DSB Maintenance Iteration 13: Agenda & Minutes (9 November 2022) - ConsumerDataStandardsAustralia/standards GitHub Wiki

Date and time: 9/11/2022, 2:00pm – 4:00pm AEDT

Location: Microsoft Teams Meeting

Dial-in details:

https://teams.microsoft.com/l/meetup-join/19%3ameeting_MzRhZmJhZTctYzRhNi00ZGY4LTkxZDgtYWU5YWVmMjczMTBj%40thread.v2/0?context=%7b%22Tid%22%3a%22214f1646-2021-47cc-8397-e3d3a7ba7d9d%22%2c%22Oid%22%3a%2257cd8c59-9b50-4670-bc85-25281a11ec8d%22%7d
Meeting ID: 496 099 061 829
Passcode: qten9K
Dial In Number: +61 2 9161 1229
Phone Conference ID: 118 337 962#
Quick Dial: +61 2 9161 1229,,118337962# Australia, Sydney

Chair: James Bligh, DSB

Maintenance overview: Further information

Maintenance project board: See here

Decision Proposal: This maintenance iteration is being consulted on under Decision Proposal 272: Maintenance Iteration 13

Recording

The Maintenance Iteration Calls are recorded for note taking purposes only. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material will be provided without the participant's consent. Participants may email [email protected] should they have any further questions or wish to have any material redacted from the record.

Acknowledgement of Country

We acknowledge the Traditional Custodians of the various lands on which we work today and the Aboriginal and Torres Strait Islander people participating in this call.

We pay our respects to Elders past, present and emerging, and recognise and celebrate the diversity of Aboriginal peoples and their ongoing cultures and connections to the lands and waters of Australia.

Agenda

Introductions
Outstanding Actions
Release plan
Open / Active Decision Proposals
Proposing changes to the Standards
Maintenance Iteration 13 Issues
Any other business
Next Steps

Meeting notes

Meeting Notes
Next steps

Introductions

The purpose of this meeting is to discuss proposals for the candidates under consultation in Maintenance Iteration 13.

Outstanding Actions

Energy

Retailers to raise a ticket on energy usage data covering multiple FRMPs. DSB to table this in their discussions with AEMO.
- Analysis ongoing

InfoSec

The DSB has asked participants to publicly request Issue #479 be treated as urgent on GitHub.

CX

None

MI13 Holistic Issues

DSB to confirm with Energy retailers that readQualities in comment does not cause a breaking change.

Maintenance Iteration 12 Retrospective

DSB to consider the timing of retros and advise on a planned approach.
- The purpose of the Retro is to review the Maintenance Iteration process not the outcome of it.
- We'll keep this action open to revisit the discussion at the end of MI13.

Release plan

Decision Proposal 259 has been approved and version 1.20.0 has publish.

Open / Active Decision Proposals

The following decision proposals are open for community feedback

DP #	Decision Proposal	Closing date
Consultation	Decision Proposal 229 - CDR Participant Representation	Placeholder: no close date Link to consultation
Noting Paper	Noting Paper 255 - Approach to Telco Sector Standards	Link to consultation
Noting Paper	Noting Paper 258 - Independent Information Security Review	Link to consultation
Consultation	Decision Proposal 267 - Telco Data Language	TBD Link to consultation
Consultation	Decision Proposal 275 - Holistic Feedback on Telco Standards	TBD Link to consultation
Consultation	Noting Paper 276 - Proposed V5 Rules: Standards Impacts	TBD Link to consultation

Future Plan

Review of October-December Quarter and new changes: https://github.com/ConsumerDataStandardsAustralia/future-plan/projects/1

Proposing changes to the Standards

Continue the discussion on channels available when proposing changes to the standards. See minutes from last meeting for more detail.

Maintenance Iteration 13 Issues

All open change requests can be found here: Standards Maintenance Issues.

The standards maintenance backlog can be found here: Data Standards Maintenance

Domain	Issue #	Issue	Proposal Status	Change Proposed	Standards Staging link
MI 13	Issue #551	Iteration 13 Holistic Feedback	N/A
InfoSec	Issue #479	Clarification on Minimum Algorithm Required for JARM	Proposal made	Adopt minimum set of encryption and signing algorithms.
InfoSec	Issue #522	OpenID Provider Configuration End Point parameter requirements	Under discussion
InfoSec	Issue #547	Update SSA and Client Registration standards for JARM and Authorization Code Flow	Proposal made	Update OIDD and DCR APIs to support JARM negotiation
InfoSec	Issue #535	Standard appears to redefine requirements for private_key_jwt authentication	Under discussion
Energy	Issue #475	Representation of Spot price based contracts for C&I customers	For Discussion
Energy	Issue #520	Stepped solar feed in tariffs in Energy	Options presented
Banking	Issue #513	Specify if an Account is a joint account in the API response	Proposal made	Introduce an accountOwnership ENUM for account APIs
Register	Issue #546	Update Register and DCR Swagger specs to use Common Field Types	Proposal made	Under review - change Register and DCR APIs to use Common Field Types	https://github.com/ConsumerDataStandardsAustralia/standards-staging/compare/release/1.20.0...maintenance/546
Register	Issue #544	Update x-v header to be mandatory for Register APIs	Proposal made

Issues for discussion

InfoSec

Energy

Banking

Issue #513: Specify if an Account is a joint account in the API response

Register

Iteration 13 Holistic Feedback

Issue #551: Iteration 13 Holistic Feedback

Any Other Business

Meeting Minutes

Notes

Outstanding Actions

Energy

Retailers to raise a ticket on energy usage data covering multiple FRMPs. DSB to table this in their discussions with AEMO.
- Analysis ongoing

InfoSec

The DSB has asked participants to publicly request Issue #479 be treated as urgent on GitHub.
- Only one participant request was made.
- This request will be taken to the Chair for a decision this week.

CX

None

MI13 Holistic Issues

DSB to confirm with Energy retailers that readQualities in comment does not cause a breaking change.
- This defect was fixed in version 1.20.0 of release standards.

Maintenance Iteration 12 Retrospective

DSB to consider the timing of retros and advise on a planned approach.
- The purpose of the Retro is to review the Maintenance Iteration process not the outcome of it.
- We'll keep this action open to revisit the discussion at the end of MI13.

Release plan

Decision Proposal 259 has been approved and version 1.20.0 has published.
A request to make Issue #479 URGENT will be taken to the Chair this week, if approved, changes to accommodate it and a related issue #547, are likely to be published as a standalone version in 1.21.0.
Changes to accommodate MI13 would then go into 1.22.0 as a result of Decision Proposal 272.

Future plan

Taken as read.

Proposing changes to the Standards

This item was not discussed and will remain on the agenda for the final meeting in MI13. This enables any remaining aspects to be considered.

Maintenance Iteration 13 Issues - Candidates for consultation

InfoSec

Issue #479: Clarification on Minimum Algorithm Required for JARM
- Discussed requesting this CR be treated as urgent given it is within the 6 month implementation window.
- Participants asked what Relying Party / client library support exists
- No ADRs on the call provided feedback
Issue #522: OpenID Provider Configuration End Point parameter requirements
- Option 2 preferred to simplify how we deal with upstream specs by removing repeated information.
- Not urgent but is something that would be good to achieve.
- DSB will update the proposal and stage the change for participant review and discussion in final call on 23/11/2022.
Issue #547: Update SSA and Client Registration standards for JARM and Authorization Code Flow
- Agreed that the DSB will create a set of error scenarios to flesh out this more completely. Scenarios discussed:
  - the behaviour when the OpenID Provider changes algorithms and the client needs to update
  - client not supporting a valid value
  - PUT on updating existing client and going from Hybrid to Auth Code Flow
  - PUT on updating from no JARM to JARM with encryption
Issue #535: Standard appears to redefine requirements for private_key_jwt authentication
- Argument for removing the client_id requirement was discussed: this would allow implementations to run against the FAPI conformance suite and be fully certified. Currently this addition means OpenID providers fail FAPI
- This is because it's an optional value upstream but required in CDS.
- Also discussed setting an obligation date independent of the FAPI 2.0 transition of the consumer data standards
- DSB requested participants provide feedback on implementation timeframes and what obligation dates might look like.
- Discussed whether a change to OPTIONAL would still require the Data Holder to validate the client_id if it is presented

Energy

Issue #475: Representation of Spot price based contracts for C&I customers
- No input or feedback received to facilitate discussion. Will be carried over to next MI.
Issue #520: Stepped solar feed in tariffs in Energy
- Participants to review and provide any further feedback on proposed options.

Banking

Issue #513: Specify if an Account is a joint account in the API response
- Requested the DSB propose the solution - not cross reference the ANZ solution. The DSB agreed to action this.
- Discussed and ruled out defining accountOwnership as a positive integer
- Feedback indicated that multi-party account ownership flags are tricky for complex and business accounts
- It was noted that the party relationship may be hard to do for organisations
- It was suggested that either we don't return for Orgs, have a different enum to represent Orgs
- At the same time, DHs indicated they would look into the level of effort required to set a multi party flag for orgs
- Discussed whether the flag represents 'eligible' consumers vs 'beneficial ownership' vs 'secondary users' and 'nominated reps' since there are differences to all of these. Focus is on 'beneficial ownership'.
- Discussed whether we define 'ownership' of an account, or allow this to be at the discretion of each holder?
- Desire was to leave the definition to the data holder. If there's no consensus, we can go down the path of consulting on a common definition for ownership.
- ANZ supports DSB proposal to use common understanding and discretion
- It was noted that the mutuals sector has many definitions of 'owner' - isOwned in the mutual sector is very unreliable

Register

Issue #546: Update Register and DCR Swagger specs to use Common Field Types
- Feedback offered on the current staged changes:
  - remove the "pattern" from ExternalRef header fields in the DCR API spec
  - Time (epoch) and Client Id (unicode characters) fields in Register APIs questioned in relation to upstream standards; this is exactly the type of feedback DSB is looking for and request the community to post their comments on GitHub.
- The goal is a non-breaking change.
Issue #544: Update x-v header to be mandatory for Register APIs
- proposed solution, along the lines of the discussion, will be updated on the issue.

Iteration 13 Holistic Feedback

Issue #551: Iteration 13 Holistic Feedback
- Reviewed, no additions or comments on items recorded.

Other Business

None raised.

New Actions

No specific actions raised. Outcome of the discussion will result in a proposed solution, or update to existing solution, for each issue.

Next Steps

Community to provide feedback on issues discussed in preparation for final meeting in the Maintenance Iteration 13.