DSB Maintenance Iteration 14: Agenda & Minutes (8 March 2023)

Date and time: 08/03/2023, 2:00pm – 4:00pm AEDT

Location: Microsoft Teams Meeting

Dial-in details:

• https://teams.microsoft.com/l/meetup-join/19%3ameeting_MTRiYjhhMGUtYmZhNS00NjBmLWIzODgtMWI2ODExMWIyNjUw%40thread.v2/0?context=%7b%22Tid%22%3a%22214f1646-2021-47cc-8397-e3d3a7ba7d9d%22%2c%22Oid%22%3a%2257cd8c59-9b50-4670-bc85-25281a11ec8d%22%7d
• Meeting ID: 461 357 467 375
• Passcode: UrWjgq
• Dial In Number: +61 2 9161 1229
• Phone Conference ID: 689 954 982#

Chair: Hemang Rathod, DSB

Maintenance overview: Further information

Maintenance project board: See here

Decision Proposal: This maintenance iteration is being consulted on under Decision Proposal 281: Maintenance Iteration 14

Recording

The Maintenance Iteration Calls are recorded for note taking purposes only. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material will be provided without the participant's consent. Participants may email contact@consumerdatastandards.gov.au should they have any further questions or wish to have any material redacted from the record.

Acknowledgement of Country

We acknowledge the Traditional Custodians of the various lands on which we work today and the Aboriginal and Torres Strait Islander people participating in this call.

We pay our respects to Elders past, present and emerging, and recognise and celebrate the diversity of Aboriginal peoples and their ongoing cultures and connections to the lands and waters of Australia.

Agenda

• Introductions
• Outstanding Actions
• Release plan
• Open Consultations
• Future Plan
• New issue checkpoint
• Maintenance Iteration 14 Issues
• Any other business

Meeting notes

• Meeting Minutes
• Next steps

Introductions

The purpose of this meeting is to:

• Continue discussion on the iteration candidates to formulate a proposal for Maintenance Iteration 14; and
• Assess the impact of any new issues raised since the beginning of the MI on its scope.

Outstanding Actions

NOTE: Where a 💡 appears it indicates the Action will be discussed later in the Agenda under Maintenance Iteration 14 Issues.

InfoSec

• DSB to seek legal advice on the enforceability or the binding status of the standards versus an implementation guide with regard to Issue #522 OpenID Provider Configuration End Point parameter requirements.
• DSB to assess implications of changing requirement of client_id to ‘SHOULD’ for Issue #535, consider permutations and propose a solution for the community to consider. 💡
• DSB to advise when a change to accommodate Issue #576 Change id token encryption documentation to allow for use in Hybrid flow and ACF could be made if the Chair approves the request to make it URGENT. 💡

Energy

• DSB to review seasonality aspect of Issue #520 and discuss with interested parties, AER and DELWP. 💡

Banking

• DSB to review all Banking change requests to determine if there are related items that could be addressed at the same time as #567 and #569.

• DSB to create holistic CR for issues related to Get Account Detail and Get Product Detail APIs. 💡

Other

• DSB to look at ways to use OAS3 spec to better manage API versioning.

Release plan

• Latest/current version of standards is 1.22.0 which incorporates changes from MI13
• DSB is planning a patch release to incorporate, if requested as URGENT by the community, the change proposed in Issue #576. It will also include fixes on the DRAFT Telco standards and other errata.

Open Consultations

The following decision proposals are open for community feedback

DP #	Consultation	Closing date
Consultation	Decision Proposal 229 - CDR Participant Representation	Placeholder: no close date Link to consultation
Consultation	Decision Proposal 267 - Telco Data Language	TBD Link to consultation
Consultation	Decision Proposal 275 - Holistic Feedback on Telco Standards	TBD Link to consultation
Consultation	Noting Paper 276 - Proposed V5 Rules: Standards Impacts	TBD Link to consultation
Consultation	Noting Paper 292 - Approach to developing standards for the Non-Bank Lending Sector	24 March 2023 Link to consultation
Consultation	Decision Proposal 288 - Non-Functional Requirements Revision	31 March 2023 Link to consultation

Future Plan

Review of January-March Quarter and new changes: https://github.com/ConsumerDataStandardsAustralia/future-plan/projects/1

New Issue Checkpoint

Two new issues have been raised since the MI started:

• #578 Native OAS Versioning Support
• #579 Ability to identify pre-authorisation transactions

Maintenance Iteration 14 Issues

All open change requests can be found here: Standards Maintenance Issues.

The standards maintenance backlog can be found here: Data Standards Maintenance

The change requests proposed for this iteration are:

CX

• Issue #574 Additional functionality to support multiple account selection

InfoSec

• Issue #522 OpenID Provider Configuration End Point parameter requirements
• Issue #535 Standard appears to redefine requirements for private_key_jwt authentication
• Issue #576 Change id token encryption documentation to allow for use in Hybrid flow and ACF

Energy

• Issue #520 Stepped solar feed in tariffs in Energy
• Issue #572 Ergon Energy's fixed quarterly GreenPower amounts are not supported by the spec

Banking

• Issue #567 BankingProductLendingRateV2 - Lending Rates - FIXED/INTEREST_ONLY period end date cannot be determined
• Issue #569 Home Loan Revert rate and product is not available

Register

• Issue #508 Provide APIs to automate onboarding of software products and provisioning of certificates
  • This item is related and linked to Issue #427 Standards & Guidelines regarding Sponsored Accreditation
• Issue #577 Updates to Certificate Management

Schema

• Issue #538 Payload conventions; optional fields with null values aren't defined in schemas
• Issue #496 Unauthenticated energy routes have unclear header documentation

Documentation

• Issue #565 Maintenance Iteration 14 Holistic Feedback
• Issue #532 Update x-fapi-auth-date description for Customer APIs
• Issue #483 Large payload tier description error

Watching Brief

The following change requests are not related to DSBs remit to change the Standards however they are of significant interest to the community from a standards perspective. A watching brief will be kept on them throughout this iteration.

• Issue #558 The Data Holder PVT Problem
  • Anyone interested in discussing this issue can contact David Renzella david.renzella@accc.gov.au
• Issue #566 Optionality of critical fields is facilitating data quality issues across Data Holder implementations
• Issue #568 OTP SMS codes for CDR consent should be independent of online banking SMS settings

Any Other Business

Meeting Minutes

Outstanding Actions

InfoSec

• DSB to seek legal advice on the enforceability or the binding status of the standards versus an implementation guide with regard to Issue #522 OpenID Provider Configuration End Point parameter requirements.
  • Legal advice has been requested, no response.
• DSB to assess implications of changing requirement of client_id to ‘SHOULD’ for Issue #535, consider permutations and propose a solution for the community to consider.
  • See discussion in InfoSec
• DSB to advise when a change to accommodate Issue #576 Change id token encryption documentation to allow for use in Hybrid flow and ACF could be made if the Chair approves the request to make it URGENT.
  • DSB is waiting on support from the community to request the Chair make Issue 576 URGENT and subsequently advise of an FDO.

Energy

• DSB to review seasonality aspect of Issue #520 and discuss with interested parties, AER and DELWP.
  • See discussion in Energy

Banking

• DSB to review all Banking change requests to determine if there are related items that could be addressed at the same time as #567 and #569.
• DSB Create holistic CR for issues related to Get Account Detail and Get Product Detail APIs.

Other

• DSB - Look at ways to use OAS3 spec to better manage API versioning
• Issue #578 Native OAS Versioning Support has been added to the Iteration Candidates for MI14.

New Issue Checkpoint

Two new issues raised since the MI started were discussed

• #578 Native OAS Versioning Support

  • Consensus was to include it in this MI but is not a high priority and can be rolled over to the next MI if needed.
  • Add item to Iteration Candidates

• #579 Ability to identify pre-authorisation transactions

  • This item deals with additional clarity around the definitions for and identification of pre-authorisation transactions.
  • Consensus was to include it in this MI although there is concern it could be complex and time consuming to resolve and can be rolled over to the next MI if needed.
  • Add item to Iteration Candidates

Maintenance Iteration 14 Issues

The following candidates were discussed:

CX

• Issue #574 Additional functionality to support multiple account selection
  • CX Guidelines requested to support a CX Standard and recommended because visual guidance will really help. However DSB does not have examples of the current problem space and cannot design solutions without more information.
  • Definition for "unwarranted friction" requested to provide clarity on whether:
    • exclusion of additional functions would be considered 'unwarranted friction'; or
    • introducing no more friction than an equivalent account selection process within a primary digital channel would be acceptable.
  • Concern that reference to 'accounts' is banking centric but problem space crosses sectors.
  • The community is requested to provide feedback on the questions in the original post on the issue.
  • DSB to contact participants for examples of existing account selection processes.

InfoSec

• Issue #522 OpenID Provider Configuration End Point parameter requirements

  • Dependency on legal advice regarding reliance on non normative examples, see outstanding actions.
  • DSB to provide a proposal on Issue #522 for the community to evaluate.

• Issue #535 Standard appears to redefine requirements for private_key_jwt authentication

  • Proposed solution for this involves changes to the Register.
  • ACCC to assess impacts to register and advise whether FDO of 13/11/2023 is achievable.
  • Discussed introducing earlier phasing to allow participants seeking FAPI certification to do so earlier whilst remaining aligned to the Data Standards
  • DSB to analyse phasing options

• Issue #576 Change id token encryption documentation to allow for use in Hybrid flow and ACF

  • Expectation on ADRs to update registrations to comply with transition plan requirements and check negotiation terms was debated. With long lead times notifying of these types of advertised changes the consensus is for ADRs to align and build in discovery document checks for general hygiene purposes.
  • In principle agreement with proposed approach.
  • Community to post comments in support of treating this issue as URGENT.

Energy

• Issue #520 Stepped solar feed in tariffs in Energy

  • DSB has held discussions with interested parties, AER and DELWP as described in this post.
  • General consensus that the proposed structure with amendment of start and end dates fields is ok however the FDO is not achievable.
  • DSB to modify the FDO and post on Issue #520 for the community to consider.

• Issue #572 Ergon Energy's fixed quarterly GreenPower amounts are not supported by the spec

  • Initial discussions with AER and DELWP indicate the request for new ENUM values can't be supplied because the data doesn't exist in source systems.
  • DSBs recommendation is to NOT PROCEED with this request.
  • DSB to post justification of the recommendation to not proceed with Issue #572

Banking

• Issue #567 BankingProductLendingRateV2 - Lending Rates - FIXED/INTEREST_ONLY period end date cannot be determined AND
• Issue #569 Home Loan Revert rate and product is not available
  • The community requires more time to consider DSB's proposal posted shortly before today's meeting.
  • Concerns that it might not be possible to advertise a future rate.
  • Community to post views on either Issue #567 (preferred) or #569.

Register

• Issue #508 Provide APIs to automate onboarding of software products and provisioning of certificates

  • Nothing further to share on this issue, DSB and ACCC are in still in discussion on the strategic direction for the Register Standards Revision (refer placeholder DP #289). Feedback from the community is welcomed and necessary to feed into our analysis.

• Issue #577 Updates to Certificate Management

  • DSB is still working through the implications of this request, one option, pending further clarification on the request from the ACCC, is to remove CSR information from the standards. Technically the CSR is an operational process that can be described and advertised by the Registrar.
  • Concern that removing these details from the Standards will further reduce participant's access to operational support because these standards are relied on to validate the accuracy of a CSR.
  • DSB to raise operational concerns regarding CSRs with the ACCC.

Change Request Status and Proposal

Domain	#	Issue	Proposal Status	Change Proposed	Standards Staging link
MI 14	565	Iteration 14 Holistic Feedback
CX	574	Additional functionality to support multiple account selection	Under discussion
InfoSec	522	OpenID Provider Configuration End Point parameter requirements	Under discussion
InfoSec	535	Standard appears to redefine requirements for private_key_jwt authentication	URGENT change approved Under discussion
InfoSec	576	Change id token encryption documentation to allow for use in Hybrid flow and ACF	Under discussion URGENT change approved
Energy	520	Stepped solar feed in tariffs in Energy	Option 2 Recommended
Energy	572	Ergon Energy's fixed quarterly GreenPower amounts are not supported by the spec	Recommended to NOT PROCEED
Banking	567	BankingProductLendingRateV2 - Lending Rates - FIXED/INTEREST_ONLY period end date cannot be determined	Under discussion
Banking	569	Home Loan Revert rate and product is not available	Under discussion
Register	508	Provide APIs to automate onboarding of software products and provisioning of certificates	Under discussion
Register	577	Updates to Certificate Management	Under discussion
Doco	532	Update x-fapi-auth-date description for Customer APIs	Documentation Fix
Doco	483	Large payload tier description error	Documentation Fix
Schema	538	Payload conventions; optional fields with null values aren't defined in schemas	Change Recommended
Schema	496	Unauthenticated energy routes have unclear header documentation	Change Recommended

Watching Brief

The following change requests were not discussed however are recorded here for completeness as a watching brief will be kept on them throughout this iteration.

• Issue #558 The Data Holder PVT Problem
  • Anyone interested in discussing this issue can contact David Renzella david.renzella@accc.gov.au
• Issue #566 Optionality of critical fields is facilitating data quality issues across Data Holder implementations
• Issue #568 OTP SMS codes for CDR consent should be independent of online banking SMS settings

Other Business

None.

New Actions

CX

• DSB to contact participants for examples of existing account selection processes for Issue #574.

InfoSec

• DSB to provide a proposal on Issue #522 for the community to evaluate.
• ACCC to assess impacts to register and advise whether FDO of 13/11/2023 is achievable for Issue #535.
• DSB to analyse phasing options for Issue #535.

Energy

• DSB to modify the FDO and post on Issue #520 for the community to consider.
• DSB to post justification of the recommendation to not proceed with Issue #572

Register

• DSB to raise operational concerns regarding CSRs with the ACCC with respect to Issue #577 Updates to Certificate Management.

Next Steps

To ensure DSB's final proposals for the items in this MI take all necessary aspects into account, the community is requested to consider their requirements and post comments as soon as possible. The next Maintenance Iteration meeting is scheduled for 22 March 2023.