ASPs and RM traffic filtering

An MSIF transfer service automatically checks whether it is authorized to send or receive a request primitive based on the application service profile (ASP) of the corresponding SWIFT service and the relationship management (RM) data, unless the RM filtering for MSIF is locally disabled. For more information about ASP and RM data, see Concepts associated with SWIFT artifacts, and for information about configuration of RM filtering, see Configuring the Authorization checking service.

When an MSIF transfer service processes a scenario to send or receive a message or file, it checks the ASP of the specified service to determine whether RM is used by that service and, if so, whether deployment is in the trial stage or the mandatory usage stage.

If RM traffic filtering is not required for that service, the request is authorized by default. An MSIF transfer service notes in the message warehouse that the request is authorized and continues to process the scenario.

If RM traffic filtering is required for that service, an MSIF transfer service determines whether the RM data store (RMDS) contains the necessary authorisation:
  • If so, the request is authorized. The MSIF transfer service notes this in the message warehouse and continues to process the request.
  • Otherwise (that is, if the RMDS does not contain the necessary authorisation):
    • If a message is to be received in SnF mode:
      • In the Completion.ReasonList.Reason folder of the MsgReceived notification, the MSIF transfer service sets the Code element to the value PartialOk and the Value element to the following value:
        • DNFL9425I if RM deployment is in the trial stage for the service
        • DNFL9430E otherwise
      • The MSIF transfer service notes in the message warehouse that the request is not authorized, but forwards the message to the receiving application.
    • If a message is to be received in real-time mode, or if a message is to be sent, or if a file is to be sent or received:
      • If RM deployment is in the mandatory usage stage for the service, the request is not authorized. The MSIF transfer service notes this in the message warehouse and rejects the request as being invalid. It includes, for a message or file to be sent, information in the corresponding response indicating that the request is not authorized.
      • If RM deployment is in the trial stage for the service, the request is not authorized. You set, for each OU, a parameter that determines whether the MSIF transfer service is to accept and continue processing such requests or reject them as being invalid. In either case, the MSIF transfer service:
        • Stores an information, in the message warehouse, that the request was not authorized during the trial stage
        • Includes, for a message or file to be sent, information in the corresponding response indicating that the request is not authorized
In this way, an MSIF transfer service automatically filters the message traffic to remove unauthorized requests.