DSB Maintenance Iteration 14: Agenda & Minutes (22 March 2023) - ConsumerDataStandardsAustralia/standards GitHub Wiki
Date and time: 22/03/2023, 2:00pm – 4:00pm AEDT
Location: Microsoft Teams Meeting
Dial-in details:
- https://teams.microsoft.com/l/meetup-join/19%3ameeting_MTRiYjhhMGUtYmZhNS00NjBmLWIzODgtMWI2ODExMWIyNjUw%40thread.v2/0?context=%7b%22Tid%22%3a%22214f1646-2021-47cc-8397-e3d3a7ba7d9d%22%2c%22Oid%22%3a%2257cd8c59-9b50-4670-bc85-25281a11ec8d%22%7d
- Meeting ID: 461 357 467 375
- Passcode: UrWjgq
- Dial In Number: +61 2 9161 1229
- Phone Conference ID: 689 954 982#
Chair: Hemang Rathod, DSB
Maintenance overview: Further information
Maintenance project board: See here
Decision Proposal: This maintenance iteration is being consulted on under Decision Proposal 281: Maintenance Iteration 14
Housekeeping
Recording
The Maintenance Iteration Calls are recorded for note taking purposes only. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material will be provided without the participant's consent. Participants may email [email protected] should they have any further questions or wish to have any material redacted from the record.
Acknowledgement of Country
We acknowledge the Traditional Custodians of the various lands on which we work today and the Aboriginal and Torres Strait Islander people participating in this call.
We pay our respects to Elders past, present and emerging, and recognise and celebrate the diversity of Aboriginal peoples and their ongoing cultures and connections to the lands and waters of Australia.
Minor adjustment to Agenda
Outstanding Actions has been moved to occur before Maintenance Iteration 14 Issues to keep related discussions together.
Agenda
- Introductions
- Release plan
- Open Consultations
- Future Plan
- Outstanding Actions
- Maintenance Iteration 14 Issues
- Change Request Status
- Any other business
Meeting notes
Introductions
The purpose of this meeting is to:
- Present proposals on each issue for further discussion before finalising solutions and commence staging changes to the Standards.
Release plan
- Current version of the standards is 1.22.1 published on 22nd March 2023. It incorporates changes to the draft Telco standards along with minor fixes. Refer to the release notes for details
- Version 1.23.0 release of the standards is in progress. This will incorporate the URGENT change request Issue #576
- Changes for MI14 will be published in version 1.24.0 release of the standards
Open Consultations
The following Consultations are open for community feedback
| Consultation | Closing date |
|---|---|
| Decision Proposal 229 - CDR Participant Representation | Placeholder: no close date Link to consultation |
| Decision Proposal 267 - Telco Data Language | TBD Link to consultation |
| Decision Proposal 275 - Holistic Feedback on Telco Standards | TBD Link to consultation |
| Noting Paper 276 - Proposed V5 Rules: Standards Impacts | TBD Link to consultation |
| Noting Paper 292 - Approach to developing standards for the Non-Bank Lending Sector | 24 March 2023 Link to consultation |
| Decision Proposal 288 - Non-Functional Requirements Revision | 31 March 2023 Link to consultation |
| Noting Paper 296 - Offline Customer Authentication | 17 April 2023 Link to consultation |
Future Plan
Review of January-March Quarter and new changes: https://github.com/ConsumerDataStandardsAustralia/future-plan/projects/1
Outstanding Actions
NOTE: Where a :bulb: appears it indicates the Action will be discussed later in the Agenda under Maintenance Iteration 14 Issues.
CX
- DSB to contact participants for examples of existing account selection processes for Issue #574 :bulb:
InfoSec
- DSB to seek legal advice on the enforceability or the binding status of the standards versus an implementation guide with regard to Issue #522 OpenID Provider Configuration End Point parameter requirements.
- In progress
- DSB to provide a proposal on Issue #522 for the community to evaluate. :bulb:
- DSB to assess implications of changing requirement of client_id to ‘SHOULD’ for Issue #535, consider permutations and propose a solution for the community to consider :bulb:
- DSB to analyse phasing options for Issue #535 :bulb:
- ACCC to assess impacts to register and advise whether FDO of 13/11/2023 is achievable for Issue #535 :bulb:
- DSB to advise when a change to accommodate Issue #576 Change id token encryption documentation to allow for use in Hybrid flow and ACF could be made if the Chair approves the request to make it URGENT.
Energy
- DSB to review seasonality aspect of Issue #520 and discuss with interested parties, AER and DELWP. :bulb:
- DSB to modify the FDO and post on Issue #520 for the community to consider. :bulb:
- DSB to post justification of the recommendation to not proceed with Issue #572 :bulb:
Register
- DSB to raise operational concerns regarding CSRs with the ACCC with respect to Issue #577 Updates to Certificate Management.
Banking
- DSB to create holistic CR for issues related to Get Account Detail and Get Product Detail APIs. 💡
Other
- DSB to look at ways to use OAS3 spec to better manage API versioning.
Maintenance Iteration 14 Issues
All open change requests can be found here: Standards Maintenance Issues.
The standards maintenance backlog can be found here: Data Standards Maintenance
The change requests proposed for this iteration are:
CX
InfoSec
- Issue #522 OpenID Provider Configuration End Point parameter requirements
- Issue #535 Standard appears to redefine requirements for private_key_jwt authentication
- Issue #576 Change id token encryption documentation to allow for use in Hybrid flow and ACF
Energy
- Issue #520 Stepped solar feed in tariffs in Energy
- Issue #572 Ergon Energy's fixed quarterly GreenPower amounts are not supported by the spec
Banking
- Issue #567 BankingProductLendingRateV2 - Lending Rates - FIXED/INTEREST_ONLY period end date cannot be determined
- Issue #569 Home Loan Revert rate and product is not available
- Issue #580 Maintenance backlog summary - Banking sector
- Issue #579 Ability to identify pre-authorisation transactions
Register
- Issue #508 Provide APIs to automate onboarding of software products and provisioning of certificates
- This item is related and linked to Issue #427 Standards & Guidelines regarding Sponsored Accreditation
- Issue #577 Updates to Certificate Management
Schema
- Issue #538 Payload conventions; optional fields with null values aren't defined in schemas
- Issue #496 Unauthenticated energy routes have unclear header documentation
Documentation
- Issue #565 Maintenance Iteration 14 Holistic Feedback
- Issue #532 Update x-fapi-auth-date description for Customer APIs
- Issue #483 Large payload tier description error
Other
Watching Brief
The following change requests are not related to DSBs remit to change the Standards however they are of significant interest to the community from a standards perspective. A watching brief will be kept on them throughout this iteration.
- Issue #558 The Data Holder PVT Problem
- Anyone interested in discussing this issue can contact David Renzella [email protected]
- Issue #566 Optionality of critical fields is facilitating data quality issues across Data Holder implementations
- Issue #568 OTP SMS codes for CDR consent should be independent of online banking SMS settings
Change Request Status and Proposal
Any Other Business
Next Steps
Meeting Minutes
Outstanding Actions
CX
- DSB to contact participants for examples of existing account selection processes for Issue #574
InfoSec
- DSB to seek legal advice on the enforceability or the binding status of the standards versus an implementation guide with regard to Issue #522 OpenID Provider Configuration End Point parameter requirements.
- In progress, hoping to have an answer shortly.
- DSB to provide a proposal on Issue #522 for the community to evaluate.
- DSB to assess implications of changing requirement of client_id to ‘SHOULD’ for Issue #535, consider permutations and propose a solution for the community to consider
- DSB to analyse phasing options for Issue #535
- ACCC to assess impacts to register and advise whether FDO of 13/11/2023 is achievable for Issue #535
- DSB to advise when a change to accommodate Issue #576 Change id token encryption documentation to allow for use in Hybrid flow and ACF could be made if the Chair approves the request to make it URGENT.
- This item has been approved as URGENT by the DSB Chair.
Energy
- DSB to review seasonality aspect of Issue #520 and discuss with interested parties, AER and DELWP.
- DSB to modify the FDO and post on Issue #520 for the community to consider.
- DSB to post justification of the recommendation to not proceed with Issue #572
Register
- DSB to raise operational concerns regarding CSRs with the ACCC with respect to Issue #577 Updates to Certificate Management.
Banking
Other
- DSB to look at ways to use OAS3 spec to better manage API versioning.
- Nothing specific to report on at this time.
Maintenance Iteration 14 Issues
The following candidates were discussed:
CX
- Issue #574 Additional functionality to support multiple account selection
- A definition for 'unwarranted friction' and revised wording for the consumer experience standards has been drafted for community review, see comment. The DSB has reached out to retailers for examples and had discussions with Biza.
- With regard to comments on using the term 'accounts', DSB has invited suggestions for alternatives. At this stage none have been proposed and therefore retaining 'accounts' is recommended to remain aligned with the standards.
InfoSec
-
Issue #522 OpenID Provider Configuration End Point parameter requirements
- Request for legal advice is in progress
- No updates at this time however work on providing a response continues.
-
Issue #535 Standard appears to redefine requirements for private_key_jwt authentication
- Proposed solution for this involves changes to the Register.
- DSB has posted details of phasing options as requested in the previous meeting, see comment and an overview was provided. An overview of introducing earlier phasing to allow participants seeking FAPI certification to do so earlier whilst remaining aligned to the Data Standards
-
Issue #576 Change id token encryption documentation to allow for use in Hybrid flow and ACF
- This issue has been approved as URGENT by the DSB Chair. As no further feedback has been received on DSBs Proposed Solution the change will be made as recommended and staged for review before being published in v1.23.0 of the Standards.
Energy
-
Issue #572 Ergon Energy's fixed quarterly GreenPower amounts are not supported by the spec
- Initial discussions with AER and DELWP indicate the request for new ENUM values can't be supplied because the data doesn't exist in source systems.
- There was no discussion on this issue so industry views in this comment could not be clarified.
Banking
-
Issue #569 Home Loan Revert rate and product is not available
- Community feedback on this issue in addition to CDR Support Portal queries indicates there are more challenges with rates. DSB is working on a summary to present options on how they can be addressed.
- It is highly likely this issue will not be resolved and will need to be carried over to MI15.
- DSB encourages the community to consider the implications and share details to improve the outcome of these issues.
-
Issue #580 Maintenance backlog summary - Banking sector
- This issue has been raised to group and summarise all issues affecting the banking sector resource endpoints.
-
Issue #579 Ability to identify pre-authorisation transactions
- This issue has been recorded on the Maintenance Backlog summary- Banking sector, it was raised for awareness but community advice is required on whether it needs to be addressed as a priority and if so should other issues affecting the Get Transactions for Account endpoint be considered at the same time?
Register
-
Issue #508 Provide APIs to automate onboarding of software products and provisioning of certificates
- As indicated earlier this issue will be addressed in a Decision Proposal (refer placeholder DP #289). ACCC has yet to provide input on the strategic direction for the Register Standards Revision.
-
Issue #577 Updates to Certificate Management
- DSB has discussed this issue with the ACCC. Initial intention to remove content and leave to ACCC guidance has been changed based on requests from the community to retain it because it is helpful. The standards will be updated based on the proposed solution to align with current operational practice with a permalink to ACCC guidance on how to undertake the process.
- Related comments on the emerging issue of 'Certificate Authority (CA) purpose' will not be addressed in this issue but will be deferred to the Register Standards Revision DP.
- DSB to post an update reflecting this approach on issue #577
Change Request Status and Proposal
Watching Brief
The following change requests were not discussed however are recorded here for completeness as a watching brief will be kept on them throughout this iteration.
- Issue #558 The Data Holder PVT Problem
- Anyone interested in discussing this issue can contact David Renzella [email protected]
- Issue #566 Optionality of critical fields is facilitating data quality issues across Data Holder implementations
- Issue #568 OTP SMS codes for CDR consent should be independent of online banking SMS settings
Other Business
None.
New Actions
Register
- DSB to post an update reflecting the proposed approach on issue #577
Next Steps
DSB to either finalise the Proposed solutions for each candidate in the MI or recommend it be carried into MI15 if there is insufficient information available to complete it in MI14. The community is encouraged to review DSBs Proposed Solutions and post comments to either support or propose an alternative.