Merge branch 'release/1.17.0' into maintenance/448

slate/source/includes/_energy_apis.md.erb

@@ -24,6 +24,18 @@ The following objects were added to EnergyBillingOtherTransaction model
 + adjustments
 
 The `EnergyServicePointDetail.meters.registers.registerSuffix` field has been made optional
+
+The following changes were made to EnergyConcession model
+* Made additionalInfo field conditional
++ type
++ discountFrequency
++ amount
++ percentage
++ appliedTo
+- dailyDiscount
+- monthlyDiscount
+- yearlyDiscount
+- percentageDiscount
 ```
 
 <%= partial "includes/cds_energy.md" %>

slate/source/includes/_register.md.erb

@@ -45,5 +45,7 @@ standards.
 
 ```
 
++ Added GetDataHolderBrandsSummary API to expose public details of Data Holder Brands from the CDR Register to public clients
+```
 
 <%= partial "includes/cds_register.md" %>

slate/source/includes/_scopes.md.erb

@@ -40,13 +40,18 @@ Scope Name | Scope ID |Description
 **Detailed Customer Data** | common:customer.detail:read | The scope would allow the third party to access more detailed information about the customer.  Includes the data available with the Basic Customer Data scope plus contact details.<br/><br/>Includes basic data plus phone, email and address information.
 
 ## Admin &amp; Registration
+
+```diff
++ Added endpoint versions that cdr-register:bank:read and cdr-register:read apply to.
+```
+
 The following scopes are used for administrative interactions.  These scopes MUST never be included in the same access token as a CDR Data scope.
 
 
 Scope Name | Scope ID |Description
 -----------|----------|-----------
 **Basic Admin Metrics Data** | admin:metrics.basic:read | Metrics data accessible ONLY to the CDR Register. If the Data Holder uses Private Key JWT Client Authentication to authenticate the CDR Register, this scope is required.<br/><br/>Includes access to basic Metrics data.
 **Admin Metadata Update Data** | admin:metadata:update | Update notification accessible ONLY to the CDR Register. If the Data Holder uses Private Key JWT Client Authentication to authenticate the CDR Register, this scope is required.<br/><br/>Includes permission to notify Data Holders of changes to Data Recipient metadata held by the CDR Register.
-**Bank Participant Data** | cdr-register:bank:read | This scope would allow Data Recipients and Data Holders access to participant metadata in the banking sector, held by the CDR Register.
-**Participant Data** | cdr-register:read | This scope would allow Data Recipients and Data Holders access to participant metadata held by the CDR Register.
+**Bank Participant Data** | cdr-register:bank:read | This scope would allow Data Recipients and Data Holders access to participant metadata in the banking sector, held by the CDR Register. <br/>This scope is valid for the following endpoint versions:<ul><li>GetDataHolderBrands [**V1**](includes/obsolete/get-data-holder-brands-v1.html#get-data-holder-brands-v1)</li><li>GetSoftwareStatementAssertion [**V2**](includes/obsolete/get-software-statement-assertion-v2.html#get-software-statement-assertion-ssa-v2)</li></ul>This scope is replaced by `cdr-register:read` for newer versions of these endpoints.
+**Participant Data** | cdr-register:read | This scope would allow Data Recipients and Data Holders access to participant metadata held by the CDR Register. <br/> Replaces `cdr-register:bank:read` for the following endpoint versions:<ul><li>GetDataHolderBrands [**V2**](#get-data-holder-brands)</li><li>GetSoftwareStatementAssertion [**V3**](#get-software-statement-assertion-ssa)</li></ul>
 **Register Client** | cdr:registration | This scope would allow a Data Recipient to register or manage a software product client with a Data Holder.

slate/source/includes/_standards.md.erb

@@ -2,6 +2,10 @@
 
 This section contains components of the standards that are foundational and generally applicable.
 
+```diff
+Changed RateString type to represent generic percentages
+```
+
 <%= partial "includes/standards/principles.md" %>
 <%= partial "includes/standards/versioning.md" %>
 <%= partial "includes/standards/uri.md" %>

slate/source/includes/cds_register.md

@@ -322,6 +322,123 @@ cdr-register:read</a>
 
 
 
+## Get Data Holder Brands Summary
+
+<a id="opIdGetDataHolderBrandsSummary"></a>
+
+> Code samples
+
+```http
+GET https://<register-base-url>/cdr-register/v1/{industry}/data-holders/brands/summary HTTP/1.1
+
+Accept: application/json
+x-v: string
+x-min-v: string
+If-None-Match: string
+
+```
+
+```javascript
+var headers = {
+  'Accept':'application/json',
+  'x-v':'string',
+  'x-min-v':'string',
+  'If-None-Match':'string'
+
+};
+
+$.ajax({
+  url: 'https://<register-base-url>/cdr-register/v1/{industry}/data-holders/brands/summary',
+  method: 'get',
+
+  headers: headers,
+  success: function(data) {
+    console.log(JSON.stringify(data));
+  }
+})
+
+```
+
+`GET /cdr-register/v1/{industry}/data-holders/brands/summary`
+
+Endpoint used by participants to discover public details of Data Holder Brands from the CDR Register
+
+###Endpoint Version
+|   |  |
+|---|--|
+|Version|**1**
+
+<h3 id="get-data-holder-brands-summary-parameters">Parameters</h3>
+
+|Name|In|Type|Required|Description|
+|---|---|---|---|---|
+|industry|path|string|mandatory|The industry the participant is retrieving data for (Banking, etc)|
+|x-v|header|string|optional|The version of the API end point requested by the client. Must be set to a positive integer.|
+|x-min-v|header|string|optional|The [minimum version](https://consumerdatastandardsaustralia.github.io/standards/#http-headers) of the API end point requested by the client. Must be set to a positive integer if provided.|
+|If-None-Match|header|string|optional|Makes the request method conditional on a recipient cache or origin server not having any current representation of the target resource with an entity-tag that does not match any of those listed in the field-value.|
+
+#### Enumerated Values
+
+|Parameter|Value|
+|---|---|
+|industry|banking|
+|industry|energy|
+|industry|telco|
+|industry|all|
+
+> Example responses
+
+> 200 Response
+
+```json
+{
+  "data": [
+    {
+      "dataHolderBrandId": "string",
+      "interimId": "string",
+      "brandName": "string",
+      "publicBaseUri": "string",
+      "logoUri": "string",
+      "industries": [
+        "banking"
+      ],
+      "lastUpdated": "2019-08-24T14:15:22Z",
+      "abn": "string",
+      "acn": "string",
+      "arbn": "string"
+    }
+  ],
+  "links": {
+    "self": "string"
+  },
+  "meta": {}
+}
+```
+
+<h3 id="get-data-holder-brands-summary-responses">Responses</h3>
+
+|Status|Meaning|Description|Schema|
+|---|---|---|---|
+|200|[OK](https://tools.ietf.org/html/rfc7231#section-6.3.1)|Success|[ResponseDataHoldersBrandSummaryList](#schemacdr-participant-discovery-apiresponsedataholdersbrandsummarylist)|
+|304|[Not Modified](https://tools.ietf.org/html/rfc7232#section-4.1)|Not Modified - The current representation of the target resource matches with the entity-tag provided in the If-None-Match request header|None|
+|400|[Bad Request](https://tools.ietf.org/html/rfc7231#section-6.5.1)|Missing Required Header / Invalid Version / Invalid Path Parameter|[ResponseErrorListV2](#schemacdr-participant-discovery-apiresponseerrorlistv2)|
+|406|[Not Acceptable](https://tools.ietf.org/html/rfc7231#section-6.5.6)|Unsupported Version|[ResponseErrorListV2](#schemacdr-participant-discovery-apiresponseerrorlistv2)|
+
+### Response Headers
+
+|Status|Header|Type|Format|Description|
+|---|---|---|---|---|
+|200|x-v|string||The version of the API end point that the CDR Register has responded with.|
+|200|Etag|string||Entity tag that uniquely represents the requested resource.|
+|304|Etag|string||Entity tag that uniquely represents the requested resource.|
+
+
+    <aside class="success">
+This operation does not require authentication
+</aside>
+
+
+
 ## Get Software Statement Assertion (SSA)
 
 <a id="opIdGetSoftwareStatementAssertion"></a>
@@ -1150,6 +1267,89 @@ This operation does not require authentication
 |status|INACTIVE|
 |status|REMOVED|
 
+<h3 class="schema-toc" id="tocSresponsedataholdersbrandsummarylist">ResponseDataHoldersBrandSummaryList</h3>
+
+<a id="schemacdr-participant-discovery-apiresponsedataholdersbrandsummarylist"></a>
+
+```json
+{
+  "data": [
+    {
+      "dataHolderBrandId": "string",
+      "interimId": "string",
+      "brandName": "string",
+      "publicBaseUri": "string",
+      "logoUri": "string",
+      "industries": [
+        "banking"
+      ],
+      "lastUpdated": "2019-08-24T14:15:22Z",
+      "abn": "string",
+      "acn": "string",
+      "arbn": "string"
+    }
+  ],
+  "links": {
+    "self": "string"
+  },
+  "meta": {}
+}
+
+```
+
+### Properties
+
+|Name|Type|Required|Description|
+|---|---|---|---|
+|data|[[DataHolderBrandSummary](#schemacdr-participant-discovery-apidataholderbrandsummary)]|mandatory|Response data for the query|
+|links|[Links](#schemacdr-participant-discovery-apilinks)|mandatory|none|
+|meta|[Meta](#schemacdr-participant-discovery-apimeta)|mandatory|none|
+
+<h3 class="schema-toc" id="tocSdataholderbrandsummary">DataHolderBrandSummary</h3>
+
+<a id="schemacdr-participant-discovery-apidataholderbrandsummary"></a>
+
+```json
+{
+  "dataHolderBrandId": "string",
+  "interimId": "string",
+  "brandName": "string",
+  "publicBaseUri": "string",
+  "logoUri": "string",
+  "industries": [
+    "banking"
+  ],
+  "lastUpdated": "2019-08-24T14:15:22Z",
+  "abn": "string",
+  "acn": "string",
+  "arbn": "string"
+}
+
+```
+
+### Properties
+
+|Name|Type|Required|Description|
+|---|---|---|---|
+|dataHolderBrandId|string|optional|Unique id of the Data Holder Brand issued by the CDR Register|
+|interimId|string|optional|Interim id of the Data Holder Brand issued by the CDR Register. This is to be used to uniquely identify the record when dataHolderBrandId is not populated and is not to be reused|
+|brandName|string|mandatory|The name of Data Holder Brand|
+|publicBaseUri|[URIString](#common-field-types)|mandatory|Base URI for the Data Holder's Consumer Data Standard public endpoints|
+|logoUri|[URIString](#common-field-types)|mandatory|Brand logo URI|
+|industries|[string]|mandatory|The industries the Data Holder Brand belongs to. Please note that the CDR Register entity model is constrained to one industry per brand which is planned to be relaxed in the future.|
+|lastUpdated|[DateTimeString](#common-field-types)|mandatory|The date/time that the Data Holder Brand data was last updated in the Register|
+|abn|string|optional|Australian Business Number for the organisation|
+|acn|string|optional|Australian Company Number for the organisation|
+|arbn|string|optional|Australian Registered Body Number.  ARBNs are issued to registrable Australian bodies and foreign companies|
+
+#### Enumerated Values
+
+|Property|Value|
+|---|---|
+|industries|banking|
+|industries|energy|
+|industries|telco|
+
 <h3 class="schema-toc" id="tocSdataholdersstatuslist">DataHoldersStatusList</h3>
 
 <a id="schemacdr-participant-discovery-apidataholdersstatuslist"></a>

slate/source/includes/endpoint-version-schedule/includes/_register.md

@@ -9,15 +9,15 @@
 |----------------------|-------------------------------------------|----------------------------------------------------------|--------|---------|----------------|-----------------|--------------------|---------------------|
 | CDR Register APIs    | Get OpenId Provider Config                | ``/.well-known/openid-configuration``                        | <span class="method get">GET</span>    | None    | 2021-10-29&dagger;    | N/A             | 2021-10-29, V1.14.0&dagger; | N/A                 |
 | CDR Register APIs    | Get JWKS                                  | ``/jwks``                                                    | <span class="method get">GET</span>    | None    | 2021-10-29&dagger;    | N/A             | 2021-10-29, V1.14.0&dagger; | N/A                 |
-| CDR Register APIs    | Get Data Holder Brands                    | ``/{industry}/data-holders/brands``                          | <span class="method get">GET</span>    | V1      | 2021-10-29&dagger;    | N/A             | 2021-10-29, V1.14.0&dagger; | 2021-12-23, V1.15.0 |
+| CDR Register APIs    | Get Data Holder Brands                    | ``/{industry}/data-holders/brands``                          | <span class="method get">GET</span>    | V1      | 2021-10-29&dagger;    | 2023-04-07 | 2021-10-29, V1.14.0&dagger; | 2021-12-23, V1.15.0 |
 | CDR Register APIs    | Get Data Holder Brands                    | ``/{industry}/data-holders/brands``                          | <span class="method get">GET</span>    | V2      | 2022-11-15    | N/A              | 2021-12-23, V1.15.0* | N/A |
-| CDR Register APIs    | Get Software Statement Assertion (SSA) | ``/{industry}/data-recipients/``<br/>``brands/{dataRecipientBrandId}/``<br/>``software-products/{softwareProductId}/ssa`` | <span class="method get">GET</span>    | V2    | 2021-10-29&dagger;  | N/A             | 2021-10-29, V1.14.0&dagger; | 2021-12-23, V1.15.0 |
+| CDR Register APIs    | Get Software Statement Assertion (SSA) | ``/{industry}/data-recipients/``<br/>``brands/{dataRecipientBrandId}/``<br/>``software-products/{softwareProductId}/ssa`` | <span class="method get">GET</span>    | V2    | 2021-10-29&dagger;  | 2023-04-07 | 2021-10-29, V1.14.0&dagger; | 2021-12-23, V1.15.0 |
 | CDR Register APIs    | Get Software Statement Assertion (SSA) | ``/{industry}/data-recipients/``<br/>``brands/{dataRecipientBrandId}/``<br/>``software-products/{softwareProductId}/ssa`` | <span class="method get">GET</span>    | V3    | 2022-11-15  | N/A             | 2021-12-23, V1.15.0 | N/A                 |
-| CDR Register APIs    | Get Software Products Statuses | ``/{industry}/data-recipients/``<br/>``brands/software-products/status`` | <span class="method get">GET</span>  | V1  | 2021-10-29&dagger; | N/A          | 2021-10-29, V1.14.0&dagger; | 2021-12-23, V1.15.0 |
-| CDR Register APIs    | Get Software Products Statuses | ``/{industry}/data-recipients/``<br/>``brands/software-products/status`` | <span class="method get">GET</span>  | V2  | 2022-11-15 | N/A          | 2021-12-23, V1.15.0 | N/A                 |
-| CDR Register APIs    | Get Data Recipient Statuses | ``/{industry}/data-recipients/status``                                     | <span class="method get">GET</span>    | V1     | 2021-10-29&dagger;    | N/A              | 2021-10-29, V1.14.0&dagger; | 2021-12-23, V1.15.0 |
+| CDR Register APIs    | Get Software Products Statuses | ``/{industry}/data-recipients/``<br/>``brands/software-products/status`` | <span class="method get">GET</span>  | V1  | 2021-10-29&dagger; | 2023-04-07 | 2021-10-29, V1.14.0&dagger; | 2021-12-23, V1.15.0 |
+| CDR Register APIs    | Get Software Products Statuses | ``/{industry}/data-recipients/``<br/>``brands/software-products/status`` | <span class="method get">GET</span>  | V2  | 2022-11-15 | N/A | 2021-12-23, V1.15.0 | N/A                 |
+| CDR Register APIs    | Get Data Recipient Statuses | ``/{industry}/data-recipients/status``                                     | <span class="method get">GET</span>    | V1     | 2021-10-29&dagger;    | 2023-04-07 | 2021-10-29, V1.14.0&dagger; | 2021-12-23, V1.15.0 |
 | CDR Register APIs    | Get Data Recipient Statuses | ``/{industry}/data-recipients/status``                                     | <span class="method get">GET</span>    | V2     | 2022-11-15    | N/A              | 2021-12-23, V1.15.0 | N/A                 |
-| CDR Register APIs    | Get Data Recipients                       | ``/{industry}/data-recipients``                              | <span class="method get">GET</span>    | V2     | 2021-10-29&dagger;    | N/A              | 2021-10-29, V1.14.0&dagger; | 2021-12-23, V1.15.0 |
+| CDR Register APIs    | Get Data Recipients                       | ``/{industry}/data-recipients``                              | <span class="method get">GET</span>    | V2     | 2021-10-29&dagger;    | 2023-04-07 | 2021-10-29, V1.14.0&dagger; | 2021-12-23, V1.15.0 |
 | CDR Register APIs    | Get Data Recipients                       | ``/{industry}/data-recipients``                              | <span class="method get">GET</span>    | V3     | 2022-11-15    | N/A              | 2021-12-23, V1.15.0 | N/A |
 | CDR Register APIs    | Get Data Holder Statuses                       | ``/{industry}/data-holders/status``                      | <span class="method get">GET</span>    | V1     | 2022-11-15    | N/A              | 2021-12-23, V1.15.0 | N/A |
 

slate/source/includes/introduction/_fdo.md

@@ -1,10 +1,11 @@
 ## Future Dated Obligations
 
 ```diff
++ Added Registration Validation obligation for November 15th 2022
+
 - Moved Register FDOs to the Register dependency schedule to differentiate Register delivery from Participant future dated obligations
 ```
 
-
 The standards, as published from time to time, may include specific statements indicating that a specific section of the standards will not take effect until a future date or may cease to have effect on some future date.
 
 The table below highlights these areas of the standards.
@@ -31,6 +32,7 @@ The table below highlights these areas of the standards.
 |[Information Security profile](#security-profile) | FAPI 1.0 adoption is introduced across three phases.<br/><strong>Phase 2: FAPI 1.0 Final (Baseline & Advanced)</strong> includes, amongst other changes:<ul><li>Enforces additional requirements for authorisation code, token and request object use</li><li>Enforces PAR-only authorisation request data submission</li><li>Refresh token cycling is not permitted</li><li>Data Holders and Data Recipients MUST support FAPI 1.0 Final including **[[RFC9126]](#nref-RFC9126)**, **[[RFC7636]](#nref-RFC7636)** and **[[JARM]](#nref-JARM)**</li><li>Data Holders SHOULD support of Authorization Code Flow in conjunction with Hybrid Flow</li></ul> | September 16th 2022 |
 |[Get Metrics V3](#get-metrics)|Version 3 of this end point must be made available by affected data holders by October 1st 2022|October 1st 2022|
 |[Standard Error Codes](#error-codes) | Data Holders MAY retire application-specific error codes in favour of standard error codes from November 1st 2022 | November 1st 2022 |
+|[Registration Validation](#registration-validation) | Data Holders **MUST** ignore unsupported authorisation scopes presented in the SSA for the creation and update of client registrations from November 15th 2022 | November 15th 2022 |
 |[Get Account Detail V2](#get-account-detail)|Version 2 of this end point must be made available by affected data holders by November 30th 2022|November 30th 2022|
 |[Get Customer Detail V2](#get-customer-detail)|Version 2 of this end point must be made available by affected data holders by November 30th 2022|November 30th 2022|
 |[Get Product Detail V4](#get-product-detail)|Version 4 of this end point must be made available by affected data holders by November 30th 2022|November 30th 2022|