ACCC & DSB | CDR Implementation Call Agenda & Meeting Notes | 29th of July 2021 - ConsumerDataStandardsAustralia/standards GitHub Wiki
ACCC & DSB | CDR Implementation Call Agenda & Meeting Notes (29th of July 2021)
When: Weekly every Thursday at 3pm-4.30pm AEST
Location: WebEx, quick dial +61-2-9338-2221,,1650705270##
Meeting Details:
Desktop or Mobile Devices
https://treasuryau.webex.com/treasuryau/j.php?MTID=m9614a7c6166155d3d950a8999e437f9f
Once connected to your meeting remember to start your audio and video
Please mute when you are not speaking.
Video Conferencing (VC) Rooms
Use the remote control or touch panel and dial the number indicated below:
External VC Room: [email protected]
Phones - AUDIO ONLY
- Primary Australia: +61-2-9338-2221
- Quick Dial: +61-2-9338-2221,,1650705270##
- Other Global Numbers: https://treasuryau.webex.com/cmp3300/webcomponents/widget/globalcallin/globalcallin.do?MTID=m311f46c87a3ab9ae5335a6c0ea431da4&MTID=m311f46c87a3ab9ae5335a6c0ea431da4&MTID=m311f46c87a3ab9ae5335a6c0ea431da4&MTID=m311f46c87a3ab9ae5335a6c0ea431da4&serviceType=MC&serviceType=MC&serviceType=MC&siteurl=treasuryau&siteurl=treasuryau&siteurl=treasuryau&apiname=globalcallin.php&apiname=globalcallin.php&apiname=globalcallin.php&rnd=6124483603&rnd=6124483603&rnd=6124483603&tollFree=0&tollFree=0&tollFree=0&ED=1403111402&ED=1403111402&ED=1403111402&needFilter=false&needFilter=false&needFilter=false&actappname=cmp3300&actappname=cmp3300&actname=/webcomponents/widget/globalcallin/gcnredirector.do&actname=/webcomponents/widget/globalcallin/gcnredirector.do&renewticket=0
- Meeting Number/Access Code: 165 070 5270
Agenda
- Introductions
- Actions
- CDR Stream updates
- Presentation
- Q&A
- Any other business
Introductions
- 5 min will be allowed for participants to join the call.
Recording
The Consumer Data Right Implementation Calls are recorded for note taking purposes. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material shall be provided without the participant's consent. Participants may [email protected] should they have any further questions or wish to have any material redacted from the record.
Acknowledgement of Country
We acknowledge the Traditional Custodians of the various lands on which we work today and the Aboriginal and Torres Strait Islander people participating in this call.We pay our respects to Elders past, present and emerging, and recognise and celebrate the diversity of Aboriginal peoples and their ongoing cultures and connections to the lands and waters of Australia.
Updates
| Type | Topic | Update |
|---|---|---|
| Standards | Version 1.11.0 Published | Link to change log here |
| Standards | Version 1.11.0+ | Planned for End of July 2021 |
| Maintenance | 7th Maintenance Iteration Closed | Retrospective MIRO Board - now Closed |
| Maintenance | 8th Maintenance Iteration Commenced | Meeting notes from the 14th of July 2021 meet |
| Maintenance | Decision Proposal 202 - Banking Maintenance Iteration 8 | Link to consultation |
| DSB Newsletter | To subscribe to DSB Newsletter | Link here |
| TSY Newsletter | To subscribe to TSY Newsletter | Link here |
| TSY Newsletter | 14th of July 2021 | View in browser here |
| DSB Newsletter | 23rd of July 2021 | View in browser here |
| Consultation | Decision Proposal 180 - Energy Draft Feedback Cycle 3 | Link to consultation |
| Consultation | Decision Proposal 182 - InfoSec Uplift for Write | Link to consultation |
| Consultation | Decision Proposal 183 - Purpose Based Consents | Link to consultation |
| Consultation | Decision Proposal 186 - Engineering Support | Link to consultation |
| Consultation | Decision Proposal 191 - Retailer to AEMO InfoSec Profile | Link to consultation |
| Consultation | Decision Proposal 200 - Action Initiation Framework | Link to consultation |
CDR Stream Updates
Provides a weekly update on the activities of each of the CDR streams and their workplaces
| Organisation | Stream | Member |
|---|---|---|
| ACCC | CDR Register (Technical) | Ivan Hosgood |
| ACCC | CTS | Jonathon Ingle |
| ACCC | Onboarding | Jonathon Ingle |
| DSB | CX Standards | Michael Palmyre |
| DSB | Technical Standards - Banking | Mark Verstege |
| DSB | Technical Standards - Energy & Engineering | James Bligh |
Presentation
None this week.
Q&A
Questions will be received by the community via WebEx chat before the questions are opened to the floor. Participants can pre-submit questions to the DSB mailing box.
We are trialling Sli.do for Question and Answer. Join our Q&A live here: https://www.sli.do/ Code: #169517
Answer provided
| Ticket # | Question | Answer |
|---|---|---|
| 777 | Can consent be active without any attached accounts? Is it mandatory for a DH (Data Holder) to allow a consent with no attached accounts? | Yes, as accounts are only associated with a consent/authorisation Yes, in accordance with the rules on eligible consumers and required consumer data CDR Support Portal Article |
| 863 | The Noting Paper 157 published in the standards GITHub on 26th May 2021 calls out that the authorisation flow for Nonindividuals, partnerships, and secondary users is Optional for Nov 2021 implementation for the majors. Can you kindly elaborate on what parts of the obligation for Nonindividuals, partnerships, and secondary users remains mandatory for the majors for Nov 2021? Also since DP160 is still awaiting approval from the chair, does it mean that the obligation dates for the above are moving or will be deferred for Nov 2021? Looking for your inputs at the earliest convenience. | The DP160-related standards were made on 25 June and were incorporated into the v1.11.0 release on 30 June. You can find details on when these standards apply in the future-dated obligations sections of the standards, as follows: Data Holders MAY implement the following data standards effective from 1 November 2021: -Unavailable Accounts: No accounts can be shown -Unavailable Accounts: Authorisation not permitted -Unavailable Accounts: Request sharing rights Data Holders MUST implement the following data standards effective from 1 February 2022: -Withdrawal: Secondary User Instruction Please refer to the rules on non-individuals, partnerships and secondary users as these standards do not supersede the rules obligations and timings. |
| 870 | Do you have a recommendation for the preferred field to use for an ADR's display name in the DH consumer dashboard and consent flow (authentication & authorisation)? e.g. OrgName or clientName or both? Or are you aware of what other DHs are doing in the period before the consultation on this is complete? | Please see the CX Guidelines for authentication, authorisation, and DH dashboards in relation to required and recommended ADR fields. Authentication The CX Guidelines suggest the ADR brand name (e.g. org_name) be used for the authentication flow whereever the ADR is referenced. Authorisation CX Guidelines for the authorisation flow note that the rules require DHs to refer to the accredited person's name using the legal entity name (e.g. legal_entity_name) during the authorisation flow (CDR Rule 4.23(1)(a) and (2). Dashboards The rules are less prescriptive concerning dashboards, but the CX Guidelines recommend that DHs organise authorisations on dashboards using the ADR's brand name and software product name (e.g. client_description). Anticipated proposal CX standards will be consulted in Q3/Q4 that propose the inclusion of the brand name (e.g. org_name) in the authorisation flow (in addition to the legal entity name) and allow the ADR's accreditation number to be included. This is consistent with the knowledge article you referenced and will help establish greater consistency between the consumer-facing entity, authentication, and dashboards. |
| 945 | Will there be an opportunity to do CTS testing for the Enhanced Error Handling, mandated for 1 Feb 2022? Will CTS testing be required for it? | The CTS will accept standardised errors (part of Enhanced Error Handling), but not validate them, from 30 July. There are no plans currently to target Enhanced Error Handling specifically with a scenario. However, in existing test scenarios where an error is an expected response, the CTS will be expecting standardised errors by November. The CTS will be validating standard error content, and will begin disallowing custom/application errors at this time. As such, conformance testing for Enhanced Error Handling specifically will not be required, but it will be baked in to February obligations release, which may require participants to perform CTS testing. The CTS is not intentioned to cover all parts of the Consumer Data Standards (CDS), but rather just to target critical parts of the CDS to mitigate risk and provide assurance to the Registrar that participants can engage safely in the CDR ecosystem. |
| 947 | Under – BankingScheduledPaymentTo –> payeeId – CDR description says : Indicates that the payment is to registered payee that can be accessed using the payee end point. If the Bank Payees scope has not been consented to then a payeeId should not be provided and the full payee details should be provided instead. Queries: What is the full payee details referred to here? The data type of payeeID is ASCIIString so what is the full detail expected here? | Question 1: What is the full payee details referred to here? Answer 1: The payee details are otherwise to be expressed as either a domestic, biller or international payee where the toUType is set to the appropriate payee structure: toUType biller -> BankingBillerPayee toUType domestic -> BankingDomesticPayee toUType international -> BankingInternationalPayee Question 2: The data type of payeeID is ASCIIString so what is the full detail expected here? Answer 2: The payeeID is a unique identifier for payee resource adhering to the rules of ID permanence defined here. |
| 950 | Regarding to get bulk balance, whether the response need to support on returning balance on a specific list of accounts? For example, consumer provided the consent for sharing bulk balance on 6 accounts. However, sometime during the sharing data, consumer only would like to get bulk balance on 3 of 6 accounts. Can the response return bulk balance on 6 accounts by ignoring request for a specific list of account from the request? | Currently the data standards do not support fine grained consent where the consumer can consent to share bulk balances for 3 out of the 6 accounts they elect to share. The data standards currently facilitate data sharing based on consent to share "data clusters". The account balance data is shareable under the "bank:accounts.basic:read" scope. This includes the Get Accounts API, Get Account Balances API, Get Bulk Balances API and Get Balances For Specific Accounts API. |
Useful Links
View a number of informative and useful links in the Consumer Data Standards Implementation Guide on Information Links.