DSB Maintenance Iteration 14: Agenda & Minutes (5 April 2023) - ConsumerDataStandardsAustralia/standards GitHub Wiki

Date and time: 05/04/2023, 2:00pm – 4:00pm AEST

Location: Microsoft Teams Meeting

Dial-in details:

Chair: Hemang Rathod, DSB

Maintenance overview: Further information

Maintenance project board: See here

Decision Proposal: This maintenance iteration is being consulted on under Decision Proposal 281: Maintenance Iteration 14

Housekeeping

Recording

The Maintenance Iteration Calls are recorded for note taking purposes only. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material will be provided without the participant's consent. Participants may email [email protected] should they have any further questions or wish to have any material redacted from the record.

Acknowledgement of Country

We acknowledge the Traditional Custodians of the various lands on which we work today and the Aboriginal and Torres Strait Islander people participating in this call.

We pay our respects to Elders past, present and emerging, and recognise and celebrate the diversity of Aboriginal peoples and their ongoing cultures and connections to the lands and waters of Australia.

Agenda

  • Introductions
  • Release plan
  • Open Consultations
  • Future Plan
  • Outstanding Actions
  • Maintenance Iteration 14 Change Request Status
  • Any other business

Meeting notes

Introductions

The purpose of this meeting is to:

  • Present finalised proposals on each of the issues that can be resolved in this Iteration; or
  • Notify the community of items that cannot be resolved and will be carried into MI15.

Release plan

  • Current version of the standards is 1.22.1 published on 22nd March 2023, refer to the release notes for details
  • Version 1.23.0 release of the standards is in progress and staged changes can be found here. This will incorporate the URGENT change request Issue #576
  • Changes for MI14 will be published in version 1.24.0 release of the standards

Open Consultations

The following Consultations are open for community feedback

Consultation Closing date
Decision Proposal 229 - CDR Participant Representation Placeholder: no close date Link to consultation
Decision Proposal 267 - Telco Data Language TBD Link to consultation
Decision Proposal 275 - Holistic Feedback on Telco Standards TBD Link to consultation
Noting Paper 276 - Proposed V5 Rules: Standards Impacts TBD Link to consultation
Decision Proposal 288 - Non-Functional Requirements Revision 7 April 2023 Link to consultation
Noting Paper 289 - Register Standards Revision 28 April 2023 Link to consultation
Noting Paper 296 - Offline Customer Authentication 17 April 2023 Link to consultation

Future Plan

Review of January-March/April-June Quarters and new changes: https://github.com/ConsumerDataStandardsAustralia/future-plan/projects/1

Outstanding Actions

NOTE: Where a :bulb: appears it indicates the Action will be discussed later in the Agenda under Maintenance Iteration 14 Issues.

CX

  • DSB to contact participants for examples of existing account selection processes for Issue #574 :bulb:

InfoSec

Energy

  • DSB to review seasonality aspect of Issue #520 and discuss with interested parties, AER and DELWP. :bulb:
  • DSB to modify the FDO and post on Issue #520 for the community to consider. :bulb:
  • DSB to post justification of the recommendation to not proceed with Issue #572 :bulb:

Register

Banking

  • DSB to create holistic CR for issues related to Get Account Detail and Get Product Detail APIs. 💡

Other

  • DSB to look at ways to use OAS3 spec to better manage API versioning.

Maintenance Iteration 14 Change Request Status

Domain # Issue Proposal Status Change Proposed Standards Staging link
MI 14 565 Iteration 14 Holistic Feedback
CX 574 Additional functionality to support multiple account selection Change Recommended A new Authorisation CX Standard is proposed to allow additional account selection functionality in the authorisation flow. See comment for proposal
InfoSec 522 OpenID Provider Configuration End Point parameter requirements No Decision Taken Carry over to next MI
InfoSec 535 Standard appears to redefine requirements for private_key_jwt authentication Change Recommended Make client_id requirement "RECOMMENDED" without a future dated obligation, then change it to "OPTIONAL" requirement with a 13/11/2023 obligation date (Y23 https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/5 obligation milestone).
InfoSec 576 Change id token encryption documentation to allow for use in Hybrid flow and ACF URGENT change approved Make changes (see comment) to information security standards to allow encryption of security tokens when Authorization Code flow is used until transition to FAPI 1.0 is complete
Energy 520 Stepped solar feed in tariffs in Energy Change Recommended Update EnergyPlanSolarFeedInTariff schema with the rates object used in other parts of energy standards such as EnergyPlanTariffPeriod. See Option 2 for details
Energy 572 Ergon Energy's fixed quarterly GreenPower amounts are not supported by the spec Change Not Recommended Recommendation to not proceed as the data is not held by the DH (AER/DELWP) to enable the requested change
Banking 567 BankingProductLendingRateV2 - Lending Rates - FIXED/INTEREST_ONLY period end date cannot be determined No Decision Taken Carry over to next MI as new CR
Banking 569 Home Loan Revert rate and product is not available No Decision Taken Carry over to next MI as new CR
Register 508 Provide APIs to automate onboarding of software products and provisioning of certificates Defer This item will be deferred to the consultations flowing from the https://github.com/ConsumerDataStandardsAustralia/standards/issues/289
Register 577 Updates to Certificate Management Change Recommended See comment for details
Doco 532 Update x-fapi-auth-date description for Customer APIs Change Recommended Documentation Fix
Doco 483 Large payload tier description error Change Recommended Non-breaking change - Change Large Payload tier to states 'Any calls to the following end points:'
Schema 538 Payload conventions; optional fields with null values aren't defined in schemas No Decision Taken Carry over to next MI
Schema 496 Unauthenticated energy routes have unclear header documentation Change Recommended Update public Energy endpoints ensuring that x-fapi-interaction-id is not required in request or response headers

Any Other Business

Next Steps

Meeting Minutes

Outstanding Actions

InfoSec

Other

  • DSB to look at ways to use OAS3 spec to better manage API versioning. Issue #578
    • DSB is analysing the way in which OAS3 features can be used to assist with versioning, however they will only be adopted if there's no material impact to the Standards. When the analysis is complete the outcome will be shared with the community.

Maintenance Iteration 14 Change Request Status

NOTE: Reference to Issue #486 in the agenda was incorrect, it is #483, the error has been corrected here and in the previous agenda and minutes for MI14.

Domain # Issue Proposal Status Change Proposed Standards Staging link
MI 14 565 Iteration 14 Holistic Feedback Change recommended All documentation fixes will be adopted as documented TBA
CX 574 Additional functionality to support multiple account selection Change Recommended A new Authorisation CX Standard is proposed to allow additional account selection functionality in the authorisation flow. See comment for details
InfoSec 522 OpenID Provider Configuration End Point parameter requirements No Decision Taken Carry over to next MI
InfoSec 535 Standard appears to redefine requirements for private_key_jwt authentication Change Recommended Make client_id requirement "RECOMMENDED" without a future dated obligation, then change it to "OPTIONAL" requirement with a 13/11/2023 obligation date Y23 #5 obligation milestone. See this comment for additional details.
InfoSec 576 Change id token encryption documentation to allow for use in Hybrid flow and ACF URGENT change approved Make changes (see comment) to information security standards to allow encryption of security tokens when Authorization Code flow is used until transition to FAPI 1.0 is complete. Also see New Actions for a question taken on notice. This change request is incorporated through decision proposal 298
Energy 520 Stepped solar feed in tariffs in Energy Change Recommended Update EnergyPlanSolarFeedInTariff schema with the rates object used in other parts of energy standards such as EnergyPlanTariffPeriod. See Option 2 for details
Energy 572 Ergon Energy's fixed quarterly GreenPower amounts are not supported by the spec Change Not Recommended Recommendation to not proceed as the data is not held by the DH (AER/DELWP) to enable the requested change. As the original issue relates to PRD data quality, it has been referred to AER, see this comment for details.
Banking 567 BankingProductLendingRateV2 - Lending Rates - FIXED/INTEREST_ONLY period end date cannot be determined No Decision Taken Carry over to next MI as new CR
Banking 569 Home Loan Revert rate and product is not available No Decision Taken Carry over to next MI as new CR
Register 508 Provide APIs to automate onboarding of software products and provisioning of certificates Defer This item will be deferred to the consultations flowing from the https://github.com/ConsumerDataStandardsAustralia/standards/issues/289
Register 577 Updates to Certificate Management Change Recommended See comment for details
Doco 532 Update x-fapi-auth-date description for Customer APIs Change Recommended Documentation Fix
Doco 483 Large payload tier description error Change Recommended Non-breaking change - Change Large Payload tier to states 'Any calls to the following end points:'
Schema 538 Payload conventions; optional fields with null values aren't defined in schemas No Decision Taken Carry over to next MI
Schema 496 Unauthenticated energy routes have unclear header documentation Change Recommended Update public Energy endpoints ensuring that x-fapi-interaction-id is not required in request or response headers

Other Business

Commencement of MI15 will be delayed until the 3rd of May to allow time for v1.23.0 (Urgent change for #576) and v1.24.0 conveying MI14 changes to be released. As a consequence, the duration will be reduced to eight weeks instead of 10. Calendar invitations will be issued ASAP.

New Actions

  • Issue 576 DSB to advise if the following interpretation is correct and to make an announcement in the Implementation Call to make it clear to ADRs.
    • FAPI phase 4: it has been interpreted that existing clients who have already registered with a data holder must update their registration to indicate if they want to receive data in Signed format or Signed+Encrypted format. Is this correct and aligned with the intention of the DSB?

Next Steps

DSB will draft the MI14 Decision Proposal for the Chairs approval.