Table of Contents - APTAStandards.com
Table of Contents - APTAStandards.com
Table of Contents - APTAStandards.com
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
opted to contract these services out in the UK and <strong>of</strong>fered the Request For Proposals<br />
for<br />
these activities to be made available to APTA without charge if needed. ITSO<br />
representatives from UK <strong>of</strong>fered two alternative scenarios for adoption <strong>of</strong> the<br />
specification.<br />
• APTA is allowed to use and modify the current ITSO specification in any way<br />
they desire to <strong>com</strong>e up with their own specification based on ITSO. No licensing<br />
or memberships fees are required. Only the specification documents on the<br />
Internet will be available in this option, therefore APTA will have to 'reverse<br />
engineer' the SIM card Secure Application Module and the security key<br />
management service, if needed<br />
• A subset <strong>of</strong> ITSO can be formed in the US, which APTA can manage. There<br />
is no<br />
cost involved in this option. A USA implementation <strong>of</strong> ITSO under the APTA<br />
name would constitute a separate security domain and therefore all the keys<br />
would be different. APTA can therefore set its own rules. The ITSO rules will be<br />
made available to APTA to implement at will. APTA does not need to use the<br />
ITSO <strong>of</strong>ficial name or logo.<br />
Setting up an APTA equivalent to ITSO can be done as soon as their membership<br />
groups are defined and the membership is elected. This process can take approximately<br />
three months. Putting in place the (few) full-time people, the contracts and the<br />
processes raises the time estimate to at least six months. The current suppliers to ITSO<br />
(ecebs for the ISAMs, Integri for Certifcation and Royal Bank <strong>of</strong> Scotland for Security<br />
Key Management) would all be willing to supply the sub-contract services at a fee, if<br />
necessary.<br />
4.3<br />
Open Financial Exchange (OFX)<br />
4.3.1 Description <strong>of</strong> the Specification<br />
Open Financial Exchange is a specification for the electronic exchange <strong>of</strong> financial<br />
data<br />
between financial institutions, businesses and consumers via the Internet. Created by<br />
CheckFree,<br />
Intuit and Micros<strong>of</strong>t in early 1997, Open Financial Exchange supports a<br />
wide range <strong>of</strong> financial<br />
activities, including consumer and small business banking,<br />
consumer and small business bill payment, bill presentment and investments tracking<br />
(including stocks,<br />
bonds, mutual funds, and 401(k) account details). Since the 2000<br />
release <strong>of</strong> the Version<br />
2.0, OFX has be<strong>com</strong>e XML 1.0 <strong>com</strong>pliant and has added 1098,<br />
1099 and W2 tax form<br />
download capabilities. Open Financial Exchange (OFX) is a<br />
broad-based<br />
framework<br />
for exchanging financial data and instructions between<br />
customers and their financial institutions. It is based on open standards for data<br />
formatting (such as XML), connectivity (TCP/IP), and security (SSL). It defines the<br />
request and response messages used by each financial service as well as the <strong>com</strong>mon<br />
framework and infrastructure to support the <strong>com</strong>munication <strong>of</strong> those messages.<br />
Page 31