This repository houses the interactions, consultations and work management to support the maintenance of baselined components of the Consumer Data Right API Standards and Information Security profile.
41
stars
9
forks
source link
Set a character limit for resource identifiers #645
Some data holders are creating resource identifiers (e.g. account_id, transaction_id, client_id) in the hundreds of characters. We have seen resource IDs of well over a thousand characters and have even seen signed JWTs as account_id values. To us, this seems unnecessary and results in problems for recipient storage systems such as hitting column size limits, index character limits and index performance issues. We don't see a good reason why these resource IDs need to be this large.
Intention and Value of Change
The intention of the change is to ensure that resource identifiers meet ID permanence requirements while also being of sensible size so as to not negatively impact downstream recipient systems.
Consult with the community on the number of characters required to meet ID permanence requirements and enforce that as a size limit through the ID permanence standards.
Description
Some data holders are creating resource identifiers (e.g. account_id, transaction_id, client_id) in the hundreds of characters. We have seen resource IDs of well over a thousand characters and have even seen signed JWTs as account_id values. To us, this seems unnecessary and results in problems for recipient storage systems such as hitting column size limits, index character limits and index performance issues. We don't see a good reason why these resource IDs need to be this large.
Intention and Value of Change
The intention of the change is to ensure that resource identifiers meet ID permanence requirements while also being of sensible size so as to not negatively impact downstream recipient systems.
Area Affected
https://consumerdatastandardsaustralia.github.io/standards/#id-permanence
Change Proposed
Consult with the community on the number of characters required to meet ID permanence requirements and enforce that as a size limit through the ID permanence standards.