DSB Maintenance Iteration 14: Agenda & Minutes (5 April 2023) - ConsumerDataStandardsAustralia/standards GitHub Wiki
Date and time: 05/04/2023, 2:00pm – 4:00pm AEST
Location: Microsoft Teams Meeting
Dial-in details:
- https://teams.microsoft.com/l/meetup-join/19%3ameeting_MTRiYjhhMGUtYmZhNS00NjBmLWIzODgtMWI2ODExMWIyNjUw%40thread.v2/0?context=%7b%22Tid%22%3a%22214f1646-2021-47cc-8397-e3d3a7ba7d9d%22%2c%22Oid%22%3a%2257cd8c59-9b50-4670-bc85-25281a11ec8d%22%7d
- Meeting ID: 461 357 467 375
- Passcode: UrWjgq
- Dial In Number: +61 2 9161 1229
- Phone Conference ID: 689 954 982#
Chair: Hemang Rathod, DSB
Maintenance overview: Further information
Maintenance project board: See here
Decision Proposal: This maintenance iteration is being consulted on under Decision Proposal 281: Maintenance Iteration 14
Housekeeping
Recording
The Maintenance Iteration Calls are recorded for note taking purposes only. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material will be provided without the participant's consent. Participants may email [email protected] should they have any further questions or wish to have any material redacted from the record.
Acknowledgement of Country
We acknowledge the Traditional Custodians of the various lands on which we work today and the Aboriginal and Torres Strait Islander people participating in this call.
We pay our respects to Elders past, present and emerging, and recognise and celebrate the diversity of Aboriginal peoples and their ongoing cultures and connections to the lands and waters of Australia.
Agenda
- Introductions
- Release plan
- Open Consultations
- Future Plan
- Outstanding Actions
- Maintenance Iteration 14 Change Request Status
- Any other business
Meeting notes
Introductions
The purpose of this meeting is to:
- Present finalised proposals on each of the issues that can be resolved in this Iteration; or
- Notify the community of items that cannot be resolved and will be carried into MI15.
Release plan
- Current version of the standards is 1.22.1 published on 22nd March 2023, refer to the release notes for details
- Version 1.23.0 release of the standards is in progress and staged changes can be found here. This will incorporate the URGENT change request Issue #576
- Changes for MI14 will be published in version 1.24.0 release of the standards
Open Consultations
The following Consultations are open for community feedback
Consultation | Closing date |
---|---|
Decision Proposal 229 - CDR Participant Representation | Placeholder: no close date Link to consultation |
Decision Proposal 267 - Telco Data Language | TBD Link to consultation |
Decision Proposal 275 - Holistic Feedback on Telco Standards | TBD Link to consultation |
Noting Paper 276 - Proposed V5 Rules: Standards Impacts | TBD Link to consultation |
Decision Proposal 288 - Non-Functional Requirements Revision | 7 April 2023 Link to consultation |
Noting Paper 289 - Register Standards Revision | 28 April 2023 Link to consultation |
Noting Paper 296 - Offline Customer Authentication | 17 April 2023 Link to consultation |
Future Plan
Review of January-March/April-June Quarters and new changes: https://github.com/ConsumerDataStandardsAustralia/future-plan/projects/1
Outstanding Actions
NOTE: Where a :bulb: appears it indicates the Action will be discussed later in the Agenda under Maintenance Iteration 14 Issues.
CX
- DSB to contact participants for examples of existing account selection processes for Issue #574 :bulb:
InfoSec
- DSB to seek legal advice on the enforceability or the binding status of the standards versus an implementation guide with regard to Issue #522 OpenID Provider Configuration End Point parameter requirements.
- In progress
- DSB to provide a proposal on Issue #522 for the community to evaluate. :bulb:
- DSB to assess implications of changing requirement of client_id to ‘SHOULD’ for Issue #535, consider permutations and propose a solution for the community to consider :bulb:
- DSB to analyse phasing options for Issue #535 :bulb:
- ACCC to assess impacts to register and advise whether FDO of 13/11/2023 is achievable for Issue #535 :bulb:
- DSB to advise when a change to accommodate Issue #576 Change id token encryption documentation to allow for use in Hybrid flow and ACF could be made if the Chair approves the request to make it URGENT.
Energy
- DSB to review seasonality aspect of Issue #520 and discuss with interested parties, AER and DELWP. :bulb:
- DSB to modify the FDO and post on Issue #520 for the community to consider. :bulb:
- DSB to post justification of the recommendation to not proceed with Issue #572 :bulb:
Register
- DSB to raise operational concerns regarding CSRs with the ACCC with respect to Issue #577 Updates to Certificate Management.
- DSB to post an update reflecting the proposed approach on issue #577
Banking
- DSB to create holistic CR for issues related to Get Account Detail and Get Product Detail APIs. 💡
Other
- DSB to look at ways to use OAS3 spec to better manage API versioning.
Maintenance Iteration 14 Change Request Status
Domain | # | Issue | Proposal Status | Change Proposed | Standards Staging link |
---|---|---|---|---|---|
MI 14 | 565 | Iteration 14 Holistic Feedback | |||
CX | 574 | Additional functionality to support multiple account selection | Change Recommended | A new Authorisation CX Standard is proposed to allow additional account selection functionality in the authorisation flow. See comment for proposal | |
InfoSec | 522 | OpenID Provider Configuration End Point parameter requirements | No Decision Taken | Carry over to next MI | |
InfoSec | 535 | Standard appears to redefine requirements for private_key_jwt authentication | Change Recommended | Make client_id requirement "RECOMMENDED" without a future dated obligation, then change it to "OPTIONAL" requirement with a 13/11/2023 obligation date (Y23 https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues/5 obligation milestone). |
|
InfoSec | 576 | Change id token encryption documentation to allow for use in Hybrid flow and ACF | URGENT change approved | Make changes (see comment) to information security standards to allow encryption of security tokens when Authorization Code flow is used until transition to FAPI 1.0 is complete | |
Energy | 520 | Stepped solar feed in tariffs in Energy | Change Recommended | Update EnergyPlanSolarFeedInTariff schema with the rates object used in other parts of energy standards such as EnergyPlanTariffPeriod . See Option 2 for details |
|
Energy | 572 | Ergon Energy's fixed quarterly GreenPower amounts are not supported by the spec | Change Not Recommended | Recommendation to not proceed as the data is not held by the DH (AER/DELWP) to enable the requested change | |
Banking | 567 | BankingProductLendingRateV2 - Lending Rates - FIXED/INTEREST_ONLY period end date cannot be determined | No Decision Taken | Carry over to next MI as new CR | |
Banking | 569 | Home Loan Revert rate and product is not available | No Decision Taken | Carry over to next MI as new CR | |
Register | 508 | Provide APIs to automate onboarding of software products and provisioning of certificates | Defer | This item will be deferred to the consultations flowing from the https://github.com/ConsumerDataStandardsAustralia/standards/issues/289 | |
Register | 577 | Updates to Certificate Management | Change Recommended | See comment for details | |
Doco | 532 | Update x-fapi-auth-date description for Customer APIs | Change Recommended | Documentation Fix | |
Doco | 483 | Large payload tier description error | Change Recommended | Non-breaking change - Change Large Payload tier to states 'Any calls to the following end points:' | |
Schema | 538 | Payload conventions; optional fields with null values aren't defined in schemas | No Decision Taken | Carry over to next MI | |
Schema | 496 | Unauthenticated energy routes have unclear header documentation | Change Recommended | Update public Energy endpoints ensuring that x-fapi-interaction-id is not required in request or response headers |
Any Other Business
Next Steps
Meeting Minutes
Outstanding Actions
InfoSec
- DSB to seek legal advice on the enforceability or the binding status of the standards versus an implementation guide with regard to Issue #522 OpenID Provider Configuration End Point parameter requirements.
- In progress (this issue will be carried over to MI15)
Other
- DSB to look at ways to use OAS3 spec to better manage API versioning. Issue #578
- DSB is analysing the way in which OAS3 features can be used to assist with versioning, however they will only be adopted if there's no material impact to the Standards. When the analysis is complete the outcome will be shared with the community.
Maintenance Iteration 14 Change Request Status
NOTE: Reference to Issue #486 in the agenda was incorrect, it is #483, the error has been corrected here and in the previous agenda and minutes for MI14.
Domain | # | Issue | Proposal Status | Change Proposed | Standards Staging link |
---|---|---|---|---|---|
MI 14 | 565 | Iteration 14 Holistic Feedback | Change recommended | All documentation fixes will be adopted as documented | TBA |
CX | 574 | Additional functionality to support multiple account selection | Change Recommended | A new Authorisation CX Standard is proposed to allow additional account selection functionality in the authorisation flow. See comment for details | |
InfoSec | 522 | OpenID Provider Configuration End Point parameter requirements | No Decision Taken | Carry over to next MI | |
InfoSec | 535 | Standard appears to redefine requirements for private_key_jwt authentication | Change Recommended | Make client_id requirement "RECOMMENDED" without a future dated obligation, then change it to "OPTIONAL" requirement with a 13/11/2023 obligation date Y23 #5 obligation milestone. See this comment for additional details. |
|
InfoSec | 576 | Change id token encryption documentation to allow for use in Hybrid flow and ACF | URGENT change approved | Make changes (see comment) to information security standards to allow encryption of security tokens when Authorization Code flow is used until transition to FAPI 1.0 is complete. Also see New Actions for a question taken on notice. This change request is incorporated through decision proposal 298 | |
Energy | 520 | Stepped solar feed in tariffs in Energy | Change Recommended | Update EnergyPlanSolarFeedInTariff schema with the rates object used in other parts of energy standards such as EnergyPlanTariffPeriod . See Option 2 for details |
|
Energy | 572 | Ergon Energy's fixed quarterly GreenPower amounts are not supported by the spec | Change Not Recommended | Recommendation to not proceed as the data is not held by the DH (AER/DELWP) to enable the requested change. As the original issue relates to PRD data quality, it has been referred to AER, see this comment for details. | |
Banking | 567 | BankingProductLendingRateV2 - Lending Rates - FIXED/INTEREST_ONLY period end date cannot be determined | No Decision Taken | Carry over to next MI as new CR | |
Banking | 569 | Home Loan Revert rate and product is not available | No Decision Taken | Carry over to next MI as new CR | |
Register | 508 | Provide APIs to automate onboarding of software products and provisioning of certificates | Defer | This item will be deferred to the consultations flowing from the https://github.com/ConsumerDataStandardsAustralia/standards/issues/289 | |
Register | 577 | Updates to Certificate Management | Change Recommended | See comment for details | |
Doco | 532 | Update x-fapi-auth-date description for Customer APIs | Change Recommended | Documentation Fix | |
Doco | 483 | Large payload tier description error | Change Recommended | Non-breaking change - Change Large Payload tier to states 'Any calls to the following end points:' | |
Schema | 538 | Payload conventions; optional fields with null values aren't defined in schemas | No Decision Taken | Carry over to next MI | |
Schema | 496 | Unauthenticated energy routes have unclear header documentation | Change Recommended | Update public Energy endpoints ensuring that x-fapi-interaction-id is not required in request or response headers |
Other Business
Commencement of MI15 will be delayed until the 3rd of May to allow time for v1.23.0 (Urgent change for #576) and v1.24.0 conveying MI14 changes to be released. As a consequence, the duration will be reduced to eight weeks instead of 10. Calendar invitations will be issued ASAP.
New Actions
- Issue 576 DSB to advise if the following interpretation is correct and to make an announcement in the Implementation Call to make it clear to ADRs.
- FAPI phase 4: it has been interpreted that existing clients who have already registered with a data holder must update their registration to indicate if they want to receive data in Signed format or Signed+Encrypted format. Is this correct and aligned with the intention of the DSB?
Next Steps
DSB will draft the MI14 Decision Proposal for the Chairs approval.