DSB Maintenance Iteration 9: Agenda & Meeting Notes (17 November 2021) - ConsumerDataStandardsAustralia/standards GitHub Wiki
Date and time: 17/11/2021, 2pm - 4pm AEDT (1pm - 3pm AEST)
Location: WebEx
Dial-in details:
- https://treasuryau.webex.com/treasuryau/j.php?MTID=m6786d3cadd2da38bd3ae2bf7cca07212
- Dial In Number: +61 2 9338 2221
- Dial In Access Code: 265 1917 2241
- Quick Dial: +61-2-9338-2221,,26519172241##
Chair: Mark Verstege
Maintenance overview: Further information
Maintenance project board: See here
Decision Proposal: This maintenance iteration is being consulted on under Decision Proposal 212
- Wait 5 minutes for all participants to join. Kickoff at 2:05pm (AEDT)
- Outstanding Actions
- Release plan: schedule of forwards looking standards releases
- Open Decision Proposals: key consultation dates
- Iteration 9 change request candidates
- Any other business
Meeting notes
This week is the sixth call of the 9th maintenance iteration. The purpose of the meeting is to discuss options for iteration candidates adopted in the 9th maintenance iteration. This meeting has been extended to two hours.
Please note 1: This maintenance iteration has been extended by 4 weeks and will conclude 1st December 2021. This is to incorporate energy change requests and align to end of year shutdown.
Please note 2: Due to the volume of CRs, an out of cycle maintenance iteration call will be held next Wednesday 24/11/2021
- Allow 5 min for participants to join
- Housekeeping
- Overview, purpose and intended outcomes of the meeting
- ANZ to create a change request to better support cursors for returning large result sets.
- (IDToken) DSB to create a CR for customer definition. Created Nominated representative end user for non-individual consumers
- (IDToken) DSB to seek clarification regarding rules for nominated representatives
- (Issue #401) DSB to identify if a change request already exists to deal with introductory offers. If not, the community will raise one. (Update) No CR was identified. If an enhancement is desired, the DSB encourages the community raise a change request for consultation.
- (Issue #292) [IN PROGRESS] DSB to propose strawman solution
- (Issue #291) [IN PROGRESS] DSB to propose strawman solution
- v1.12.0 was published on 14th of October 2021: This release contains binding non-functional requirements for banking and energy
- v1.13.0 was published published on the 22nd of October 2021: porting of Register standards from ACCC
- v1.14.0 was published on the 29th of October 2021: Energy API standards
- v1.15.0+: no current release candidates are scheduled
The following decision proposals are open for community feedback
DP # | Closing date | DP |
---|---|---|
216 | 19/02/2022 | Decision Proposal 216 - Profile Scope Support |
209 | 19/11/2021 | Decision Proposal 209 - Transition to FAPI 1.0 Advanced Profile |
162 | 30/11/2021 | Decision Proposal 162 - CX Standards | Joint Accounts |
222 | 30/11/2021 | Decision Proposal 222 - CX Standards | Insights and Trusted Adviser Disclosure Consents |
225 | 18/02/2022 | Decision Proposal 225 - Data Recipient Security Standards |
211 | Pending | Decision Proposal 211 - Scope of Risk-based Authentication and Identity Proofing Framework, Threat and Attack Model |
210 | Pending | Decision Proposal 210 - Transition to FAPI 2.0 Profile |
203 | No closing date | Normative Standards Review (2021) |
158 | Closed | Decision Proposal 158 - Participant capability discovery |
Review of Q4 and new changes: https://github.com/ConsumerDataStandardsAustralia/future-plan/projects/1
All open change requests can be found here:
- Maintenance Iteration 9 extended until 1st December 2021
- Proposed that Maintenance Iteration commence 16th Feb 2022
The following issues have been consulted on during this iteration. The current status is summarised.
Standards Maintenance Issues
Source | # | Sector | Change Request | Status | Recommendation | Affected Schema (if applicable) |
Affected Endpoint (if applicable) |
---|---|---|---|---|---|---|---|
Standards Maintenance | Issue 404 | Banking | Profile scope not aligned with CX standards | DP216 is live | This issue will be consulted on in Decision Proposal 216 - Profile Scope Support given the breadth of the standards changes | N/A |
|
Standards Maintenance | Issue 395 | Does DHs' PAR endpoint require enabling private key jwt client authentication in addition to request object validation? | No change | No change | N/A | N/A | |
Standards Maintenance | Issue 397 | Transaction Security Ciphers | Alternative supported | Defer to FAPI 1.0. The change proposed by the DSB to defer to FAPI standards will be included in the DP 209 consultation. Standards will be changed in accordance to the schedule for FAPI 1.0 adoption | N/A | N/A | |
Standards Maintenance | Issue 406 | Change Request to make 'scope' optional in the token end-point response in FAPI | Not supported | Retain current requirement for scope support. Alignment to FAPI 1.0 (Final) requirements for the scope value will be included in the DP 209 consultation. Standards will be changed in accordance to the schedule for FAPI 1.0 adoption | N/A |
|
|
Standards Maintenance | Issue 150 | A loan may have no end date but loanEndDate is mandatory | Supported - Breaking Change | Change repaymentFrequency , loanEndDate and nextInstallmentDate fields to be optional. |
|
|
|
Standards Maintenance | Issue 396 | Define new Digital Wallet Payee Type to relevant schemas | Supported - Breaking Change | Extend payee support for provider-agnostic digital wallets. Get Payees v2 and Get Payee Detail v2 future-dated obligation of 31st of March 2022. Data Holders can support v2 as early as is practical but no later than 31st of March 2022. Retirement of v1 APIs 1 month after v2 FDO (i.e., any time after 31st April 2022). |
|
|
|
Standards Maintenance | Issue 405 | Alternative mechanisms for OTP | Under consultation | No recommendation yet made | N/A | N/A | |
Standards Maintenance | Issue 407 | Align data quality NFR with Privacy Safeguard 11 | Change supported | Changes to Data Quality NFRs working in line with OAIC feedback regarding data quality requirements in relation to Privacy Safeguard 11 | N/A | N/A | |
Standards Maintenance | Issue 402 | Support for multiple additional information documents | Change proposed; Under consultation | Proposes changes to supported multiple additional product documents | BankingProductV3 |
|
|
Standards Maintenance | Issue 401 | Extending the list of supported feature types | Under consultation | Proposes changes to supported feature types |
|
|
|
Standards Maintenance | Issue 291 | Credit card loyalty program data: significant gaps and lack of structure | Under consultation | Proposes changes to better support loyalty schemes |
|
|
|
Standards Maintenance | Issue 292 | Credit card balance plans and payment hierarchy: inadequate information within the CDS | Under consultation | Proposes changes to supported multiple payment plans and balances |
|
|
|
Standards Maintenance | Issue 391 | Remove requirement for at least one address in physicalAddresses array | Under consultation | Proposed change to remove requirement of at least one address to be returned. Feedback from DHs has indicated that this is not always possible when the address held on record is invalid |
|
|
|
Standards Maintenance | Issue 423 | Energy | Review of demand charges in energy billing transactions | Under consultation | - | - | - |
Standards Maintenance | Issue 422 | Energy | Energy C&I tariff extensions | Under consultation | - | - | - |
Standards Maintenance | Issue 421 | Energy | Review of rates in energy account payload | Under consultation | - | - | - |
Standards Maintenance | Issue 420 | Energy | Modification of energy account enumeration values | Under consultation | - | - | - |
Standards Maintenance | Issue 419 | Energy | Modification of energy billing and invoicing enumeration values | Under consultation | - | - | - |
Standards Maintenance | Issue 432 | Energy | EnergyPlanSolarFeedInTariff.tariffUType enum contains incorrect values | - | - | - | |
Standards Maintenance | Issue 428 | InfoSec | CTS incorrectly implements Data Holder Initiated Revocation | For consultation | - | - | - |
Standards Maintenance | Issue 426 | InfoSec | Recipient Arrangement Revocation Endpoint exposed to Mixup Attack | For consultation | - | - | - |
Standards Maintenance | Issue 428 | InfoSec | CTS incorrectly implements Data Holder Initiated Revocation | For consultation | - | - | - |
Standards Maintenance | Issue 435 | InfoSec | Nominated representative end user for non-individual consumers | - | - | - | |
Standards Maintenance | Issue 424 | Register | Change Request for Data Holder Multi-Sector support | For consultation | - | - | - |
Standards Maintenance | Issue 425 | Register | Change Request for Data Recipient Multi-Sector support | For consultation | - | - | - |
Standards Maintenance | Issue 431 | Register | Register participant statuses do not detail data holder behaviour when ADR is revoked and SP inactive | For consultation | - | - | - |
Standards Maintenance | Issue 433 | Register | Data Holder behaviour is not defined when a software product id goes "missing" | For consultation | - | - | - |
CDR Register Maintenance Issues
Source | # | Change Request | Status | Recommendation | Affected Schema (if applicable) |
Affected Endpoint (if applicable) |
---|---|---|---|---|---|---|
CDR Register | Issue 169 | Update Register APIs to search for and differentiate between archived entities | Change supported | Documentation fixes. Staged and published after v1.13.0 release | N/A | N/A |
CDR Register | Issue 189 | RegisterDataHolderAuth schema in GetDataHolderBrands descriptions to be clarified | Change supported | Documentation fixes. Staged and published after v1.13.0 release | N/A | N/A |
CDR Register | Issue 188 | SSA definition: Deprecation of revocation_uri | Change supported | Documentation fixes. Staged and published after v1.13.0 release | N/A | N/A |
CDR Register | Issue 186 | Documentation improvement: JWT Signature verification requirements during the DCR flows | Change supported | Documentation fixes. Staged and published after v1.13.0 release | N/A | N/A |
CDR Register | Issue 174 | Update Register APIs to search for and differentiate between archived entities | Delayed | Carried over to next iteration | N/A | N/A |
CDR Register | Issue 126 | Consider changing statement in Certificate Management about the use of ACCC CA issued certificates for ADR end points | Delayed | To be consulted on under DP 211 threat modelling | N/A | N/A |
CDR Register | Issue 123 | Consider identicons to allow DHs to provide multiple attributes to map to individual accreditations | Under consultation | Requesting feedback. No recommendation has been made. | N/A | N/A |
CDR Register | Issue 175 | Publish an endpoint version schedule to document the introduction and deprecation of Register and DCR endpoints | Documentation enhancement | This will be covered with the merging of the CDR Register standards into the Consumer Data Standards. Deprecation schedules for various endpoint versions can then be discussed in future maintenance iterations | N/A | N/A |
Issue 423: Review of demand charges in energy billing transactions
- For discussion
Issue 422: Energy C&I tariff extensions
- For discussion
Issue 421: Review of rates in energy account payload
- For discussion
Issue 420: Modification of energy account enumeration values
- For discussion
Issue 419: Modification of energy billing and invoicing enumeration values
- For discussion
Issue 432: EnergyPlanSolarFeedInTariff.tariffUType enum contains incorrect values
- For discussion
Issue 435: Nominated representative end user for non-individual consumers
- For discussion
Issue 428: CTS incorrectly implements Data Holder Initiated Revocation
- For discussion
Issue 426: Recipient Arrangement Revocation Endpoint exposed to Mixup Attack
- For discussion
- For discussion
Issue 424: API Uplift for Data Holder Multi-Sector support
- For discussion
Issue 425: API Uplift for Data Recipient Multi-Sector support
- For discussion
- For discussion
Issue 433: Data Holder behaviour is not defined when a software product id goes "missing"
- For discussion
Issue 402: Support for multiple additional information documents
- For discussion
Issue 401: Extending the list of supported feature types
- For discussion
- Address any other business arising from the community
- Out of cycle confirmed for Wednesday 24th November 2021. Duration = 2 hours.
Standards Maintenance Issues
-
Energy Issues
- Issue 423:
- Added demand object to billing
- Energy release candidate has been updated to reflect this
- Issue 422:
- Enhanced charges detail to provide all known common charges
- DSB is seeking confirmation this list is correct and any changes (additions / removals) required
- 421:
- Proposes better support for C&I where demand charges don't apply - the proposal is to treat these a conditional (not required where the condition is the consumer == C&I)
- 420:
- Discussed. Related to #421
- 419:
- Discussed
- Issue 432:
- Copy and paste error. Documentation fix agreed
- Unit of measure for charging
- Discussed whether a unit of measure should be included. E.g.
$/kWH, $ /day, $/hr etc. - At the moment this is ambiguous
- DSB requested the community raise a CR to address this
- Discussed whether a unit of measure should be included. E.g.
- Issue 423:
-
Register Issues
- Issue 424: Discussed. DSB outlined intent and purpose of the CR. Further discussion on Wed 24th November
-
InfoSec & Common Issues
-
Issue 435:
- This issue is known but intentionally avoided in FAPI.
- OIDC is clear that the
sub
and profile data relates to the authenticated user - Key questions:
- Transition plan
- Agreed end state
- Future obligation dates
- So far, no feedback has been received by ADRs on impact to their software solutions
- Overlap with DP 216
-
Issue 428:
- DSB to discuss CTS support with the ACCC
- In principle support for the recommendation proposed. This would allow all DHs to be compliant
- This would require additional work for ADRs
-
Issue 426:
- Recommended option is to adopt a self-signed JWT which includes the
cdr_arrangement_id
- This decouples business and security logic
- Prefer expedient adoption by DHs as soon as possible
- Recommended option is to adopt a self-signed JWT which includes the
-
-
Banking
- No items discussed
- Community to raise a CR for energy charges to include a unit of measure (e.g.
$/kWH, $ /day, $/hr) - DSB to discuss CTS support for audience claim value for DHs calling the ADR revocation endpoint
None
None