Meeting Minutes

Release Plan

The outcome of Maintenance Iteration 19 will be published in v1.31.0.

Requirements Analysis

Common

• #610 Addition of an (18 or over) Age Verification Flag
  • Ongoing interest in introduction of age bands.
  • This issue also extends to understanding when a consumer is not eligible on an initial request or where eligibility changes for some reason and data sharing ceases while consent is valid.
  • ACTION: To consider opportunities for eligibility error messaging in the authorisation flow, the DSB has requested this be raised as a separate change request by interested parties.
  • ACTION: DSB to apply the Standards Assessment Framework to this issue.
  • This issue will remain on the backlog while the DSB undertakes further analysis.

Security

• #628 Addition of a DH-side endpoint for querying the status of a consent establishment flow
  • Following a number of offline meetings with ADRs, the DSB has prepared a report which has been presented to DSAC.
  • ACTION: DSB to share findings from work with ADRs to understand authentication and authorisation drop-offs. Done, see this comment.

Banking

• #636 Remove BankingTransactionDetail and incorporate extendedData into BankingTransaction
  • Discussion on the issue has covered two areas:
    • Proposal for Transaction Detail fields to be added to the Get Transactions endpoint to reduce the number of requests that need to be made to collect all relevant transaction detail.
    • Transaction data quality.
  • It was also noted that there was a request for issue 324 (new overlay services) to be considered in the MI, which relates to the Get Transaction Detail endpoint.
  • ACTION: DSB to follow up with Dima on NPP opinion.
  • ACTION: DSB to schedule offline discussion with SISS (Josh) on data quality analysis.
  • ACTION: DSB to link [#324 Placeholder - Decision Proposal 324 - Holistic uplift for NPP data sharing].(https://github.com/ConsumerDataStandardsAustralia/standards/issues/324) to this issue as it's related.

Maintenance Iteration 19 Candidates

Holistic Changes

• #638 Maintenance Iteration 19 Holistic Feedback
  • No new comments.

CX

• #633 Collection Consents - Authorisation Amendment
  • DSB ran through the previous 3 options as well as proposed a new fourth option.
  • No clear preference from participants in terms of Options.
  • 1 participant leaned towards Option 2.
  • ACTION: Participants required to indicate preference for Options 1 - 4.
  • ACTION: DSB to post preferred Option. Done, see this comment.

Energy

• #640 Retirement date for Get Generic Plan Detail v2 and Get Energy Account Detail v3
  • DSB explained the proposal is to change the retirement date for Get Generic Plan Detail v2 and Get Energy Account Detail v3 to March 3rd 2025, which will reduce the duration DHs have to maintain multiple versions to 3 months.
  • Participants agreed to the change.
  • ACTION: DSB to post preferred retirement date on the issue.

Documentation

• #362 Security Profile: Request Object - Inconsistency in example for sharing_duration and cdr_arrangement_id

  • Noted that the claims request parameter must be represented as an object as per upstream OIDC specification and the non normative example in the standards is accurate.
  • No change was recommended as a result, which participants agreed to. Potential guidance can be considered based on further feedback.
  • ACTION: DSB to post intention to resolve this issue with guidance and a draft of that guidance on the ticket.

• #573 Clarification on handling of standard claims in request object

  • Participant asked if there are other examples where unsupported scopes may happen, and how this might change with Rich Authorization Request (RAR) And purpose based consents.
  • There was also a query on whether there was a need for data holders to build some logic into authorisation screens. If so, there may be need for more than just guidance. DSB noted that there potentially may be expectation for this.
  • General consensus was guidance is appropriate to resolve this issue based on the assumption it's addressing edge cases, if not then a closer look at the standards would be required.
  • ACTION: DHs to compare what is advertised on OpenID configuration with authorisation requests to determine if any discrepancies exist and whether ADRs are checking endpoints before requesting unsupported claims.
  • ACTION: DSB to continue analysis of how ADR and DH should handle unsupported scopes in different scenarios, including the considerations mentioned above.

• #415 Disambiguation of the claims for a response from the introspection endpoint

  • DSB and participants agreed that the standards could be updated to align with the guidance clarifying that the additional token information is only required for active tokens.
  • This would be a non-breaking change.
  • ACTION: DSB to post recommended language as a proposed solution on the issue.

• #615 Plan Obligation Milestones for 2025

  • Only dates for 2025 are being considered for this change.
  • ACTION: Participants to indicate the proposed 2025 dates are suitable.

Other business

None.

Next Steps

The DSB will finalise solutions on each issue where the requirements have been sufficiently clarified and continue staging changes for v1.31.0.