Documentation improvement: JWT Signature verification requirements during the DCR flows

ConsumerDataStandardsAustralia / standards-maintenance

This repository houses the interactions, consultations and work management to support the maintenance of baselined components of the Consumer Data Right API Standards and Information Security profile.

41 stars 9 forks source link

Documentation improvement: JWT Signature verification requirements during the DCR flows #442

Closed CDR-API-Stream closed 1 year ago

CDR-API-Stream commented 3 years ago

This issue has been raised to track CDR Register issue 186 through the standards maintenance process.

Please refer to CDR Register issue 186 for details

perlboy commented 2 years ago

Does the CTS support ES256 signed DCR requests yet? If not it will be difficult to formally document these requirements because the Regulators own toolset would have a 100% failure rate of otherwise compliant parties.

CDR-API-Stream commented 2 years ago

This change was incorporated into release v1.15.0. Refer to Decision 212 for further details.

CDR-API-Stream commented 2 years ago

@perlboy I'll leave this ticket open for the CTS team to provide a response to your inquiry

ACCC-CDR commented 2 years ago

Thank you for your query @perlboy. ACCC confirms that CTS does support ES256 signed DCR requests.

perlboy commented 2 years ago

Thank you for your query @perlboy. ACCC confirms that CTS does support ES256 signed DCR requests.

Does this include testing whether Data Recipients properly support ES256 for all operations?