V1.1.0 Release Notes
Release notes for version 1.1.0 of the CDR Register Design.
Consumer Data Right Register
| Section |
Change |
Description |
| Ecosystem Entities |
Added Entity Relationship Diagram |
Provides context on the relationship between entities and where entity identifiers are used within this documentation |
| Ecosystem Entities |
Updated Ecosystem Component Diagram |
Changes reflect removal of Metadata Update requests to ADRs |
Client Registration
| Section |
Change |
Description |
| Dynamic Client Registration |
Removed SSA Phases |
SSAs are retrievable via a dedicated API. No manual distribution is required |
| Dynamic Client Registration |
Added Sector Identifiers section |
Outlines how the sector identifier is derived from the Registration metadata |
| Registration Request using JWT |
Updated Claims |
Added id_token_encrypted_response_alg and id_token_encrypted_response_enc claims with ecosystem usage to facilitate id_token encryption negotiation Updated id_token_signed_response_alg to required as the default value does not conform to [FAPI-RW] |
| Registration Errors |
Updated section to reference HTTP error codes from the CDS |
Provides guidelines to handle those error conditions which don't map to [RFC7591] |
| Authorisation Server |
Added Access Token Separation of Duties section |
Outlined that tokens should be requested for either client registration maintenance or consuming CDR data |
| Registration Flows |
Updated Sequence Diagrams |
Moved format registration request inside the loop as the aud claim will be different for each request |
| DCR API |
Updated Swagger |
Added support for ID token encryption negotiation with claims id_token_encrypted_response_alg and id_token_encrypted_response_enc |
| DCR API |
Added Authorization Header examples |
Added meaningful Authorization header examples to example requests |
Participant Statuses
| Section |
Change |
Description |
| Data Holder Responsibilities |
Updated the Metadata Cache Management section |
Outlines polling requirements to ensure reactions to status changes are timely |
| Status Changes |
Updated the status changes section |
Updated the scenarios to be consistent with the status state machine diagrams, including reactivation scenarios |
| Cache Refresh Metadata Request |
De-scoped as a future release requirement |
Metadata Update Request functionality has been de-scoped for the initial release of the Register design. This design will be revisited in a future iteration of the ecosystem to improve scalability |
Security Profile
| Section |
Change |
Description |
| Client Authentication |
Removed duplication from the Client Authentication section |
Now referencing the CDS. This corrects the inconsistency between Data Holder calling Data Recipient revocation endpoint client authentication definitions |
| Client Authentication |
Updated CDR Register scenario in the identifiers list |
CDR Register now only makes authenticated calls to Data Holder Brands and not Accredited Data Recipients |
| Participant Endpoints |
Added example usage of BaseUris |
Added OIDC Discovery Endpoint example derived from the InfoSecBaseUri |
| Participant Endpoints |
Updated participant endpoint table |
ADRs are not required to register AdminBaseUri |
| Certificate Management |
Updated ADR Certificate Issuance table |
ADRs are not required to implement the Admin API so Server certificates will not be issued for this endpoint |
Availability
| Section |
Change |
Description |
| General |
Updated Register, DH and ADR Availability |
Updated availability scenarios to incorporate the removal of the CDR Register Metadata Update to participants |
Register APIs
| Section |
Change |
Description |
| General |
Updated Swagger |
Enumerations for industry are now lowercase. They are used in construction of URLs and being case sensitive, was inconsistent with CDS usage |
| General |
Updated Swagger |
Added Authorization header details to authenticated APIs so as to be consistent to documentation |
