search

ConsumerDataStandardsAustralia / standards-maintenance

This repository houses the interactions, consultations and work management to support the maintenance of baselined components of the Consumer Data Right API Standards and Information Security profile.
41 stars 9 forks source link

v1.15.0 More ambiguity into x-fapi-auth-date not less #489

Closed perlboy closed 1 year ago

perlboy commented 2 years ago

Description

430 and the Maintenance Iteration decision https://github.com/ConsumerDataStandardsAustralia/standards/issues/212 "clarified" x-fapi-auth-date with:

The decision is to adopt this change based on community feedback and consultation. The change fixes endpoint documentation to align with the mandatory requirements for the x-fapi-auth-date header already defined in the High Level Standards HTTP Headers section of the data standards.

However all authenticated Banking API endpoints were then updated with:

The time when the customer last logged in to the Data Recipient Software Product. Required for all resource calls (customer present and unattended) if the customer has logged in. Not to be included for unauthenticated calls.

Which isn't what the Decision Proposal outlined and is now ambiguous because it seems to indicate a logged in customer can make unattended calls.

Area Affected

All Banking APIs received this change.

Change Proposed

1) Do what the Decision Proposal actually proposed. 2) Fix the change control process so that even trivial changes aren't incorrectly applied

CDR-API-Stream commented 2 years ago

This issue was discussed in the Maintenance Iteration 11 call. It was agreed to incorporate this change request into this maintenance iteration.

CDR-API-Stream commented 2 years ago

This issue has been staged for review: https://github.com/ConsumerDataStandardsAustralia/standards-staging/compare/maintenance/511..maintenance/489