ACCC & DSB | CDR Implementation Call Agenda & Meeting Notes | 30 January 2025 - ConsumerDataStandardsAustralia/standards GitHub Wiki

imp-call_header

Agenda & Meeting Notes

When: Weekly every Thursday at 3pm-4:30pm AEST
Location: Microsoft Teams
Meeting Details: Join on your computer, mobile app or room device Click here to join the meeting
Meeting ID: 446 019 435 001
Passcode: BU6uFg
Download Teams | Join on the web
Join with a video conferencing device
[email protected]
Video Conference ID: 133 133 341 4
Alternate VTC instructions Or call in (audio only)
+61 2 9161 1229,,715805177# Australia, Sydney Phone Conference ID: 715 805 177# Find a local number | Reset PIN
Learn More | Meeting options

Agenda

  1. Introductions
  2. House Keeping
  3. Updates
  4. CDR Stream updates
  5. Presentation
  6. Q&A
  7. Any other business

Introductions

imp-call_intro

  • 5 min will be allowed for participants to join the call.
  • This call is jointly facilitated by the ACCC and the DSB, and we welcome observers from APRA, OAIC and the Treasury.

House Keeping

imp-call_house-keeping

Recording

The Consumer Data Right Implementation Calls are recorded for note taking purposes. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material shall be provided without the participant's consent. Participants may [email protected] should they have any further questions or wish to have any material redacted from the record.

Community Guidelines

By participating in the Consumer Data Right Implementation Call you agree to the Community Guidelines. These guidelines intend to provide a safe and constructive space for members to discuss implementation topics with other participants and members of the ACCC and Data Standards Body.

Updates

imp-call_updates

⭐ indicates change from last week.

Type Updated Links
Standards Version 1.33.0 Published: 18th of December 2024
Change log
Maintenance ⭐ Iteration 22 to commence 5 February 2025 Registration open
DSB Newsletter To subscribe to DSB Newsletter Link here
DSB Newsletter ⭐ 24 January 2025 View in browser here
Consultation Decision Proposal 361 - Energy LCCD Phase 2 Feedback closes: 4 February 2025
Link to consultation
Consultation Noting Paper 363 - Applicability of Authentication Frameworks Link to consultation
Consultation ⭐ Decision Proposal 364 - Maintenance Iteration 22 Link to consultation
Feedback Request for Community Feedback on Issue 674
Note: this is pertinent for Accredited Data Recipients		 Standards Maintenance Issue 674
Guidance ⭐ Guidance on introducing a new software product
The ACCC has published a new article that provides guidance to ADRs considering whether to introduce a new software product to collect a CDR consumer’s CDR data. The article is available on the CDR Support Portal		 CDR Support Portal
Tooling JSON schema tools: updated to align with the latest version of CDS (1.33.0) Repository
Tooling ⭐ Type Definition Library: Updated to align with the latest CDS (1.33.0) npm Package
Standards Transaction Security Ciphers FDO. Ensure your systems support only BCP195 recommended ciphers to meet compliance requirements by March 17 2025. Future Dated Obligations page
Video 135: CDS 1.33.0 Release Walkthrough and Changes - with Jarryd Judd (02/01/2025) DSB YouTube Video
Video 136: Decision Proposal 361 - narrated by Jarryd Judd (08/01/2025) DSB YouTube Video
Video ⭐ 137: Noting Paper 363 - narrated by Neale Morison (28/01/2025) DSB YouTube Video

CDR Stream Updates

imp-call_stream-updates
Provides a weekly update on the activities of each CDR stream and their work.

Organisation Stream Member
DSB Energy Hemang

Presentation

imp-call_presentation
None this week.

Q&A

imp-call_q+a

Questions will be received by the community via Microsoft Teams chat before the questions are opened to the floor. Participants can submit questions outside of the CDR Implementation Call to the CDR Support Portal.

In regards to topics for questions, we ask the participants on the call to consider the Community Guidelines when posing questions to the subject matter experts.

Answer provided

Ticket # Question Answer
2441 Dataholder Dashboard - "Amend" label requirement

When displaying Authorisation History details, is it required to show the "Amended" label over the sections that have changed?

Is it not adequate to show the snapshot of each amendment with all the details?		 The DSB is unable to provide advice on individual implementations of the CDR rules. However, we note the following general guidance:

Rules 1.15(1)(b), (5)(a) and (3)(h) require the consumer dashboard to contain details of each amendment (if any) that has been made to an authorisation. The DSB's published Amended authorisation wireframes contain an example of how these rules can be satisfied (Consent Management (Data holder): Authorisations, Amended Authorisations). However, please note this is an example only. It is for data holders to determine how they comply with the rules, by for example:

- only including the summary text under the date on the ‘Authorisation history summary’ screen without any ‘amended’ labels on the screens under the ‘Authorisation history details’ tab
- only including the ‘amended’ labels in the screens under the ‘Authorisation history details’ tab without any summary text on the ‘Authorisation history summary’ screen.

As suggested by the CX Guidelines, the DSB considers it best practice for DHs to implement both options (1) and (2) (i.e. to provide both the summary text and the ‘amended’ labels), as there may be times when it is insufficient to only implement one. We note that DHs are also not limited to only using these two options. However, simply displaying past versions of an authorisation e.g. under the ‘Authorisation history details’ tab without flagging the details of what has been amended is likely not compliant.
2481 A query regarding the most appropriate logic to ‘unattended’ API calls.

‘x-fapi-customer-ip-address’ is specified as 'optional' parameter for the banking API calls by ADR. Should a data holder just rely on this field to determine if the call was 'unattended', or if we also need to look at 'x-cds-client-headers' ? The specifications states that "x-fapi-customer-ip-address" should be populated with a valid IP address for customer present calls. It does not specifically say whether this header can be present for "unattended" calls as well. There is a possibility that this header is present for "unattended" calls as well, for example, with invalid IP address value such as 0.0.0.0?		 The x-fapi-customer-ip-address header is optional because it is not expected to be present when unattended calls are being made.

It should only be populated when the customer is present, as the description states:

“The customer's original IP address if the customer is currently logged in to the Data Recipient Software Product. The presence of this header indicates that the API is being called in a customer present context.”

In terms of Data Holder logic, the Definitions section states:

* Customer Present: Authenticated API requests made in direct response to interactions by the end customer using the digital services of the Data Recipient Software Product will be considered "Customer Present". Technically a data holder will define an API request as "Customer Present" if, and only if, the x-fapi-customer-ip-address header is populated with a valid IP address of the end customer's device.

* Customer Not Present: Authenticated API requests that are not deemed to be "Customer Present".

* Unattended: A synonym of "Customer Not Present".

1. You should probably not only check for the presence of the x-fapi-customer-ip-address header, as the definition states it must contain a valid IP address.

2. There should not be a need to also check for the x-cds-client-headers header as that is not part of the current requirement.

3. It would be helpful if you have any insight as to inconsistencies you have observed in requests, such as invalid IP addresses being provided, or an invalid or missing IP header when the CDS Client header appears to indicate that the consumer is present.

Any Other Business

imp-call_any-other-business
Attendees are invited to raise topics related to the Consumer Data Right that would benefit from the DSB and ACCCs' consideration.

Useful Links

imp-call_useful-links View a number of informative and useful links in the Consumer Data Standards Guide on Information Links.

Data Standards Body Consumer Data Right Digital ID Contact & Media
Chair Standards Accreditation Standards Website
News Maintenance Iteration AGDIS Standards Email
Advisory Committee CX Guidelines Calendar
Support Portal LinkedIn
YouTube
GitHub
Newsletter
⚠️ **GitHub.com Fallback** ⚠️