DataRight+: Common Resource Set
draft-authors-datarightplus-resource-set-common-00
| Document | Type | Active Internet-Draft (individual) | |
|---|---|---|---|
| Author | Stuart Low | ||
| Last updated | 2024-04-01 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-authors-datarightplus-resource-set-common-00
datarightplus S. Low
Internet-Draft Biza.io
Intended status: Experimental 1 April 2024
Expires: 3 October 2024
DataRight+: Common Resource Set
draft-authors-datarightplus-resource-set-common-00
Abstract
This is the resource set profile outlining the common endpoints
utilised across multiple industries.
Notational Conventions
The keywords "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD
NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
interpreted as described in [RFC2119].
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 3 October 2024.
Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Low Expires 3 October 2024 [Page 1]
Internet-Draft DataRight+: Common Resource Set April 2024
Table of Contents
1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Providers . . . . . . . . . . . . . . . . . . . . . . . . . . 2
3.1. Authorisation Server . . . . . . . . . . . . . . . . . . 2
3.1.1. Authorisation Scopes . . . . . . . . . . . . . . . . 2
3.1.2. Overlapping Scope Optimisation . . . . . . . . . . . 4
3.2. Resource Server . . . . . . . . . . . . . . . . . . . . . 6
4. Initiators . . . . . . . . . . . . . . . . . . . . . . . . . 7
5. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 7
6. Normative References . . . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8
1. Scope
The scope of this document is intended to be limited to the shared
resource server endpoints, and their associated authorisation
contexts.
2. Terminology
This specification utilises the various terms outlined within
[DATARIGHTPLUS-ROSETTA].
3. Providers
Providers are expected to deliver a set of common resource server
endpoints.
3.1. Authorisation Server
In addition to other provisions incorporated within the relevant
ecosystem set, the Provider authorisation server SHALL:
1. Support the [RFC6749] scope parameter with possible values
outlined within Authorisation Scopes (#name-authorisation-
scopes);
3.1.1. Authorisation Scopes
The Provider authorisation server SHALL utilise the following Data
Set Language when seeking authorisation from a Consumer representing
an Individual for specific scope values:
Low Expires 3 October 2024 [Page 2]
Internet-Draft DataRight+: Common Resource Set April 2024
+=============================+=======================+
| scope value | Data Set Language |
+=============================+=======================+
| common:customer.basic:read | *Name and occupation* |
+-----------------------------+-----------------------+
| | Name; |
+-----------------------------+-----------------------+
| | Occupation; |
+-----------------------------+-----------------------+
+-----------------------------+-----------------------+
| common:customer.detail:read | *Contact Details* |
+-----------------------------+-----------------------+
| | Phone; |
+-----------------------------+-----------------------+
| | Email address; |
+-----------------------------+-----------------------+
| | Mail address; |
+-----------------------------+-----------------------+
| | Residential address; |
+-----------------------------+-----------------------+
+-----------------------------+-----------------------+
Table 1
The Provider authorisation server SHALL utilise the following Data
Set Language when seeking authorisation from a Consumer representing
an Entity for specific scope values:
Low Expires 3 October 2024 [Page 3]
Internet-Draft DataRight+: Common Resource Set April 2024
+=============================+====================================+
| scope value | Data Set Language |
+=============================+====================================+
| common:customer.basic:read | *Organisation profile* |
+-----------------------------+------------------------------------+
| | Agent name and role; |
+-----------------------------+------------------------------------+
| | Organisation name; |
+-----------------------------+------------------------------------+
| | Organisation numbers (ABN or ACN); |
+-----------------------------+------------------------------------+
| | Charity status; |
+-----------------------------+------------------------------------+
| | Establishment date; |
+-----------------------------+------------------------------------+
| | Industry; |
+-----------------------------+------------------------------------+
| | Organisation type |
+-----------------------------+------------------------------------+
| | Country of registration; |
+-----------------------------+------------------------------------+
+-----------------------------+------------------------------------+
| common:customer.detail:read | *Organisation contact details* |
+-----------------------------+------------------------------------+
| | Organisation address; |
+-----------------------------+------------------------------------+
| | Mail address; |
+-----------------------------+------------------------------------+
| | Phone number; |
+-----------------------------+------------------------------------+
+-----------------------------+------------------------------------+
Table 2
3.1.2. Overlapping Scope Optimisation
Alternative Data Cluster Language SHALL be used for Consumers
representing Individuals when pairs of scope value are used as
follows:
Low Expires 3 October 2024 [Page 4]
Internet-Draft DataRight+: Common Resource Set April 2024
+================================+====================+
| scope pairing | Data Set Language |
+================================+====================+
| common:customer.basic:read and | *Name, occupation, |
| | contact details* |
+--------------------------------+--------------------+
| common:customer.detail:read | Name; |
+--------------------------------+--------------------+
| | Occupation; |
+--------------------------------+--------------------+
| | Phone; |
+--------------------------------+--------------------+
| | Email address; |
+--------------------------------+--------------------+
| | Mail address; |
+--------------------------------+--------------------+
| | Residential |
| | address; |
+--------------------------------+--------------------+
+--------------------------------+--------------------+
Table 3
Alternative Data Cluster Language SHALL be used for Consumers
representing Entities when pairs of scope value are used as follows:
Low Expires 3 October 2024 [Page 5]
Internet-Draft DataRight+: Common Resource Set April 2024
+================================+=======================+
| scope pairing | Data Set Language |
+================================+=======================+
| common:customer.basic:read and | *Organisation profile |
| | and contact details* |
+--------------------------------+-----------------------+
| common:customer.detail:read | Agent name and role; |
+--------------------------------+-----------------------+
| | Organisation name; |
+--------------------------------+-----------------------+
| | Organisation numbers |
| | (ABN or ACN); |
+--------------------------------+-----------------------+
| | Charity status; |
+--------------------------------+-----------------------+
| | Establishment date; |
+--------------------------------+-----------------------+
| | Industry; |
+--------------------------------+-----------------------+
| | Organisation type; |
+--------------------------------+-----------------------+
| | Country of |
| | registration; |
+--------------------------------+-----------------------+
| | Organisation address; |
+--------------------------------+-----------------------+
| | Mail address; |
+--------------------------------+-----------------------+
| | Phone number; |
+--------------------------------+-----------------------+
+--------------------------------+-----------------------+
Table 4
3.2. Resource Server
The Provider SHALL make available, as described further in
[DATARIGHTPLUS-REDOCLY-ID1] endpoints, the following endpoints where
the token is granted the common:customer.basic:read scope value:
+==========================+============================+=====+
| Resource Server Endpoint | Authorisation Scope | x-v |
+==========================+============================+=====+
| GET /common/customer | common:customer.basic:read | 1 |
+--------------------------+----------------------------+-----+
Table 5
Low Expires 3 October 2024 [Page 6]
Internet-Draft DataRight+: Common Resource Set April 2024
The Provider SHALL make available, as described further in
[DATARIGHTPLUS-REDOCLY-ID1] endpoints, the following endpoint where
the token is granted the common:customer.basic:detail scope value:
+=============================+==============================+=====+
| Resource Server Endpoint | Authorisation Scope | x-v |
+=============================+==============================+=====+
| GET /common/customer/detail | common:customer.basic:detail | 1 |
+-----------------------------+------------------------------+-----+
Table 6
The Provider SHALL also deliver the following unauthenticated and
generally available endpoints, in accordance with
[DATARIGHTPLUS-REDOCLY-ID1]:
+==========================+=====+
| Resource Server Endpoint | x-v |
+==========================+=====+
| GET /discovery/outages | 1 |
+--------------------------+-----+
| GET /discovery/status | 1 |
+--------------------------+-----+
Table 7
4. Initiators
Initiators SHALL describe the requested scope values using the same
Data Set Language as Providers, as outlined in Authorisation Scopes
(#name-authorisation-scopes).
5. Acknowledgement
The following people contributed to this document:
* Stuart Low (Biza.io) - Editor
We acknowledge the contribution to the [CDS] of the following
individuals:
* James Bligh (Data Standards Body) - Lead Architect for the
Consumer Data Right
* Mark Verstege (Data Standards Body) - Lead Architect, Banking &
Information Security for the Consumer Data Right
* Ivan Hosgood (formerly Data Standards Body & ACCC) - Solutions
Architect
Low Expires 3 October 2024 [Page 7]
Internet-Draft DataRight+: Common Resource Set April 2024
6. Normative References
[CDS] Data Standards Body (Treasury), "Consumer Data Standards
(CDS)", <https://consumerdatastandardsaustralia.github.io/
standards>.
[DATARIGHTPLUS-REDOCLY-ID1]
Low, S., Kolera, B., and W. Cai, "DataRight+: Redocly
(ID1)", <https://datarightplus.github.io/datarightplus-
redocly/?v=ID1>.
[DATARIGHTPLUS-ROSETTA]
Low, S., "DataRight+ Rosetta Stone",
<https://datarightplus.github.io/datarightplus-rosetta/
draft-authors-datarightplus-rosetta.html>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC6749] Hardt, D., Ed., "The OAuth 2.0 Authorization Framework",
RFC 6749, DOI 10.17487/RFC6749, October 2012,
<https://www.rfc-editor.org/info/rfc6749>.
Author's Address
Stuart Low
Biza.io
Email: stuart@biza.io
Low Expires 3 October 2024 [Page 8]