Date and time: 5/10/2022, 2:00pm – 4:00pm AEDT

Location: Microsoft Teams Meeting

Dial-in details:

• https://teams.microsoft.com/l/meetup-join/19%3ameeting_MzRhZmJhZTctYzRhNi00ZGY4LTkxZDgtYWU5YWVmMjczMTBj%40thread.v2/0?context=%7b%22Tid%22%3a%22214f1646-2021-47cc-8397-e3d3a7ba7d9d%22%2c%22Oid%22%3a%2257cd8c59-9b50-4670-bc85-25281a11ec8d%22%7d
• Meeting ID: 496 099 061 829
• Passcode: qten9K
• Dial In Number: +61 2 9161 1229
• Phone Conference ID: 118 337 962#
• Quick Dial: +61 2 9161 1229,,118337962# Australia, Sydney

Chair: James Bligh, DSB

Maintenance overview: Further information

Maintenance project board: See here

Decision Proposal: This maintenance iteration is being consulted on under Decision Proposal 272: Maintenance Iteration 13

Recording

The Maintenance Iteration Calls are recorded for note taking purposes only. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material will be provided without the participant's consent. Participants may email [email protected] should they have any further questions or wish to have any material redacted from the record.

Acknowledgement of Country

We acknowledge the Traditional Custodians of the various lands on which we work today and the Aboriginal and Torres Strait Islander people participating in this call.

We pay our respects to Elders past, present and emerging, and recognise and celebrate the diversity of Aboriginal peoples and their ongoing cultures and connections to the lands and waters of Australia.

Agenda

• Introductions
• Outstanding Actions
• Release plan
• Open / Active Decision Proposals
• Maintenance Iteration 13 Issues
• Maintenance Iteration 12 Retrospective
• Any other business
• Next Steps

Meeting notes

• Meeting Notes
• Next steps

Introductions

This meeting is the first in the series for Maintenance Iteration 13. The purpose is to (a) perform a retrospective for Maintenance Iteration 12, and (b) provide the community with the opportunity to propose change requests for consideration in addition to a number of changes that have been carried over from Maintenance Iteration 12.

Outstanding Actions

Energy

• DSB/AEMO Issue #477 Provide an update on delivery date for Get Status and Get Outages APIs Issue 477.
• Retailers to raise a ticket on energy usage data covering multiple FRMPs. DSB to table this in their discussions with AEMO.
  • Analysis ongoing

InfoSec

• DSB to raise new change request to support OIDD / DCR changes for Issue #458: FAPI 1.0 Non Normative Examples
• DSB to propose a minimum set of encryption algorithms for approval in relation to Issue #479: Clarification on Minimum Algorithm Required for JARM

CX

• No new actions

Other

• MI11 RETRO: DSB to consider the adoption of a feedback loop from community to assist in the prioritisation of maintenance iteration candidates and advise.

DPs required

• Issue #409: Dynamic Client Registration Response Time NFR
• Issue #435: Nominated representative end user for non-individual consumers - introduction of an Agent API
• Issue #462: Make additional account attributes available in bulk

Release plan

• Release 1.20.0 is in the final stages of being staged and the Team is seeking the Chair's approval on Decision Proposal 259

Open / Active Decision Proposals

The following decision proposals are open for community feedback

DP #	Decision Proposal	Closing date
Consultation	Decision Proposal 229 - CDR Participant Representation	Placeholder: no close date Link to consultation
Noting Paper	Noting Paper 255 - Approach to Telco Sector Standards	Link to consultation
Noting Paper	Noting Paper 258 - Independent Information Security Review	Link to consultation
Consultation	Decision Proposal 264 - Telco Invoice Payloads	17th of October 2022 Link to consultation
Consultation	Decision Proposal 265 - Telco Billing Transactions Payloads	17th of October 2022 Link to consultation
Consultation	Decision Proposal 266 - Telco Balance and Usage Payloads	17th of October 2022 Link to consultation

Future Plan

Review of October-December Quarter and new changes: https://github.com/ConsumerDataStandardsAustralia/future-plan/projects/1

Maintenance Iteration 13 Issues

All open change requests can be found here: Standards Maintenance Issues.

The standards maintenance backlog can be found here: Data Standards Maintenance

The change requests proposed for this iteration are:

• Carried over from MI12

  • InfoSec
    • Issue #522: OpenID Provider Configuration End Point parameter requirements
  • Energy
    • Issue #475: Representation of Spot price based contracts for C&I customers
    • Issue #520: Stepped solar feed in tariffs in Energy

• Proposed by the community

  • Issue #513: Specify if an Account is a joint account in the API response
  • Issue #546: Update Register and DCR Swagger specs to use Common Field Types

Maintenance Iteration 12 Retrospective

Miro board is available at https://miro.com/app/board/uXjVPRK5_Zc=/?share_link_id=143493018937

Any Other Business

Meeting Minutes

Notes

Outstanding Actions

Energy

• DSB/AEMO Issue #477 Provide an update on delivery date for Get Status and Get Outages APIs Issue 477.
  • AEMO anticipates the API will be implemented to coincide with Phase 2 of Energy retailer obligations in May 2023.
• Retailers to raise a ticket on energy usage data covering multiple FRMPs. DSB to table this in their discussions with AEMO.
  • Analysis ongoing

InfoSec

• DSB to raise new change request to support OIDD / DCR changes for Issue #458: FAPI 1.0 Non Normative Examples
• DSB to propose a minimum set of encryption algorithms for approval in relation to Issue #479: Clarification on Minimum Algorithm Required for JARM

CX

• No new actions

Other

• MI11 RETRO: DSB to consider the adoption of a feedback loop from community to assist in the prioritisation of maintenance iteration candidates and advise.

Decision Proposals required

• Issue #409: Dynamic Client Registration Response Time NFR
• Issue #435: Nominated representative end user for non-individual consumers - introduction of an Agent API
• Issue #462: Make additional account attributes available in bulk

Release plan

v1.19.0 is the current version, v1.20.0 is currently being staged to incorporate changes from MI12 along with the decision to be taken to the Chair. Participants are encouraged to review the staged changes, see comments on each change request, a full list of CRs is available here: Maintenance Iteration 12 Issues

Future plan Participants were reminded to take a look at DSBs Quarterly Plan from time to time. It's our best guess at the future work anticipated by the team based on community consultation and policy direction. The major pieces of work in the October - December quarter were described.

Maintenance Iteration 13 Issues - Candidates for consultation

Five candidates listed on the agenda were confirmed, a further six were added to the Project Board and one will continue to be progressed in MI2/v1.20.0.

InfoSec

• Issue #479: Clarification on Minimum Algorithm Required for JARM

  • ADRs mentioned the primary concern is removing ambiguity
  • If subset of algorithms that’s fine, just need clarity
  • Coding around different DHs at present, and not having to do that would be preferable
  • It was noted that an observation in the UK is that Relying Parties (TPPs) weren't compliant with decrypting requirements
  • It was questioned whether encryption makes any sense for complexity
  • It was asked of DHs if they had a strong opinion that encryption is required to meet their security concerns
  • No feedback from DHs was received

• Issue #522: OpenID Provider Configuration End Point parameter requirements

  • Discussed deferring to upstream standards and removing explicit reference to each required OIDD parameter
  • No strong opinion either way
  • DSB requested more feedback from participants

• Issue #405: Alternative mechanisms for OTP

  • This issue can be discussed but will be dealt with in a Decision Proposal. Discussion will focus on requirements gathering and input to the Decision Proposal

• Issue #547: Update SSA and Client Registration standards for JARM and Authorization Code Flow

  • Should “none” also be included to have an explicit no-algorithm value?
  • Sticking to an Optional field requirement may result in upstream RFCs allowing OpenID Providers to default the value
  • Further analysis required

• Issue #535: Standard appears to redefine requirements for private_key_jwt authentication

  • Came up during testing of the ACCC sandbox
  • If you take a certified Relying Party library it wouldn’t include client_id
  • This has been in the standards for a significant time
  • Question was asked whether this would have an impact to DHs if relaxed
  • Community feedback required

Energy

• Issue #475: Representation of Spot price based contracts for C&I customers

  • Included into the MI as a carry over from MI12

• Issue #520: Stepped solar feed in tariffs in Energy

  • Included into the MI as a carry over from MI12

Banking

• Issue #513: Specify if an Account is a joint account in the API response
  • Discussed having an enumerated value that can describe the account relationship beyond just joint accounts
  • Questioned whether additional party relationship information should be shared
  • This was considered better represented in a Party Relationship API or the Rich Authorization Request response for all accounts.

Register

• Issue #546: Update Register and DCR Swagger specs to use Common Field Types

  • Discussed updating to Common Field Types
  • Participants voiced that care needs to be taken to review if any unintended consequences arise
  • Aim is to be a non-breaking change for all participants

• Issue #544: Update x-v header to be mandatory for Register APIs

  • Discussed explicitly defining the x-v header to be mandatory after ACCC phases out the old version

Non Functional Requirements (NFR)

• Issue #534: Define concrete NFRs for unattended traffic during high traffic periods

  • This issue can be discussed but will be dealt with in a DP. Discussion will focus on requirements gathering and input to the DP

• Issue #541: Raising of Traffic Threshold NFRs specified in the CDS

  • This issue can be discussed but will be dealt with in a DP. Discussion will focus on requirements gathering and input to the DP

During the discussion it was acknowledged a number of Change Requests would be better suited to Decision Proposals as they're significant pieces of work representing change that is unlikely to be possible in a Maintenance Iteration. Attendees agreed it was appropriate to discuss these CRs during the MI to gain a common understanding of the problem, consensus on an approach and elicit requirements in order for the Decision Proposal to be drafted. Candidates for these are Issues:

• #534
• #541
• #405

A request to discuss CX Guidelines in the Maintenance Iteration if appropriate was made. Please send the specifics to [email protected] for further consideration.

• DSB to advise if the Maintenance Iteration is an appropriate place to raise and discuss.

OAIC is consulting on change to the Privacy Safeguards refer: https://www.oaic.gov.au/engage-with-us/consultations/consultation-on-draft-updates-to-the-cdr-privacy-safeguard-guidelines, is DSB intending to provide a submission?

• DSB to advise.
• • DSB consulted with OAIC and provided extensive feedback before the guidelines were published for consultation.

Maintenance Iteration 12 Retrospective

START

• Tickets

1. "Checkpoint any emerging issues to review themes and topics for discussion[s] that arise during the iteration"
   

   • In the last iteration DSB observed a number of change requests were added to the backlog, and while we aim to fix the scope for an iteration it may be worthwhile reviewing new items to determine whether it warrants changing scope. Irrespective of changing scope, increasing awareness will be useful.
   • DSB to add a checkpoint to review new issues midway through the iteration.
     • Meeting schedule for MI13 has been updated to include this

2. "Feedback from the CDR Implementation Call: Play back changes from the MI into the CDR Implementation Call"
   

   • While Solution Architects provide an update on the progress of the MI in the CDR IC, participants have requested more detail so they can get a view of the planned changes and determine whether they need to attend the MI calls to contribute. Additionally it may be useful for the DSB to schedule a presentation midway through the iteration to provide a summary of the proposed solution for each candidate.
     This suggestion was well received.
   • DSB to consider adding a regular agenda item or presentation to the Implementation Call midway through each Maintenance Iteration.

STOP

• Tickets

1. "Do changes beyond DPs outside of MI calls.  Ref: Energy Closed Accounts DP including a bunch of other things..."
   

   • A request for DSB to stop making minor changes and fixes to the standards when URGENT Decision Proposals require the standards to change between maintenance iterations. Suggest they be strictly limited to emergency changes. For example, v1.19.0 was described in the Change Log as 'Changes arising from Decision 260 (Energy Closed Accounts)'. The release notes go on to include Issue 529 for CX Energy Data Language Standards and a fix on the OAIC link in the Introduction section. However, there was also a deprecation date introduced on SSA fields. These additional changes may be insignificant to some but they do translate to a longer diff and assessment process to figure out exactly what has changed.
   • DSB to consider this request and advise on a planned approach.

CONTINUE

• Tickets

1. "Should we keep running retros, or is there a better way to review iterations?"
   

   • Retros are useful as long as they're run after the changes to the standards agreed to in the maintenance iteration have been published. In MI11 the changes weren't available at the time the retro was conducted.
   • Suggestions were made to: a) run a retro on a Release rather than a Maintenance Iteration, or b) conduct a retro via a survey
   • Option a) was better received than b)
   • DSB to consider this request and advise on a planned approach.

Other Business

• No other business items raised.

New Actions

CX

• DSB to advise if the Maintenance Iteration is an appropriate place to raise and discuss CX Guideline Issues.

Other

• DSB to advise on planned submission to OAIC Consultation.
  • DSB consulted with OAIC and provided extensive feedback before the guidelines were published for consultation.

Maintenance Iteration 12 Retrospective

• DSB to add a checkpoint to review new issues midway through each iteration.
  • Meeting schedule for MI13 has been updated to include this
• DSB to consider adding a regular agenda item or presentation to the Implementation Call midway through each Maintenance Iteration.
• DSB to consider the way emergency changes are incorporated into the Standards and advise on a planned approach.
• DSB to consider the timing of retros and advise on a planned approach.

Next Steps

Community to review the candidates for this iteration in preparation for the next meeting on Wednesday 12 October 2022.