DSB Maintenance Iteration 14: Agenda & Minutes (22 February 2023) - ConsumerDataStandardsAustralia/standards GitHub Wiki
Date and time: 22/02/2023, 2:00pm – 4:00pm AEDT
Location: Microsoft Teams Meeting
Dial-in details:
- https://teams.microsoft.com/l/meetup-join/19%3ameeting_MTRiYjhhMGUtYmZhNS00NjBmLWIzODgtMWI2ODExMWIyNjUw%40thread.v2/0?context=%7b%22Tid%22%3a%22214f1646-2021-47cc-8397-e3d3a7ba7d9d%22%2c%22Oid%22%3a%2257cd8c59-9b50-4670-bc85-25281a11ec8d%22%7d
- Meeting ID: 461 357 467 375
- Passcode: UrWjgq
- Dial In Number: +61 2 9161 1229
- Phone Conference ID: 689 954 982#
Chair: Hemang Rathod, DSB
Maintenance overview: Further information
Maintenance project board: See here
Decision Proposal: This maintenance iteration is being consulted on under Decision Proposal 281: Maintenance Iteration 14
Recording
The Maintenance Iteration Calls are recorded for note taking purposes only. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material will be provided without the participant's consent. Participants may email [email protected] should they have any further questions or wish to have any material redacted from the record.
Acknowledgement of Country
We acknowledge the Traditional Custodians of the various lands on which we work today and the Aboriginal and Torres Strait Islander people participating in this call.
We pay our respects to Elders past, present and emerging, and recognise and celebrate the diversity of Aboriginal peoples and their ongoing cultures and connections to the lands and waters of Australia.
Reminders
Question for the community: are reminders with a link to the agenda before each meeting useful?
Agenda
- Introductions
- Outstanding Actions
- Release plan
- Open Consultations
- Future Plan
- Maintenance Iteration 14 Issues
- Any other business
Meeting notes
Introductions
The purpose of this meeting is to
- Confirm iteration candidates for Maintenance Iteration 14
Outstanding Actions
Energy
- Retailers to raise a ticket on energy usage data covering multiple FRMPs. DSB to table this in their discussions with AEMO.
Banking
- DSB to review all Banking change requests to determine if there are related items that could be addressed at the same time as #567 and #569.
Release plan
- Latest/current version of standards is 1.22.0 which incorporates changes from MI13
Open Consultations
The following decision proposals are open for community feedback
| DP # | Consultation | Closing date |
|---|---|---|
| Consultation | Decision Proposal 229 - CDR Participant Representation | Placeholder: no close date Link to consultation |
| Consultation | Decision Proposal 267 - Telco Data Language | TBD Link to consultation |
| Consultation | Decision Proposal 275 - Holistic Feedback on Telco Standards | TBD Link to consultation |
| Consultation | Noting Paper 276 - Proposed V5 Rules: Standards Impacts | TBD Link to consultation |
| Consultation | Noting Paper 291 - Workshop for simple Payments Initiation | Workshop on 7 March 2023 Link to consultation |
| Consultation | Noting Paper 292 - Approach to developing standards for the Non-Bank Lending Sector | 24 March 2023 Link to consultation |
Future Plan
Review of January-March Quarter and new changes: https://github.com/ConsumerDataStandardsAustralia/future-plan/projects/1
Maintenance Iteration 14 Issues
All open change requests can be found here: Standards Maintenance Issues.
The standards maintenance backlog can be found here: Data Standards Maintenance
The change requests proposed for this iteration are:
CX
InfoSec
- Issue #522 OpenID Provider Configuration End Point parameter requirements
- Issue #535 Standard appears to redefine requirements for private_key_jwt authentication
- Issue #576 Change id token encryption documentation to allow for use in Hybrid flow and ACF
Energy
Banking
- Issue #567 BankingProductLendingRateV2 - Lending Rates - FIXED/INTEREST_ONLY period end date cannot be determined
- Issue #569 Home Loan Revert rate and product is not available
- DSB to review all Banking change requests to determine if there are related items that could be addressed at the same time as #567 and #569.
Register
- Issue #508 Provide APIs to automate onboarding of software products and provisioning of certificates
- This item is related and linked to Issue #427 Standards & Guidelines regarding Sponsored Accreditation
- Issue #577 Updates to Certificate Management
Documentation
- Issue #565 Maintenance Iteration 14 Holistic Feedback
- Issue #532 Update x-fapi-auth-date description for Customer APIs
Watching Brief
The following change requests are not related to DSBs remit to change the Standards however they are of significant interest to the community from a standards perspective. A watching brief will be kept on them throughout this iteration.
- Issue #558 The Data Holder PVT Problem
- Anyone interested in discussing this issue can contact David Renzella [email protected]
- Issue #566 Optionality of critical fields is facilitating data quality issues across Data Holder implementations
- Issue #568 OTP SMS codes for CDR consent should be independent of online banking SMS settings
Additional items proposed:
Schema
- Issue #538 Payload conventions; optional fields with null values aren't defined in schemas
- Issue #496 Unauthenticated energy routes have unclear header documentation
Documentation
Any Other Business
Meeting Minutes
Housekeeping
We canvassed the opinion of attendees to determine the value of sending calendar reminders before each meeting, we had 3 likes. As a result we'll cease sending reminders for the time being and will continue to post links to the agenda on the Maintenance Iteration Decision Proposal.
Outstanding Actions
Banking
- DSB to review all Banking change requests to determine if there are related items that could be addressed at the same time as #567 and #569.
- Review of related items outstanding.
- Discussion on creating a 'holistic CR' for 'Get Product Detail' API to group related changes.
- Agreement to trial holistic CRs for a single API in this MI.
- DSB to create holistic CR for issues related to Get Account Detail and Get Product Detail APIs
- See Other Business for actions taken on OAS Discussion.
Maintenance Iteration 14 Issues
The following candidates were discussed:
CX
- Issue #574 Additional functionality to support multiple account selection
- Purpose is to simplify account selection where many accounts exist, such as C&I consumers in the Energy Sector.
InfoSec
-
Issue #522 OpenID Provider Configuration End Point parameter requirements
- Carried over from MI13. Intention is to consider, and simplify where possible, the way in which upstream standards are represented.
- Two principles were discussed - Being consistent and being non-specific in standards unless there is a good reason to do so
- Action Initiation might present an opportunity to reassess related issues.
- DSB to seek legal advice on the enforceability or the binding status of the standards versus an implementation guide.
-
Issue #535 Standard appears to redefine requirements for private_key_jwt authentication
- Discussion on misalignment with international standards
- Request is to remove requirement for client_id in client assertion as RFC describes it as optional. This was discussed in the last MI where an agreement on the FDO was not reached. Complicated by implementation effort and anticipated FAPI 2 uplift.
- DSB to assess implications of changing requirement of client_id to ‘SHOULD’, consider permutations and propose a solution for the community to consider.
-
Issue #576 Change id token encryption documentation to allow for use in Hybrid flow and ACF
- Agreement between attendees and DSB:
- Request the DSB Chair treat this change as URGENT
- Update description of "id_token_encrypted_response_alg" and "id_token_encrypted_response_enc" to "SHOULD" for transition period;
- "SHOULD" will change to "MUST" after the transition period.
- DSB to advise when this change could be made if the Chair approves the request to make it URGENT.
- Agreement between attendees and DSB:
Energy
-
Issue #520 Stepped solar feed in tariffs in Energy
- Open for discussion, keen to see comments from the community posted on the issue.
- DSB to review seasonality aspect of Issue #520 and discuss with interested parties, AER and DELWP.
-
Issue #572 Ergon Energy's fixed quarterly GreenPower amounts are not supported by the spec
- This item has been added to the Iteration Candidates
Banking
- Issue #567 BankingProductLendingRateV2 - Lending Rates - FIXED/INTEREST_ONLY period end date cannot be determined
- Issue #569 Home Loan Revert rate and product is not available
- Various options and their merits were discussed with no clear consensus or pathway.
- DSB to raise a holistic CR to address issues related to the same APIs (Get Account Detail and Get Product Detail APIs) as these CRs for consultation on in this MI. See outcome on Outstanding action for Banking.
Register
-
Issue #508 Provide APIs to automate onboarding of software products and provisioning of certificates
- This issue was raised in response to community feedback however it relates to functions of the Registrar in general. Work will not progress on this issue while the DSB and ACCC are in discussion on the strategic direction for the Register Standards Revision (refer placeholder DP #289). However, we welcome feedback from the community on the benefits and expected features to feed into our analysis and understanding of the problem space. This issue may be accommodated within the Decision Proposal.
-
Issue #577 Updates to Certificate Management
- Multiple nuanced aspects of certificate management (which is not strictly a standards issue) have been proposed in this issue.
- A related suggestion made during the meeting was the ability to automate a certificate request via an API.
- The community is encouraged to consider the issue and provide comment.
Change Request Status and Proposal
Watching Brief
The following change requests were not discussed however are recorded here for completeness as a watching brief will be kept on them throughout this iteration.
- Issue #558 The Data Holder PVT Problem
- Anyone interested in discussing this issue can contact David Renzella [email protected]
- Issue #566 Optionality of critical fields is facilitating data quality issues across Data Holder implementations
- Issue #568 OTP SMS codes for CDR consent should be independent of online banking SMS settings
Other Business
OpenAPI Specification (OAS) Discussion on leveraging OAS to manage change in API versions.
- DSB to look at ways to use OAS3 spec to better manage API versioning
- Stuart - Raise a CR for introducing a discriminator in APIs - #587
New Actions
InfoSec
- DSB to seek legal advice on the enforceability or the binding status of the standards versus an implementation guide with regard to Issue #522 OpenID Provider Configuration End Point parameter requirements.
- DSB to assess implications of changing requirement of client_id to ‘SHOULD’ for Issue #535, consider permutations and propose a solution for the community to consider.
- DSB to advise when a change to accommodate Issue #576 Change id token encryption documentation to allow for use in Hybrid flow and ACF could be made if the Chair approves the request to make it URGENT.
Energy
- DSB to review seasonality aspect of Issue #520 and discuss with interested parties, AER and DELWP.
Banking
- DSB to create holistic CR for issues related to Get Account Detail and Get Product Detail APIs
Other Business
- DSB to look at ways to use OAS3 spec to better manage API versioning
Next Steps
Community to consider their requirements for relevant candidates and post details for DSB to consider in proposing a solution. The next Maintenance Iteration meeting is scheduled for 8 March 2023.