Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Maintenance Iteration 21 Holistic Feedback #663

Open
CDR-API-Stream opened this issue Sep 11, 2024 · 7 comments
Open

Maintenance Iteration 21 Holistic Feedback #663

CDR-API-Stream opened this issue Sep 11, 2024 · 7 comments
Labels
Non-breaking change A change that is not expected to result in a new endpoint version.
Milestone
v1.33.0

Comments

@CDR-API-Stream
Copy link
Collaborator

This change request has been created to simplify the raising of minor changes, such as text corrections or description clarifications, that are not really material to the standards but do have a real impact on readability and clarity.

Please raise any such suggestions that you would like included in Maintenance Iteration 21 on this issue and the DSB will review them. If a suggestion is a material change a dedicated change request will be raised.
This was referenced Sep 11, 2024
Open
Open
@nils-work
Copy link
Member

The Energy specs don't have servers[...].url detail specified currently. This is inconsistent with other specs and means the 'Code samples' examples don't display a 'Host' property and a full URL.

The Energy Data Holder spec could be updated with https://data.holder.com.au/cds-au/v1 like other specs, or all specs could be updated to something such as https://dh.example.com/cds-au/v1

The Energy Secondary Data Holder spec could be updated with the actual hosts (including AEMO and MarketNet pre-prod and prod options) or a generic default such as https://sdh.example.com/cds-au/v1.

References to recipient.com.au could also be updated to adr.example.com where applicable.

Differences between TLS and MTLS endpoints could also be indicated, for example:

  • https://tls.dh.example.com/cds-au/v1
  • https://mtls.dh.example.com/cds-au/v1

@nils-work nils-work added the Non-breaking change A change that is not expected to result in a new endpoint version. label Sep 18, 2024
@perlboy
Copy link

perlboy commented Sep 19, 2024

In https://consumerdatastandardsaustralia.github.io/standards/#cdr-dynamic-client-registration-api_schemas_tocSclientregistration it states:

Predefined error code as described in section 3.3 OIDC Dynamic Client Registration

But the overriding specification for DCR is RFC7591 and the CTS is now enforcing these error codes explicitly, which is noteworthy because 3.3 OIDC Dynamic Client Registration explicitly states "Other error codes MAY also be used."

@nils-work
Copy link
Member

The Reporting Requirements section contains details that are out of sync with the latest Get Metrics v5 requirements.

The text could be updated from:

The mechanism for reporting will be via the CDR Administration Endpoints.

To:

The mechanism for reporting will be via the Get Metrics endpoint.

and the following text and the list could be removed as it appears to be redundant:

The following information is to be reported:

  • Availability for current month
  • Availability for each of the previous twelve months
  • ...

@perlboy
Copy link

perlboy commented Sep 19, 2024

The Reporting Requirements section contains details that are out of sync with the latest Get Metrics v5 requirements.

I wonder why it needs to exist at all? The Standards define the Metrics endpoint, the Rules permit ACCC to require it, how is this an NFR?

@nils-work
Copy link
Member

In the Holder of Key Mechanism section, the 'section 3' link is broken -

[MTLS] HoK allows issued tokens to be bound to a client certificate as specified in section 3 of [MTLS].

@nils-work
Copy link
Member

Hi @perlboy
Re:

In https://consumerdatastandardsaustralia.github.io/standards/#cdr-dynamic-client-registration-api_schemas_tocSclientregistration it states:

Predefined error code as described in section 3.3 OIDC Dynamic Client Registration

But the overriding specification for DCR is RFC7591 and the CTS is now enforcing these error codes explicitly, which is noteworthy because 3.3 OIDC Dynamic Client Registration explicitly states "Other error codes MAY also be used."

Are you saying that the CTS only allows the two codes stated in Client Registration Error Response (invalid_redirect_uri, invalid_client_metadata) and not the four stated in RFC7591 and the Standards, or that it doesn't allow "Other error codes" outside those four?

@perlboy
Copy link

perlboy commented Oct 1, 2024

@nils-work that is correct, CTS will fail if a deliberately broken DCR does not return one of these errors. In the scenario we found our system was returning (right or wrong, we've now aligned to CTS), server_error because it was an unexpected condition that a DCR would be received where it would be a signed payload with a valid ACCC SSA for a kid that is not present at the JWKS endpoint.

image

To clarify, the "invalid SSA" the CTS references here is actually the signed POST (not the ACCC SSA) and was well formed and parseable but was signed by an absent kid.

@nils-work nils-work added this to the v1.33.0 milestone Oct 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Non-breaking change A change that is not expected to result in a new endpoint version.
Projects
Data Standards Maintenance
Status: In Progress: Design
Milestone
v1.33.0
Development

No branches or pull requests
3 participants
@perlboy @CDR-API-Stream @nils-work