DSB Maintenance Iteration 21: Agenda (2 October 2024)

Meeting Details

• Date and time: 02/10/2024, 2:00pm – 4:00pm AEST
• Location: Microsoft Teams Click here to join the meeting
• Dial-in details:
  • Meeting ID: 464 316 549 421
  • Passcode: NiYjec
  • Dial In Number: +61 2 6188 4842
  • Phone Conference ID: 969 637 712#
• Chair: Mark Verstege, DSB
• MI Solution Architect: Hemang Rathod
• Maintenance overview: Further information
• Maintenance issues: See here
• Maintenance project board: See here
• Maintenance Iteration Decision Proposal: Consultation on Decision Proposal 356 - Maintenance Iteration 21
• Maintenance Iteration Meeting Schedule, Agenda and Meeting Notes: See here

Housekeeping

Recording

The Maintenance Iteration Calls are recorded for note taking purposes only. All recordings are kept securely, as are the transcripts which may be made from them. No identifying material will be provided without the participant's consent. Participants may email contact@consumerdatastandards.gov.au should they have any further questions or wish to have any material redacted from the record.

Acknowledgement of Country

We acknowledge the Traditional Custodians of the various lands on which we work today and the Aboriginal and Torres Strait Islander people participating in this call.

We pay our respects to Elders past and present and recognise and celebrate the diversity of Aboriginal peoples and their ongoing cultures and connections to the lands and waters of Australia.

Time management of Maintenance Iteration Meetings (if required)

• After the first meeting to groom the backlog, if the number of candidates and the anticipated complexity of them indicates timeboxing discussions is required, these time management practices will be put in place:
  • 5 minute delay will be removed. Meetings will commence at 2:00PM AEST.
  • Each discussion will be timed, if the discussion is not concluded within the allotted time, the discussion will be taken offline.
    • Allotted time will be determined based on the number of candidates in the iteration.
    • If the discussion on all issues has concluded and time remains, any issues scheduled for offline discussion can be revisited.
  • Start times will be estimated for each Domain and advertised when the Agenda is published.

Agenda

• 15 min
  • Introductions
  • Release Plan
  • Actions
• 80 min
  • Prioritisation
  • Candidate Discussion
  • Requirements Analysis
• 20 min
  • Backlog grooming
• 5 min
  • Any other business

Introductions

The purpose of this meeting is to prioritise items proposed as candidates in the kick off meeting on 18 September and discuss solutions.

Release Plan

• Current version is 1.31.0.
• The outcome of Maintenance Iteration 20 will be published in v1.32.0.

Actions

• (IN PROGRESS) DSB to provide use cases and expected outcomes for authorisations based on account removal scenarios
• 519: Billing API Change: DSB to assess whether this change has been resolved
• 508: Provide APIs to automate onboarding of software products and provisioning of certificates: DSB shall follow up with ACCC to ascertain current support
• 518: Deliver V2 of the GetDataHolderBrandsSummary API: DSB to refer the change back to ACCC

Maintenance Iteration Capacity

In the first meeting of Maintenance Iteration 21, 22 issues proposed either as a Candidate for MI21 or requiring further analysis and discussion. A further CX change request shall be raised by the DSB in relation to v7 rules for nominated representatives.

These candidates have been grouped into confirmed candidates and issues requiring further analysis. Do participants support any changes to this prioritisation?

Maintenance Iteration 21 Candidates

Confirmed candidates

• 663 | Maintenance Iteration 21 Holistic Feedback
• 674 | CX Guidelines | Updates stemming from 2024 Consent Review changes
• 659 | Enhancing CDR Adoption: Streamlining Account Selection and Improving Data Transparency
• 660 | Revise the Availability Requirements NFRs
• 655 | Get Metrics V5 error metrics documentation
• 473 | Add RFC8174 to list of normative references and update the use of Requirements Levels
• 649 | Inconsistent JARM error responses
• 666 | Retirement of OIDC Hybrid Flow
• 540 | Data Recipient Software Product unable to indicate optional idtoken encryption requirement
• 667 | Clean up of Refresh Token requirements
• 8 | Adoption of detached signatures
• 654 | Clarify Transaction Security requirements
• 650 | Weaken JARM Encryption Requirements for ADRs
• 669 | Guidance for accounts becoming unavailable
• 229 | Service field in the Get Transaction Details API
• 664 | New Enums for Voluntary disclosure of additional service overlays
• 656 | A status of POSTED should indicate the final update for a transaction
• 657 | Addition of LVR in the enumerated values list for constraintType
• 553 | Running balance available under transaction detail
• 553 | Running balance available under transaction detail

Requirements Analysis

• Addition of an (18 or over) Age Verification Flag
• Remove BankingTransactionDetail and incorporate extendedData into BankingTransaction
• Supporting HTTP Status 429 passthrough from Secondary Data Holder
• Addition of a DH-side endpoint for querying the status of a consent establishment flow
• Clarification on handling of standard claims in request object

Candidate discussion

Domain	#	Issue	Comments
MI21	663	Maintenance Iteration 21 Holistic Feedback	Non-breaking
CX Guidelines	659	Enhancing CDR Adoption: Streamlining Account Selection and Improving Data Transparency.
CX Guidelines	674	CX Guidelines Updates stemming from 2024 Consent Review changes
NFRs	660	Revise the Availability Requirements NFRs.	Pertains to Outages reporting and availability requirements
Admin	655	Get Metrics V5 error metrics documentation.
Documentation	473	Add RFC8174 to list of normative references and update the use of Requirements Levels
Security	649	Inconsistent JARM error responses
Security	666	Retirement of OIDC Hybrid Flow	Breaking change
Security	540	Data Recipient Software Product unable to indicate optional idtoken encryption requirement
Security	667	Clean up of Refresh Token requirements	Breaking change
Security	8	Adoption of detached signatures.
Security	654	Clarify Transaction Security requirements.
Security	650	Weaken JARM Encryption Requirements for ADRs Waiting on information about data holders who require encryption on JARM responses.	Carry over to MI21
Banking	229	Service field in the Get Transaction Details API.	Related to 664 and 636
Banking	669	Guidance for accounts becoming unavailable
Banking	664	New Enums for Voluntary disclosure of additional service overlays.	Related to 229 and 636
Banking	656	A status of POSTED should indicate the final update for a transaction.	Related to 553
Banking	657	Addition of LVR in the enumerated values list for constraintType
Banking	553	Running balance available under transaction detail

Requirements Analysis

Domain	#	Issue	Comments
Common	610	Addition of an (18 or over) Age Verification Flag.	DSB recommends closing this issue
Banking	636	Remove BankingTransactionDetail and incorporate extendedData into BankingTransaction OUTSTANDING ACTION: DSB to following up with NPP. In progress OUTSTANDING ACTION: DSB to schedule offline discussion with SISS (Josh) on data quality analysis. In progress OUTSTANDING ACTION: Participants to provide feedback on summary of earlier discussions in comment.	Refer to NFR CG for async pattern
Energy	651	Supporting HTTP Status 429 passthrough from Secondary Data Holder ACTION: DSB to update issue as the details of the become available.	Trial in progress
Security	628	Addition of a DH-side endpoint for querying the status of a consent establishment flow

Backlog grooming

A review of the issues backlog shall continue. https://github.com/ConsumerDataStandardsAustralia/standards-maintenance/issues?q=is%3Aissue+is%3Aopen+sort%3Acreated-asc+created%3A%3E%3D2022-07-01

Any other business

Participants are invited to raise topics related to the Data Standards that would benefit from the groups' consideration.