Date and time: 30/03/2022, 2:00pm – 4:00pm AEDT

NOTE: meeting duration is 2 hours to accommodate Information Security, Register, Banking and Energy.

Location: WebEx

Dial-in details:

• https://treasuryau.webex.com/treasuryau/j.php?MTID=mf148de6a206fb95e1d25055ee9b7c90d
• Dial In Number: +61 2 9338 2221
• Dial In Access Code: 2653 293 7148
• Quick Dial: +61-2-9338-2221,,26532937148## Australia Toll

Chair: Ivan Hosgood, DSB

Maintenance overview: Further information

Maintenance project board: See here

Decision Proposal: This maintenance iteration is being consulted on under Decision Proposal 237

Recording

The Maintenance Iteration Calls are recorded for note taking purposes only. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material will be provided without the participant's consent. Participants may email [email protected] should they have any further questions or wish to have any material redacted from the record.

Acknowledgement of Country

We acknowledge the Traditional Custodians of the various lands on which we work today and the Aboriginal and Torres Strait Islander people participating in this call.We pay our respects to Elders past, present and emerging, and recognise and celebrate the diversity of Aboriginal peoples and their ongoing cultures and connections to the lands and waters of Australia.

Agenda

• Introductions
• Outstanding Actions
• Release plan
• Open Decision Proposals: key consultation dates
• Iteration 10 issues
• Any other business

Meeting notes

• Meeting Notes
• Next steps

Introductions

This week is the third call of the 10th maintenance iteration.

The purpose of the meeting is to collaborate on issues targeted in the 10th maintenance iteration.

• Overview, purpose and intended outcomes of the meeting

Outstanding Actions

• DSB will work through Issue #464 to determine opportunities for improvement to address MI9 Retrospective.
• DSB to reach out to ADR contacts to assess priority of change for MI10 banking change requests #291 and #292.
• NAB to perform analysis on Issue #229 Service field in the Get Transaction Details API and advise on outcome in MI10 Meeting #2.
• Issue #438 A definition for Calculation Factor is required. Kingson EA to check and advise. DSB will then draft up structure to accommodate proposed changes for comment.
• Issue #439 DSB to propose solutions options to accommodate pricing models as an attribute of the charge instead of the contract.
• DSB to consider alignment of definition for BUSINESS DAYS and ENUM values for DAYS across sectors
• Issue #452 DSB to propose deprecation dates on each new Register API version
• Issue #452 DSB to model out scenarios for data holder behaviour when presented with unsupported authorisation scopes in the registration flows. This includes validating the assumption that Banking will not be impacted by the implementation of Energy.
• Issue #472 DSB to raise new issue to assess consistent representation of ENUM values for 'days' across sectors and within energy endpoints
• Issue #435 Biza/Participant to provide comments for further consideration
• Issue #435 DSB will follow up with the CDR Rules team and the OAIC regarding privacy considerations with sharing a second-party's details under the primary consumer's consent
• Issue #458 DSB to include examples to describe the transition to FAPI 1.0
• Issue #444 ACCC to publish a description of the new unauthenticated API on the issue and address industry requests.
• Issue #488 DSB to set expectations for data holder behaviour when receiving registrations with unsupported authorisation scopes. 
• Issue #488 DSB to discuss internally what evidence can be presented to determine whether DHs will be non-compliant when scopes grow
• Issue #486 DSB to work through what future controls on authorisation scopes are required and how stakeholders may manage them
• Issue #443 DSB to document default position on SSA change management for the community to review

Release plan

• 1.16.1 was released on the 22nd of March 2022.
• MI 10 change requests will be published in release 1.17.0

Obligation Dates

• Refer to the obligation dates agreed on in MI10 Meeting #3.

Open / Active Decision Proposals

The following decision proposals are open for community feedback

DP #	Closing date	DP
229	Placeholder	Decision Proposal 229 - CDR Participant Representation
203	No closing date	Normative Standards Review (2021)
240	No closing date	Decision Proposal 240 - ADR Metrics
245	TBD	Soon to be published: Decision Proposal 245 - Enhancing Data Recipient Accreditation Negotiation

Iteration 10 Issues

All open change requests can be found here: Standards Maintenance Issues.

The standards maintenance backlog can be found here: Data Standards Maintenance

Iteration 10 Progress

The following change requests are currently in the design stage for this iteration

Issue #	Sector	Change Request	Decision	Change Status	Future DatedObligation (FD)	Affected Schema(if applicable)	Affected Endpoint(if applicable)	Recommendation
448	Energy	EnergyPlanDiscounts contains optional fields that should be conditional	Change Recommended	Non-breaking change		EnergyPlanDiscounts
449	Energy	EnergyPlanSolarFeedInTariff days field should be mandatory	Change Recommended	Non-breaking change		EnergyPlanSolarFeedInTariff
457	Energy	Energy - Get Service Point Detail register suffix should be optional	Change Recommended	Non-breaking change		EnergyServicePointDetail
423	Energy	Review of demand charges in energy billing transactions	Under consultation			EnergyBillingTransaction
438	Energy	Representing adjustment transactions within the Billing Payload for C&I customers	Under consultation			EnergyBillingOtherTransaction
439	Energy	Review Pricing Model & Time Zone attributes within Account Detail Payload	Under consultation				Get Energy Account Detail
472	Energy	Modify Energy Plans structure to allow Time of Use based Controlled Load rates	Under consultation			EnergyPlanControlledLoad
476	Energy	Modify Energy concessions structure to allow non-fixed (e.g. daily, monthly etc.) concessions	Under consultation			EnergyConcessionsResponse
477	Energy	Secondary Data Holder Planned Outages and Status	Under consultation
478	Energy	Energy Secondary Data Holder & Application Specific Errors	Under consultation
453	Register	Consider an upper bound on trusting entity statuses when they go missing	Change Recommended	Non-breaking change				Specify no upper-bound
465	Register	Confirm Register API 2022 release dates	Under consultation
452	Register	Deprecation and retirement dates for CDR Register superseded endpoint versions needs to be defined	Change Recommended	Breaking Change	07/04/2023	N/A	CDR Register APIs
459	Register	Sector Agnostic Register APIs	Not Supported	No change	N/A	N/A	N/A	No change
444	Register	Add an unauthenticated GetDataHolderBrands endpoint exposed as a public API	In Progress
488	Register	Data holder behaviour clarification required when receiving registrations with unsupported authorisation scopes	Change Recommended	Breaking change	15/11/2022	N/A	Register Data Recipient oAuth Client, Update Data Recipient Registration	Data Holder Brands should ignore unsupported authorisation scopes presented in the SSA for the creation and update of Client Registrations.
486	Register	Allow ADRs to specify scopes for a Software Statement Assertion (SSA) to support cross industry software products	Continue consultation through DP245	N/A	N/A	N/A	N/A	This topic is complex and requires dedicated consultation. DP 245 has been raised to continue this work
443	Register	SSA definition: Deprecation of revocation_uri	Change Recommended				Get Software Statement Assertion (SSA)	This work contributes to the delivery of #444
431	Register	Register participant statuses do not detail data holder behaviour when ADR is revoked and SP inactive #431	Deferred
498	Register	New Register Authenticated APIs versions require multiple authorisation scopes #498	In Progress
405	Infosec	Alternative mechanisms for OTP
435	Infosec	Nominated representative end user for non-individual consumers
482	Infosec	JWT signing non-normative examples use unsupported signing algorithm	Change Recommended	Non-breaking change				Non-normative example update

Related Items

Issue #	Sector/Domain	Change Request
484	Register	1.13.0 Appears to have introduced new SSA error behaviours

Backlog change requests

The following change requests had been proposed for this iteration however there isn't enough remaining capacity to accommodate them. They will be prioritised for Maintenance Iteration 11 provided there is community support and no further issues with a higher priority emerge.

Issue #	Sector/Domain	Change Request
418	Register	CDR Data Holders outbound connection whitelisting
480	Register	1.13.0 appears to have broken pseudonymity of Pairwise Identifiers
409	NFR	Dynamic Client Registration Response Time NFR
458	InfoSec	FAPI 1.0 Non Normative Examples
292	Banking	Credit card balance plans and payment hierarchy: inadequate information within the CDS
291	Banking	Credit card loyalty program data: significant gaps and lack of structure
462	Banking	Make additional account attributes available in bulk standards-maintenance
463	Banking	Account holder name(s)
470	Banking	Overloading of banking language for scopes / data clusters
471	Banking	Additional credit card fields standards-maintenance
475	Energy	Energy - Representation of Spot price based contracts for C&I customers
456	Energy	Updates required to a property and the example provided in EnergyPlanSolarFeedInTariff schema
467	Energy	Missing link between Account and Plan
474	Energy	Update description of energy API attributes (where applicable) to specify which rates are GST exclusive

Any other business

Next Steps

Meeting Minutes

Notes

Outcome of discussion on Outstanding Actions

• DSB will work through Issue #464 to determine opportunities for improvement to address MI9 Retrospective.
  • Work continues to look for opportunities to improve interpretation of the Standards.
• DSB to reach out to ADR contacts to assess priority of change for MI10 banking change requests #291 and #292.
  • No progress to date, these items will be removed from MI10 and prioritised for MI11
• NAB to perform analysis on Issue #229 Service field in the Get Transaction Details API and advise on outcome in MI10 Meeting #2.
  • Mark to advise
• Issue #438 A definition for Calculation Factor is required. Kingson EA to check and advise. DSB will then draft up structure to accommodate proposed changes for comment.
  • Kingson has commented, for discussion in this session.
• Issue #439 DSB to propose solutions options to accommodate pricing models as an attribute of the charge instead of the contract.
  • For discussion in this session.
• DSB to consider alignment of definition for BUSINESS DAYS and ENUM values for DAYS across sectors
  • For discussion in this session.
• Issue #452 DSB to propose deprecation dates on each new Register API version
  • For discussion in this session.
• Issue #452 DSB to model out scenarios for data holder behaviour when presented with unsupported authorisation scopes in the registration flows. This includes validating the assumption that Banking will not be impacted by the implementation of Energy.
  • For discussion in this session.
• Issue #472 DSB to raise new issue to assess consistent representation of ENUM values for 'days' across sectors and within energy endpoints
  • Duplicate of action mentioned above
• Issue #435 Biza/Participant to provide comments for further consideration
  • For discussion in this session.
• Issue #435 DSB will follow up with the CDR Rules team and the OAIC regarding privacy considerations with sharing a second-party's details under the primary consumer's consent
  • For discussion in this session.
• Issue #458 DSB to include examples to describe the transition to FAPI 1.0
  • In progress, examples will be posted on the issue for review before the next meeting.
• Issue #444 ACCC to publish a description of the new unauthenticated API on the issue and address industry requests.
  • ACCCs published the description; for discussion in this session.
• Issue #488 DSB to set expectations for data holder behaviour when receiving registrations with unsupported authorisation scopes. 
• Issue #488 DSB to discuss internally what evidence can be presented to determine whether DHs will be non-compliant when scopes grow
  • A separate Decision Proposal will be published to address the trust model in order to simplify the changes required in this MI. Decision Proposal 245: Enhancing Data Recipient Accreditation Negotiation was published on Thursday 31/03/2022.
• Issue #486 DSB to work through what future controls on authorisation scopes are required and how stakeholders may manage them
  • Refer Decision Proposal 245: Enhancing Data Recipient Accreditation Negotiation was published on Thursday 31/03/2022.
• Issue #443 DSB to document default position on SSA change management for the community to review

MI10 Candidates

Energy

• Issues 448, 449 and 459

  • Changes as described are straight forward and will be recommended to the Chair.

• Issue 438 - Representing adjustment transactions within the Billing Payload for C&I customers

  • Feedback, carried over from MI9, has been incorporated into schema, no further change have been made. Will remain open until the MI10 meeting on the 13th of April, if no further feedback is provided the change will be recommended as is to the Chair.

• Issue 439 - Review Pricing Model & Time Zone attributes within Account Detail Payload

  • Agreement from participants that the current structure of schema can accommodate this requirement and the change will proceed with inclusion of optional timezone.
  • DSB to draft the proposal for review and if there is no further comment from participants the change will be recommended to the Chair. 439

• Issue 472 - Modify Energy Plans structure to allow Time of Use based Controlled Load rates

  • The merits of including a meter identifier as part of this change were debated. The final outcome is to exclude meter id from the schema, however for flexibility to permit it to be included in the description.
  • The 3 options suggested by the DBS were discussed. Participants agreed with the DSB's recommendation of option 2.
  • Participants to provide feedback on option 2 (including any changes to recommended ENUM values to the 'appliedTo' array).
  • [ ] DSB to update option 2 with any feedback received and will recommend the change to the Chair. 472 Comment incorrectly captured against wrong Issue. Moved to Issue 476

• Issue 476 - Modify Energy concessions structure to allow non-fixed (e.g. daily, monthly etc.) concessions

  • The 3 options suggested by the DSB were discussed. Participants agreed with the DSB's recommendation of option 2.
  • Proposed addition of concession types such as domestic violence and life support resulted in explanation that these have been deliberately omitted due to he highly sensitive nature of the information. If they were to be included it would require discussion with the Treasury Rules team.
  • If the information was communicated as free text based on case by case requirement it would be fine.
  • Participants to provide feedback on option 2 (including any changes to recommended ENUM values to the 'appliedTo' array).
  • DSB to remove "additionalValue" attribute and apply condition to "additionalInfo" attribute to be mandatory if type is "VARIABLE". 476
  • DSB to update option 2 with any feedback received and will recommend the change to the Chair. 476

• Issue 477 - Secondary Data Holder Planned Outages and Status

  • An AEMO outage would cause partial outage for all Retailers however accounts, invoice and billing would still be available. This means Retailers need a way to notify ADRs.
  • There was agreement on position to make AEMO publish get status and outage endpoints with a Future Dated Obligation (FDO).
  • DSB will put forth the position, for comments from industry, that retailers must consume and publish AEMO outage and status at an FDO yet to be determined. If there are no objections the change will be recommended to the DSB Chair.

• Issue 478 - Energy Secondary Data Holder & Application Specific Errors

  • Concern that errors returned from retailers to ADRs may not convey the true nature of a consumers individual circumstances making troubleshooting difficult.
  • For example, availability of NMI information, such as now extinct, temporary and new, when changes occur to an existing property is largely abstracted away from the Consumer where meter id is not available to obtain usage.
  • Retailers on call confirmed they do have access to service point (and consequently usage data) in a scenario where the associated property has undergone demolition which would result in new servicepointid or meters being issued. This was also confirmed in a separate call with AEMO and the energy retailers (EA, Origin and AGL) held on 31/03/2022.
  • DSB to update proposal to specify the scenarios raised in the original CR where existing error codes will be applicable.

Register

• Issue 453 - Consider an upper bound on trusting entity statuses when they go missing

  • The Register in CTS does not behave like the Register in production therefore software products disappear between tests. This behaviour has required participants to modify code in order to pass CTS.
  • Request for FDO to communicate change when CTS aligns with standards isn't warranted. FDO's are not used for project management. ACCC is responsible for delivery and operations and will set expectations of when CTS will align and enable testing
  • Proposed change to wording now potentially makes participants non-compliant to passing CTS.
  • ACCC to investigate operational issues with CTS to resolve discrepancies in Register behaviour.

• Issue 459 - Sector Agnostic Register APIs

  • Change not supported, refer to ticket for explanation.

• Issue 465 - Confirm Register API 2022 release dates

  • A transitional period is required to move to mandatory x-v. Therefore, a change to x-v optional will be required
  • A minimum/default version needs to be defined if the x-v header is not provided.
  • Proposing to align the FDO with energy rollout and let ACCC drive the operational rollout. Operational considerations will need to align with industry testing.
  • Testing this series of changes is dependent on industry testing for Energy.
  • Coordination of testing has been escalated to Treasury PMO to keep the important consideration of project management and delivery separate from the standards and FDOs.

• Issue 452 - Deprecation and retirement dates for CDR Register superseded endpoint versions needs to be defined

  • The deprecation schedule proposed on the issue enables emerging changes to be adopted more quickly than would be possible if longer deprecation dates were needed.
  • Concern that participants are unaware of this change due to decreased engagement from banking sector participants.
  • DSB to announce deprecation schedule for #452 at the next Implementation Call, however if teams have rolled off it is not DSBs responsibility to ensure participants are aware, the compliance obligations rests with them alone.

• Issue 444 - Add an unauthenticated GetDataHolderBrands endpoint exposed as a public API

  • BrandId is proposed as optional. 
  • Eager for industry participants to comment.
  • DBS to assess whether all consequences associated to #444 have been considered and discuss at the meeting on 13 April 2022.

• An additional meeting has been scheduled for Wednesday 6/04/2022 @ 2:00PM AEST to discuss the following items.

  • Issue 486 - Allow ADRs to specify scopes for a Software Statement Assertion (SSA) to support cross industry software products
  • Issue 488 - Data holder behaviour clarification required when receiving registrations with unsupported authorisation scopes
  • Issue 443 - SSA definition: Deprecation of revocation_uri
  • Issue 498 - New Register Authenticated APIs versions require multiple authorisation scopes

Information Security

• An additional meeting has been scheduled for Wednesday 6/04/2022 @ 2:00PM AEST to discuss the following items.

  • Issue 435 - Nominated representative end user for non-individual consumers
  • Issue 482 - JWT signing non-normative examples use unsupported signing algorithm

• CORRECTION 405 will not be discussed.

New Actions

• DSB to draft the proposal for review and if there is no further comment from participants the change will be recommended to the Chair. 439
• DSB to update option 2 with any feedback received and will recommend the change to the Chair. 476
• DSB to remove "additionalValue" attribute and apply condition to "additionalInfo" attribute to be mandatory if type is "VARIABLE". 476
• DSB will put forth the position, for comments from industry, that retailers must consume and publish AEMO outage and status at an FDO yet to be determined. If there are no objections the change will be recommended to the DSB Chair. #477.
• DSB to update proposal to specify the scenarios raised in the original CR where existing error codes will be applicable. #478.
• ACCC to investigate operational issues with CTS to resolve discrepancies in Register behaviour regarding #453.
• DSB to announce deprecation schedule for #452 at the next Implementation Call, however if teams have rolled off it is not DSBs responsibility to ensure participants are aware, the compliance obligations rests with them alone.
• DBS to assess whether all consequences associated to #444 have been considered and discuss at the meeting on 13 April 2022.

Any other business

None

Next Steps

DSB to update each issue discussed in this meeting with the proposed solution to finalise items in Meeting #6 on 13 April 2022.