ConsumerDataStandardsAustralia / standards-maintenance

This repository houses the interactions, consultations and work management to support the maintenance of baselined components of the Consumer Data Right API Standards and Information Security profile.
41 stars 9 forks source link

Performance Requirements - Improvement #326

Open DimitriSty opened 4 years ago

DimitriSty commented 4 years ago

Description Xero's and other high volume data recipients would see a degradation in service unless Performance Requirements are improved

Area Affected Performance Requirements

Change Proposed Xero has concerns regarding the Performance Requirements published in the Data Standards section available on GitHub.

As a cloud-based online accounting software provider, timely access to transactional data is critical to the customer experience and is an ingrained customer expectation. Currently Xero makes the majority of customers’ daily transactional data available before 9am the following day.

Based on the published performance requirements, the volume of Xero customer transactions and a potential 4-8 hour processing window, this customer expectation could no longer be met. Although this is Xero’s specific use case, other entities requiring large volumes of data accessed within a similar processing window could experience the same challenges.

Xero has been experiencing performance issues with the UK’s Open Banking APIs and has been working with the OBIE and banks directly for months to ensure we're aligned on customer expectations and minimal performance standards. Xero would like to see the CDR avoid similar issues and is recommending a change in the CDRs Performance Requirements as shown below. Please note Xero’s proposal would only require these NFRs apply to the Banks referred to in the rules as “Initial Data Holders”, due to the large volume of transactions they generate. Please see the attached document for details on the proposed NFRs.

GitHub Submission Change Request - Submitted.docx

Xero welcomes further engagement with Data61 to progress this proposed change.

spikejump commented 3 years ago

Intuit supports Xero’s request for improved NFRs in the specification. In addition to Xero’s request, we’d like to request for clarification/enhancements in several areas.

Performance Requirements The existing Response Time for APIs are fairly slow. Suspect most DHs digital web channel would have faster requirements. Take the “Unattended” of 4000ms for both high and low priority calls, assume a customer base on 500K and 2 API calls required for each customer and assume sequential calls, it will take roughly 46 days of continuous calls to complete. (50000024000ms). If you allow 100 calls in parallel then it will take roughly half a day to complete (50000024000ms/100).

Hope the math is right. It illustrates the point nevertheless that 4000ms is too slow and even 1500ms is slow in reality. We would further extend Xero’s request to increase the response time to 400ms for High Priority tier and 800ms for Low Priority tier.

In general, low API performance from DHs will eventually bite DHs where ARDs will be “camped outside” at the DH attempting to fulfill their daily API requirements. The DHs should plan to fulfill each ADR within a 4-hour window.

Traffic Thresholds The following paragraph, seems to imply the OIDC authorization endpoints or is it any API endpoints that are secured via mTLS?

For secure traffic (both Customer Present and Unattended) the following traffic thresholds will apply: 300 TPS total across all consumers

The above TPS seems to be low when all API endpoints are taken into consideration for all ADRs combined.