DSB Maintenance Iteration 12: Agenda & Minutes (31 August 2022) - ConsumerDataStandardsAustralia/standards GitHub Wiki

Date and time: 31/08/2022, 2:00pm – 4:00pm AEST

Location: Microsoft Teams Meeting

Dial-in details:

Chair: James Bligh, DSB

Maintenance overview: Further information

Maintenance project board: See here

Decision Proposal: This maintenance iteration is being consulted on under Decision Proposal 259: Maintenance Iteration 12

Recording

The Maintenance Iteration Calls are recorded for note taking purposes only. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material will be provided without the participant's consent. Participants may email [email protected] should they have any further questions or wish to have any material redacted from the record.

Acknowledgement of Country

We acknowledge the Traditional Custodians of the various lands on which we work today and the Aboriginal and Torres Strait Islander people participating in this call.

We pay our respects to Elders past, present and emerging, and recognise and celebrate the diversity of Aboriginal peoples and their ongoing cultures and connections to the lands and waters of Australia.

Agenda

  • Introductions
  • Outstanding Actions
  • Release plan
  • Open / Active Decision Proposals
  • Maintenance Iteration 12 Issues
  • Any other business
  • Next Steps

Meeting notes

Introductions

This meeting is the third in the series for Maintenance Iteration 12. The purpose is to provide details on the proposals for each change request under consultation in this iteration.

Outstanding Actions

Energy

InfoSec

CX

Other

  • MI11 RETRO: DSB to consider the adoption of a feedback loop from community to assist in the prioritisation of maintenance iteration candidates and advise.

Release plan

Open / Active Decision Proposals

The following decision proposals are open for community feedback

DP # Decision Proposal Closing date
Consultation Decision Proposal 229 - CDR Participant Representation Placeholder: no close date Link to consultation
Noting Paper Noting Paper 255 - Approach to Telco Sector Standards Link to consultation
Noting Paper Noting Paper 258 - Independent Information Security Review Link to consultation
Consultation Decision Proposal 260 - Energy Closed Accounts Feedback extended, now closes: 30th of August 2022 Link to consultation
Consultation Decision Proposal 263 - Telco Accounts Payloads Feedback closes: 16th of September 2022 Link to consultation
Consultation Decision Proposal 264 - Telco Invoice Payloads PLACEHOLDER Link to consultation
Consultation Decision Proposal 265 - Telco Billing Transactions Payloads PLACEHOLDER Link to consultation
Consultation Decision Proposal 266 - Telco Balance and Usage Payloads PLACEHOLDER Link to consultation
Consultation Decision Proposal 267 - Telco Data Language Feedback closes: 15th of September 2022 Link to consultation

Future Plan

Review of July-September Quarter and new changes: https://github.com/ConsumerDataStandardsAustralia/future-plan/projects/1

Maintenance Iteration 12 Issues

All open change requests can be found here: Standards Maintenance Issues.

The standards maintenance backlog can be found here: Data Standards Maintenance

The change requests proposed for this iteration and scheduled for discussion are:

Domain Issue # Issue Proposal Status Change Proposed Standards Staging link
MI 12 Issue #530 Iteration 12 Holistic Feedback N/A
CX Issue #529 CX - Energy Data Language Standards - NMI and Scheduled Payments Breaking change - 15 Nov 2022 Proposed that data language for Energy by updated for payment information and removal of 'NMI' references
Register Issue #409 Dynamic Client Registration Response Time NFR Convert to Decision Proposal Look at this within the context of the uplift of all Register APIs N/A
InfoSec Issue #479 Clarification on Minimum Algorithm Required for JARM Options Presented
InfoSec Issue #522 OpenID Provider Configuration End Point parameter requirements Options Presented
Banking Issue #462 Make additional account attributes available in bulk For discussion
Energy Issue #526 Get DER for Service Point - allow for no data Options Presented Recommendation is to define default values for mandatory fields allowing schema compliant response when DER record is not available
Energy Issue #506 Energy error codes for issues in data received by DH from SDH For discussion
Energy Issue #524 EnergyDerRecord - mandatory values not available in AEMO's DER register Non Breaking Change AEMO to provide default of 0 where value not available for nominalRatedCapacity and nominalStorageCapacity
Energy Issue #520 Stepped solar feed in tariffs in Energy For discussion DSB proposed option to be discussed
Energy Issue #477 Secondary Data Holder Planned Outages and Status Options presented
Energy Issue #475 Representation of Spot price based contracts for C&I customers For discussion
Register Issue #525 softwareProductDescription should be marked as mandatory Non-breaking change Change the swagger to mark softwareProductDescription as mandatory
Banking Issue #414 Properties in BankingTransactionDetail objects Non-breaking change Swagger documentation fix Staged
InfoSec Issue #435 Nominated representative end user for non-individual consumers Options Presented
InfoSec Issue #458 FAPI 1.0 Non Normative Examples Non-breaking change Add FAPI 1.0 aligned non-normative examples including for Authorization Code Flow
InfoSec Issue #411 Clarification of x-fapi-interaction-id header Non-breaking change Clarify that the header is not to be used for unauthenticated APIs Staged
InfoSec Issue #447 CORS typos in CDR Non-breaking change Fix documentation error Staged

Any Other Business

Meeting Minutes

The following CRs were discussed in the call.

Holistic Feedback CR

Issue #530 | Iteration 12 Holistic Feedback

  • No discussion

CX CRs

Issue #529 | CX - Energy Data Language Standards - NMI and Scheduled Payments

InfoSec CRs

Issue #409 | Dynamic Client Registration Response Time NFR

  • Discussed that this issue will be converted into a DP
  • Clarified that there will be no new Register obligation before November 2022 (i.e. no impact to Oct/Nov banking and energy implementations
  • Changing the NFR will not be supported

Issue #479 | Clarification on Minimum Algorithm Required for JARM

  • Discussed the three options presented. Some participants preferred deferring to the upstream specifications
  • FAPI WG member preferred to profile FAPI 2.0 and disallow authorisation response encryption (Option 3)
  • View is that CDR has no reason to share confidential information in the authorisation response and hence encryption is not currently required
  • Participant pointed out that having a MAY requirement for data holders is consequently a MUST for ADRs. In other words, ADRs must support encryption using JARM even if one data holder chooses to adopt response encryption
  • Discussed signing algorithm requirements. Currently standards support PS256 and ES256. Should also consider EdDSA. This could be dealt with as a separate CR to expand the list of allowed signing algorithms. Aligns to FAPI 2.0 baseline.

Issue #522 | OpenID Provider Configuration End Point parameter requirements

  • Requires community feedback to move forwards. Currently no consensus.

Banking CRs

Issue #462 | Make additional account attributes available in bulk

  • Given a new API is being proposed, the DSB recommends this be treated as a DP

  • One ADR participant indicated there are other bulk APIs they are considering proposing. DSB encouraged that they raise these as a CR

  • One banking DH said that implementing a bulk Get Accounts Detail API would be challenging because it would need to call multiple ledgers for each account

  • It was clarified that only the BSB, account number and account currency are required, not the balance of the account

  • Discussed the need for a threshold test to introduce new APIs. Currently there is limited justification of the use case to introduce this API

  • Also discussed whether this is a voluntary API that is at the discretion of the DH to implement vs a mandated obligation for all data holders.

  • Question was raised whether Data Holders can charge a fee to ADRs for voluntary extensions (effectively commercial extensions within the CDR)

  • Agreed that this CR will be converted into a Decision Proposal

  • SISS Data Services to raise a CR to socialise new bulk APIs they would like

Energy CRs

Issue #526 | Get DER for Service Point - allow for no data

  • DSB provided clarification on the option of using defaults values for mandatory fields as opposed to use of error codes:
    • Clear separation of issue where the actual id of the resource being requested has error vs subset of data of the resource requested not being available
    • It would be similar to how transactions for banking accounts are treated (no error response returned when transactions not available)
    • Provides a consistent way of responding including bulk APIs
  • Participants provided agreement to the proposed solution of defining defaults
  • There was feedback to add information in the standards (e.g. Mandatory fields section of payload convention) on how empty arrays can be interpreted in various scenarios. This could also be a guidance article. The DSB will discuss this internally and action accordingly
  • The solution of defaults will not need to be flagged as urgent as it is not a breaking change

Issue #506 | Energy error codes for issues in data received by DH from SDH

  • Various options presented in the CR were discussed
  • A new option of defining an optional flag (boolean) in the error payload indicating a given error is due to secondary data holder was discussed and agreed by participants with the following notes:
    • The field would be available to implement optionally for nov 15 go live
    • An FDO will applied on which field will be mandatory to implement
    • The description needs to be very clear to ensure the intent of the flag so it cannot be misinterpreted or used in inapplicable scenarios(for e.g. error resulting from a third party vendor issues)
    • Given this will be an optionally implementable change, this would not need to be flagged as urgent

Issue #520 | Stepped solar feed in tariffs in Energy

  • DSB provide summary of their option, noting that any change would be applicable as an FDO
  • Participants indicated they would need further time to review and comment

Issue #477 | Secondary Data Holder Planned Outages and Status

  • Participants in agreement for AEMO implement Get Status and Get Outages endpoint. Retailers/DH may choose to reflect/ propagate that optionally if they like
  • Broader question about revisiting the status/outage schema was raised and discussed, primarily for scenarios of partial outages where more clarity of the impacted endpoints would be more useful. Whilst this was an important point to discuss, it not within the scope of this CR. It was agreed that it should be addressed via separate CRs or perhaps a decision proposal

Issue #475 | Representation of Spot price based contracts for C&I customers

  • DSB awaiting further information to help discuss CR and solution options
  • AEC planned workshop would help
  • It was noted that this CR discusses changes for C&I consumers which is required for tranche 2
  • Given lack of information, this CR will most likely be carried over to next MI but would have to be prioritised urgently in preparation for energy tranche 2 go live in May 2023