Closed NationalAustraliaBank closed 5 years ago
Thanks @NationalAustraliaBank
UK reference could be used as a possible starting point?
https://openbanking.atlassian.net/wiki/spaces/DZ/pages/937558092/Account+Access+Consents+v3.1
The current position, based on CX testing results and a review of the ACCC draft rules, is that low level permissions are not required. As a result v1 of the standards will be limited to OIDC scopes rendering a consent API unnecessary. If the regime requires this at a later date this decision may be revisited.
Note that the the implication of this position are as follows:
-JB-
NAB is concerned with the lack of definition for consent management, including:
· Create, view and revoke consents APIs · Data structures and claims made within the consent requests · Notification that consent has been revoked endpoints (called by DH to DR). This is done to notify the DR that consent has been revoked; that API calls for this customers’ data should cease; and that currently held data for that customer should be discarded safely. The consent management process appears to have overlapping concerns with the UX, Security and Data Standards streams. Without clear guidelines at this stage this is likely to impact the July 2019 rollout.