Comments (14)
There is a typo in the following text in the Security Endpoints section -
Data Recipient Software Products MUST NOT reject requests including the
cdr_arragement_id
as a form parameter.
cdr_arragement_id
should be cdr_arrangement_id
from standards-maintenance.
The following Register APIs incorrectly specify a message body for 401 error responses:
- Get Data Holder Brands
- Get Software Statement Assertion (SSA)
The change is to remove ResponseErrorListV2 as the listed schema. These APIs conform to RFC6750 returning an oAuth error in the WWW-Authenticate
response header.
from standards-maintenance.
Two sentences at the start of the Participant Statuses section refer to 'Software Package'. These appear to be mistakes, and should be updated to 'Software Product' for consistency.
from standards-maintenance.
The ClientRegistration schema is not referenced by any endpoints, but represents the decoded string(JWT)
specified in the ClientRegistrationRequest.
To provide clarity, the ClientRegistration schema could be referenced in the description of the ClientRegistrationRequest field as follows (bold text to highlight the addition only) –
The registration request JWT to be used to register with a Data Holder. The schema of the payload section of the decoded string(JWT) is defined in ClientRegistration.
from standards-maintenance.
A point under Data Holders in the Request Object section states -
- Data Holders MUST require PAR for authorisation request data in accordance with [RFC9126] where "require_pushed_authorization_requests" parameter is set to "true".
while it should be clear from other statements in the Standards and the upstream spec., the last word ("true") could be changed to true
to better convey that the value is expected to be a Boolean.
from standards-maintenance.
The following line in the Non-normative Examples alongside HTTP Headers should be removed; it is not an Accept header like others in that block and the value appears to be mismatched with the name -
Accept-Encoding: charset=UTF-8
from standards-maintenance.
Update Register API descriptions
The ACCC suggests that two Register endpoint descriptions should be updated to clarify when data holders are expected to begin appearing in responses, and what information is currently available. This is intended to address questions raised by stakeholders.
We suggest that the relevant endpoint descriptions should be updated to specify that:
- Get Data Holder Brands Summary includes all data holder brands for which product reference data is available. For data holders that are active for consumer data sharing, the value disclosed is the public base uri. For brands that are not active for consumer data sharing, the value disclosed is the uri that discloses product data relevant to that brand, as provided by the relevant data holder.
- Get Data Holder Brands includes all data holders that have become active for consumer data sharing and have not been archived.
We suggest that the API description in the specification be updated to ensure that users of these endpoints understand their behaviour and the differences between them.
These clarifications reflect current Register behaviour. Accordingly, we consider that this change is non-breaking change.
Area Affected
- Get Data Holder Brands Endpoint Version
- Get Data Holder Brands Summary Endpoint Version
Change Proposed
Register APIs: To include the following information in the endpoint descriptions:
- Get Data Holder Brands Summary includes all data holder brands for which product reference data is available. For data holders who are active for consumer data sharing, the value disclosed is their public base uri. For data holders who are not active for consumer data sharing, the value disclosed is the uri that discloses product data relevant to that brand.
- Get Data Holder Brands includes all data holders who have become active for consumer data sharing and have not been archived.
from standards-maintenance.
The following change has been staged for review:
There is a typo in the following text in the Security Endpoints section -
Data Recipient Software Products MUST NOT reject requests including the
cdr_arragement_id
as a form parameter.
cdr_arragement_id
should becdr_arrangement_id
from standards-maintenance.
The following change has been staged for review:
The following Register APIs incorrectly specify a message body for 401 error responses:
- Get Data Holder Brands
- Get Software Statement Assertion (SSA)
The change is to remove ResponseErrorListV2 as the listed schema. These APIs conform to RFC6750 returning an oAuth error in the
WWW-Authenticate
response header.
from standards-maintenance.
The following change has been staged for review:
Two sentences at the start of the Participant Statuses section refer to 'Software Package'. These appear to be mistakes, and should be updated to 'Software Product' for consistency.
from standards-maintenance.
The following change has been staged for review:
The ClientRegistration schema is not referenced by any endpoints, but represents the decoded
string(JWT)
specified in the ClientRegistrationRequest.To provide clarity, the ClientRegistration schema could be referenced in the description of the ClientRegistrationRequest field as follows (bold text to highlight the addition only) –
The registration request JWT to be used to register with a Data Holder. The schema of the payload section of the decoded string(JWT) is defined in ClientRegistration.
from standards-maintenance.
The following change has been staged for review:
A point under Data Holders in the Request Object section states -
- Data Holders MUST require PAR for authorisation request data in accordance with [RFC9126] where "require_pushed_authorization_requests" parameter is set to "true".
while it should be clear from other statements in the Standards and the upstream spec., the last word ("true") could be changed to
true
to better convey that the value is expected to be a Boolean.
from standards-maintenance.
The following change has been staged for review:
The following line in the Non-normative Examples alongside HTTP Headers should be removed; it is not an Accept header like others in that block and the value appears to be mismatched with the name -
Accept-Encoding: charset=UTF-8
from standards-maintenance.
Standards version 1.30.0 was published on 24/04/2024 incorporating changes from MI18.
This comment was not resolved and has been transferred to issue #637.
from standards-maintenance.
Related Issues (20)
- Update CDS documentation to clarify expected rate value 'sign' (+/-) for each RateType HOT 6
- Update guidance for Banking account rate detail HOT 2
- Update TLS cipher suite requirements to address DHEat Attacks and Raccoon Attack vulnerabilities HOT 3
- AmountString field type impractical for energy tariffs HOT 12
- Set a character limit for resource identifiers
- Clarify selection of Trusted Adviser in the CX Guidelines HOT 9
- Maintenance Iteration 20 Holistic Feedback HOT 7
- Adopt BCP 195 for TLS ciphers HOT 2
- Inconsistent JARM error responses HOT 2
- Weaken JARM Encryption Requirements for ADRs HOT 1
- Supporting HTTP Status 429 passthrough from Secondary Data Holder HOT 2
- Specify units of currency to be used for the AmountString field type HOT 5
- EnergyPlanTariffPeriod - cater for plans with no dailySupplyCharge HOT 5
- Clarify Transaction Security requirements
- Get Metrics V5 error metrics documentation HOT 1
- A status of POSTED should indicate the final update for a transaction
- Addition of LVR in the enumerated values list for constraintType HOT 1
- Guidance in the standards for a posting date/time where no time is stored HOT 9
- Enhancing CDR Adoption: Streamlining Account Selection and Improving Data Transparency HOT 5
- Revise the Availability Requirements NFRs
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from standards-maintenance.