ConsumerDataStandardsAustralia / standards-maintenance

This repository houses the interactions, consultations and work management to support the maintenance of baselined components of the Consumer Data Right API Standards and Information Security profile.
41 stars 9 forks source link

Set a character limit for resource identifiers #645

Open ShaneDoolanFZ opened 5 months ago

ShaneDoolanFZ commented 5 months ago

Description

Some data holders are creating resource identifiers (e.g. account_id, transaction_id, client_id) in the hundreds of characters. We have seen resource IDs of well over a thousand characters and have even seen signed JWTs as account_id values. To us, this seems unnecessary and results in problems for recipient storage systems such as hitting column size limits, index character limits and index performance issues. We don't see a good reason why these resource IDs need to be this large.

Intention and Value of Change

The intention of the change is to ensure that resource identifiers meet ID permanence requirements while also being of sensible size so as to not negatively impact downstream recipient systems.

Area Affected

https://consumerdatastandardsaustralia.github.io/standards/#id-permanence

Change Proposed

Consult with the community on the number of characters required to meet ID permanence requirements and enforce that as a size limit through the ID permanence standards.