<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:617611843;
mso-list-template-ids:-596229744;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1711302898;
mso-list-template-ids:-1666447510;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-GB" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Yeah it’s an interesting approach to mandate the security mechanisms that must be used. Raises questions regarding ability to innovate.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black">Nicholas Irving <nirving@darkedges.com><br>
<b>Date: </b>Monday, 30 September 2019 at 07:59<br>
<b>To: </b>Financial API Working Group List <openid-specs-fapi@lists.openid.net><br>
<b>Cc: </b>Ralph Bragg <ralph.bragg@raidiam.com><br>
<b>Subject: </b>Re: [Openid-specs-fapi] Fwd: Consumer Data Standards | September 2019 Release of Consumer Data Standards V1.0.0<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">Interesting read. <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Is this requirement safe for Hybrid.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<ul style="margin-top:0cm" type="disc">
<li class="MsoNormal" style="color:#333333;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1;background:#F3F7F9">
<span style="font-size:10.5pt;font-family:Helvetica">Data Holders MUST request a user identifier that can uniquely identify the customer and that is already known by the customer in the redirected page<o:p></o:p></span></li><li class="MsoNormal" style="color:#333333;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1;background:#F3F7F9">
<span style="font-size:10.5pt;font-family:Helvetica">Data Holders MUST NOT request that the customer enter an existing password in the redirected page<o:p></o:p></span></li><li class="MsoNormal" style="color:#333333;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1;background:#F3F7F9">
<span style="font-size:10.5pt;font-family:Helvetica">Data Holders MUST provide a one-time password (OTP) to the customer through an existing channel or mechanism that the customer can then enter into the redirected page<o:p></o:p></span></li></ul>
</div>
<div>
<p class="MsoNormal">It implies to me that the Data Holder implicitly trusts the requester has control of the device registered for the OTP. This means I could pick up a device that I know is registered to a bank account and give access to the CDR API without
providing any credentials that I own.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I know they are trying to give easy access to the service, but surely registering first time should at least ask for credentials.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">Regards<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Nicholas Irving<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">On Mon, 30 Sep 2019, 16:34 Ralph Bragg via Openid-specs-fapi, <<a href="mailto:openid-specs-fapi@lists.openid.net">openid-specs-fapi@lists.openid.net</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<p class="MsoNormal"><span lang="EN-AU">The Australian v1. <o:p></o:p></span></p>
<div class="MsoNormal" align="center" style="text-align:center"><span lang="EN-AU">
<hr size="0" width="100%" align="center">
</span></div>
<div id="m_-8471420647533567122divRplyFwdMsg">
<p class="MsoNormal"><b><span lang="EN-AU" style="color:black">From:</span></b><span lang="EN-AU" style="color:black"> Consumer Data Rights Data61 <CDR-Data61@csiro.au><br>
<b>Sent:</b> Monday, September 30, 2019 7:21:12 AM<br>
<b>To:</b> McLachlan, Terri (Data61, Eveleigh) <<a href="mailto:Terri.Mclachlan@data61.csiro.au" target="_blank">Terri.Mclachlan@data61.csiro.au</a>><br>
<b>Subject:</b> Consumer Data Standards | September 2019 Release of Consumer Data Standards V1.0.0</span><span lang="EN-AU">
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-AU"> <o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:115%">
<span lang="EN-AU"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:115%">
<span lang="EN-AU">Since the previous release on 17 July of the draft Consumer Data Standards (CDS), the Data Standards Body (DSB) has continued to liaise with the broader ecosystem participants to develop and refine the standards in support of the Australian
Government’s Consumer Data Right regime. The standards are intended to make it easier and safer for consumers to share access to the data collected about them by businesses, and – with their explicit approval – to share this data via application programming
interfaces (APIs) with trusted, accredited third parties.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-AU"><br>
The DSB is pleased to announce the 30 September 2019 release which is expected to become the initial binding data standards for the Consumer Data Right (CDR) regime. The version 1.0.0 release of the CDS represents the baseline for implementation in accordance
with the rules and phasing timetable made by the Australian Competition and Consumer Commission (ACCC).<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:115%">
<span lang="EN-AU"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:115%">
<span lang="EN-AU">We know that many in the community have been monitoring the open discussions relating to the CDS and have actively contributed to making these what they are, with feedback in workshops, on GitHub, via email and in bilateral discussions. We
thank the CDR community for their active participation which has helped develop these binding standards and encourage everyone to continue to help evolve these as living standards to serve the future CDR regime.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-AU"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-AU">In this September 2019 V1.0.0 release of the standards we are publishing:<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-AU"> <o:p></o:p></span></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoNormal" style="margin-top:3.0pt;margin-bottom:3.0pt;line-height:110%;mso-list:l1 level1 lfo2">
<span lang="EN-AU">A non-technical summary of outcomes for each work stream, see attached;<o:p></o:p></span></li><li class="MsoNormal" style="margin-top:3.0pt;margin-bottom:3.0pt;line-height:110%;mso-list:l1 level1 lfo2">
<span lang="EN-AU">The latest version of the <a href="https://consumerdatastandardsaustralia.github.io/standards/" target="_blank">
Consumer Data Standards</a>, containing API standards, Information Security profile and
<a href="https://consumerdatastandards.org.au/cx-standards/" target="_blank">Customer Experience Guidelines</a>; and<o:p></o:p></span></li><li class="MsoNormal" style="margin-top:3.0pt;margin-bottom:3.0pt;line-height:115%;mso-list:l1 level1 lfo2;vertical-align:baseline">
<span lang="EN-AU"><a href="https://consumerdatastandards.org.au/workinggroups/engineering/" target="_blank">Payload validation tools</a> to aid participants in verifying conformance.<o:p></o:p></span></li></ul>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:115%">
<span lang="EN-AU"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:115%">
<span lang="EN-AU">You can access the V1.0.0 of the Consumer Data Standards in full
<a href="https://consumerdatastandardsaustralia.github.io/standards/" target="_blank">
here</a>. <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:115%">
<span lang="EN-AU"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:115%">
<span lang="EN-AU">Please note that we continue to encourage interested participants to provide on-going feedback on the Consumer Data Standards through GitHub. All such feedback will be included in the backlog list for consideration in future versions of the
standards.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:115%">
<span lang="EN-AU"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:115%">
<span lang="EN-AU">For further information or any questions, please email <a href="mailto:cdr-data61@csiro.au" target="_blank">
cdr-data61@csiro.au</a>.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:115%">
<span lang="EN-AU"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:115%">
<span lang="EN-AU">We look forward to working with everyone as we move closer to a live implementation of the standards.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-AU"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-AU">Many thanks and regards<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-AU"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-AU">Terri<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-AU"> <o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="EN-AU" style="color:#2FB787">Terri McLachlan</span></b><span lang="EN-AU"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-AU" style="font-size:9.0pt;color:black">Secretariat Liaison Manager | Consumer Data Standards</span><span lang="EN-AU"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="EN-AU" style="font-size:9.0pt;color:black">CSIRO | Data61</span></b><span lang="EN-AU"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="EN-AU" style="font-size:9.0pt;color:#2FB787">E</span></b><span lang="EN-AU" style="font-size:9.0pt;color:black">
<a href="mailto:terri.mclachlan@data61.csiro.au" target="_blank">terri.mclachlan@data61.csiro.au</a>
</span><b><span lang="EN-AU" style="font-size:9.0pt;color:#2FB787">T</span></b><span lang="EN-AU" style="font-size:9.0pt;color:black"> +61 2 9490 5722
</span><span lang="EN-AU"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-AU" style="font-size:9.0pt;color:black">Level 5, 13 Garden Street, Eveleigh NSW 2015</span><span lang="EN-AU"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-AU" style="font-size:9.0pt;color:black"><a href="http://Data61EmailSignature/www.data61.csiro.au" target="_blank"><span style="color:#2FB787">www.data61.csiro.au</span></a></span><span lang="EN-AU"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-AU" style="font-size:12.0pt;color:black"> </span><span lang="EN-AU"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-AU"><img border="0" width="138" height="73" style="width:1.4375in;height:.7604in" id="m_-8471420647533567122_x005f_x0000_i1025" src="cid:image002.jpg@01D577A6.38002DF0" alt="Data61 | CSIRO logo"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="EN-AU" style="color:#2FB787">D61+ LIVE</span></b><b><span lang="EN-AU" style="color:black"> | Carriageworks, Sydney | 2–3 October 2019 | Register
</span></b><span lang="EN-AU"><a href="https://d61live.csiro.au/" target="_blank"><b><span style="color:#2FB787">here</span></b></a><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><i><span lang="EN-AU">Australia’s leading science, technology and innovation event</span></i><span lang="EN-AU"><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal">_______________________________________________<br>
Openid-specs-fapi mailing list<br>
<a href="mailto:Openid-specs-fapi@lists.openid.net" target="_blank">Openid-specs-fapi@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-fapi</a><o:p></o:p></p>
</blockquote>
</div>
</div>
</div>
</div>
</body>
</html>