Open PayPalAustralia opened 2 years ago
Thanks @PayPalAustralia, there is provision for a Metadata Update API that Data Holders implement to receive a CDR Register initiated broadcast message. At present the ACCC has not implemented this trigger to broadcast ADR updates.
With regards to the current polling method, can you elaborate on the performance and load issues you are experiencing with respect to "system heavy" processing?
Additionally, are you able to describe the threshold of ADRs that will cause your cache to be stale and no longer scale. For example if it takes you 1 second to process an ADR's metadata, 5 minutes allows you to process 300 ADR records before being out of date.
@CDR-API-Stream - PFB, our response to above comments.
"The current process to verify for periodic Data Recipient status is that each Data Holder makes an outbound request to get the status list across all Data Recipients registered. Then Data Holder needs to process the response based on the Data Recipients registered within themselves and update accordingly (e.g. registration status, tokens issues to the Data Recipient, etc..). This process is required to be performed every 5 minutes. The outbound call to retrieve the list of Data Recipients (milliseconds) and internal checks could take few seconds to minutes depending on the changes required.
Although there might be some time before the volume of Data Recipients rises to thousands, this model may not scale successfully with wider adoption of AU CDR. We suggest revisiting current model to avoid API performance pitfalls in future and that's why we propose to enable the broadcast Data Recipients updates functionality or alternatively allow Data Holders to request statuses for Data Recipients the Data Holder is interested in. "
Hi @PayPalAustralia
In response to this issue, the key concerns were captured in an item for future review -
and the Register approach more generally was explored in #289 - Noting Paper 289 - Register Standards Revision. Feedback to the Noting Paper seemed to suggest that maintaining the current 'batch' model may be preferable to real-time API querying, but also that international standards should be considered.
In regard to your later comment:
we propose to enable the broadcast Data Recipients updates functionality or alternatively allow Data Holders to request statuses for Data Recipients the Data Holder is interested in.
an option may be to consider the Shared Signals Framework which supports both push (broadcast) and pull (request) methods.
Description
According to the current Consumer Data Standards, Data Holders MUST react to Data Recipient and associated Software Statuses changes within 5 minutes of the change occurring on the CDR Register. To achieve this, Data Holders need to periodically poll the GetDataRecipientsStatus, GetSoftwareProductsStatus and GetDataRecipients APIs to retrieve the current statuses and cache these for use during requests for Consumer Data.
As Data Holders, after calling the CDR register and checking status of all Data Recipients registered by CDR, Data Holders are also required to action on the Data Recipients in the Data Holder authorisation server and subsequently withdraw consents, disable data sharing or deactivate the client when necessary.
The periodic polling model is system heavy and may not scale adequately within the 5-minute interval for large volume of Data Recipients as the API provides information of all Data Recipients, not only the ones the Data Holder is interested in.
Area Affected
Metadata Cache Management - GetDataRecipientsStatus and GetDataRecipients APIs
Change Proposed
PayPal considers that a better solution for performance purposes would be: