-
Notifications
You must be signed in to change notification settings - Fork 56
ACCC & DSB Data Holder Working Group Agenda & Meeting Notes 2020_04_09
When: Weekly every Thursday at 3pm-4.30pm AEST
Location: WebEx, quick dial +61262464433,785383900%23%23
Meeting Details:
Desktop or Mobile Devices
https://csiro.webex.com/csiro/j.php?MTID=m7c39ee9db5e5892ab35cd0bd7bbf94ce
Once connected to your meeting remember to start your audio and video
Please mute when you are not speaking.
Video Conferencing (VC) Rooms
Use the remote control or touch panel and dial the number indicated below:
External VC Room: [email protected]
Phones - AUDIO ONLY
- Primary Australia: +61 2 6246 4433
- Quick Dial: +61262464433,785383900%23%23
- Other Global Numbers: https://conferencing.csiro.au/Call-in.php
- Meeting Number/Access Code: 785 383 900
- Introductions
- Outstanding actions
- CDR Stream updates
- Q&A
- Any other business
Meeting notes
- 5 min will be allowed for participants to join the call.
Outstanding questions
| Question | Update |
|---|---|
| Issue 56 - KID value in the JWKS | A response has been provided inline within the issue |
| Issue 162 - Product Reference Data Conformance to CDS | ACCC are currently reviewing this issue |
| Acquiring the CDR Logo | Response pending |
Provides a weekly update on the activities of each of the CDR streams and their workplaces
- ACCC Rules
- ACCC CDR Register (Technical)
- DSB CX Standards
- DSB Technical Standards - Energy & Banking
No presentation is scheduled for this week.
Questions will be received by the community via WebEx chat before the questions are opened to the floor. Participants can pre-submit questions to the DSB mailing box.
Currently received pre-submitted questions:
| # | Question |
|---|---|
| #1 | Clarification on data recipient identifiers: CDR Register Issue 88. |
| #2 | Issue 182: LoA level to be enforced by the data holder |
| #3 | Issue 183: Retrieving the TLS cert to be bound to the token |
| #4 | Under the CDR Rules, a data holder must have an internal dispute resolution process which complies with RG165. Do complaints or disputes include expressions of dissatisfaction in regards to Product Reference Data? |
| #5 |
Based on the standards website, we could see ACCC is going to share 2 MTLS certificates (client and server) for each participant. Can we please get a confirmation from ACCC when they are going to provide us 2 certificates and any process around getting the certificates issued from them? |
- Rule Clarifications are progressing, slower than anticipated, the new Target end date is: End of week starting the 13th of April 2020. The ACCC are proposing a 2-3 week consultation period post publication, as the changes include CDR Logo use, clarifications and grammatical errors.
- The Register is reviewing the feedback on the current documentation, all GitHub issues are actively being triaged and actioned
- CX team are working through CDR Logo reviews
| # | Question | Answer |
|---|---|---|
| 1 | CDR Register Issue 88 | Issue has been provided with an answer. |
| 2 | Data Standards Issue 182 | Issue has been provided with an answer. |
| 3 | Data Standards Issue 183 | In Backlog |
| 4 | Under the CDR Rules, a data holder must have an internal dispute resolution process which complies with RG165. Do complaints or disputes include expressions of dissatisfaction in regards to Product Reference Data? | This would be captured in the complaints and dispute for CDR Consumers |
| 5 | Based on the standards website, we could see ACCC is going to share 2 MTLS certificates (client and server) for each participant. Can we please get a confirmation from ACCC when they are going to provide us 2 certificates and any process around getting the certificates issued from them? | The certificates will be shared during the Onboarding Process for Data Holders |
| 6 | Adjustment to dates due to COVID-19? | ACCC has no update at this point in time, currently reviewing. There will be announcement if there is an amendment |
| 7 | Energy CDR Rule Framework | Progress continuing with some impacts from COVID-19. There is a requirement for a Designation Instrument from Treasury first. |
| 8 | When will the updated standards be published on the back of Iteration 2? Also when will the Register 1.1.1 standards be published? |
Re 1.1.1 framework update outstanding on concurrent consent & future obligations: Register – waiting on feedback from industry test, expect an update by end of next week (week starting 13th of April 2020) |
| 9 | CDR Register Issue 31 | Feedback has been taken on board, and a subsequent issue has been raised: https://github.com/cdr-register/register/issues/93 |
| 10 | Do we need to ensure MTLS for unauthenticated endpoints as well? ex: products, product-detail | No, they are public endpoints so there is no requirement for authentication around the product endpoints |
| 11 |
Definition of a "Tolerable delay" Could you please advise what is a tolerable delay to show the transaction in the API response from the moment transaction is made. |
From a standards perspective please refer to https://consumerdatastandardsaustralia.github.io/standards/#data-latency.
It should reasonably match what you see in your Internet Banking channel, so if you see your salary deposited on your Data Holder’s internet banking application – it should be represented in the Data Holder’s endpoint in a reasonable period of time. The follow-up question around enforcement and the answer, was that this should be policed/ enforced via consumer complaint process. |
| 12 | When will the Data Holder Onboarding process be published? | Not defined yet. To be published soon. |
| 13 | In 'create register', there is version "x-v" passed in header but version is not mentioned in other 3 register operations (get/modify/delete), may be the documentation needs to be updated? I believe all register APIs are versioning enabled | Issue has been raised here: https://github.com/cdr-register/register/issues/95 |
| 14 | Are banks required to register for PRD before before becoming Data Holders? |
As a Data Holder, you are not required to register on the CDR Register until you are required to share CDR consumer data with accredited data recipients in accordance with the timetable set out in under Schedule 3 of the CDR Rules. You are not required to register to share product reference data nor report on product reference data via the Admin APIs. |
| 16 | CDR Register Issue 92 | Draft coming |
| 17 | Public Key Retrieval standards | Not for register to mandate DH public key retrieval; there are examples available online, the included Dynamic Client Registration Diagrams |
Other business
- None
- Follow up on outstanding actions