[Openid-specs-fapi] Fwd: Consumer Data Standards | September 2019 Release of Consumer Data Standards V1.0.0

Nicholas Irving nirving at darkedges.com
Mon Sep 30 06:59:10 UTC 2019 

Interesting read.

Is this requirement safe for Hybrid.


   - Data Holders MUST request a user identifier that can uniquely identify
   the customer and that is already known by the customer in the redirected
   page
   - Data Holders MUST NOT request that the customer enter an existing
   password in the redirected page
   - Data Holders MUST provide a one-time password (OTP) to the customer
   through an existing channel or mechanism that the customer can then enter
   into the redirected page

It implies to me that the Data Holder implicitly trusts the requester has
control of the device registered for the OTP. This means I could pick up a
device that I know is registered to a bank account and give access to the
CDR API without providing any credentials that I own.

I know they are trying to give easy access to the service, but surely
registering first time should at least ask for credentials.


Regards
Nicholas Irving

On Mon, 30 Sep 2019, 16:34 Ralph Bragg via Openid-specs-fapi, <
openid-specs-fapi at lists.openid.net> wrote:

> The Australian v1.
> ------------------------------
> *From:* Consumer Data Rights Data61 <CDR-Data61 at csiro.au>
> *Sent:* Monday, September 30, 2019 7:21:12 AM
> *To:* McLachlan, Terri (Data61, Eveleigh) <Terri.Mclachlan at data61.csiro.au
> >
> *Subject:* Consumer Data Standards | September 2019 Release of Consumer
> Data Standards V1.0.0
>
>
>
>
> Since the previous release on 17 July of the draft Consumer Data Standards
> (CDS), the Data Standards Body (DSB) has continued to liaise with the
> broader ecosystem participants to develop and refine the standards in
> support of the Australian Government’s Consumer Data Right regime.  The
> standards are intended to make it easier and safer for consumers to share
> access to the data collected about them by businesses, and – with their
> explicit approval – to share this data via application programming
> interfaces (APIs) with trusted, accredited third parties.
>
>
> The DSB is pleased to announce the 30 September 2019 release which is
> expected to become the initial binding data standards for the Consumer Data
> Right (CDR) regime. The version 1.0.0 release of the CDS represents the
> baseline for implementation in accordance with the rules and phasing
> timetable made by the Australian Competition and Consumer Commission (ACCC).
>
>
>
> We know that many in the community have been monitoring the open
> discussions relating to the CDS and have actively contributed to making
> these what they are, with feedback in workshops, on GitHub, via email and
> in bilateral discussions. We thank the CDR community for their active
> participation which has helped develop these binding standards and
> encourage everyone to continue to help evolve these as living standards to
> serve the future CDR regime.
>
>
>
> In this September 2019 V1.0.0 release of the standards we are publishing:
>
>
>
>    - A non-technical summary of outcomes for each work stream, see
>    attached;
>    - The latest version of the Consumer Data Standards
>    <https://consumerdatastandardsaustralia.github.io/standards/>,
>    containing API standards, Information Security profile and Customer
>    Experience Guidelines
>    <https://consumerdatastandards.org.au/cx-standards/>; and
>    - Payload validation tools
>    <https://consumerdatastandards.org.au/workinggroups/engineering/> to
>    aid participants in verifying conformance.
>
>
>
> You can access the V1.0.0 of the Consumer Data Standards in full here
> <https://consumerdatastandardsaustralia.github.io/standards/>.
>
>
>
> Please note that we continue to encourage interested participants to
> provide on-going feedback on the Consumer Data Standards through GitHub.
> All such feedback will be included in the backlog list for consideration in
> future versions of the standards.
>
>
>
> For further information or any questions, please email cdr-data61 at csiro.au
> .
>
>
>
> We look forward to working with everyone as we move closer to a live
> implementation of the standards.
>
>
>
> Many thanks and regards
>
>
>
> Terri
>
>
>
> *Terri McLachlan*
>
> Secretariat Liaison Manager | Consumer Data Standards
>
> *CSIRO | Data61*
>
> *E* terri.mclachlan at data61.csiro.au *T* +61 2 9490 5722
>
> Level 5, 13 Garden Street, Eveleigh NSW 2015
>
> www.data61.csiro.au <http://Data61EmailSignature/www.data61.csiro.au>
>
>
>
> [image: Data61 | CSIRO logo]
>
> *D61+ LIVE** | Carriageworks, Sydney | 2–3 October 2019 | Register **here*
> <https://d61live.csiro.au/>
>
> *Australia’s leading science, technology and innovation event*
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20190930/0443222c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 2822 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20190930/0443222c/attachment.jpg>

More information about the Openid-specs-fapi mailing list