Creating Consumer Data Right Standards

The Consumer Data Right (CDR) is an economy-wide right to data, which will be rolled-out first in the banking sector on 1 July 2019. 

CSIRO’s Data61 has been appointed by the federal government to lead the introduction of the CDR, as the Data Standards Body (DSB).

On 24 August 2018, the DSB released an operating model, which includes three working groups which will facilitate the creation of the Consumer Data Right Standards:

  • The API Standards Working Group 
  • The Information Security Technical Working Group 
  • The User Experience Working Group

The remainder of this blog focuses on the Information Security Technical Working Group, which is led by Dr Seyit Camtepe from CSIRO’s Data61.

Phased Development

One of the key driving principles used in the development of the standards is that input to them should be as wide as possible and that membership should be inclusive. The aim is to attract as many participants as possible who are willing to contribute freely and transparently on the DSB’s GitHub workspace.

In the recognition of this transparent theme, the Information Security Technical Working Group will evolve over four phases:

  • Phase 1: Running from July-September 2018, called Forming, where the initial high-level standards will be decided, such as authentication and authorisation.  This phase will also focus on the establishment of processes, in parallel to the other working groups and their development of content. 
  • Phase 2: Running from October to December 2018, called V.1 Development, this phase will cover off the initial development of drafts and payloads that will be in scope for implementation by 1 July 2019.  During this period, there will be several drafts released that will form part of the initial standards.
  • Phase 3: Steady State: after the first stage of development, a steady state will re-evaluate the development and consider other proposals. This re-evaluation will draw from the lessons learned in the first two phases. This phase will be ongoing, such that it will ease the continuous elaboration of the standard into additional versions and other industries.
  • Phase 4: New product inclusion: due to the inclusion of phased products and participants, a timetable will be developed to simplify their addition.

Although open membership in the group is promoted through GitHub collaboration, the operating model has identified that there is a need for a closed space that will deal with more sensitive information security related discussions.

Driving Principles

The driving principles for the Information Security Technical Working Group operating model will be based on those of the existing API Standards Working Group. The general operating model has been developed from open discussion with respondents to the open banking review, advisory committee members, other group participants, and the UK Open Banking Implementation Entity.

These five driving principals are:

  • Principle 1: Open Participation: no bias and democratic standards development
  • Principle 2: Transparency: transparent decisions and equal opportunity
  • Principle 3: Data61 is Accountable: Data61 to provide final recommendations to the Data Standards Body Chair
  • Principle 4: Time is Short: the process must be efficient and productive. 
  • Principle 5: Iterative and Agile: process should be malleable and responsive to change

Decision Making Process

The decision-making process is led by the Information Security Technical Working Group lead, Dr Camtepe, who will shape discussions of decisions, proposals and recommendations in the GitHub community, as well as ensuring alignment with the API Standards Working Group. Participation and comments on these decisions are open until a prescribed end date. Dr Camtepe will then make a recommendation to the DSB Chair, copying in the DSB’s Advisory Committee. When the DSB Chair finalises a decision, Dr Camtepe then updates the standards documentation to align with these decisions.

More information on the DSB can be found here and its GitHub workspace here.

AusPayNet is represented on the DSB Advisory Committee, by our COO, Andy White. We are also represented on the Information Security Technical Working Group by our Standards Analyst, Arthur van der Merwe.