.
D.5.2.3.2.2 NetworkInfo
NetworkInfo elements
This structure contains all the network-related information managed by Alliance Access to
process messages.
• Normal
• Urgent
• Application
• SWIFTNet
• FIN
• Other
From: for Output messages only.
D.5.2.3.2.2.1 SWIFTNetNetworkInfo
SWIFTNetNetworkInfo elements
Where:
Where:
FileStartTime The time when the file transfer was started. String O O
From: for Output messages only.
Format:
YYYYMMDDHHMMSS
mandatory elements in the HeaderInfo element and therefore, the content of HeaderInfo
differs for each service.
The HeaderInfo is placed in the FileAct header and verified by the SWIFTNet central system
or back-office application based on the service that uses it. The SWIFTNet central system
verifies the presence, syntax and semantic meaning of the elements. If the verification fails,
then the message is rejected.
The FileAct Header information is mandated for the following services that SWIFT administers:
Note SWIFTNet Copy Services can copy the content of the HeaderInfo element and
send it to a Copy destination.
The following connection methods support the use of the HeaderInfo element:
D.5.2.3.2.2.2 FINNetworkInfo
FINNetworkInfo elements
CorrespondentInputTime Time and date the message was sent by the String O O
correspondent.
Output messages only.
D.5.2.3.2.3 SecurityInfo
SecurityInfo elements
This structure contains all the security-related information managed by Alliance Access to
process messages.
• Success
• Bypassed
• NoRecord
• NotEnabled
• InvalidPeriod
• Unauthorised
Not present when message is not subject
to RMA authorisation.
From: Output messages only.
D.5.2.3.2.3.1 SWIFTNetSecurityInfo
SWIFTNetSecurityInfo elements
• SvcOpt
• SvcMand
From: Output messages only.
• Success
• Bypassed
• Failed
From: Output messages only.
• SvcOpt
• SvcMand
Real-time messages only.
• Success
• Bypassed
• Failed
Real-time messages only.
• DigestRef (mandatory)
• DigestValue (optional).
D.5.2.3.2.3.2 FINSecurityInfo
FINSecurityInfo elements
• Success
• Failed
From: Output messages only.
• Success
• SuccessFuture
• SuccessOld
• Bypassed
• Failed
• InvalidDigest
• InvalidSignerDN
• InvalidCertPolicyID
From: Output messages only.
• Success
• SuccessFuture
• SuccessOld
• Bypassed
• NoKey
• Failed
• InvalidDigest
• InvalidSignerDN
• InvalidCertPolicyID
From: Output messages only.
(1) Used for authentication between the Sender of the message and the Central Institution.
(2) Used for authentication between the Central Institution and the Receiver of the message.
D.5.2.3.3 HistoryReport
HistoryReport elements
Alliance Access uses a HistoryReport to send a "History Notification" or "Information
Notification" to the application.
The Print connection method supports the transmission of a history notification of both input and
output messages.
The connection method that uses XML version 2 supports the transmission of a history
notification only for input messages.
For a History Notification, the report contains a list of all interventions belonging to the related
instance, up to the routing point where the History Notification was created.
For an Information Notification, the report only contains the interventions that were created at
the routing point where the Information Notification was created.
• ApplicationInterface
• FINInterface
• SWIFTNetInterface
• TrafficReconciliation
• Other
• ApplicationInterface
• SWIFTNetInterface
• FINInterface
• Workstation
• Messenger
• Other
• NoOriginal
The next element Message will not be
present.
• MinimumInfo
The next element Message contains the
element Header, but not the element
Body. The Header will not contain the
InterfaceInfo, NetworkInfo, SecurityInfo
elements.
• HeaderOnly
The next element Message contains the
complete element Header but not the
element Body. Corresponds to a
configuration specifying "Headers Only"
• HeaderAndBody
The next element Message contains its
complete structure.
Corresponds to a configuration
specifying "Complete Text" or
"Expanded".
D.5.2.3.4 TransmissionReport
TransmissionReport elements
Alliance Access uses a TransmissionReport to send a Transmission Notification to the
application. The report contains an intervention of type TransmissionReport, and optionally, an
intervention of type TransmissionResponse. A transmission response can appear for real-time
input messages for which the real-time server generates a business response.
A Transmission Notification instance is created by the Alliance Access network interface
components (for example, SWIFT Interface for MT, SWIFTNet Interface for MX) when an
attempt is made to transmit the message.
• NetworkAcked
• NetworkRejectedLocally
The message has been rejected by
Alliance Access before emission.
• NetworkAborted
The message emission has been
aborted due to a communication error or
a user abort of the session.
• NetworkTimedOut
The acknowledgement for the message
was not received within the allowed time
(SWIFTNet only).
• NetworkWaitingAck
Transient state.
Unless the Alliance Access routing is
configured to do so, the last 3 values are
not reported to the application.
• ApplicationInterface
• FINInterface
• SWIFTNetInterface
• TrafficReconciliation
• Other
• false: RelatedInstanceAddressee is
possibly present
• ApplicationInterface
• SWIFTNetInterface
• FINInterface
• Workstation
• Messenger
• Other
D.5.2.3.5 DeliveryNotification
DeliveryNotification elements
Alliance Access uses a DeliveryNotification to send a Delivery Notification to the application.
The report contains an intervention of type DeliveryReport.
• RcvDelivered
• RcvAborted
• RcvDelayedNak
FIN: the message has been rejected by
FIN and has not been received by the
correspondent
• RcvFCPReleased
The message has been released by the
Central Institution (FIN only).
• RcvOverdue
Can occur only when the related
message had Priority set to Urgent.
• RcvUnknown
Can occur, for instance, when InterAct
or FileAct messages are sent in the
context of a distribution to several
recipients.
D.5.2.3.6 DeliveryReport
DeliveryReport elements
Alliance Access uses a DeliveryReport to send a Delivery Notification to the application when
the Traffic Reconciliation component of Alliance Access is used. The report contains an
intervention of type DeliveryReport.
• RcvDelivered
• RcvAborted
• RcvDelayedNak
• RcvFCPReleased
• RcvOverdue
See "DeliveryNotification".
• ApplicationInterface
• FINInterface
• SWIFTNetInterface
• TrafficReconciliation
• Other
• false: RelatedInstanceAddressee is
possibly present
• ApplicationInterface
• SWIFTNetInterface
• FINInterface
• Workstation
• Messenger
• Other
D.5.2.3.7 MessageStatus
MessageStatus elements
D.5.2.3.8 SessionStatus
SessionStatus elements
Not applicable to MQSA.
• true otherwise.
• ToAndFromMessagePartner: message
to the message partner from Alliance
D.5.2.3.9.1 AddressInfo
AddressInfo elements
D.5.2.3.9.2 AddressFullName
AddressFullName elements
D.5.2.3.9.3 RoutingInstruction
RoutingInstruction elements
• Route
the target routing point is determined by
the routing rules of Alliance Access
• DisposeToRoutingPoint
the target routing point is specified by
the value of the next element
• DisposeToRoutingStep
the target routing point is specified by
the value of the RoutingStep element
• Verify (_MP_verification)
• Authorise (_MP_authorisation)
• Modify (_MP_mod_text)
D.5.2.3.9.4 PDEPDM
PDEPDM elements
D.5.2.3.9.5 Intervention
Intervention elements
This type is only used in the elements of type TransmissionReport and DeliveryReport.
• TransmissionReport
present if TransmissionReport
• DeliveryReport
present if DeliveryReport
• TransmissionResponse
only present in TransmissionReport or
HistoryReport for MX Input messages.
D.5.2.3.9.6 HistoryIntervention
HistoryIntervention elements
This type is only used in the element HistoryReport. The difference with the type Intervention
(see "Intervention") is that the contents of the intervention (element Text) is passed as a String
(escaped). The format of the intervention contents in a HistoryReport can indeed be a
combination of free-format text and of XML.
• TransmissionReport
present if TransmissionReport
• DeliveryReport
present if DeliveryReport
• TransmissionResponse
only present in TransmissionReport or
HistoryReport for MX Input messages
• Security
• Routing
• MesgAsTransmitted
• MesgAsReceived
• MesgModified
• Other
D.5.2.3.9.7 SAAInfo
SAAInfo elements
The SAAInfo element is an optional element. However, if you do include it, then you must
specify all of its sub-elements:
Introduction
The elements described in this section are not included in the DataPDU schema described in
"DataPDU":
• AckNack
• SwGbl:Status
• Sw:SnFPDMHistory
• Sw:NotifSnFRequestHandle
• SwInt:ValidationDescriptor
These are Alliance Access or SWIFTNet-specific data elements that Alliance Access provides to
the application for completeness. Further processing of these elements is not required, but their
structure is listed. Note that the structure of these elements can evolve with future releases of
SWIFTNet.
ACK/NAK
Parts that are in bold are placeholders that are substituted with their actual value as follows:
T04 File marked as duplicate by In the context of FileAct, the file sent is
correspondent marked as duplicate by the correspondent.
T05 File rejected by correspondent In the context of FileAct, the file sent is
rejected by the correspondent.
T06 File aborted by correspondent In the context of FileAct, the file transfer
(remote abort) or File aborted by has been aborted either remotely by the
<user> (local abort) correspondent during reception, or locally
by the user sending the file.
Example:
<AckNack><PseudoAckNack>{1:F21SAAABEBBAXXX000012000000001}{4:{177:0611061025}
{451:1}{405:T02}{311:NAK
Sw.SPX.TpCallTPENOENT}{108:REF-1-0610311645}}</PseudoAckNack>
<SwGbl:Status>...</SwGbl:Status></AckNack>
SwGbl:Status
SwGbl:StatusAttributes
• Fatal
• Transient
• Logic
• Success
• Warning
SwGbl:Details
Sw:SnFPDMHistory
Sw:SnFDeliveryHistory
Sw:SnFDeliveryInfo
Sample SnFPDMHistory structure for SWIFTNet release 6.0, as described in the previous
tables:
<Sw:SnFPDMHistory>
<Sw:SnFDeliveryInfo>
<Sw:SwiftTime>2005-07-19T08:58:37Z</Sw:SwiftTime>
<SwSec:UserDN>ou=zurich,o=bankwxyz,o=swift</SwSec:UserDN>
<Sw:SnFSessionId>bankwxyz_applicq1:p:000458</Sw:SnFSessionId>
<SwInt:SNLId>SNL00835D1</SwInt:SNLId>
<Sw:RetryReason>
<SwGbl:Status>
<SwGbl:StatusAttributes>
<SwGbl:Severity>Transient</SwGbl:Severity>
<SwGbl:Code>See Error Guide</SwGbl:Code>
<SwGbl:Text>One liner error description</SwGbl:Text>
<SwGbl:Action>Retry Message</SwGbl:Action>
</SwGbl:StatusAttributes>
</SwGbl:Status>
</Sw:RetryReason>
</Sw:SnFDeliveryInfo>
</Sw:SnFPDMHistory>
Sw:NotifSnFRequestHandle
• InterAct
• Accepted
message accepted by the receiver
• Rejected
message rejected by the receiver
• Failed
SWIFT failed to deliver the message
SwInt:ValidationDescriptor
• Success
• Warning
Example:
<SwInt:ValResult>Warning</SwInt:ValResult>
<SwInt:ValStatus>
<SwGbl:StatusAttributes>
<SwGbl:Severity>Warning</SwGbl:Severity>
<SwGbl:Code><!--SWIFTStandards error code--></SwGbl:Code>
<SwGbl:Text><!--additional diagnostic information--></SwGbl:Text>
</SwGbl:StatusAttributes>
</SwInt:ValStatus>
Overview
This section describes how a message sent by an application can be reconciled with its network
ACK and with the (optional) Delivery Notification subsequently sent by Alliance Access to the
application.
Process
1. When sending the message to Alliance Access, the application assigns a unique reference
to the message which it puts in the element SenderReference of the Message DataPDU
that contains the message.
2. After receiving and processing the Message DataPDU, Alliance Access sends the message
over the network. When Alliance Access receives the network ACK (or NAK), it sends a
TransmissionReport DataPDU to the application.
• an element SenderReference containing the unique reference that was provided by the
application in the original Message DataPDU
3. When receiving a TransmissionReport DataPDU, the application can reconcile it with the
original Message DataPDU through the contents of its element SenderReference. At this
stage, the contents of the elements ReconciliationInfo, and SenderReference contained in
the Transmission Report DataPDU must be stored together for future reconciliation of the
Delivery Notification. Note that Alliance Access can possibly send the message multiple
times; the application must be able to handle multiple TransmissionReports for the same
message.
4. When Alliance Access receives a Delivery Notification for a message that has been sent
and ACK'ed, two scenarios are possible:
• If the Traffic Reconciliation component of Alliance Access is not used or cannot perform
the reconciliation because the original message is no longer present in the Alliance
Access database (due to archiving), then Alliance Access sends a DeliveryNotification
DataPDU to the application. In this scenario, the application:
– can then find back the original Message DataPDU from theTransmissionReport PDU
through the SenderReference stored with the ReconciliationInfo (step 3).
D.5.2.5 Examples
Introduction
The following sections contain examples of DataPDUs exchanged between an application and
Alliance Access during the emission flow of an MT message.
</Saa:IsNotificationRequested>
<Saa:Service>swift.fin</Saa:Service>
<Saa:Network>FIN</Saa:Network>
<Saa:SessionNr>0023</Saa:SessionNr>
<Saa:SeqNr>000049</Saa:SeqNr>
<Saa:FINNetworkInfo>
<Saa:MessageSyntaxVersion>0605</Saa:MessageSyntaxVersion>
</Saa:FINNetworkInfo>
</Saa:NetworkInfo>
<Saa:SecurityInfo>
<Saa:RMAResult>Success</Saa:RMAResult>
<Saa:FINSecurityInfo>
<Saa:ChecksumResult>Success</Saa:ChecksumResult>
<Saa:ChecksumValue>6E2B36369332</Saa:ChecksumValue>
<Saa:MACSignatureValue>
<SwSec:Signature>
<SwSec:SignedInfo>
<Sw:Reference>
<Sw:DigestValue>beDU9fHr0DzMj20uMsHHT+sDfdphSFbE0KwqCNMlIUo=</
Sw:DigestValue>
</Sw:Reference>
</SwSec:SignedInfo>
<SwSec:SignatureValue>PEMF@Proc-Type: 4,MIC-ONLY
Content-Domain: RFC822
EntrustFile-Version: 2.0
Originator-DN: cn=rma1,o=saarbebb,o=swift
Orig-SN: 1147824225
MIC-Info: SHA256, RSA,
CpjLYQA6OuWErTFK6aBCleoOdHqJxFeM1GeJE2dyQET+79NvyjeWf6V8CfaEXn89
GSMyou5lSyzTNc3kIPBPPKaEyyFQsYZuXm64dVvzwdoWc/xev86CkSZyIyiGML0q
ELoeVna3i61v3cSNIXRPErgVuOJ52XO90d1UQ9G5czI1rboPqC8a3dy4RXeinxJm
QjWRwdNZ82YD7IqFDpG9cduOzbs/Ppmkla0cR+9RQDTRlfTD3LMo7VKwthqxbXfi
2m0p1ffs6/qKpUvuFQGrt5gsRIl8v03t6RPBFJ01CefzplQ6e5mU8T6FUPy5zNWL
ufG/XZx1D+gDD8085ZqYqw==
</SwSec:SignatureValue>
<SwSec:KeyInfo>
<SwSec:SignDN>cn=rma1,o=saarbebb,o=swift
</SwSec:SignDN>
<SwSec:CertPolicyId>1.3.21.6.2
</SwSec:CertPolicyId>
</SwSec:KeyInfo>
<SwSec:Manifest>
<Sw:Reference>
<Sw:DigestRef>M</Sw:DigestRef>
<Sw:DigestValue>K3GPdVCheunY0XW46FAILtOHM44A3wLrrFxsCbCEgOA=</
Sw:DigestValue>
</Sw:Reference>
<Sw:Reference>
<Sw:DigestRef>Sw.E2S</Sw:DigestRef>
<Sw:DigestValue>fGllfE9CYvXZWm5n0TywkTvd4RKLveQ9/F0w8H+VPMs=</
Sw:DigestValue>
</Sw:Reference>
</SwSec:Manifest>
</SwSec:Signature>
</Saa:MACSignatureValue>
</Saa:FINSecurityInfo>
</Saa:SecurityInfo>
</Saa:Message>
</Saa:TransmissionReport>
</Saa:Header>
<Saa:Body>DQo6MjA6VFJOIE1TRzEwMDANCjo3OTpNRVNTQUdFIFRFWFQ=</Saa:Body>
</Saa:DataPDU>
reconciled with the TransmissionReport DataPDU and the Message DataPDU through the
SenderReference element. The important information in this DataPDU is identified in bold:
<?xml version="1.0" encoding="UTF-8" ?>
<Saa:DataPDU xmlns:Saa="urn:swift:saa:xsd:saa.2.0"
xmlns:Sw="urn:swift:snl:ns.Sw" xmlns:SwInt="urn:swift:snl:ns.SwInt"
xmlns:SwGbl="urn:swift:snl:ns.SwGbl" xmlns:SwSec="urn:swift:snl:ns.SwSec">
<Saa:Header>
<Saa:DeliveryReport>
<Saa:SenderReference>REF10610311637</Saa:SenderReference>
<Saa:ReceiverDeliveryStatus>RcvDelivered
</Saa:ReceiverDeliveryStatus>
<Saa:OriginalInstanceAddressee>
<Saa:X1>SAARBEBBXXX</Saa:X1>
</Saa:OriginalInstanceAddressee>
<Saa:ReportingApplication>TrafficReconciliation
</Saa:ReportingApplication>
<Saa:NetworkInfo>
<Saa:Priority>Normal</Saa:Priority>
<Saa:IsPossibleDuplicate>true</Saa:IsPossibleDuplicate>
<Saa:IsNotificationRequested>true</Saa:IsNotificationRequested>
<Saa:Service>swift.fin</Saa:Service>
<Saa:Network>FIN</Saa:Network>
<Saa:SessionNr>0023</Saa:SessionNr>
<Saa:SeqNr>000049</Saa:SeqNr>
<Saa:FINNetworkInfo>
<Saa:MessageSyntaxVersion>0605</Saa:MessageSyntaxVersion>
</Saa:FINNetworkInfo>
</Saa:NetworkInfo>
<Saa:Interventions>
<Saa:Intervention>
<Saa:IntvCategory>DeliveryReport</Saa:IntvCategory>
<Saa:CreationTime>20061102094143</Saa:CreationTime>
<Saa:OperatorOrigin>SYSTEM</Saa:OperatorOrigin>
<Saa:Contents>{175:0938}{106:061102SAARBEBBAXXX0023000049}
{108:REF10610311637}{175:0938}{107:061102SAARBEBBAXXX0023000298}
</Saa:Contents>
</Saa:Intervention>
</Saa:Interventions>
<Saa:IsRelatedInstanceOriginal>true</Saa:IsRelatedInstanceOriginal>
<Saa:MessageCreator>ApplicationInterface</Saa:MessageCreator>
<Saa:IsMessageModified>false</Saa:IsMessageModified>
<Saa:MessageFields>NoOriginal</Saa:MessageFields>
</Saa:DeliveryReport>
</Saa:Header>
</Saa:DataPDU>
<Saa:FullName>
<Saa:X1>SAARBEBBXXX</Saa:X1>
</Saa:FullName>
</Saa:Sender>
<Saa:Receiver>
<Saa:BIC12>SAARBEBBAXXX</Saa:BIC12>
<Saa:FullName>
<Saa:X1>SAARBEBBXXX</Saa:X1>
</Saa:FullName>
</Saa:Receiver>
<Saa:InterfaceInfo>
<Saa:UserReference>REF10610311637</Saa:UserReference>
<Saa:MessageCreator>FINInterface</Saa:MessageCreator>
<Saa:MessageContext>Original</Saa:MessageContext>
<Saa:MessageNature>Financial</Saa:MessageNature>
</Saa:InterfaceInfo>
<Saa:NetworkInfo>
<Saa:Priority>Normal</Saa:Priority>
<Saa:IsPossibleDuplicate>true</Saa:IsPossibleDuplicate>
<Saa:DuplicateHistory>
<Saa:PDE>{PDE:}</Saa:PDE>
</Saa:DuplicateHistory>
<Saa:Service>swift.fin</Saa:Service>
<Saa:Network>FIN</Saa:Network>
<Saa:SessionNr>0023</Saa:SessionNr>
<Saa:SeqNr>000298</Saa:SeqNr>
<Saa:FINNetworkInfo>
<Saa:MessageSyntaxVersion>0605</Saa:MessageSyntaxVersion>
<Saa:CorrespondentInputReference>061102SAARBEBBAXXX0023000049
</Saa:CorrespondentInputReference>
<Saa:CorrespondentInputTime>20061102093800
</Saa:CorrespondentInputTime>
<Saa:LocalOutputTime>20061102093800</Saa:LocalOutputTime>
</Saa:FINNetworkInfo>
</Saa:NetworkInfo>
<Saa:SecurityInfo>
<Saa:RMAResult>Success</Saa:RMAResult>
<Saa:FINSecurityInfo>
<Saa:ChecksumResult>Success</Saa:ChecksumResult>
<Saa:ChecksumValue>6E2B36369332</Saa:ChecksumValue>
<Saa:MACSignatureValue>
<SwSec:Signature>
<SwSec:SignedInfo>
<Sw:Reference>
<Sw:DigestValue>beDU9fHr0DzMj20uMsHHT+sDfdphSFbE0KwqCNMlIUo=</
Sw:DigestValue>
</Sw:Reference>
</SwSec:SignedInfo>
<SwSec:SignatureValue>PEMF@Proc-Type: 4,MIC-ONLY
Content-Domain: RFC822
EntrustFile-Version: 2.0
Originator-DN: cn=rma1,o=saarbebb,o=swift
Orig-SN: 1147824225
MIC-Info: SHA256, RSA,
CpjLYQA6OuWErTFK6aBCleoOdHqJxFeM1GeJE2dyQET+79NvyjeWf6V8CfaEXn89
GSMyou5lSyzTNc3kIPBPPKaEyyFQsYZuXm64dVvzwdoWc/xev86CkSZyIyiGML0q
ELoeVna3i61v3cSNIXRPErgVuOJ52XO90d1UQ9G5czI1rboPqC8a3dy4RXeinxJm
QjWRwdNZ82YD7IqFDpG9cduOzbs/Ppmkla0cR+9RQDTRlfTD3LMo7VKwthqxbXfi
2m0p1ffs6/qKpUvuFQGrt5gsRIl8v03t6RPBFJ01CefzplQ6e5mU8T6FUPy5zNWL
ufG/XZx1D+gDD8085ZqYqw==
</SwSec:SignatureValue>
<SwSec:KeyInfo>
<SwSec:SignDN>cn=rma1,o=saarbebb,o=swift
</SwSec:SignDN>
<SwSec:CertPolicyId>1.3.21.6.2</SwSec:CertPolicyId>
</SwSec:KeyInfo>
<SwSec:Manifest>
<Sw:Reference>
<Sw:DigestRef>M</Sw:DigestRef>
<Sw:DigestValue>K3GPdVCheunY0XW46FAILtOHM44A3wLrrFxsCbCEgOA=</
Sw:DigestValue>
</Sw:Reference>
<Sw:Reference>
<Sw:DigestRef>Sw.E2S</Sw:DigestRef>
<Sw:DigestValue>fGllfE9CYvXZWm5n0TywkTvd4RKLveQ9/F0w8H+VPMs=</
Sw:DigestValue>
</Sw:Reference>
</SwSec:Manifest>
</SwSec:Signature>
</Saa:MACSignatureValue>
</Saa:FINSecurityInfo>
</Saa:SecurityInfo>
</Saa:Message>
</Saa:Header>
<Saa:Body>DQo6MjA6VFJOIE1TRzEwMDANCjo3OTpNRVNTQUdFIFRFWFQ=</Saa:Body>
</Saa:DataPDU>
Overview
The following sections contain examples of DataPDUs exchanged between an application and
Alliance Access during the emission flow of an MX message.
<MsgRef>REF10610311505</MsgRef>
<CrDate>2006-10-31T03:05:41.502</CrDate>
</AppHdr>
<Document xmlns="urn:swift:xsd:swift.eni$camt.029.001.02">
<camt.029.001.02>
<Assgnmt>
<Id>RCUSTA20050001</Id>
<Assgnr>AAAAGB2L</Assgnr>
<Assgne>CUSAGB2L</Assgne>
<CreDtTm>2005-01-27T11:04:27</CreDtTm>
</Assgnmt>
<RslvdCase>
<Id>CCCC-MOD-20050127-0003</Id>
<Cretr>CUSAGB2L</Cretr>
</RslvdCase>
<Sts>
<Conf>MODI</Conf>
</Sts>
</camt.029.001.02>
</Document>
</Body>
</DataPDU>
<Saa:SessionNr>000008</Saa:SessionNr>
<Saa:SeqNr>000000001</Saa:SeqNr>
<Saa:SWIFTNetNetworkInfo>
<Saa:SWIFTRef>SWITCH21-2006-11-02T08:41:47.11481.1454972Z
</Saa:SWIFTRef>
<Saa:SNLRef>SNL10391-2006-11-02T08:35:20.6268.030308Z
</Saa:SNLRef>
<Saa:Reference>c98e3458-1dd1-11b2-91dd-5bdc6d3f0133
</Saa:Reference>
<Saa:SnFInputTime>0102:2006-11-02T08:26:47</Saa:SnFInputTime>
</Saa:SWIFTNetNetworkInfo>
</Saa:NetworkInfo>
<Saa:Interventions>
<Saa:Intervention>
<Saa:IntvCategory>TransmissionReport</Saa:IntvCategory>
<Saa:CreationTime>20061102093520</Saa:CreationTime>
<Saa:OperatorOrigin>SYSTEM</Saa:OperatorOrigin>
<Saa:Contents>
<AckNack>
<PseudoAckNack>{1:F21SAAABEBBAXXX000008000000001}{4:{177:0611020935}
{451:0}{311:ACK}{108:REF10610311505}}</PseudoAckNack>
</AckNack>
</Saa:Contents>
</Saa:Intervention>
</Saa:Interventions>
<Saa:IsRelatedInstanceOriginal>true</Saa:IsRelatedInstanceOriginal>
<Saa:MessageCreator>ApplicationInterface</Saa:MessageCreator>
<Saa:IsMessageModified>false</Saa:IsMessageModified>
<Saa:MessageFields>NoOriginal</Saa:MessageFields>
</Saa:TransmissionReport>
</Saa:Header>
</Saa:DataPDU>
<Saa:Body>
<Sw:NotifySnFRequestHandle>
<Sw:SnFRef>SWITCH21-2006-11-02T08:41:47.11481.1454972Z</Sw:SnFRef>
<Sw:SnFRefType>InterAct</Sw:SnFRefType>
<Sw:AcceptStatus>Accepted</Sw:AcceptStatus>
<Sw:AckSwiftTime>2006-11-02T08:39:29Z</Sw:AckSwiftTime>
<Sw:AckInfo>Acked</Sw:AckInfo>
</Sw:NotifySnFRequestHandle>
</Saa:Body>
</Saa:DataPDU>
<SwGbl:Code>Sw.MVAL.ValidationWarning</SwGbl:Code>
<SwGbl:Text>This message could not be validated
due to an internal SWIFT error</SwGbl:Text>
<SwGbl:Action>Contact customer support
</SwGbl:Action>
</SwGbl:StatusAttributes>
</SwInt:ValStatus>
</Saa:ValidationDescriptor>
</Saa:SWIFTNetNetworkInfo>
</Saa:NetworkInfo>
<Saa:SecurityInfo>
<Saa:SWIFTNetSecurityInfo>
<Saa:SignerDN>cn=rma2,o=saaabebb,o=swift</Saa:SignerDN>
<Saa:NRType>SvcMand</Saa:NRType>
<Saa:NRWarning>WARNING</Saa:NRWarning>
<Saa:SignatureResult>Success</Saa:SignatureResult>
<Saa:SignatureValue>
<SwSec:CryptoInternal>
<SwSec:CipherKey>UEVNRkBQcm9jLVR5cGU6IDQsTUlDLU9OTFkNCkNvbnRlbnQtRG9tYWluOiBSR
kM4MjINCkVudHJ1c3RGaWxlLVZlcnNpb246IDIuMA0KT3JpZ2luYXRvci1ETjogY249cm1hMixvPXN
hYWFiZWJiLG89c3dpZnQNCk9yaWctU046IDExNDc4MjUyNjcNCk1JQy1JbmZvOiBTSEExLCBSU0EsD
QogV1Bwb1QyU1R0OFYydzZ3NnhaV3d2c2R5bk9jTUpaQUtodHJpZklMNDNlNS9rdThmSHc4bWppUlp
seFNBYnRkUA0KIEl6Z2JrcDdKTDZ3WDI5WmVjWHVpTFpzZWJzbVFQRjBBR3RBU1hsaXZNK3NPK29BV
EV0emRnMi9naE8rR1c0NDkNCiBONk1IYmU3RDlRN3dDa2FOQnRCTS9ucTJOVkhvM050dXY5dFBOcWN
Iamg0b2NtamtlV0g2TjZWVzRkUWU4SW1aDQogVFZxRnhpME9ZTkRtcmQ1aW1INUQzUXkzdldIYVo4K
zFDbHltMFNkckViS2YxWUcvOXA1Z05YaXBMN1MxcWxPbg0KIG0vMjBUSkdTd2hKSVdaajY4aW9GcjN
5WHBhZDRTWUpGSjVseEhFRFBUL1hRVjNkbFNYazl3eHNoRTVVYWd0aDcNCiBrME5EdmNzRER1RlYvM
jZZcmY3d3NnPT0NCg==</SwSec:CipherKey>
<SwSec:CryptoProtocol>4.0:3.0</SwSec:CryptoProtocol>
</SwSec:CryptoInternal>
<SwSec:CryptoDescriptor>
<SwSec:MemberRef>RequestPayload</SwSec:MemberRef>
<SwSec:MemberRef>RequestHeader</SwSec:MemberRef>
<SwSec:MemberRef>RequestDescriptor.SwiftRequestRef
</SwSec:MemberRef>
<SwSec:SignDN>cn=rma2,o=saaabebb,o=swift</SwSec:SignDN>
<SwSec:CertPolicyId>1.3.21.6.2</SwSec:CertPolicyId>
</SwSec:CryptoDescriptor>
</Saa:SignatureValue>
</Saa:SWIFTNetSecurityInfo>
</Saa:SecurityInfo>
</Saa:Message>
</Saa:Header>
<Saa:Body>
<AppHdr xmlns="urn:swift:xsd:$ahV10">
<MsgRef>REF10610311505</MsgRef>
<CrDate>2006-10-31T03:05:41.502</CrDate>
</AppHdr>
<Document xmlns="urn:swift:xsd:swift.eni$camt.029.001.02">
<camt.029.001.02>
<Assgnmt>
<Id>RCUSTA20050001</Id>
<Assgnr>AAAAGB2L</Assgnr>
<Assgne>CUSAGB2L</Assgne>
<CreDtTm>2005-01-27T11:04:27</CreDtTm>
</Assgnmt>
<RslvdCase>
<Id>CCCC-MOD-20050127-0003</Id>
<Cretr>CUSAGB2L</Cretr>
</RslvdCase>
<Sts>
<Conf>MODI</Conf>
</Sts>
</camt.029.001.02>
</Document>
</Saa:Body>
</Saa:DataPDU>
Algorithm
The signature, also referred to as local message authentication code (LMAC), is computed
using the algorithm HMAC based on SHA-256 as described in ISO/IEC 9797 (see RFC 2104 -
HMAC: Keyed-Hashing for Message Authentication - February 1997). This way of producing a
message authentication code has the following features:
• Fast to compute
Algorithm specification
The HMAC algorithm produces a 128 bit LMAC.
• A bit stream M representing the message content to sign (see "Content to sign" on
page 526).
• A truncation mask keeping only the first 128 bits (out of 256 bits).
The LMAC must be converted in Base64 using standard Base-64 content transfer encoding as
specified in RFC 1521. The encoded value is the Signature as specified in the Alliance Access
exchange PDU (see "Protocol Data Units" on page 476).
Content to sign
The complete DataPDU field is taken as the bit stream for the authentication algorithm,
including the string <?xml version="1.0" encoding="utf-8"?>.
3. This computed signature is compared with the one that accompanies the DataPDU.
This can be transformed to this XML representation using US-ASCII and escaped characters:
<A>10Á > 5Á</A>
The business content is not changed, but the bit stream of the DataPDU is totally different.
Overview
This section lists the possible error codes and associated error text that can be returned in the
MessageStatus and the SessionStatus.
D.5.2.7.1 MessageStatus
EINVSENDER(1) The sender DN does not contain an Alliance Access licensed destination
D.5.2.7.2 SessionStatus
EFILEINVFORMAT DataPDU format does not match value configured in Alliance Access
Message Message
Report {PDUType}
LogicalReply MessageStatus
OrigMessageFields {PDUType}.MessageFields
See note 1.
OrigMessage {PDUType}.Message
ReportLPI {PDUType}
TransmissionReport TransmissionReport
DeliveryReport DeliveryReport
MessageSubFormat Message.SubFormat
Sender Message.Sender.FullName
• Message.Receiver.Nickname
• Message.Receiver.FullName
MessageNature Message.InterfaceInfo.MessageNature
In Version 2 this tag is optional: Alliance Access
determines the nature automatically (always Financial
for MX, derived from syntax for MT) if it is not present.
This is different compared to Version 1.
MessageTPI Message.NetworkInfo
MessageText DataPDU.Body
In Version 2 this tag has been moved from the
Message to the DataPDU itself.
UserPDE Message.NetworkInfo.IsPossibleDuplicate
Network Message.NetworkInfo.Network
See note 2.
NetworkPriority Message.NetworkInfo.Priority
NetworkSessionNr Message.NetworkInfo.SessionNr
NetworkSeqNr Message.NetworkInfo.SeqNr
ModifyAllowed Message.InterfaceInfo.IsModificationAllowed
MinValidation Message.InterfaceInfo.ValidationLevel
DispositionState Message.InterfaceInfo.RoutingInstruction.RoutingStep
See note 3.
NetworkAttribute NetworkInfo
SecurityAttribute Message.SecurityInfo
TargetApplication Message.InterfaceInfo.RoutingInstruction
MessageOrigin Message.InterfaceInfo.MessageCreator
MANRoutingCode Message.InterfaceInfo.RoutingCode
DuplEmission Message.NetworkInfo.IsPossibleDuplicate
MessageOrigin {PDUType}.MessageCreator
Modified {PDUType}.IsMessageModified
OriginalRelatedMessage {PDUType}.IsRelatedInstanceOrigin
ReportingApplication {PDUType}.ReportingApplication
DuplEmission {PDUType}.NetworkInfo.IsPossibleDuplicate
NetworkSessionNr DeliveryReport.NetworkInfo.SessionNr
NetworkSeqNr DeliveryReport.NetworkInfo.SeqNr
ReceiverDeliveryStatus DeliveryReport.ReceiverDeliveryStatus
Interventions DeliveryReport.Interventions
NetworkSessionNr TransmissionReport.NetworkInfo.SessionNr
NetworkSeqNr TransmissionReport.NetworkInfo.SeqNr
NetworkDeliveryStatus TransmissionReport.NetworkDeliveryStatus
Interventions TransmissionReport.Interventions
CreationTime Intervention.CreationTime
OperatorOrigin Intervention.OperatorOrigin
Text Intervention.Contents
SignerDN Message.SecurityInfo.SWIFTNetSecurityInfo.SignerDN
NonRepType Message.SecurityInfo.SWIFTNetSecurityInfo.Response
NRType
Although the enum type name is different in the schema
(NonRepType in Version 1, NRType in Version 2), the
enum values stay the same.
NonRepWarning Message.SecurityInfo.SWIFTNetSecurityInfo.Response
NRWarning
ResponseRef NetworkInfo.SWIFTNetNetworkInfo.ResponseSWIFT
Ref
SwiftResponseRef NetworkInfo.SWIFTNetNetworkInfo.ResponseSNLRef
CBTReference NetworkInfo.SWIFTNetNetworkInfo.Response
Reference
DuplCreation NetworkInfo.SWIFTNetNetworkInfo.ResponseIs
PossibleDuplicateResponse
ValidationDescriptor NetworkInfo.SWIFTNetNetworkInfo.ResponseValidation
Descriptor
AuthResult Message.SecurityInfo.SWIFTNetSecurityInfo.Response
SignatureResult
AuthValue Message.SecurityInfo.SWIFTNetSecurityInfo.Reponse
SignatureValue
ResponderDN Message.Receiver.DN
Service NetworkInfo.Service
RequestType Message.MessageIdentifier
NRIndicator Message.SecurityInfo.SWIFTNetSecurityInfo.IsNR
Requested
NonRepType Message.SecurityInfo.SWIFTNetSecurityInfo.NRType
NonRepWarning Message.SecurityInfo.SWIFTNetSecurityInfo.
NRWarning
SwiftRef NetworkInfo.SWIFTNetNetworkInfo.SWIFTRef
SwiftRequestRef NetworkInfo.SWIFTNetNetworkInfo.SNLRef
CBTReference NetworkInfo.SWIFTNetNetworkInfo.Reference
SNLEndPoint NetworkInfo.SWIFTNetNetworkInfo.SNLEndPoint
SnFQueueName NetworkInfo.SWIFTNetNetworkInfo.SnFQueueName
SnFInputTime NetworkInfo.SWIFTNetNetworkInfo.SnFInputTime
SnFPDMHistory NetworkInfo.DuplicateHistory
ValidationDescriptor NetworkInfo.SWIFTNetNetworkInfo.Validation
Descriptor
AuthResult Message.SecurityInfo.SWIFTNetSecurityInfo.Signature
Result
AuthValue Message.SecurityInfo.SWIFTNetSecurityInfo.Signature
Value
FormatAttribute FormatAttributeMX Was reserved for future use in Version 1. Not present in
Version 2.
TargetRoutingPoint RoutingInstruction.RoutingPoint
SuccessIndication MessageStatus.IsSuccess
ErrorText MessageStatus.ErrorText
FullName AddressInfo.AddressFullName
In Version 2, when using FullName, you must also
specify either the BIC12, the DN, or the Nickname.
AddressFullName X1 AddressFullName.X1
X2 AddressFullName.X2
X3 AddressFullName.X3
X4 AddressFullName.X4
FinancialInstitution AddressFullName.FinancialInstitution
BranchInformation AddressFullName.BranchInformation
CityName AddressFullName.CityName
Location AddressFullName.Location
CountryCode AddressFullName.CountryCode
Notes
1. The enumerated type 'OrigMessageFields' has been renamed to 'MessageFields' with the
following mapping:
NoOriginal NoOriginal
Minimum MinimumInfo
Condensed HeaderOnly
Full HeaderAndBody
Expanded NA
2. The enumerated type 'TransmissionNetwork' has been renamed to "Network'" with the
following mapping:
ApplicationNetwork Application
SwiftNetNetwork SWIFTNet
OtherNetwork Other
3. The enumerated type 'DispositionState' has been renamed to 'RoutingStep' with the
following mapping:
Verify Verify
Authorise Authorise
Modify Modify
Ready ReadyToSend
4. The enumerated type 'CBTApplication' has been renamed to 'MessageCreator' with the
following mapping:
ApplicationInterface ApplicationInterface
SwiftnetInterface SWIFTNetInterface
MessageEntry Workstation
MessengerAdapter Messenger
Other Other
InternalRouting Route
CBTApplication DisposeToRoutingStep
RoutingPoint DisposeToRoutingPoint
• From - a message request that Alliance Access receives from a message partner
(M). If an element is marked Optional (O) and has a non-null value, then Alliance Access
processes it:
• Always
ValidationErrorC The error code that applies if The field contains the offset -- -- O
ode the requested level of in block 4 that caused the
message validation has failed.
error, as follows:
Present if: {REP:{ERR:
(<error_information>)}
• an error is reported during }
message processing
<error information> is a
(Feedback element in the
string, such that:
MQ Message Descriptor
does not contain MQFB_PAN), <error_code> - <error
explanation> at
and offset <offset>
D.6.2 MQMTMessage
Overview
The MQMTMessage part of the Message Data in a WebSphere MQ message carries the
business data that is being exchanged between Alliance Access and an application. The
MQMTMessage part can carry the information of the following type:
• Transmission Notification
• Delivery Notification
• Information Notification
• History Notification
Message Request
A message request is carried in the FIN Output message.
Transmission Notification
Alliance Access uses the Message Data part of WebSphere MQ to store information related to
the transmission notification and optionally, on the original message. (an option in the message
partner profile).
The Feedback element only has meaning for a report message (MQ Report/Reply). To check
the status of a message, you must check the content of the ACK.
Delivery Notification
When you create a message, you can request that the progress of your message is monitored.
This results in Alliance Access receiving a message about the message delivery, which can be
reconciled with the original message. In such cases, creates a Delivery Notification.
The Delivery Notification contains a reference to the original message through the CorrelId
field of WebSphere MQ Descriptor. The text of the original message can be appended to the
Delivery Notification.
Information Notification
Alliance Access uses the Message Data part of WebSphere MQ to store data that is related to
the Information notification and optionally on the original message.
The Information notification has a structure which resembles a SWIFT ACK message, and it can
contain a block S.
Block 1 contains INF instead of the F21 to indicate this is an Information Notification, the
sender logical terminal code, followed by "0000" for the SWIFT session number, and "000000"
for the SWIFT sequence number.
There is no block 2.
Block 4 does not contain a CrLf at the beginning. The following tags have been defined inside
block 4:
TAG Description
DAT The date and time of the information notification in the format YYYYMMDDHHMMSS.
The date is the Co-ordinated Universal Time (UTC), which is the time standard the
operating system uses.
NAM The information notification name. Alliance Access does not offer a fixed list of these.
However, some examples are "Instance routed", "Message Processed", "Report text",
and "User delivery report".
History Notification
Alliance Access uses the Message Data part of WebSphere MQ to store data that is related to
the History notification and optionally on the original message.
The History notification contains the last 10 interventions of a message.
The History notification has a structure which resembles a SWIFT ACK message, and it can
contain a block S.
Block 1contains HIS instead of the F21 to indicate this is a History Notification, the sender
logical terminal code, followed by "0000" for the SWIFT session number, and "000000" for the
SWIFT sequence number.
There is no block 2.
Block 4 does not contain a CrLf at the beginning. The tags have been defined inside block 4
for a History notification as for an Information Notification.
System Message
A Delivery Notification System Message is of the following messages MT 010, MT 011, MT 012,
MT 015, or MT 019. Alliance Access sends it to an application in a FIN Output message.
A system message contains a SWIFT block 1, 2, and 5.
The block S of the system message offers the same trailers as a SWIFT output message. The
block S can include a SYS tag. The CON and TRN tags are optional in a System Message.
System messages have a WebSphere MQ priority 7.
Important If System Messages are sent to WebSphere MQ, then it is possible that the
System Messages are delivered before the Transmission Notification for the
corresponding message. This happens when the system messages have a higher
priority within Alliance Access than the transmission notifications. SWIFT
recommends that applications which use the Traffic Reconciliation within Alliance
Access ensure that Delivery Notifications are delivered before the Transmission
Notifications.
Tag Meaning
Tag Meaning
• RMA authorisation verification failed but was bypassed
Tag Meaning
• PAC authentication (if present) was successful using the current key
Example
{LAU:A54ECB89}
INS 8 bytes The name of the Alliance Access instance which sends the
message and the name of the Alliance Access queue where
the message was stored.
UNT 25 bytes The Alliance Access Unit to which the message belongs
USR 20 bytes The OS user that runs the Alliance Access server
Example
{TRN:<trn-value>}
Tag Meaning
• For CAS 2 message partners, the routing code is transmitted in the ManRoutingCode field.
If the message has been retrieved, then the NetworkRetrieved field is set.
If the Routing code transmitted check box is selected, the above information is transmitted,
along with the following:
Appendix E
• For automatic input sessions: the Reception tab of the message partner profile.
• For manual input sessions: the Start Session or Run Session window.
If you require no restriction on message disposition, then select Route from the Disposition
option in the Reception tab.
To dispose messages into a particular message preparation queue, then select:
Note The message preparation queues which are available to a particular message
partner depend upon the permission to bypass certain stages in the message
preparation sequence. For instance, if the R7.0_MsgPartner profile permits
the message partner to bypass Verification but not Authorisation, then the
message may skip Verification and be disposed to the Authorisation queue.
2. The field Message In appears. Click the field to display a list of available message
preparation queues.
– Modification (_MP_mod_text)
– Verification
– Authorisation
– Ready-to-send
In addition to settings in the message partner and permission profile, CAS messages may
contain information governing the disposition of the message.
Note To use the Dispose function for received messages, the operator profile that is
associated with the message partner must include the action Dispose Message
for the Application Interface application. By default, this action is already selected
in the default profile, R7.0_MsgPartner.
R7.0_MsgPartner
When Alliance Access is installed, each message partner receives the default operator profile
R7.0_MsgPartner. The default permissions in the R7.0_MsgPartner profile can be changed to
suit the business activities of your site.
It specifies no constraints on the setting of the following attributes:
• Currencies used
database. If Alliance Access finds that the structure and the content of these blocks are
syntactically incorrect, then the message fails validation. In this case, an event is logged in the
Event Journal and then message is discarded from the system. Alliance Access closes the
session that was responsible for delivering the message.
Note The generic check does not validate the contents or structure of the text block.
You must choose carefully the validation level to use. For instance, you can select Minimum
validation for the batch input of messages that are prepared on your mainframe because the
source of them is known. However, you can select Medium validation for the batch input of
messages from an obscure or infrequent source, as the risk is greater.
No Validation Alliance Access does not parse or validate the message, and as a result,
keywords are not extracted.
If you want to route messages based on routing keywords, such as the
transaction reference number (TRN), then do not select No Validation.
Minimum Alliance Access performs the validation and extraction of some keywords,
like currency, value, amount, value date, the field MF20, and so on.
Medium Alliance Access performs a syntactical validation at the field level. It checks
for the presence of mandatory fields, keyword validation, limits, ranges of
values, and so on.
If a message fails Medium validation during an Interactive session, then a
negative reply is generated and sent to the message partner.
Maximum This level is provided to allow for a possible future level of message
validation. Today this level performs the same checks as Medium
validation.
Important When the validation level is set to No validation, no keywords are extracted.
To route FIN messages based on the Transaction Reference Number (TRN)
keyword, you must specify at least Minimum as the validation level.
However, if the validation level is set to No validation and if you have
configured Alliance Access to generate the message UUMID for FIN messages
from the Transaction Reference Number (TRN), then Alliance Access performs a
simple syntactic search on Block 4 and extracts the content of the first field 20, or
any variation of field 20 (for example, 20C). If the field is 20C, then Alliance Access
also extracts the first subfield, and the TRN may appear in the UUMID but you
cannot route on the TRN. If the field content has more than 16 characters, then the
TRN is not added to the UUMID.
When you install a Message Syntax Table, you can configure Alliance Access to
generate the message UUMID from the Transaction reference number.
this field is present, then it overrides the setting of the Validation level field. If no value is
present in this field, then the value of the field is used.
• If the check reveals that minimum validation was requested, then the message is proved
acceptable.
• If the check reveals that intermediate validation of the text block was requested but has failed
at this level, then the message is proved unacceptable and is rejected.
However, if Message modification in the message partner profile is set to Allowed, then
Alliance Access moves the message to the text modification queue (_MP_mod_text). This
allows an operator with the appropriate permissions to modify the message.
• The maximum validation level is not implemented in this version. If selected, intermediate
validation is imposed.
If the result of each check is positive, then Alliance Access checks the value of the Routing files
in the Receptiontab, and performs one of the following actions:
• Dispose: routes the message according to the bypass permissions that are preset in the
message partner profile. See the section, "Routing based on bypass parameters" on
page 547.
• Route: routes the message to the preferred network interface of the correspondent.
Note To use the Dispose function for received messages, the operator profile that is
associated with the message partner must include the action Dispose Message
for the Application Interface application. By default, this action is already selected
in the default profile, R7.0_MsgPartner.
No No Verification Queue
1. If the validation of the text block failed, then the message is rejected.
However, if the message partner profile or relevant APDU field states that the message is
modifiable, then the message is moved to the text modification queue (_MP_mod_text).
Minimum If the check reveals that minimum validation was requested, then the
message is proved acceptable.
Intermediate If the text block was requested but has failed at this level, then the
message is rejected.
However, if the message partner profile or relevant APDU field states
that the message is modifiable, then the message is moved to the
text modification queue (_MP_mod_text).
3. Messages the Alliance Access receives using the CAS protocol have an optional field in the
APDU minValidation that specifies the validation level for the message. When a value for
this field is present, it overrides the setting of the Validation Level button in the message
partner profile. If no value is present in the APDU field, then the value of the button is
taken.
Warning If the APDU minValidation is set, then minimum validation on the message is
carried out, that is, the message is accepted.
• targetApplication
targetApplicationRule
targetRoutingPoint
• networkAttribute
networkApplicationName
networkPart1
networkPart2
networkPart3
• dispositionState
The subfield networkApplicationName specifies the communication interface responsible
for handling the message, that is, Application Interface or SWIFT Interface.
Depending on the interface specified, the fields networkPart1, networkPart2 and
networkPart3 identify the message partner, the sending or receiving logical terminal for
SWIFT Interface, as follows:
applicationInterface MAPID - -
For a more details explanation of how the combination of these fields are used to route
messages in CAS format see:
Note Alliance Access does not changed whether the message partner has the
permission to bypass verification and authorisation.
2. Is the term routingPoint specified in the field targetApplicationRule, and does the field
labelled targetRoutingPoint request a particular routing point in Alliance Access?
If yes, then it is important that the requested routing point exists.
Alliance Access checks the permissions of the operator profile that is associated with the
message partner profile to determine whether the message partner has the "Dispose"
function assigned to it.
If yes, then the message is moved to the requested routing point. This must be an "allowed
target routing point" or an exit point as specified in System Management Application (SMA).
No other checks are carried out.
3. Is the term cBTApplication specified in the field targetApplicationRule, and is the disposition
state of the message specified in the field labelled dispositionState?
The available values for dispositionState include:
• Fix. This value indicates the message must be sent to the text modification queue. No
checking of the permission profile is performed except the permission to modify a
message. Permission to modify a message may be specified in either the message
partner profile or the message APDU field modifyAllowed. A specification in the APDU
takes precedence.
• Verify. This value indicates that the message must be sent to the Verification queue. No
checking of the permission profile is performed except the permission to create a
message.
• Authorise. This value indicates that the message must be sent to the Authorisation
queue. The permission for bypass verification is checked. If the permission is set, then
the message is routed to the Authorisation queue. If the permission is not set, then the
message is routed to the Verification queue.
• Ready. This value specifies routing according to the application specified in the field
networkApplicationName. If cBTApplication is specified in the field labelled
targetApplicationRule, then networkApplicationName will specify the Alliance application
as either swiftInterface or applicationInterface.The permissions for bypass authorisation
and bypass verification are checked.
• For the SWIFT Interface Application (SIA), the message is routed to the _SI_to_SWIFT
queue.
• For the Application Interface, the message is routed to the first exit point assigned to the
message partner specified as MAPID in networkPart1.
4. If none of the previous three checks apply, and the message is in input format then AI
attempts to route the message as far as it can, based upon the default disposition or
routing settings in the message partner profile and the permissions set in the permission
profile, thus:
• If the permission for bypassing verification is not set, then the message is directed to the
Verification queue.
• If the permission for bypassing authorisation is not set, then the message is directed to
the Authorisation queue.
• If the message is in the SWIFT format and both of the above permissions are set, then
the message is routed to the SI_to_SWIFT queue. In all other cases, the message is
completed.
• dispositionState
• targetApplicationRule
• networkApplicationName
Appendix F
Connection Methods in AI
Introduction
Connection methods define how messages are exchanged between Alliance Access and
message partners.
Note For Alliance Workstation, all Interactive sessions are run on the server machine.
Access
MP 1 - Responder DN A
- Service
- ...
D0540185
Partners
Digest Calculation
Alliance Access calculates the digest of each payload file that it receives from a back-office
application and store the digest value in the database.
The configuration parameter File Digest Algorithm specifies which Secure Hash Algorithm
(SHA-1 or SHA-256) to use to calculate the digest value.
Duplicate detection
Alliance Access does not verify whether the payload file that a Back Office sends is a duplicate.
However, Alliance Access can detect duplicate FileAct messages based on the file-digest
calculation that it applies to an internal File message. The SWIFTNet Interface Component
(SNIS) creates an internal message of type File for every Direct FileAct transfer, to help manage
the file transfer to and from the back-office application.
Polling Timer
The configuration parameter Automatic - Polling Timer controls the frequency at which
Alliance Access automatically scans the Direct FileAct Input directories to find files sent from a
back-office application.
No File Compression
The Direct FileAct adapter does not compress the payload files. Payload files must no exceed
250 MB in size.
One directory per correspondent on Alliance Access to hold payload Yes Yes
files that the back-office application sends and receives
Selection of the payload file during a manual start of a transfer session Yes No
Support of the HeaderInfo element for services that mandate its usage No Yes
• A "From" message partner with the Direct FileAct connection method has been defined for
the back-office application.
• The data directory where the back-office application will store files for sending to SWIFTNet
has been defined and with correct access permissions.
• The service does not mandate T-Copy or Y-Copy in its Application Service Profiles.
At the start of every Direct FileAct message partner session, Alliance Access checks the
associated FileAct service configuration, and stops the session if the service is configured for
T-Copy or Y-Copy mode, or if the T-Copy or Y-Copy is mandatory for the Request Type.
• The message partner session for the back-office application is enabled and open.
Payload Access
File Direct FileAct
Adapter (From) FileActMessage
2 3 4
Filename.ext
1 SWIFTNet
Response
Interface
File
Transmission Notification
Instance
6 5
Back Office Filename.ext
<Ref> OK 7
8 TR_REC
Response Delivery
File Direct FileAct Delivery Notification
9
Adapter (To) Notification (Optional)
Instance
Filename.ext
D0540188
<Ref> DL OK
1. The back-office application prepares a payload file and stores it in the data directory
associated to a Direct FileAct message partner. This directory location is specified in the
Direct FileAct Input Directory field.
In this example, the file is named filename.ext. (See "Direct FileAct - Emission to
SWIFTNet" on page 557).
2. The Direct FileAct input Message Partner (Application Interface) automatically detects the
file and stores it in the database.
Alliance Access automatically calculates the digest value of the payload file.
The configuration parameter File Digest Algorithm specifies which Secure Hash Algorithm
(SHA-1 or SHA-256) to use to calculate the digest value.
• Requestor DN
• Responder DN
• Service
• Request Type
• Priority
The FileAct message is a message of type File, and is the original instance of the FileAct
message. As with any other FileAct message, you can view the message in the Message
File, print it, route it, and so on.
Tip You can view the message through the Configuration and Monitoring package
on the Alliance Web Platform, but you cannot view the content of the payload
file from the web platform.
4. The SWIFTNet emission profile that is associated with the Requestor DN and the Service
determines the FileAct transmission parameters:
• Signing Required
5. After the file is transferred successfully to the SWIFTNet Link (real-time mode) or to the
store-and-forward queue of the back office's correspondent, the SWIFTNet Interface
application generates a Transmission Notification Instance, which it routes to an exit point
in the Application Interface.
This instance is routed to a 'To' message partner that is associated with the back-office
application and that does not use the Direct FileAct connection method.
6. The Direct FileAct adapter creates a response file with a file extension that indicates
whether the file was transferred successfully to the correspondent.
a. The SWIFTNet Interface component receives the Delivery Notification message from
SWIFTNet and routes it to the TR_REC module for reconciliation with the original
message instance. (Step 7 in "Direct FileAct - Emission to SWIFTNet" on page 557)
TR_REC processes the message and creates a Delivery Notification Instance for the
original message. This instance is routed to a 'To' message partner that is associated
with the back-office application and that does not use the Direct FileAct connection
method. (Step 8 in "Direct FileAct - Emission to SWIFTNet" on page 557)
b. In addition, the Direct FileAct adapter creates a response file with a file extension that
indicates a successful delivery notification. (Step 9 in "Direct FileAct - Emission to
SWIFTNet" on page 557)
Tip The response file is empty and the back office does not need to parse it.
Only the extension of the file is relevant. For more information about
Direct FileAct response files, see "Direct FileAct Transmission Status" on
page 560.
• A "To" message partner with the Direct FileAct connection method has been defined for the
back-office application. An exit point is associated with this message partner.
• The data directory where the back-office application will receive files from SWIFTNet has
been defined and with correct access permissions.
• The service does not mandate T-Copy or Y-Copy in its Application Service Profiles.
At the start of every Direct FileAct message partner session, Alliance Access checks the
associated FileAct service configuration, and stops the session if the service is configured for
T-Copy or Y-Copy mode, or if the T-Copy or Y-Copy is mandatory for the Request Type.
• The message partner session for the back-office application is enabled and open.
Access
Payload
File Direct FileAct SWIFTNet
Adapter (To) Interface
4 3 2 1
FileActMessage
Filename*.SnRef
Back Office
D0540190
1. The SWIFTNet Interface in Alliance Access receives a FileAct file-transfer notification from
a SWIFTNet Reception profile. The delivery mode for the file transfer is either real-time or
store-and-forward.
SWIFTNet transfers the file in chunks to Alliance Access.
2. After Alliance Access receives the file successfully, it creates a message of type File, 'File
MsgA-0', and routes the message instance to a 'To' Message partner that is associated
with the back-office application and has a Direct FileAct connection method.
The FileAct message, File MsgA-0', represents the original instance of the FileAct
message. As with any other FileAct message, you can view the message in the Message
File, print it, route it, and so on.
3. The Direct FileAct message partner generates a payload file, and stores it in the data
directory Direct FileAct Output Directory, which is specified in the message partner.
4. The back-office application processes the payload file present in the data directory.
Note No response files are created when files are being sent from SWIFTNet to a back-
office application.
Payload filenames
Alliance Access creates a unique filename for a payload file using the logical name of the
incoming file from SWIFTNet and the SWIFTNet transfer reference.
The FileAct logical names can contain only the characters A-Za-z0-9._. Alliance Access
replaces other characters in the logical name of the incoming file with an underscore character,
_.
Transmission status
The following table describes the transmission status of a file sent by Direct FileAct:
Examples
You can view examples of some transmission statuses in the following sections:
Access
SWIFTNet
Transmission Notification Interface
Response
File Direct FileAct Instance
Adapter (To)
Filename.ext.err
Back Office
Transmission
Notification Notification
File Output Instance
Report Adapter (To) (Copy)
XMLv2
D0540189
F.1.6 Prepare to Use Direct FileAct
Purpose
Use the instructions in this section to prepare Alliance Access to communicate with a back-
office application using Direct FileAct.
Access
MP 1 - Responder DN A
- Service
- ...
D0540185
Partners
2. Configure a message partner profile for each service and for each correspondent that the
back-office application will communicate with.
Note that:
3. Use only valid and licensed BICs as values for Requestor DN.
Validate that only Message Partner profiles that have the same Requestor DN use the
same Direct FileAct Input Directory.
4. Verify the settings of the following system management parameters suit the requirements of
the back-office application:
Payload FileAct
File Settings
+ File Transfer
Adapter
Any Data XMLv2
D0540184
XMLv2
Alliance Access provides to the back-office application the notifications that are related to the
file transfer. These notifications are reports in XML version 2, which the back-office application
must parse to determine the exact transmission status.
Alliance Access is not responsible for the physical exchange of messages with the message
partner. A program known to Alliance Access as the Local Transfer Agent handles this task
externally.
User
Alliance Local Transfer FTP FTP
Application
Agent
D0540060
The File Transfer connection method supports automated batch input and output sessions.
FileAct headers
The payload of the XML version 2 message specifies the name of the original file to be
transferred. It also specifies other elements to manage the transfer, and for some services,
these elements may be mandatory. For example, a delivery notification may be mandatory for a
particular service or Solution.
The Application Service Profile defines the mandatory elements for a service. You can specify
these key mandatory elements for a particular service in the FileAct header which allows the
SWIFTNet central systems and the back-office applications that receive these messages to
process these elements. For more information about specifying these elements, see the
HeaderInfo element in "SWIFTNetNetworkInfo" on page 483.
The following table lists the available data formats, connection points, and protocols that you
can use with the File Transfer connection method:
Manual sessions
When launching a manual File Transfer session, the operator must select the XML v2 file, not
the payload file to be transferred.
Tip The Direct FileAct connection method allows you to select a payload file directly, to
send to a counterparty.
Tip If files are placed in the input directory at a faster rate than Alliance Access
can poll and process them, then a problem may occur. You can avoid this by
creating fewer files but each file can contain a larger number of messages and
be sent at greater time intervals.
From time to time, errors occur during the input of a batch file.
To prepare for such events you can use the Batch File Validation button to determine whether
the session must be aborted, or whether the session can continue (if the error is not a security
issue) when these errors occur.
When Continue on rejection is selected, and the message is flagged as modifiable, erroneous
messages are passed to the MP_mod_text queue for manual recovery. If the message is
flagged as non-modifiable, then the message is completed and a record is made in the Event
Journal. When all messages in a batch input session are successfully processed, the session
closes normally and the messages are routed.
Application Interface
Message Partner
Application Message
Interface Processing
D0540062
outbound Function
When started, the batch output process for automated and manual sessions is basically the
same in operation. It ensures that each message at the exit point is placed in a reserved state
and then copied to an output message file. If all goes well then the messages are removed from
the exit point when the file is successfully transferred to the disk. In normal operation, the
session remains open and the messages in the exit point remain reserved until the file transfer
has been completed.
Note For the CAS 1 and 2 formats, messages are taken from any assigned exit points
and are encoded according to the network format specified by the message partner
profile. They are then sequentially appended to the message file.
Regardless of how the output session was started, the session is closed when the file is
transferred to the disk.
If specified in the Message Partner Profile, then the Local Transfer Agent is invoked
automatically and the user-defined script is run.
• By specifying a common queue threshold for the message partner. When this threshold is
reached the output session is started.
For Alliance Workstation, all automatic sessions are run on the server machine.
For automated output sessions, the parameter file and message data file are generated
automatically.
When a session is started, messages are taken from any assigned exit points and are encoded
according to the network format specified in the message partner profile. They are then
sequentially appended to the message file.
The messages are automatically appended with a three character extension specified by the
user in the message partner profile. If no extension is given, then the extension .out is applied
by default.
When an output batch session is completed, a cyclic redundancy check is generated for the
message file and the result is placed in the parameter file. The File Transfer application then
calls the Local Transfer Agent program to start processing the parameter file and the encoded
message file.
For all output sessions, AI provides an interface whereby the Local Transfer Agent can be
invoked by means of user-defined executables. The executables can be programs or scripts
which handle the transfer of the parameter and message file (to the remote application) created
by File Transfer.
There is a "watchdog" configuration parameter called LTA_Timeout which is set in motion after
the Local Transfer Agent command is run. If the Local Transfer Agent program has not finished
its task at the end of the period set by this parameter, then an event is generated and placed in
the Event Journal. This feature is activated by setting the configuration parameter
LTA_waiting mode. When the Local Transfer Agent has finished its task an event is
generated. This happens whether the Local Transfer Agent program was successful or not.
Profile settings
Session Parameter File Format Input Path Name Input File Formats
Initiation Recognition Recognized
Session Parameter File Format Input Path Name Input File Formats
Initiation Recognition Recognized
Symbol Explanation
* CAS1 protocol versions are only recognised when the Format Recognition is
set to Forced
Profile settings
Manual Not required Specifies a pathname DOS, RJE, Not required. File pattern in
where the output MERVA/2, the Output path name is
message file is placed CAS1, CAS2 used.
(ASN1, Text),
XML
Manual Required Specifies a pathname to DOS, RJE, Not required. The message
where the message file MERVA/2, file takes the file
and parameter file is CAS1, CAS2 extension, .out,
placed. If the parameter (ASN1, Text), automatically
file is not named XML
explicitly, then it is
automatically generated
with a proprietary format.
Automatic Required Specifies the directory DOS, RJE, Specify the extension of the
where the automatically MERVA/2, message file. If not
generated parameter and CAS1, CAS2 specified, then the default
message files are placed (ASN1, Text), extension .out is taken.
XML Any pattern specified in the
Output path name is
ignored.
Automatic Not required Specifies a directory DOS, RJE, Specify the extension of the
where the generated MERVA/2, message file. If not
message file is placed CAS1, CAS2 specified, then the default
(ASN1, Text), extension .out is taken.
XML Any pattern specified in the
Output path name is
ignored.
If the operator decides to proceed with the session in spite of a duplication warning, then a
Possible Duplicate Emission is added automatically.
In addition to a record of Cyclic Redundancy Check calculations, the system also keeps a
record of message file names. If no Cyclic Redundancy Check match is found, then a
secondary check on used message file names is carried out. If a match on file name is found,
then the same warning prompt "This batch file has already been used. Do you
want to re-use it?" is issued.
The length of time that a record is kept of message file names is set by the configuration
parameter Batch Input - History Period. For more information about this configuration
parameter, see "Batch Input " on page 161.
Batch input
With batch input sessions, the session operation and recovery principle is very similar. If
anything goes wrong with the session, then the recovery mechanism unreserves, removes, and
discards the messages in the AI inbound queue.
Automatic sessions
If an error occurs, then the batch input message file is moved into a storage location known as
the Automatic Input Error Directory (set by the system parameter Automatic - Error Dir).
If a parameter file is being used, then the parameter file is moved into this Error Directory. If the
message file and parameter file are located in the same connection point directory, then both
are moved into the Error Directory.
To avoid filename clashes, each file placed in the Error Directory is given a file extension
YYMMDDHHMMSS.
An event concerning the reason for the session failure is recorded in the Event Journal.
F.3 Interactive
Overview
The Interactive connection method is used to transfer messages of a specified format between
Alliance Access and a message partner. This transfer is carried out according to Common
Application Server (CAS) standards. For more information about CAS, see "CAS Protocol" on
page 574.
The Interactive connection method permits message transfer in the following directions:
• To message partner
CAS protocol
The Common Communication Interface (CCI) together with the channel handler and protocol
units, are known as the CAS communications stack. Together they are responsible for providing
transparent and reliable communications between AI and a message partner.
The channel handler is responsible for taking messages received from the network protocols by
means of the CCI, and delivering them one at a time (in the correct format) to AI. It also
provides a service in the reverse direction, that is, taking messages from AI and presenting
them one at a time to the CCI.
The CCI is a software module which provides a "common transport interface". This interface
handles messages to and from the underlying communication protocols. The communication
protocols are the software programs which carry the messages across the network.
Alliance
& Application Interface
Channel Handler
Common Application
Server communications
Common Communication Interface stack
TCP/IP TCP/IP
Access
User Application
A relevant message partner profile defines which protocol is used for a communication session
using CAS.
Message format
Alliance Access accepts a message that is transmitted using the CAS protocol if it has one of
the following formats:
Operator commands
e.g., 'Run session'
Control
Send Receive
D0540067
To/From message partners
• Send: assembles the message and passes the message to the channel handler.
• Receive: validates and routes the received message. The Receive module is also
responsible for sending logical replies to the message partner.
• Control: is responsible for interaction with the operator by means of the GUI, and for the
following operations:
Send Messages
During an interactive session with a message partner, messages are sent one at a time by the
Send module to the message partner through the CAS communications stack. A logical reply is
relayed to the sender, and another message can then be sent to the message partner.
If the message exchange session is using a messaging window value of greater than 1, then
the message partner can transmit this number of messages before having to wait for a reply.
If the session was started with the Start Session command, then the session remains open and
messages arriving at the exit point(s) are queued and transmitted straight away. The session
stays open until:
• either Alliance Access or the message partner issues the Stop Session command
• all messages present in the exit points at run time have been sent to the message partner
• either Alliance Access or the message partner issues the Stop Session command
Receive Messages
During an interactive session with a message partner, messages are received one at a time by
the Receive module through the CAS communications stack. As the Receive module receives
each message, a validation and a local authentication check can be made. If the message
passes the required validation level, then Base Services accepts the message, and a positive
reply is generated and sent to the message partner by the Receive module. The message
partner can then send another message.
If the message fails the required validation level then it is rejected with a negative reply and a
record of the event is written in the Event Journal. The message is either routed to
_MP_mod_text or completed, depending on the parameter "Message Modification Allowed
Yes/No''. If the message fails the local authentication check, then the session is aborted.
The session is started with the Start Session command and remains open until:
• either Alliance Access or the message partner issues the Stop Session command
Message Exchange Services (MXS) and then sends an event to the channel handler. The
channel handler then attempts to open a session with the equivalent message partner session
layer by communicating an OpenRequest.
If the message partner recognises the request, then it responds with an OpenConfirm. The
session is now open.
When the session is open, the Send module examines all exit points assigned to the message
partner and begins transmitting the first queued message to the message partner (DATA1).
Upon receipt of a positive reply (Reply1), the next message can be sent (DATA2).
When the last reply (Reply2) has been received, the channel handler issues a TermRequest
across the connection to close the session. The message partner responds with a
TermConfirm and the session is closed.
OpenConfirm
DATA1
Reply1
Window size 1
DATA2
Reply2
TermRequest
TermConfirm
D0540068
Interactive Messaging Window Size
By setting the field Window Size, the sender can transmit a set number of messages before
receiving a reply. For example, if the window size is set to 5, then five messages may be sent
sequentially to the receiver before a reply on the first message is required (if the operator
opened the session).
The requested window size is given by the initiating message partner in the OpenRequest
SPDU. The corresponding message partner confirms the window size (or a lower value in some
cases) within the OpenConfirm SPDU.
Logical replies are relayed to the sender in the same sequence that they are received.
Recovery Mechanisms
For a description of the recovery mechanisms used by the Interactive method in case of failure,
see "Interactive Sessions" on page 579.
If a session is aborted when a window size of more than 1 is implemented, then the receiver
must discard any messages that the sender sent but which the receiver has not processed. This
applies directly to messages which have not yet received a logical reply.
• The sequence number (incremented by one) of its last fully transmitted and acknowledged
message
• The session number used for the recovered session. This is always the sequence number of
the failed session
Scenario
During the transmission of a message to a message partner, the session is aborted before
Alliance Access receives the logical reply. After the session is closed, the operator moves the
message to a different exit point. Then, Alliance Access re-opens the session. In such cases,
Alliance Access sends the message to the message partner even though the exit point to which
the message has been "moved" is no longer assigned to the message partner.
Note for UNIX: connection problems arising when using TCP/IP protocol
The following error messages appear when a TCP/IP error occurs. Exactly which message
depends on which of the following files is out of configuration:
• protocol file
• services file
• hosts file
problem in protocols file:
Message Partner <message partner name>
- TCP connection error
Reason:
Could not obtain protocol number for protocol name TCP.
Failed to initiate communication.
problem in services file:
Message Partner <message partner name>
- TCP connection error
Reason :
Unable to find service name MPconn...
Failed to initiate communication.
problem in hosts file :
Message Partner <message partner name>
To get the relevant information about the error message, look into the Event Journal for the
event.
TCP_connection error
reason: description of the problem.
reason can be :
-Could not obtain protocol number from protocol name: protocol name
-Unable to find service name : service name
-Unable to get host information for host name : hostname.
In all cases, use the help of the UNIX system administrator to resolve the problem.
F.4 Print
Overview
This section provides information about the Print connection method that you can use to print
messages in batch to a printer or file.
Print Sessions
A print session can only have one allowed direction, To Message Partner.
An operator can start a print session either automatically or manually using the Start Session
or Run Session command.
Messages are not printed until the operator stops the session because the printer spool job is
not actually queued until the print session is closed.
On UNIX only: to recover from problems incurred during a Print session, for example, a paper
jam, toner low, and so on, the system administrator may be required to resubmit the spool job
manually.
• When a specified number of messages are present at the assigned output queue(s).
Report content
The report for a message instance consists of the following sections:
• Warning header
• Transmission section
• Intervention section
Each message starts on a new page.
The page header includes date and time information, as well as the name of the message
partner and its session and sequence number. The report indicates that the information is a
reprint and thus the values for session and sequence number are all zero.
The configuration parameters of the classes Print and Display/Print influence the content of
the printed report. For more information, see "Classes of Configuration Parameters" on
page 159.
Eye-catcher Text
When printing in ST200-like format, a warning identification, which is called eye-catcher text,
indicates an exceptional condition.
Note Eye-catchers are not printed when the option for printing to a file is used.
The eye-catcher codes in the following table are shown in order of preference. This means that
if more than one condition applies, then only the eye-catcher that is related to the first condition
is printed:
NAK NAK'd message. Message is an input message, the delivery status is Not
Acknowledged (NAK).
RTV Retrieved message. Message is an input or output message that has been
retrieved.
• The message was sent to the network with a Possible Duplicate Emission trailer
• The message was received with a Possible Duplicate Emission or Possible Duplicate
Message trailer
• The message instance is a notification and an emission appendix exists before the related
appendix
If a previous transmission attempt was made, then the warning header includes transmission-
related details for the network, session holder, session number, sequence number, and delivery
status.
Brief information prints in case authentication was successful or was not applicable for the
message.
If the message being printed is a retrieved MT message, then the text prints accordingly.
Text Description
*** Nacked Message *** Prints only for an input message. Appears if
the network delivery status of the related
appendix indicates that the message was not
acknowledged (NAK).
*** Authentication Result: <value> *** The following values are possible for the
authentication result message, based on
whether the message is MT or MX, and
depending on the related appendix:
• Incorrect
• Authentication bypassed
• Incorrect
*** Authorisation Result: <value> *** Printed only for a message that requires
authorisation.
The following values are possible:
• No Record
• Not Enabled
• Invalid Period
• Unauthorised
*** Authorisation key not present *** Prints only for an output MT message that
requires authorisation. Printed if no
authorisation key is available.
*** FIN-Copy Authentication Result: <value> *** Prints only for an output MT message that
requires proprietary authentication.
The following values are possible for an MT
message, based on the related appendix:
• Incorrect
Text Description
• Correct with old key
• Authentication bypassed
• Incorrect
*** Possible Duplicate Emission *** Prints if the message is sent to the network
with a Possible Duplicate Emission trailer, or
if the message instance is a notification and
an emission appendix exists before the
related appendix.
*** Possible Duplicate Reception *** Prints if the message is received from the
network with a possible duplicate emission or
Possible Duplicate Message trailer.
*** Test and Training Mode *** Prints if the MT message sent or received is
from/to a Test & Training destination.
If a previous transmission attempt was made, the warning header includes transmission-related
details for the network, session holder, session number, sequence number, and delivery status.
Notification / emission Indicates the notification type, and includes the type of the related
instance. Network acknowledgement information is printed. For
notification type "Transmission", the report includes Network
Delivery Status: <value>. For notification type "Delivery", the
report includes User Delivery Status: <value>, possibly followed
by NAK information.
If the instance is for an MT message that is not an APC message,
then the report includes Priority/Delivery : <value>. This
information indicates the priority (System, Urgent, or Normal) and can
be followed by the delivery status (Non-Deliv Warning or Deliv
Notif).
The message input reference prints in this part of the report.
Notification / reception Indicates the notification type, and includes the type of the related
instance. If the instance is for an MT message that is not an APC
message, then the report includes Priority: <value>.
The message output reference prints in this part of the report, along
with the correspondent input reference.
Original or Copy / emission Indicates the instance type and whether there is a related instance,
and shows network acknowledgement information. If the instance is
not for a FIN system message, then the report includes Priority/
Delivery : <value>. This information indicates the priority (System,
Urgent, or Normal) and can be followed by the delivery status (Non-
Deliv Warning or Deliv Notif).
The message input reference prints in this part of the report.
Original or Copy / reception Indicates the instance type and whether there is a related instance. If
the instance is for an MT message that is not an APC message, then
the report includes Priority: <value>.
The message output reference prints in this part of the report, along
with the correspondent input reference.
Message header
The content of this section of the report is relevant to the message itself, and not specific to the
particular instance that has been printed.
Some content is common for both MT and MX messages:
• Message format
• Transmission network
• Banking Priority
• FINCopy service
• User Reference
• Service Name
• Non-repudiation Indicator
• Non-repudiation Type
• Non-repudiation Warning
• SWIFT reference
• CBT Reference
• Signing DN
a. The value of the Display/Print - FIN User Header configuration parameter is set to Yes,
and
Message text
The text of the message prints for any fields that contain values.
The FIN User Header (Block 3) is printed in the following conditions:
a. The value of the Display/Print - FIN User Header configuration parameter is set to Yes,
and
Message trailer
The message trailer of an MT message prints after the message text.
Interventions
The interventions print for an instance if the Print - Skip Interventions parameter is set to No.
For an MX message sent using real-time delivery, intervention details of a Transmission
Response (containing the Business Response) are preceded by the following information:
• SWIFT Reference
• Responder Reference
• Signing DN
• Signature Result
• Non-repudiation Type
• Non-repudiation Warning
• CBT-Reference
• Responder DN
Note The end-of-message identifier is not printed when using the option for printing to a
file on Alliance Workstation.
F.5 SOAP
Introduction
This section provides information about the SOAP connection method that you can use to
transfer MT, XML-based, or FileAct messages between Alliance Access and a back-office
application.
Note It is always the back-office application that starts a SOAP session with Alliance
Access.
• Full FileAct mode, where file transmission parameters and the FileAct payload are
transferred in XMLv2 format and the data exchange uses Web services over HTTPS.
• Mixed FileAct mode, where the file transmission parameters are carried in an XML version 2
message that is transferred using Web services over HTTPS, whereas the FileAct payload is
transferred over the local file system.
SOAP Primitives
The following SOAP primitives are used in SOAP messages:
• GetAck: request Alliance Access to send a message that is waiting delivery to the back-
office application, and optionally, acknowledge a message received from Alliance Access
These primitives are implemented as operations of the SOAP host adapter Web service, which
is described in "SOAP Host Adapter Web Service" on page 608. In this context, the request
and response messages are SOAP messages exchanged over HTTPS.
For more information about the structure of SOAP messages, see "SOAP Message" on
page 601.
Error Handling
When errors are encountered between the back-office applications and the SOAP host adapter,
the standard SOAP fault error mechanism is used. When such SOAP fault errors are generated,
the back-office can retry the requests except where the error refers to a session error (invalid
token).
For more information, see "Recovery of a SOAP Session" on page 595.
1. MT message
2. XML-based message
3. A file (FileAct)
• A From or To&From message partner that uses the SOAP connection method.
Alliance Access
Back
Application
Office
Server
Open
SOAP
OpenResponse
SOAP
Session Token
Put
SOAP
XMLv2 Message
Several
Put
PutResponse
requests
SOAP
XMLv2 MessageStatus
Close
SOAP
CloseResponse
SOAP
XMLv2 SessionStatus
D0540141
The back-office application can send Put request to Alliance Access if the SOAP message
partner that is defined in Application Interface allows it. It can send several Put requests during
one session.
1. The back-office application prepares the SOAP message that contains the MT, MX, or
FileAct message:
Full Adds the payload file as a SOAP attachment to the XML message,
and optionally, signs the attachment. The body of the XML message
is not required.
Mixed Stores any payload files in the data directory that corresponds to the
Input attachment directory in the SOAP message partner profile.
Places the name of the payload file in the body of the XML message.
3. The back-office application sends a Put request, which has the XMLv2 message as its
payload. This XMLv2 message contains the details of an MT, XML-based, or FileAct
message.
4. On reception of the Put request, Alliance Access performs the following actions:
a. Validates the session token in the Put message, to ensure that it matches the token
returned in the OpenResponse.
b. If the SOAP message partner that is associated with the session is configured for local
authentication, then Alliance Access checks the local authentication of the message.
For more information, see "Local Authentication of SOAP Messages" on page 602.
c. Checks that the sequence number of the received message is within the window size
is defined for the session.
For more information about how the sliding window works in the SOAP host adapter,
see "Window Size" on page 596.
d. Processes the payload of the Put message, which contains the MT, XML-based or
FileAct message. It may store the MT or XML-based message in the Alliance Access
database.
For FileAct messages, the processing of the SOAP message varies depending on the
FileAct mode, as follows:
Full Alliance Access checks that the XML message has a SOAP
attachment that contains a payload file.
If the SOAP attachment is signed, then Alliance Access also
checks that the signature is correct.
Mixed Alliance Access extracts the name of the payload file from the
body of the XML message.
Then, it checks that a file with that physical name exists in the
Input Attachment Directory, and has the permissions to be read
and moved after processing.
5. For FileAct messages, Alliance Access automatically calculates the digest value of the
payload file, and stores the file in the database.
The configuration parameter File Digest Algorithm specifies which Secure Hash Algorithm
(SHA-1 or SHA-256) to use to calculate the digest value.
6. If the processing of the Put message is successful, then Alliance Access replies to the
back-office application with a PutResponse. If not, a SOAP fault message is sent to the
back-office application.
For more information about SOAP faults, see "SOAP Fault - soapenv:Fault" on page 607.
The session remains open, and Alliance Access processes subsequent Put messages
based on the window size.
7. The back-office application ends an interactive SOAP message exchange session with
Alliance Access by sending a Close message that specifies the session token of the
session to be closed. Alliance Access sends a CloseResponse message to confirm that
the session is closed.
Payload filenames
The file name can contain the characters, A-Za-z0-9._. Alliance Access replaces any other
character with an underscore _.
Depending on the value of the Extension field in the message partner profile, an optional file
name extension is added to the file name.
1. Transmission Notification
2. Delivery Notification
4. A file (FileAct)
• An Exit point is defined for the message partner, to hold the messages that are awaiting
delivery to the back-office application.
OpenResponse
SOAP
Session Token
GetAck
SOAP
Several
GetAck
requests GetAckResponse
SOAP
XMLv2 Message
Close
SOAP
CloseResponse
SOAP
XMLv2 SessionStatus
D0540142
The back-office application can send GetAck request to Alliance Access if the SOAP message
partner that is defined in Application Interface allows it. It can send several GetAck requests
during one session.
2. The back-office application sends a GetAck request, to retrieve any messages that are
waiting to be delivered to the back-office application.
The GetAck request has a timeout specified in it.
3. On reception of the GetAck message, Alliance Access performs the following actions:
a. Validates the session token in the GetAck message, to ensure that it matches the
token returned in the OpenResponse.
b. If the SOAP message partner that is associated with the session is configured for local
authentication, then Alliance Access checks the local authentication of the message.
For more information, see "Local Authentication of SOAP Messages" on page 602.
c. Checks that the sequence number of the received message is within the window size
is defined for the session.
For more information about how the sliding window works in the SOAP host adapter,
see "Window Size" on page 596.
d. If the GetAck request specifies an Ack client reference, then Alliance Access marks
the associated message as acknowledged.
e. Fetches the next MT or XML-based message that is waiting for delivery in the exit
point.
For FileAct, Alliance Access prepares the SOAP message to transfer the file:
Mixed Stores the payload file in the data directory that corresponds to
the Output attachment directory in the SOAP message partner
profile.
Places the name of the payload file in the body of the XMLv2
message.
4. If the processing of the GetAck message is successful, then Alliance Access replies to the
back-office application with a GetAckResponse. If not, a SOAP fault message is sent to
the back-office application.
For more information about SOAP faults, see "SOAP Fault - soapenv:Fault" on page 607.
The session remains open, and Alliance Access processes subsequent GetAck messages
based on the window size.
5. The back-office application ends an interactive SOAP message exchange session with
Alliance Access by sending a Close message that specifies the session token of the
session to be closed. Alliance Access sends a CloseResponse message to confirm that
the session is closed.
Payload filenames
The file name can contain the characters, A-Za-z0-9._. Alliance Access replaces any other
character with an underscore _.
Depending on the value of the Extension field in the message partner profile, an optional file
name extension is added to the file name.
• full
Next, go to Step page 595.
• mixed
Next, go to Step page 594.
2. Create the directories that Alliance Access will use to exchange files with each back-office
application.
Ensure that the directories have correct permissions:
3. Configure a message partner profile for each back-office application that will use SOAP to
communicate with Alliance Access.
Note that:
4. For From Message Partners , determine whether to use First In First Out (FIFO) order.
The order in which messages are processed affects how Alliance Access will process the
messages from the back-office application.
For more information about FIFO affects the use of the sliding window in the SOAP host
adapter, see "Window Size" on page 596.
5. Verify the settings of the following system management parameters suit the requirements of
the back-office application:
Session Rebuild
In the case of an Alliance Access restart, Alliance Access resumes the traffic as if nothing
happened. Alliance Access rebuilds the SOAP session and resets it in the state that it was
before the Alliance Access restart. The emission and reception window is rebuilt in such a state
that:
• the messages that the back-office application is acknowledging are not present in the window
Example
In the diagrams in this example, the following conventions are used:
10 11 12 13 14 15 16 17 18 19 20 21
C C C W W W W W N N N N
D0540143
Window = 5
Action 15 is completed. The window does not slide to the right because the window size of 5
specifies that all 5 actions must be completed before another action starts:
10 11 12 13 14 15 16 17 18 19 20 21
C C C W W C W W N N N N
D0540144
Window = 5
However, when action 13 is completed, the entire window slides five positions to the right,
starting at 18 and ranging to 22:
10 11 12 13 14 15 16 17 18 19 20 21 22
C C C C C C C C N N N N N
D0540146
Window = 5
Example
In the diagrams in this example, the following conventions are used:
For example, a back-office application sends messages to Alliance Access and the SOAP Host
Adapter uses a window size of 5:
10 11 12 13 14 15 16 17 18 19 20 21
R R R G R R R R
D0540147
Window = 5
The SOAP host adapter receives messages 14 through 17 successfully, but message 13 has
not been received. Therefore, the window does not move to the right. At some point, the back-
office application sends message 13 and the SOAP host adapter sends the appropriate
acknowledgement:
10 11 12 13 14 15 16 17 18 19 20 21 22
R R R R R R R R
D0540148
Window = 5
Put ack
At that moment, the back-office application is still waiting for the acknowledgement of the
message 13. In the worst scenario, if the acknowledgement can be lost, then the back-office
application receives an error which prompts it to re-sends message 13. However, the SOAP
adapter has received and processed message 13, and the window has moved to the right.
Therefore, the SOAP host adapter window expects new messages between 18 and 22, but it
must be ready to accept attempts to resend message 13 through 17.
A retry range must be defined:
10 11 12 13 14 15 16 17 18 19 20 21 22
R R R R R R R R
Window = 5
D0540149
Retry range
The SOAP host adapter may receive message 19 before message 18, as shown in the
following diagram:
10 11 12 13 14 15 16 17 18 19 20 21 22
R R R R R R R R G R
Window = 5
D0540150
Retry range
The retry range on the SOAP host adapter moves two positions to the right. Since the message
19 got received, you can assume that the back-office application received acknowledgement for
messages 14 and before (otherwise, the back-office application would have sent a message
outside of its own window of 5). In reality, the back-office application received all the
acknowledgement of messages up to 17, but the SOAP host adapter has no way of knowing
this until it receives message 22.
• The retry range spans from the last-received message to W-1 positions on the left:
Retry range = [Last_R-W+1; Last_R]
• The window spans from the first missing message to W-1 positions on the right:
Window = [First_G ; First_G+W-1]
• The full acceptable range for message reception on the SOAP host adapter is the overlap of
these two ranges:
Acceptable range = [Last_R-W+1; First_G+W-1]
where First_G is either the first gap or, if no gap exists, the next message to be received.
The maximum size of the range is twice the window size. The minimal size of the range is the
window size.
Example
In the diagrams in this example, the following conventions are used:
For example, a SOAP host adapter sends messages to the back-office application the SOAP
Host Adapter uses a window size of 5:
10 11 12 13 14 15 16 17 18 19 20 21
S S S W S S S S
Window = 5
D0540151
On reception of message 13, the back-office application sends an ACK message to
acknowledge the reception of message 13. The SOAP host adapter replies to the back-office
application with another ACK message to inform the back-office application that message 13
has been processed successfully:
10 11 12 13 14 15 16 17 18 19 20 21 22
S S S S S S S S
D0540152
Window = 5
Ack Ack ack
If this ACK message is lost between the SOAP host adapter and the back-office application,
then the back-office application sends a new GetAck request to retrieve message 13. The
SOAP host adapter must accept this retry request even though its window is now 18 to 22. A
retry range is defined.
At that point, the window of the back-office application ranges from 13 to 17, whereas the
window of the SOAP host adapter ranges from 18 to 22.
As a consequence, there must be a retry range between message 13 and 17 because it is
possible that all messages between 13 and 17 have failed for a similar reason:
10 11 12 13 14 15 16 17 18 19 20 21 22
S S S S S S S S
Window = 5
D0540153
Retry range
However, as soon as the SOAP host adapter receives a new GetAck request for message
retrieval, it means that the back-office application received all required information. Therefore,
retries of message 13 are not expected any more, but retries of message 18 are now possible:
10 11 12 13 14 15 16 17 18 19 20 21 22
S S S S S S S S W
Window = 5
D0540154
Retry range
• The retry range spans from the last received message (acknowledged or not) to W-1
positions on the left:
Retry range = [Last_R-W+1; Last_R]
• The window spans from the first non-acknowledged message to W-1 positions on the right:
Window = [First_W ; First_W+W-1]
• The full acceptable range for message retrieval on the SOAP host adapter is the overlap of
these two ranges:
Acceptable range = [Last_R-W+1; First_W+W-1]
where First_W is the first message waiting for acknowledgement or, if none, the next un-
retrieved message.
The maximum size of the range is twice the window size. The minimal size of the range is the
window size.
Note When the sequence number reaches its maximum value (999999), it restarts at 1.
This can lead to scenarios where the window and retry ranges have start values
numerically higher than the end values.
: SOAP Envelope
1 1
0..1 0..1 1
: Alliance Access Header : WS - Security
ity : SOAP Body
D0540155
All the SOAP messages generated by invoking the operations exposed by the SOAP host
adapter web service of Alliance Access comply with this structure.
SOAP Header
The following headers are optional parts of a SOAP message:
Alliance Access Header contains information specific to the "SAA Header Block -
(soapha:SAAHeader) session opened between the back- soapha:SAAHeader" on
office application and the Alliance page 605
Access SOAP host adapter.
Web Service Security Header provides local authentication at the "Local Authentication of
(wsse:security) level of the SOAP messages SOAP Messages" on
between the back-office application page 602
and the Alliance Access SOAP "Local Authentication -
host adapter. wsse:Security" on
page 605
Soap Body
The mandatory SOAP body: this is the business message itself (MT or XML-based message).
The mandatory SOAP body contains the business message itself: a string or an XMLv2
document. Examples of the SOAP body are provided in "SAA Header Block -
soapha:SAAHeader" on page 605, and in the Knowledge Base Tip 2236509.
Compliancy requirements
To remain compliant with the WS-Security standards, Application developers must take the
following points into consideration:
• For SOAP, the HMAC algorithm must be performed without truncation. Therefore, the
signature has a size of 256 bits and not 128 bits.
• The signature is calculated on the digests of the canonical form of the SOAP body and
header blocks, as described in OASIS: SOAP Message Security 1.0.
Description
The URN of the SOAP host adapter namespace.
urn:swift:saa:xsd:soapha
Namespace
Namespace URIs represent some application-dependent or context-dependent URI. The choice
of any namespace prefix is not semantically significant. The prefixes used in this document are
selected to refer to the standard schemas.
The following table shows the namespaces and prefixes that are used in this document:
F.5.9.1.3 Algorithms
Algorithms
These type definitions provide names that represent the algorithm URIs which are used in this
document:
Tags
SAAHeader SessionToken
SequenceNumber [0..1]
ClientRef [0..1]
AckClientRef [0..1]
ClientRef String The reference the back office uses to identify the
message it will receive from the SOAP adapter
following a GetAck request
Example
<SAAHeader xmlns="http://swift.com/saa/soapha" Id="SAAHeader">
<SessionToken>404d4051-3bba-4661-afda-6471cf2b942a</SessionToken>
<SequenceNumber>388</SequenceNumber>
<ClientRef>BOReference020</ClientRef>
<AckClientRef>AckBOReference011</AckClientRef>
</SAAHeader>
Attribute
If the local authentication is enabled for the message partner indicated in SAAHeader, then the
attribute ID must be present in the body and in each header block comprising the SAAHeader,
The attribute ID can have any value as long as it provides a unique reference in the scope of
the SOAP message.
This attribute belongs to the namespace wsu but is also accepted in the local namespace
(without prefix).
Usage of Attribute ID
To ensure integrity of parts of the message, the URI attribute in ds:Reference must point to the
attribute ID of the part to be authenticated:
(1) The Message partner name in ds:KeyName determines which LAU key is used to compute the signature
Security
The following description is a simplified excerpt from OASIS: SOAP Message Security 1.0
document presenting the settings that are specific to the SOAP host adapter. The security
header block must be built as described in the OASIS: SOAP Message Security 1.0 document.
ds:Signature ds:SignedInfo
ds:SignatureValue
ds:KeyInfo
ds:KeyInfo ds:KeyName
• soapenv:Body
• SAAHeader
• dsKeyInfo
It uses the name provided by the
attribute Id of this header block.
For more information, see "The
Attribute ID" on page 605 and
ds:SignedInfo.
Fault mechanism
The standard SOAP Fault mechanism is used to report error and/or status information to the
calling application.
As per W3C recommendation, the SOAP Fault element appears once as a body entry of the
SOAP response.
The detail tag of the SOAP fault either contains a SAAFault element or a SessionFault element.
These elements have the following structure:
reason string Short text that describes the reason for the error
context string Provides details about the action being performed before
the error occurred
Operations
The SOAP Host Adapter Web service exposes the following operations:
• GetAck: request Alliance Access to send a message waiting delivery to the back-office
application and optionally acknowledge a message received from Alliance Access
F.5.10.1 Open
Description
This operation requests the opening of a session for the exchange of MT, XML-based, or
FileAct messages using the SOAP host adapter between Alliance Access and back-office
applications.
Input
Open - This element contains the Open element.
Open
Output
OpenResponse - This element returns the OpenResponse element which contains the
OpenResponseDetails.
OpenResponse
OpenResponseDetails OpenResponseDe
tails
OpenResponseDetails
SAAHeader
The SAAHeader returns the session token allocated by Alliance Access. This session token
must be repeated in any subsequent message request being part of this session.
Example
Open request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:urn="urn:swift:saa:xsd:soapha">
<soapenv:Header />
- <soapenv:Body>
- <urn:Open>
<urn:messagePartnerName>SoapHA</urn:messagePartnerName>
<urn:sequenceNumberToSAA>1</urn:sequenceNumberToSAA>
<urn:windowSize>5</urn:windowSize>
<urn:flowDirection>To_And_From_MessagePartner</urn:flowDirection>
</urn:Open>
</soapenv:Body>
</soapenv:Envelope>
Open response
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Header>
<SAAHeader xmlns="urn:swift:saa:xsd:soapha">
<SessionToken>1be691d7-97d5-4a49-8b70-88a63013d447</SessionToken>
</SAAHeader>
</S:Header>
<S:Body>
<OpenResponse xmlns="urn:swift:saa:xsd:soapha">
<openResponseDetails>
<sequenceNumberFromSAA>1</sequenceNumberFromSAA>
<windowSize>5</windowSize>
</openResponseDetails>
</OpenResponse>
</S:Body>
</S:Envelope>
F.5.10.2 Close
Description
This operation requests the closing of a session for the exchange of MT, XML-based, or FileAct
messages using the SOAP host adapter between Alliance Access and back-office applications.
Input
Close - This element contains the empty element Close.
SAAHeader - The SAAHeader contains the session token of the session to be closed by the
Alliance Access SOAP host adapter upon request from the back office.
Output
CloseResponse - This element returns the XMLv2 SessionStatus element as described in
"SessionStatus" on page 501.
Example
Close request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:urn="urn:swift:saa:xsd:soapha">
<soapenv:Header>
<urn:SAAHeader Id="SAAHeader">
<urn:SessionToken>1be691d7-97d5-4a49-8b70-88a63013d447</urn:SessionToken>
</urn:SAAHeader>
</soapenv:Header>
<soapenv:Body>
<urn:Close />
</soapenv:Body>
</soapenv:Envelope>
Close response
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<CloseResponse xmlns="urn:swift:saa:xsd:soapha">
<Saa:DataPDU xmlns:Saa="urn:swift:saa:xsd:saa.2.0"
xmlns:Sw="urn:swift:snl:ns.Sw" xmlns:SwGbl="urn:swift:snl:ns.SwGbl"
xmlns:SwInt="urn:swift:snl:ns.SwInt" xmlns:SwSec="urn:swift:snl:ns.SwSec">
<Saa:Header>
<Saa:SessionStatus>
<Saa:MessagePartner>SoapHA</Saa:MessagePartner>
<Saa:CreationTime>20081203132739</Saa:CreationTime>
<Saa:SessionNr>0001</Saa:SessionNr>
<Saa:InputFile />
<Saa:IsSuccess>true</Saa:IsSuccess>
<Saa:Accepted>1</Saa:Accepted>
<Saa:Rejected>0</Saa:Rejected>
</Saa:SessionStatus>
</Saa:Header>
</Saa:DataPDU>
</CloseResponse>
</S:Body>
</S:Envelope>
F.5.10.3 Put
Description
This operation allows a back-office application to send SOAP messages containing MT, XML-
based, or FileAct messages to the Alliance Access SOAP host adapter.
Input
Put - This element contains the XMLv2 Message element as described in "Message" on
page 479.
SAAHeader - The SAAHeader contains the session token of the session being used and the
sequence number associated to the message sent.
Output
PutResponse - This element contains the XMLv2 MessageStatus element as described in
"MessageStatus" on page 500.
SAAHeader - The SAAHeader contains the session token of the session being used and the
sequence number associated to the message sent.
Example
Put request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:urn="urn:swift:saa:xsd:soapha">
<soapenv:Header>
<urn:SAAHeader Id="SAAHeader">
<urn:SessionToken>1be691d7-97d5-4a49-8b70-88a63013d447</urn:SessionToken>
<urn:SequenceNumber>1</urn:SequenceNumber>
</urn:SAAHeader>
</soapenv:Header>
<soapenv:Body>
<urn:Put>
<DataPDU xmlns="urn:swift:saa:xsd:saa.2.0">
<Revision>2.0.2</Revision>
<Header>
<Message>
<SenderReference>REF10812031316</SenderReference>
<MessageIdentifier>fin.999</MessageIdentifier>
<Format>MT</Format>
<Sender>
<BIC12>SAASBEBBAXXX</BIC12>
<FullName>
<X1>SAASBEBBXXX</X1>
</FullName>
</Sender>
<Receiver>
<BIC12>SAATBEBBXXXX</BIC12>
<FullName>
<X1>SAATBEBBXXX</X1>
</FullName>
</Receiver>
<InterfaceInfo>
<UserReference>REF10812031316</UserReference>
</InterfaceInfo>
<NetworkInfo>
<FINNetworkInfo />
</NetworkInfo>
<SecurityInfo>
<FINSecurityInfo />
</SecurityInfo>
</Message>
</Header>
<Body>DQo6MjA6VFJOIEZUSTAwMA0KOjc5OlpaWlpaWlpaWlpaWlpaWlpaWlpa</Body>
</DataPDU>
</urn:Put>
</soapenv:Body>
</soapenv:Envelope>
Put response
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Header>
<SAAHeader Id="SAAHeader" xmlns="urn:swift:saa:xsd:soapha">
<SessionToken>1be691d7-97d5-4a49-8b70-88a63013d447</SessionToken>
<SequenceNumber>1</SequenceNumber>
</SAAHeader>
</S:Header>
<S:Body>
<PutResponse xmlns="urn:swift:saa:xsd:soapha">
<Saa:DataPDU xmlns:Saa="urn:swift:saa:xsd:saa.2.0"
xmlns:Sw="urn:swift:snl:ns.Sw" xmlns:SwGbl="urn:swift:snl:ns.SwGbl"
xmlns:SwInt="urn:swift:snl:ns.SwInt" xmlns:SwSec="urn:swift:snl:ns.SwSec">
<Saa:Revision>2.0.2</Saa:Revision>
<Saa:Header>
<Saa:MessageStatus>
<Saa:SenderReference>REF10812031316</Saa:SenderReference>
<Saa:SeqNr>000001</Saa:SeqNr>
<Saa:IsSuccess>true</Saa:IsSuccess>
</Saa:MessageStatus>
</Saa:Header>
</Saa:DataPDU>
</PutResponse>
</S:Body>
</S:Envelope>
F.5.10.4 GetAck
Description
This operation allows a back-office application to request, from the Alliance Access SOAP host
adapter, MT, XML-based, or FileAct messages that are waiting for delivery in the exit point
associated to the Alliance Access message partner. It also acknowledges the reception of the
messages sent by Alliance Access.
Input
GetAck - This element contains a time-out after which Alliance Access replies that no
messages are to be returned to the application.
GetAck
SAAHeader - The SAAHeader contains the session token of the session being used, the
reference the back-office associates to the message it receives, the reference of the message
for which it acknowledges reception (for more information, see "SOAP Message -
soapenv:Envelope" on page 604).
Output
GetAckResponse - This element contains an XMLv2 element whose type depends on the
message retrieved from the exit point:
GetAckResponse
If there is no message to be retrieved, then the SAAHeader does not include any sequence
number.
SAAHeader - The SAAHeader contains the session token of the session being used and the
sequence number used by Alliance Access to identify the message.
Example
GetAck request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:urn="urn:swift:saa:xsd:soapha">
<soapenv:Header>
<urn:SAAHeader Id="SAAHeader">
<urn:SessionToken>1be691d7-97d5-4a49-8b70-88a63013d447</urn:SessionToken>
<urn:ClientRef>REF1</urn:ClientRef>
</urn:SAAHeader>
</soapenv:Header>
<soapenv:Body>
<urn:GetAck />
</soapenv:Body>
</soapenv:Envelope>
</Saa:FINNetworkInfo>
</Saa:NetworkInfo>
</Saa:Message>
</Saa:Header>
<Saa:Body>DQo6MjA6VFJOIEZUSTAwMA0KOjc5OlpaWlpaWlpaWlpaWlpaWlpaWlpa</
Saa:Body>
</Saa:DataPDU>
</GetAckResponse>
</S:Body>
</S:Envelope>
F.5.10.5 Ack
Description
This operation allows a back-office application to acknowledge the last message it received
from the Alliance Access SOAP host adapter.
Input
Ack - Empty
SAAHeader - The SAAHeader contains the session token of the session being used, the
reference of the message for which it acknowledges reception. For more information, see "SAA
Header Block - soapha:SAAHeader" on page 605.
Output
AckResponse - Empty
SAAHeader - The SAAHeader contains the session token of the session being used.
Example
Ack request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:urn="urn:swift:saa:xsd:soapha">
<soapenv:Header>
<urn:SAAHeader Id="SAAHeader">
<urn:SessionToken>1be691d7-97d5-4a49-8b70-88a63013d447</urn:SessionToken>
<urn:AckClientRef>REF1</urn:AckClientRef>
</urn:SAAHeader>
</soapenv:Header>
<soapenv:Body>
<urn:Ack />
</soapenv:Body>
</soapenv:Envelope>
Ack response
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Header>
<SAAHeader Id="SAAHeader" xmlns="urn:swift:saa:xsd:soapha">
<SessionToken>1be691d7-97d5-4a49-8b70-88a63013d447</SessionToken>
<AckClientRef>REF1</AckClientRef>
</SAAHeader>
</S:Header>
<S:Body>
<AckResponse xmlns="urn:swift:saa:xsd:soapha" />
</S:Body>
</S:Envelope>
F.6 WebSphere MQ
Overview
The WebSphere MQ method enables files and SWIFT messages to be exchanged between
Alliance Access and back-office applications through IBM WebSphere MQ. The WebSphere MQ
connection method requires the licence package 13:MQ HOST ADAPTER.
The WebSphere MQ connection method supports the following data formats:
• MQ-MT
AIX /usr/mqm/lib
If the WebSphere MQ software is not installed in the default directory, then you must add the
following line to the Alliance Access instance file, .swa.$ALLIANCE_INSTANCE.rc:
• The Alliance Access instance file is located in the home directory of the Alliance Access
Administrator ($ALLIANCE_INSTANCE is the environment variable describing the name of
the Alliance Access instance). This file is a hidden file.
Purpose
There are two ways to implement the WebSphere MQ Host Adapter as a WebSphere MQ client:
• define the location of the WebSphere MQ Queue Manager using an environment variable,
MQSERVER
• install a WebSphere MQ channel table, using two environment variables, MQCHLTAB and
MQCHLLIB
Windows Define an environment variable in the System Properties (Advanced tab) in the
Control Panel:
Using this environment variable limits access to a single WebSphere MQ Queue Manager. For
more information about the MQSERVER variable, see the information about using IBM
WebSphere MQ environment variables in the WebSphere MQ documentation about clients.
Windows Define the environment variables in the System Properties (Advanced tab) in
the Control Panel:
• messages
• queues
• queue managers
• channels
For more information about WebSphere MQ, see the WebSphere MQ documentation.
Definition
Applications use messages to exchange data. A WebSphere MQ message is a string of bytes
that has a meaning for the applications that use it. The applications can be running on the same
platform, or on different platforms.
A physical MQ message is the smallest unit of information that can be placed on or removed
from a queue. A WebSphere MQ message has two parts:
Logical MQ messages
If the payload of the message is extremely large, then it can be split across several messages.
WebSphere MQ can group several physical messages together into a group of logical
messages or it can segment the physical message into several file chunks and group them into
one logical message. The distribution depends on the functionality support by the applications.
With a large message is segmented, each physical message in the group has the same Group
Identifier and Message Sequence Number (GroupID and MsgSeqNumber) in their Message
Descriptor parts. However, the Message identifier and Offset values (MsgId, and Offset) in their
Message Descriptor parts differ.
The following diagram shows a file that is segmented and grouped into two logical messages:
Segment
D0540194
Logical Message (seq#1) Logical Message (seq#2)
With a large message is not segmented and is only grouped, then each physical message in the
group has the same Group Identifier (GroupID) in their Message Descriptor parts.
The following diagram shows a file that is not segmented but is grouped into several logical
messages:
Segment
D0540195
Logical Message (seq#1) Logical Message (seq#n)
For more information about the components of an MQ message, see the WebSphere MQ
documentation.
Definition
A WebSphere MQ queue is a data structure in which messages are stored. The messages may
be put on or retrieved from the queue by applications. Queues exist independently of the
applications that use them.
Queue manager
A WebSphere MQ queue manager is an entity that provides queue-based services to
applications, and manages the queues that belong to it. Such queues are referred to as local
queues for that queue manager. The queue manager ensures that messages are put on the
correct queue, as requested by the application. Every queue belongs to a single queue
manager. The same queue name can exist in different queue managers.
Applications put messages on and get messages from queues. For that purpose, applications
must connect to a queue manager that is said to be a local queue manager for that application.
In a simple configuration, a single queue manager is created and local queues are defined on
this queue manager. Applications can then connect to this queue manager and can use its
queues to exchange messages.
MQI channel
An application connects to a queue manager through an MQI channel. An MQI channel is bi-
directional, it must be created as a Server-connection Channel on the queue manager (see
the WebSphere MQ Clients documentation).
Note Do not confuse the concept of local and remote queue managers with that of a
local or remote physical location. For example, you can have a local queue
manager that connect to an application by an MQI channel while the application
and the queue managers reside on different systems.
Specification requirements
Applications may connect directly to several local queue managers, by establishing several MQI
channels. When an application tries to establish a connection to a queue, it must specify the
queue address and the MQI channel to a local queue manager through which the queue is
reached. The queue address consists of the queue name and queue manager name.
Illustration of concepts
The following diagram provides an overview of the fundamental WebSphere MQ concepts:
Application 1
(e.g. MQ Host Adapter)
MQI
Channels
QM1 QM2
Application 2
Message Channel
QM3
Q31
Application 3
D0340038
Note The concept queue managers shown in the graphic are abbreviated for simplicity,
for example, QM1, QM2, and QM3.
• Datagram (MQMT_DATAGRAM)
• Request (MQMT_REQUEST)
WebSphere MQ message
The following diagram shows the structure of a WebSphere MQ message:
Message
Message data
descriptor
The following table describes the parts in an MQ message that Alliance Access interprets to
process the message successfully. The elements that Alliance Access requires are marked as
Mandatory (M). If an element is marked optional (O), and has a non-null value, then Alliance
Access processes it appropriately:
(1) Represents a message request that Alliance Access receives from a message partner.
(2) Represents a notification, a system message, or a message request that Alliance Access sends to a message
partner.
(3) Represents a response message request that Alliance Access sends to a message partner.
• Message Request, that Alliance Access receives from a message partner through
WebSphere MQ
• Message Request, that Alliance Access sends to a message partner through WebSphere
MQ
Note This section describes the elements in the MQ Descriptor that Alliance Access
interprets when it processes an MQ message. It does not describe all the elements
of the MQ Descriptor. The elements that Alliance Access requires are marked as
Mandatory (M). If an element is marked Optional (O) and has a non-null value, then
Alliance Access processes it.
For more information about the elements in the MQ Descriptor, see the IBM
WebSphere MQ Application Programming Reference.
Message Request
In this section, a message request is an MT or MX message that a back-office application sends
to Alliance Access through WebSphere MQ.
Description of elements
The elements in the MQ Message Descriptor have the following values when they are included
in a message request from a back-office application:
Elements in MQMessageDescriptor
ReplyToQ The name of the queue to which Alliance Access sends the O
requested report.
(1) For information about how Alliance Access uses these values, see "Message Response to WebSphere MQ" on
page 625. You can find a detailed description of these values in the IBM WebSphere MQ Application
Programming Reference.
(2) You can find a detailed description of these values in the IBM WebSphere MQ Application Programming
Reference.
Overview
You can reconcile WebSphere MQ messages using the report message feature of WebSphere
MQ. The report message (either a Report or a Reply) provides information about the initial
processing that Alliance Access has performed on the message. The report message provides
the Alliance Access instance that processed the message, the UUMID, and error validation
information.
An application can request a report for a message optionally, by including a Report element in
the MQ Message Descriptor part of the message. The Report element can also specify how to
set the message and correlation identifiers in the report message.
If an application requests a report message and if one of the following conditions are met, then
Alliance Access creates a Message Response for the message:
• The MsgType of the original message is "Datagram" and MQ requested either a PAN or a
NAN report for the message.
Description of elements
The elements in the MQ Message Descriptor have the following values when they are included
in a message response, which Alliance Access sends to WebSphere MQ:
Elements in MQMessageDescriptor
Feedback This field indicates whether an error was reported during the M
processing of the MQ Message Data.
If no error is reported, then a PAN message is sent with value
MQFB_PAN.
If an error is reported, then a NAN message is sent with one
of values outlined in the section, see "Feedback options for
NAN" on page 627.
AccountingToken The value of the Unit element of the original message. This O
allows an application to track the cost associated with
processing the message.
Present if Transfer SAA Information and Use MQ
Descriptor are both selected in the message partner profile.
PutApplName The name of the process Alliance Access process for the MQ M
Interface ("MXS_ha")
The Queue manager fills this field automatically.
UserIdentifier The name of the operating system user that owns the Alliance O
Access instance.
Present if Transfer SAA Information and Use MQ
Descriptor are both selected in the message partner profile.
Message request
In this section, a message request is an MT or an MX message that Alliance Access sends to a
back-office application.
Description of elements
The elements in the MQ Message Descriptor have the following values when they are included
in a request, which Alliance Access sends to WebSphere MQ:
Elements in MQMessageDescriptor
UserIdentifier The name of the operating system user that owns the O
Alliance Access instance.
Present if Transfer SAA Information and Use MQ
Descriptor are both selected in the message partner
profile.
Overview
This section describes the elements that Alliance Access interprets in the MQ descriptor of
notification messages and system messages.
Notification messages include Transmission, Delivery, Information, and History messages that
Alliance Access creates from additional instances of a message, based on the results of
message reconciliation.
A System message is a Delivery Notification that Alliance Access receives from the SWIFT
network to provide status about the delivery of a message.
Transmission notification
A Transmission notification is a message representing the result of the transmission to the
SWIFT network. SWIFT performs full syntax and semantic checks before it returns an
acknowledgement (ACK). Other checks, such as validity of the sender and the receiver, are also
performed. The checks can cause a message to be rejected and a negative acknowledgement
(NAK) is returned in response.
Delivery Notification
A Delivery Notification is a message that provides status about the progress of message
processing. Alliance Access receives delivery notification messages, which can be reconciled
with the original message through a reference in the CorrelId field. You can also append the
text of the original message to the Delivery Notification message.
Information notification
An information notification (also called an intervention) is a message that the Routing
application in Alliance Access creates to show details about the result of routing or processing.
History notification
A history notification is a list of information notification that the Routing application in Alliance
Access creates to provide an overview of the processing that Alliance Access performed on a
message.
System message
To provide information about the delivery of a message, Alliance Access receives a Delivery
Notification from SWIFTNet, which is of the following:
Note As a result of reconciling the Delivery Notification from SWIFTNet, Alliance Access
can create an additional message instance (of type Delivery Notification) for the
message request instance. In this case, a Delivery Notification and System
Delivery Notification message can exist for one message request. Since the priority
of a System Message is higher than a notification message, Alliance Access may
send a System Delivery Notification message to an application before it transmits a
Transmission notification.
Description of elements
The elements in the MQ Message Descriptor have the following values when they are included
in a notification or a system message, which Alliance Access sends to WebSphere MQ:
Elements in MQMessageDescriptor
Priority The value "10" less the priority in the original message. M
UserIdentifier The name of the operating system user that owns the O
Alliance Access instance.
Present if Transfer SAA Information and Use MQ
Descriptor are both selected in the message partner
profile.
• Full FileAct mode - where both the XML version-2 message and the FileAct payload are
transferred between the back-office application and Alliance Access over WebSphere MQ.
• Mixed FileAct mode - where the XMLv2 message is transferred between the back-office
application and Alliance Access over WebSphere MQ, and the FileAct payload is transferred
over the local file system. This is similar to the File Transfer connection method.
This MQ message is associated with the MQ message that carries the payload.
Input from back-office application any combination of both grouping The first logical message must
and segmentation not be segmented and must be
the XMLv2 message.
Output to the back-office either segmentation or message This depends on the value of
application grouping Don't use Segmentation and
Chunk Size parameters in the
message partner profile.
where:
• Chunk size is the size of each chunk (default at SAA side is 32 Kb).
• MAX_Uncommitted message is the number of messages that a transaction can hold. You
can configure this at the Queue manager side, and the default is 10,000.
1 is deducted because the XMLv2 message is always included before the chunks.
Overview
If the Keep Session Open option is selected in the message partner profile and a session
connection is lost, then the session status changes to "Interrupted" and Alliance Access
attempts to re-establish the connection to WebSphere MQ.
If the Keep Session Open option is not selected and a session connection is lost, then the
session status changes to "Closed".
Recovery attempts
System parameters specify the frequency of the recovery attempts, as follows:
1. After the number of seconds that are specified in Recovery Time - Initial have elapsed,
then Alliance Access attempts to re-open the session for the first time.
2. If the reconnection is unsuccessful, then Alliance Access increases the time between the
reconnection attempts by the value specified in Recovery Time - Increment, and attempts
to re-establish the connection.
3. The time interval between attempts is increased after every attempt until it reaches the
value specified in Recovery Time - Max, after which Alliance Access attempts the
reconnection at these intervals.
Automatic sessions
If you close an automatic session for an incoming message partner (that is, with From Message
Partner as the Allowed direction) or for an outgoing message partner (that is, with To
Message Partner as the Allowed direction), then Alliance Access re-opens the session
automatically. To avoid this session reopening, you must first disable the message partner and
afterwards close the session.
Manual sessions
You can stop a manual session of either an incoming or outgoing message partner.
Appendix G
Parameter Files in AI
Overview
This section describes the parameter files that are used with the File Transfer connection
method.
Structure
A parameter file has two sections:
• The field after the colons is used for the actual value.
Parameter descriptions
The input parameter file can have the parameters that are described in the following table. In
the table, "x" represents the number of characters that the value may have. All printable
characters are accepted:
The path to the directory where the message file is 050314 60x M(1)
stored before it is transferred O(2)
(2) Optional for Manual input from a message partner. You can omit this tag if you include 050315 instead.
000010 MSG
000102 I
050314 <The path to the directory where the message file is stored before it
is transferred from a message partner>
2. Double-click your selected message partner in the main window. The message partner
profile tabs appear.
5. Specify the location of the parameter file in the Input/Output Path field:
– If the session direction is To Message Partner, then the parameter file is generated and
copied to this directory automatically. You can specify the output file extension.
– If the session direction is From Message Partner, then an existing parameter file must
be present (if required).
6. Select Modify from the Message Partner menu to save your changes.
7. Select Enable from the Message Partner menu. The message partner profile is now ready
for exchange sessions.
Appendix H
Central
Institution
Destination
Sending Receiving
Institution Institution
In the T Copy mode, the PAC is removed from the copy message before delivery to the
receiver.
With the FINCopy service however, the requirement for authorisation by the RMA can be
bypassed, since membership of the FINCopy service includes an agreement to exchange
authenticated messages.
Bypassing authorisation is controlled by the RMA Authorisation option in the FINCopy service
profile, which is set by the service administrator. The setting of this option can be displayed in
the SWIFT Support application (RMA Authorisation field).
• the addressee has not logged into APC/FIN for a period of more than 14 days
• the receiver has negatively acknowledged the message more than 10 times
• the Central Institution has not sent an authorisation for more than 14 days
• with SWIFTNet PKI, failure of message authentication and authorisation (FINCopy server not
set up to bypass RMA)
If the message is aborted, then the normal FIN functionality is used to notify the sender.
Appendix I
Central
Institution
Destination
D0540071
I.1 Processing an Incoming MT 096
Overview
After receiving an MT 096, the response of the server (in negotiation with an external
accounting system) is to either authorise or reject the settlement request. The response to the
FINCopy facility is always made in the form of an MT 097.
Failed Messages
All messages failing FINCopy validation are processed as if they have failed message
authentication. The failed message is flagged as having "no key" or '"PAC authentication error".
An event is recorded in the Event Journal and the related FIN session is aborted. No
acknowledgement is returned to the FINCopy facility.
Failed messages are routed to _MP_mod_rec_secu, the Reception Security Modification queue.
Accepted Messages
Messages passing FINCopy validation are positively acknowledged, and then subjected to a
second PAC calculation, this time by the FINCopy server. If this PAC calculation fails, then the
message is routed to the Reception Security Modification queue.
The PAC result is packed into the MT 096, and the message is passed to the routing
application. After this stage, the processing applied to the message is totally dependent upon
the routing tables defined by the central institution destination staff. However, it is generally
assumed that the message is forwarded to an accounting system for authorisation.
Institution Destination
Accounting
System
CAS 2 NDF
Alliance
+ FIN Copy Server
To SWIFT D0540072
You can also use the main window of the Message Modification application to reauthenticate a
group of messages in the Reception Security Modification queue, (manual PAC re-
authentication cannot be bypassed). For more information, see "Creating Messages" in the
Daily Operations Guide. Alternatively, you can display a single message within the Message
Modification window to modify it so that it can be re-authenticated. For more information, see
"Modifying Messages" in the Daily Operations Guide.
Regardless of the message format, if the re-authentication is successful, Alliance Access then
routes the message according to the routing rules defined for the Reception Security
Modification queue. By default, authenticated messages are routed to the System Exit Point, as
specified in the routing rule of _SI_from_SWIFT.
If authentication fails for any message, then that message remains in the Reception Security
Modification queue.
Note Retrieved messages result in the delivery of two messages: the MT 021 and the
extracted MT 096.
The MT 097 will be a payment authorisation. It will contain a PAC. No value for tags 114: and
115:
79: ACCEPT VALID PAC
SERVER-TO-RCVR:<32x>
SERVER-TO-SNDR:<32x>
The MT 097 will be a payment authorisation. It will contain a PAC. The values for tags 114: and
115: are filled by the values specified in the MT 999.
79: ACCEPT INVALID PAC
The MT 097 will be a payment authorisation. It shall contain the PAC value '01234567'. No
value for tags 114: and 115:
79: ACCEPT INVALID PAC
SERVER-TO-RCVR:<32x>
SERVER-TO-SNDR:<32x>
The MT 097 will be a payment authorisation. It shall contain the PAC value '01234567'. The
value for tags 114: and 115: are filled with the string specified in the MT 999.
79: REJECT xx
The MT 097 will be a payment refusal (code is xx). It will contain a PAC. No value for tags 114:
and 115:
79: DROP
MT 097 payments and refusals are generated in a random fashion by the accounting system
(with around 80% authorisations). Code xx is used for the refusal. It will contain a PAC. The
value for tags 114: and 115: are filled with the string specified in the MT 999.
For services with normal authentication operating in Y-Copy mode, the information "VALID
PAC" and "INVALID PAC" are ignored as no PAC is required in the MT 097. The processing for
"REJECT", "RANDOM", and "DROP" is the same as when proprietary authentication is
required.
• assign the FINCopy service to the LT(s) (own destinations) that will be used by the central
institution destination to send and receive MT 096 and MT 097 messages
Appendix J
Figure 3
MT
(8)
(7) MT
(2)
MT
Institution A Institution B
(1) (9)
MT MT
(3) (6)
(4) (5)
D0900001
"Figure 3" on page 643 represents the message flow of a double-authenticated message from
the moment that the emitting interface constructs and sends it until the moment that it is
delivered at the receivers interface.
1. The emitting institution A issues a message, for example an MT 103, to its correspondent
institution B.
The emitting institution prepares a USER signature containing:
• the SignDN
• a Manifest element containing the reference(s) to and the digest value(s) of those parts
of the payload that require authentication
• based on the FINCopy service Profile, the complete message, or only a part of it
requires a PAC1-equivalent authentication. A digest value is calculated and added to the
USER signature. The reference to this digest value is 1.
Upon emitting, SWIFTNet Link signs the message and converts the USER signature into a
SYS signature.
Note The Object element, containing the random number, is removed from the SYS
signature.
• Re-authenticate the message, in case the reason for failure may have been fixed
You cannot re-authenticate system messages or MT 096 messages. You can only
progress system messages by using the Bypass Security command.
4. The back office receives the message and evaluates the business request. It decides to
accept or reject the request and if optional field 115 (<payment-release-
information-receiver>) is used.
5. The back office prepares an MT 097 message which, amongst other fields, contains the
accept or reject status - indicating to SWIFT if the message can be released - and transfers
it to Alliance Access.
6. Alliance Access receives the message and prepares a (new) USER signature for PAC2-
equivalent authentication. It calculates the digest value: this digest value is referenced to as
"2".
The MT 097 is sent to the SWIFT Central System. SWIFTNet Link converts the USER
signature into a SYS signature.
8. If the MT 097 contains an accept indication, then the SWIFT Central System releases the
original message and delivers it to institution B, together with the SYS signatures calculated
in stage 1 and in stage 6.
• Re-authenticate the message, in case the reason for failure may have been fixed
You cannot re-authenticate system messages or MT 096 messages. You can only
progress system messages by using the Bypass Security command.
J.2 Implementation
J.2.1 Generic Implementation
Overview
To prepare the PAC2-equivalent USER signature in Step 6 of "Figure 3" on page 643, Alliance
Access must calculate its <DigestValue>; for this calculation, it must have access to the
following data elements:
• the signature value on the M digest, if an M digest is present, as calculated by the emitting
institution (that is, the signature value of the Signature element containing the MAC-
equivalent digest)
• the back office decides whether to use the optional field 115
• the back office adds the following data elements by means of extra fields (in addition to the
fields defined by the MT 097 message standard):
Figure 4
MT MT
MT103 MT 103
(M+P1) (M+P1, P2)
MT MT
MT 096 MT 097
(M+P1) (P2)
MT MT
MT 096 MT 097
(M+P1, BIC of receiver, (M+P1 [signature value only],
BIC of emitter, Original BIC of receiver, Block 4 of the
message type, Block 4 of original message, Field 115 (optional))
the original message)
D0900003
M+P1 = MAC - and PAC1 - equivalent Signature
P2= PAC2 - equivalent Signature
• The back office must have access to the signature value. This is achieved by providing the
whole SYS signature to the back office
• If the SYS signature contains an M digest, then the back office must provide the signature
value of the received SYS signature back to Alliance Access.
Signature SIG trailer in S- Not supported field SIGV field sigValue field
value on the M block, appe_pki_pac2
digest containing _value in the
complete SYS reception
signature appendix
PAC1- Trailer in block Not supported field PACR field pacResult field
equivalent S of MT 096 appe_pki_pac2
authentication _result in the
status reception
appendix
(1) These formats are no longer supported in the scope of FINCopy services.
In Step 6 of "Figure 3" on page 643, the required information is received from the back office
through the following fields in the MT 097 (as described in "Generic Implementation" on
page 646): 102, 124, 199, and 999. Field 999 is a field tag (SignatureValue) and is listed as
Reserved for internal use in the FIN System Messages. If the SYS signature does not contain
an M digest, then the field 999 is passed without content.
Alliance Access removes these fields when sending the message to the SWIFT Central System.
Note The back office must be able to extract the signature value on the M digest from
the SYS signature.
MT 096
Example
{1:F01DCRIFRTAAXXX0165005109}
{2:O0960933041018DYLRXXXXEXXX00000176830410180533S}
{3:{103:COP}
{108:SMAIBE22A1033570}}
{4:
{1:F01SMAIBE22AXXX0246001570}
{2:I103SMAIBE23XXXXN}
{3:{103:COP}}
{4:
:20:COP/103/test01
:32A:041025EUR1,
-}
{5:{MRF:041018093334041018SMAIBE22AXXX0246001570}}
{5:{CHK:73AC90A7A3F1}
{SYS:0933041018SMAIBE22AXXX0246001570}}
The MAC- and PAC1-equivalent authentication is provided by means of the following SYS
signature:
<SwSec:Signature>
<SwSec:SignedInfo>...</SwSec:SignedInfo>
<SwSec:Manifest>
<Sw:Reference>
<Sw:DigestRef>M</Sw:DigestRef>
MAC-equivalent
<Sw:DigestValue>...</Sw:DigestValue>
</Sw:Reference>
<Sw:Reference>
<Sw:DigestRef>1</Sw:DigestRef>
PAC1-equivalent
<Sw:DigestValue>...</Sw:DigestValue>
</Sw:Reference>
</SwSec:Manifest>
</SwSec:Signature>
• MQSA format
{SIG:<SwSec:Signature>...</SwSec:Signature>}}
whereby nnnnn stands for the length of the signature element starting with
<SwSec:Signature> and ending with </SwSec:Signature> (both tags included).
• ADK
The information is transferred to the back office by means of designated fields:
Message Comments
{1:F01MASGSGSMAXXX0122000199}
{2:I097SWFTXXXXXXXXS}
{4:
{103:COP}
{109:090514091701090514SENDRBICAXXX0685697419}
{451:0}
{114:PAYMRELINFO2SENDER}
{115:PAYMRELINFO2RECEIVER}
• field 999 is added, which contains the SwSec:SignatureValue of the signature element of
the original message.
• removes from block 4 all fields starting with field 102 until the end of block 4
{1:F01MASGSGSMAXXX0122000199}
{2:I097SWFTXXXXXXXXS}
{4:
{103:COP}
{109:090514091701090514SENDRBICAXXX0685697419}
{451:0}
{114:PAYMRELINFO2SENDER}
{115:PAYMRELINFO2RECEIVER}
}
{5:{CHK:73AD80A7A3F1}}
• prepares the PAC2-equivalent USER signature (it finds all the required input in the MT 097 it
just received):
<SwSec:Signature>
<SwSec:KeyInfo>...</SwSec:KeyInfo>
<SwSec:Manifest>
<Sw:Reference>
<Sw:DigestRef>2</Sw:DigestRef>
PAC2-equivalent
<Sw:DigestValue>...</Sw:DigestValue>
</Sw:Reference>
</SwSec:Manifest>
</SwSec:Signature>
Appendix K
Command-line Tools
Introduction
The following diagnostic tools are used to get system information that is useful for investigating
a problem. These tools can also be used to recover from certain problems related to message
partners:
• getmesg
• messageTool
• saa_supportinfo
• saa_system integrity
• sa_split
• sa_extract
• By entering the command from the directory where the tool is located.
• From another location. In this case, you must provide the full path, and command.
Getting help
You can display the syntax for each tool by entering one of the following commands:
• <tool name>
• <tool name> -h
where <tool name> is the name of the tool that you want to use.
K.1 getmesg
Overview
Use the getmesg tool to obtain database information about a specific message. The tool can
be used with the servers running or stopped.
Note You cannot use the getmesg tool to retrieve information about a message that
was restored from a backup of the Message Archive from Alliance Access Release
6.0.x. Instead, you must use the saa_bankquery tool to retrieve information
about the message.
Tool location
Windows:<Alliance installation directory>\BSS\bin\win32
AIX: <Alliance installation directory>/BSS/bin/AIX
Solaris: <Alliance installation directory>/BSS/bin/SunOS
Command syntax
Windows:
getmesg
-u "UUMID"
-s DATESUFFIX
[-o <output file>]
[>><errorfile>]
UNIX:
getmesg
-u "UUMID"
-s DATESUFFIX
[-o <output file>]
[2><errorfile>]
Parameters
UUMID The UUMID of the searched message (can be extracted from the Message Yes
File). It must be specified between double quotes (").
-s DATESUFFIX The concatenation of the message creation date (YYMMDD) and the suffix Yes
displayed in the Message File.
-o <output file> The location of the path and the filename of a file where the output of the
command is redirected. If the option is not specified, then the command
output is displayed on the screen.
1. Start the Alliance Installation application and double-click the Command Prompt icon.
2. In the Command Prompt window, run the getmesg command with the required
parameters.
For example:
getmesg -u "IALLIBEAAXXX999ABCD1234" -s 0004062345 -o c:\temp\getmesg.out
>> c:\temp\mesgerror.out
2. From the System Administration application select xterm from the OS Configuration
menu.
3. In the Xterm window, run the getmesg command with the required parameters.
For example:
getmesg -u "IALLIBEAAXXX999ABCD1234" -s 0004062345 -o /temp/getmesg.out 2>/
temp/mesgerror.out
Result
If the command is run successfully, Alliance Access writes an event to the Event Journal with
the following information about the message:
• the UUMID of the message for which the getmesg tool was run (a concatenation of the
message creation date (YYMMDD) and the suffix of the message for which the getmesg tool
was run)
• the date and time at which the getmesg tool was run
• the operating system account of the operator that launched the tool
K.2 messageTool
Overview
The messageTool command is used to unreserve or to complete all messages at a particular
routing point. The tool can only be used when the Alliance Access servers are stopped.
Tool location
Windows:<Alliance installation directory>\BSS\bin\win32
AIX: <Alliance installation directory>/BSS/bin/AIX
Solaris: <Alliance installation directory>/BSS/bin/SunOS
Command syntax
messageTool
-r <Routing point name>
-c | -u
Parameters
<Routing point name> The name of the Routing Point where the messages to process are located. Yes
1. Start the Alliance Installation application and double-click the Command Prompt icon.
2. In the Command Prompt window, run the messageTool command with the required
parameters.
2. From the System Administration application select xterm from the OS Configuration
menu.
3. In the xterm window, run the messageTool command with the required parameters.
Result
If the command is run successfully, Alliance Access writes an event in the Event Journal, with
the UMID and instance number of the message instance that was completed or unreserved.
K.3 reset_mp
Overview
reset_mp is used to reset and disable a message partner profile. On Windows, the tool is
called ResetMp.
The tool can be used only when the Alliance Access servers are stopped.
Tool location
Windows:<Alliance installation directory>\MXS\bin\win32
AIX: <Alliance installation directory>/MXS/bin/AIX
Solaris: <Alliance installation directory>/MXS/bin/SunOS
Command syntax
reset_mp
<Message partner name>
Parameters
1. Start the Alliance Installation application and double-click the Command Prompt icon.
2. In the Command Prompt window, run the ResetMp command with the required
parameters.
2. From the System Administration application select xterm from the OS Configuration
menu.
3. In the xterm window, run the reset_mp command with the required parameters.
Result
If the command is run successfully, Alliance Access writes an event to the Event Journal with
the name of the message partner profile that was reset.
• system
• hardware configuration
• log files
• core file
• network status
Tool location
AIX: <Alliance installation directory>/BSS/bin/AIX
Solaris: <Alliance installation directory>/BSS/bin/SunOS
Command syntax
systeminfo
[2><error file>]
Parameters
1. From the System Administration application select xterm from the OS Configuration
menu.
2. In the xterm window, run the systeminfo command with the required parameters.
Result
The resulting file systeminfo.tar is located in $TMPDIR (if defined). The default path is /
usr/tmp.
K.5 saa_supportinfo
Purpose
The saa_supportinfo tool is used to collect a variety of system-related information over a
specified period and store it in a Zip file. The Alliance System Administrator sends the Zip file to
Support, for the investigation of problems.
Alliance Access configuration data, event journal, trace files, and logs are part of the information
that is collected. However, secure information is not collected, for example, passwords or keys.
Important Some events related to FIN messages contain the full message payload. If you do
not want the FIN message payload to be collected with this tool, then use the
Journalise Msg Text security parameter.
• If the database starts successfully, then the collected information is saved in an output file.
• If the database fails to start, then the tool only collects information that does not require
database access, and saves it in an output file.
Tool location
Windows:<Alliance installation directory>\BSS\bin\win32
AIX: <Alliance installation directory>/BSS/bin/AIX
Solaris: <Alliance installation directory>/BSS/bin/SunOS
Command syntax
saa_supportinfo
[-output <output_dir>]
[-from <From_datetime>]
[-to <To_datetime>]
[-hc]
[-help]
Parameters
-from <From_datetime> Specifies the time period, in the format YYYYMMDD[THHMM], during which
-to <To_datetime>put information is collect. This information includes ( the event journal, trace
files, and log directory.
If you do not use this option, then the tool collects logging information from
the previous 24 hours.
If -from and -to are present, then the logging information for the specified
day period is retrieved.
If the date is specified but not the time, then the default time is 00:00:00 for
<From_datetime>, and 23:59:59 for <To_datetime>.
If only -from <from_datetime> is present, then the logging information for
the specified date is retrieved for a period from the time specified, or, by
default, 00:00:00 to 23:59:59.
If only -to <To_datetime> is present, then the logging information for the
specified date is retrieved for a period from 00:00:00 to the time specified,
or, by default, 23:59:59.
-hc Checks the integrity of the operating system and resource information.
1. Log on as Alliance System Administrator to the host machine where Alliance Access is
installed.
2. Start the Alliance Installation application and double-click the Command Prompt icon.
3. In the Command Prompt window, run the saa_supportinfo command with the required
parameters.
1. Log on as Alliance System Administrator to the host machine where Alliance Access is
installed.
2. From the System Administration application window, select xterm from the OS
Configuration menu.
3. In the xterm window, run the saa_supportinfo command with the required parameters.
Result
The syntax of the output file name is saa_supportinfo.<YYYYMMDDTHHMMSS>.zip
Where:
• YYYYMMDD and THHMMSS are the creation date and time of the zip file
The zip file contains two directories with the collected information:
• system information (provided by the checkhost tool and the Report utility)
– control tables for the message and event daily table sets
• Alliance Access product events log for the specified time frame
• log files of the embedded application server (in case of Server-Embedded products).
The time-related options (-to and -from) limit, when applicable to the Alliance Access
product, the extracted information for:
– content of the log directory (only files with a last modification date that falls in the [from-
to] time frame).
Note The security parameter, Software Check At Startup, controls whether the Integrity
Verification Tool is run each time that Alliance Access is started.
Tool location
Windows:<Alliance installation directory>\bin
AIX: <Alliance installation directory>/bin
Solaris: <Alliance installation directory>/bin
Command syntax
saa_system integrity
Parameters
integrity [short] Verifies the integrity (absence of unauthorised updates) of the Alliance
[<adk_component_names Access software files.
> This command launches the Integrity Verification Tool. The tool generates
a full integrity report that is compared to the last full integrity report which
was produced during installation or upgrade.
Specify [short] to run a less-intense check.
Specify <adk_component_names>, to check only specific components of the
Alliance Developers Toolkit. If you omit this parameter, then all components
of the Alliance Developers Toolkit are checked.
1. Start the Alliance Installation application and double-click the Command Prompt icon.
2. In the Command Prompt window, run the saa_system integrity command with the
required parameters.
1. From the System Administration application select xterm from the OS Configuration
menu.
K.7 saa_query
Purpose
You can run a query to extract the content of events or messages (live or archived) from the
database. The query provides the contents of events or messages that were created within a
specific time period.
The results are provided in an output file, which uses the same XML format as the Alliance
Access Web services for queries on messages.
Note You do not need the Web services licence package to use this command.
Prerequisites
Before launching the command, check the following conditions:
• The Alliance Access server must be running in either operational or housekeeping mode.
• If the Alliance Administrator runs the command and the -user or -application
parameters are excluded, then the Software Owner Profile security parameter must specify
a valid operator profile.
Tool location
Windows:<Alliance installation directory>\bin
AIX: <Alliance installation directory>/bin
Solaris: <Alliance installation directory>/bin
Operator session
Your Alliance Access licensing agreement allows only a certain number of operators to use the
system concurrently. Running this command starts an operator session with Alliance Access,
and this session is included in the count of concurrent users of the system.
Command syntax
saa_query
[-user|-application <username>]
[-password <password>] | [-passwordfile <password_file>]
[-overwrite]
[-port <port_number>]
-outputfile <file_pathname>
-message|-event
[-start <yyyymmddThhmmss> -end <yyyymmddThhmmss>]
Parameters
-user <username> The name of the Alliance Access operator of type Human executing the
command.
If the -user or -application argument is not specified, then the software
owner must launch the command. In this case, the Software Owner
Profile security parameter must be defined.
-application The name of the Alliance Access operator of type Application executing the
<username> command.
If the -user or -application argument is not specified, then the software
owner must launch the command. In this case, the Software Owner
Profile security parameter must be defined.
-passwordfile The name of the password file that contains the password.
<password_file>
-overwrite Specify this parameter to overwrite the values in an existing output file. If
you omit this parameter, then no changes are made to an existing output
file.
-port <port_number> The port number of the local host in which the Alliance Access is listening.
Default port number: 48200.
-outputfile The name of the output file in which details of the messages or the events Yes
<file_pathname> are stored.
-start Specify this parameter to indicate a date and time from which to start and
<yyyymmddThhmmss> - end the extraction of messages or events from the database. The time and
end <yyyymmddThhmmss> date are local to the server.
If you omit this parameter, then the tool is run on the current day from
00:00 to 23.59.
3. In the Command Prompt window, run the saa_query command with the required
parameters.
The contents of all messages or events that have a creation time or date within the time period
are exported from the database to an output file.
2. From the System Administration application, select Xterm from the OS Configuration
menu.
3. In the xterm window, run the saa_query command with the required parameters.
The contents of all messages or events that have a creation time or date within the time period
are exported from the database to an output file.
Log file
When you run the command, Alliance Access creates a log file,
saa_query_<Timestamp>.output, with the details about the time and the date that the tool
was used. It also provides the name of the output file.
Related information
For more information about the XML format that is used in the output file, see the Web Services
Developer Guide.
K.8 sa_split
Overview
The sa_split tool is used to split any large file into chunks. This can be used for outputs of
the saa_supportinfo tool, or for any other files that Support may ask you to send on an
exceptional basis.
Tool location
Windows:<Alliance installation directory>\bin
AIX: <Alliance installation directory>/bin
Solaris: <Alliance installation directory>/bin
Command syntax
sa_split
[-size <size>]
<filename> | -combine <filepath_name>
Parameters
1. Start the Alliance Installation application and double-click the Command Prompt icon.
2. In the Command Prompt window, run the sa_split command with the required
parameters.
1. From the System Administration application select xterm from the OS Configuration
menu.
2. In the xterm window, run the sa_split command with the required parameters.
Legal Notices
Copyright
SWIFT © 2011. All rights reserved.
You may copy this publication within your organisation. Any such copy must include these legal notices.
Confidentiality
This publication may contain SWIFT or third-party confidential information. Do not disclose this publication
outside your organisation without the prior written consent of SWIFT.
Disclaimer
SWIFT supplies this publication for information purposes only. The information in this publication may
change from time to time. You must always refer to the latest available version on www.swift.com.
Translations
The English version of SWIFT documentation is the only official version.
Trademarks
SWIFT is the trade name of S.W.I.F.T. SCRL. The following are registered trademarks of SWIFT: SWIFT,
the SWIFT logo, 3SKey, Innotribe, Sibos, SWIFTNet, SWIFTReady, and Accord. Other product, service, or
company names in this publication are trade names, trademarks, or registered trademarks of their respective
owners.