DSB Maintenance Iteration 13: Agenda & Minutes (12 October 2022) - ConsumerDataStandardsAustralia/standards GitHub Wiki
Date and time: 12/10/2022, 2:00pm – 4:00pm AEDT
Location: Microsoft Teams Meeting
Dial-in details:
- https://teams.microsoft.com/l/meetup-join/19%3ameeting_MzRhZmJhZTctYzRhNi00ZGY4LTkxZDgtYWU5YWVmMjczMTBj%40thread.v2/0?context=%7b%22Tid%22%3a%22214f1646-2021-47cc-8397-e3d3a7ba7d9d%22%2c%22Oid%22%3a%2257cd8c59-9b50-4670-bc85-25281a11ec8d%22%7d
- Meeting ID: 496 099 061 829
- Passcode: qten9K
- Dial In Number: +61 2 9161 1229
- Phone Conference ID: 118 337 962#
- Quick Dial: +61 2 9161 1229,,118337962# Australia, Sydney
Chair: Hemang Rathod, DSB
Maintenance overview: Further information
Maintenance project board: See here
Decision Proposal: This maintenance iteration is being consulted on under Decision Proposal 272: Maintenance Iteration 13
Recording
The Maintenance Iteration Calls are recorded for note taking purposes only. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material will be provided without the participant's consent. Participants may email contact@consumerdatastandards.gov.au should they have any further questions or wish to have any material redacted from the record.
Acknowledgement of Country
We acknowledge the Traditional Custodians of the various lands on which we work today and the Aboriginal and Torres Strait Islander people participating in this call.
We pay our respects to Elders past, present and emerging, and recognise and celebrate the diversity of Aboriginal peoples and their ongoing cultures and connections to the lands and waters of Australia.
Agenda
- Introductions
- Outstanding Actions
- Release plan
- Open / Active Decision Proposals
- Maintenance Iteration 13 Issues
- Any other business
- Next Steps
Meeting notes
Introductions
The purpose of this meeting is to provide the community with the opportunity to agree on the candidates for consultation in Maintenance Iteration 13.
Outstanding Actions
Energy
- Retailers to raise a ticket on energy usage data covering multiple FRMPs. DSB to table this in their discussions with AEMO.
- Analysis ongoing
InfoSec
None
CX
- DSB to advise if the Maintenance Iteration is an appropriate place to raise and discuss CX Guideline Issues.
- DSB will include ability to raise and discuss CX Guidelines requests as part of Maintenance Iteration. Template to raise issues can be found here. N.B. Because the CX Guidelines span policy, rules, standards, and best practice considerations, their development and release may not fall within a Maintenance Iteration cycle.
Other
- DSB to advise on planned submission to OAIC Consultation.
- DSB consulted with OAIC and provided extensive feedback before the guidelines were published for consultation.
Maintenance Iteration 12 Retrospective
- DSB to add a checkpoint to review new issues midway through each iteration.
- Meeting schedule for MI13 has been updated to include this
- DSB to consider adding a regular agenda item or presentation to the Implementation Call midway through each Maintenance Iteration.
- DSB to consider the way emergency changes are incorporated into the Standards and advise on a planned approach.
- DSB to consider the timing of retros and advise on a planned approach.
Decision Proposals required
- Issue #409: Dynamic Client Registration Response Time NFR
- Issue #435: Nominated representative end user for non-individual consumers - introduction of an Agent API
- Issue #462: Make additional account attributes available in bulk
Release plan
- Release 1.20.0 is in the final stages of being staged and the Team is seeking the Chair's approval on Decision Proposal 259
Open / Active Decision Proposals
The following decision proposals are open for community feedback
DP # | Decision Proposal | Closing date |
---|---|---|
Consultation | Decision Proposal 229 - CDR Participant Representation | Placeholder: no close date Link to consultation |
Noting Paper | Noting Paper 255 - Approach to Telco Sector Standards | Link to consultation |
Noting Paper | Noting Paper 258 - Independent Information Security Review | Link to consultation |
Consultation | Decision Proposal 264 - Telco Invoice Payloads | 17th of October 2022 Link to consultation |
Consultation | Decision Proposal 265 - Telco Billing Transactions Payloads | 17th of October 2022 Link to consultation |
Consultation | Decision Proposal 266 - Telco Balance and Usage Payloads | 17th of October 2022 Link to consultation |
Future Plan
Review of October-December Quarter and new changes: https://github.com/ConsumerDataStandardsAustralia/future-plan/projects/1
Maintenance Iteration 13 Issues
All open change requests can be found here: Standards Maintenance Issues.
The standards maintenance backlog can be found here: Data Standards Maintenance
The change requests proposed for this iteration are:
InfoSec
-
Issue #479: Clarification on Minimum Algorithm Required for JARM
-
Issue #522: OpenID Provider Configuration End Point parameter requirements
-
Issue #547: Update SSA and Client Registration standards for JARM and Authorization Code Flow
-
Issue #535: Standard appears to redefine requirements for private_key_jwt authentication
Energy
Banking
Register
-
Issue #546: Update Register and DCR Swagger specs to use Common Field Types
-
Issue #544: Update x-v header to be mandatory for Register APIs
Discussion for Decision Proposals
-
Issue #534: Define concrete NFRs for unattended traffic during high traffic periods
-
Issue #541: Raising of Traffic Threshold NFRs specified in the CDS
Any Other Business
Meeting Minutes
Notes
Outstanding Actions
Energy
- Retailers to raise a ticket on energy usage data covering multiple FRMPs. DSB to table this in their discussions with AEMO.
- Analysis ongoing however would like to close it out by the end of the iteration if it can be achieved before 15/11/2022.
InfoSec
None.
CX
- DSB to advise if the Maintenance Iteration is an appropriate place to raise and discuss CX Guideline Issues.
- DSB will include ability to raise and discuss CX Guidelines requests as part of Maintenance Iteration. Template to raise issues can be found here. N.B. The CX Guidelines are optional to follow, but the CDR rules require CDR participants to have regard to them. The CX Standards differ in that they are binding data standards that must be followed. Because the CX Guidelines span policy, rules, standards, and best practice considerations, their development and release may not fall within a Maintenance Iteration cycle.
Maintenance Iteration 12 Retrospective
- DSB to add a checkpoint to review new issues midway through each iteration.
- Meeting schedule for MI13 has been updated to include this
- DSB to consider adding a regular agenda item or presentation to the Implementation Call midway through each Maintenance Iteration.
- In progress
- DSB to consider the way emergency changes are incorporated into the Standards and advise on a planned approach.
- In progress
- DSB to consider the timing of retros and advise on a planned approach.
- In progress
Decision Proposals required
- Issue #409: Dynamic Client Registration Response Time NFR
- Issue #435: Nominated representative end user for non-individual consumers - introduction of an Agent API
- Issue #462: Make additional account attributes available in bulk
Release plan
v1.20.0 is very close to being finalised, most of the changes have been staged so the community is encouraged to review and provide comment on the relevant ticket.
Future plan Participants were reminded to take a look at DSBs Quarterly Plan from time to time.
Maintenance Iteration 13 Issues - Candidates for consultation
InfoSec
-
Issue #479: Clarification on Minimum Algorithm Required for JARM
- Not discussed
-
Issue #522: OpenID Provider Configuration End Point parameter requirements
- Not discussed
-
Issue #405: Alternative mechanisms for OTP
- Not discussed
-
Issue #547: Update SSA and Client Registration standards for JARM and Authorization Code Flow
- Not discussed
-
Issue #535: Standard appears to redefine requirements for private_key_jwt authentication
- Not discussed
Energy
- Issue #475: Representation of Spot price based contracts for C&I customers
- This CR affects Energy Tranche 2
- DSB to liaise with AEC to organise a workshop to discuss requirements for Issue #475: Representation of Spot price based contracts for C&I customers before end of year shutdown commences.
- Issue #520: Stepped solar feed in tariffs in Energy
- Any material change agreed upon would not apply to the 15th of November 2022 obligation date. An FDO would be agreed on as a result of this consultation and will incorporate additional C&I changes for the endpoint into a single version.
- The community is encouraged to review the proposed solution and contribute.
- DSB to update proposed solution to include an option of 'Do nothing'.
Banking
- Issue #513: Specify if an Account is a joint account in the API response
- Considered broader changes vs addressing the specific ask in the change request.
- Preference is to have an enumerated type that can be expanded upon in future but deal with just the JOINT_ACCOUNT flag first
- Enum should differentiate joint account from other multi party relationships
- Noted that the definition of "joint account" is not defined in the data standards and each data holder has a different definition, eligibility criteria and conditions.
- Discussed that a joint account is not necessarily a residential loan or individual consumer's account
- Discussed that a joint account can have more than two account holders
- Business consumers typically have multi-party accounts (two or more)
- The enum does not impart enough detail to describe the complex multi-party relationship including the authenticated end-user and the consumer's authorities and account privileges
- This would be better to deal with relationship and authority data as a separate Party Relationships API
- Also discussed having a flag that denoted whether the account is an account of the nom rep or sole trader
- It was noted that information on the authenticated party was important because the consent may not include the customer
Register
-
Issue #546: Update Register and DCR Swagger specs to use Common Field Types
- Raised item for awareness
- DSB to stage a change with the updates to the Register and DCR swagger for review and comment
-
Issue #544: Update x-v header to be mandatory for Register APIs
- Discussed the retirement of the v1 Register APIs that have an optional x-v version header
- The original decision document stated that a mandatory x-v header would be introduced after retirement of v1.
- Currently proposal suggests a mandatory x-v header at the time of retirement
- Original decision document dealt with this by saying the APIs would continue to default to the minimum supported version
Non Functional Requirements (NFR)
-
Issue #534: Define concrete NFRs for unattended traffic during high traffic periods
- This issue was discussed in the context of Issue 541 and agreed to be incorporated into a holistic NFR decision proposal.
-
Issue #541: Raising of Traffic Threshold NFRs specified in the CDS
- An ADR raised the issue that they desire to move screen scraping traffic over to the CDR
- To do this, their current use case requires regular refresh of transaction and account data for thousands of customers.
- This would therefore mean they would hit the per-software product TPS requirements
- Discussed the challenges with data holders increasing infrastructure sizing for traffic bursts that only happen at certain periods of the day whilst idling infrastructure when not being called
- It was noted that non-major banks would not have the revenue to support higher TPS thresholds to meet the infrastructure costs
- A solution that is proportional to the number of active consents or the size of the customer base of the data holder needs to be considered so that non-major data holders don't have to scale for unrealised traffic
- It was also noted that for major data holders running 100% scaled infrastructure 24/7 was inefficient and scaling up for usage was the most efficient and cost effective approach. This also indicated that having scaled NFRs by number of active consents was desirable.
- Was agreed that this issue is better dealt with as a Decision Proposal.
Other Business
- Participants raised concern that current options to make changes to the standards is limited to either a Decision Proposal or a Change Request. The DSB will take this into consideration.
New Actions
Energy
- DSB to liaise with AEC to organise a workshop to discuss requirements for Issue #475: Representation of Spot price based contracts for C&I customers before end of year shutdown commences.
- DSB to update proposed solution to include an option of 'Do nothing' to Issue #520: Stepped solar feed in tariffs in Energy.
Decision Proposals required
- Issue #534: Define concrete NFRs for unattended traffic during high traffic periods and Issue #541: Raising of Traffic Threshold NFRs specified in the CDS
- Implement a Party Relationships API to address 'relationship' and 'authority' data requirements arising from Issue #513: Specify if an Account is a joint account in the API response
Next Steps
Community to review the candidates for this iteration in preparation for the next meeting on Wednesday 26 October 2022.