V1.1.1 Release Notes
Release notes for version 1.1.1 of the CDR Register Design.
Consumer Data Right Register
| Section |
Change |
Description |
| Ecosystem Entities |
Updated ADR Ecosystem Entity |
Updated Accredited Data Recipient InfoSec APIs definition to specify the JWKS and revocation endpoints |
Client Registration
| Section |
Change |
Description |
| Registration Request using JWT |
Updated Claims |
- Updated aud claim description to contain the DH issuer value - Updated the iat claim example from a string to an integer - Updated redirect_uris claim description to remove contradiction of how the claim is used |
| Registration Flows |
Updated Create & Modify Registration sequence diagrams |
- Key lookup from JWKS no longer specifies using the kid parameter |
Participant Statuses
| Section |
Change |
Description |
| Metadata Cache Management |
Updated Cache update periods |
- To provide clarity, cache update periods have now been defined per API |
| Data Holder Responsibilities |
Removed Revoked / Inactive state |
- Revoked / Inactive was identified as an invalid state and has been removed. - Status Mapping cascade rules have been redefined so Revoked ADRs result in Removed Software Products |
Security Profile
| Section |
Change |
Description |
| Register Endpoints |
Updated OIDC Discovery Endpoint Example |
- mutual_tls_sender_constrained_access_tokens is an outdated key for the OIDC Discovery Endpoint. As per RFC8705, this has been updated to tls_client_certificate_bound_access_tokens |
| Participant Endpoints |
Updated InfoSecBaseUri |
- Updated definition of the InfoSecBaseUri to provide reference to the OIDC Discovery Configuration Endpoint. - Updated OIDC Discovery Endpoint example - Removed ADR flag that this is provided by the DH only - Updated OIDC Discovery Configuration Endpoint example |
| Certificate Management |
Updated Certificates Issued to ADRs |
- Server Certificate now secures revocation endpoint. This endpoint can be secured by either public or ACCC issued certificate |
Register APIs
| Section |
Change |
Description |
| General |
Updated Swagger |
- Added required scope for authenticated API calls |
| GetDataHolderBrands |
Updated Swagger |
- Added logoUri to the Brand and Legal Entity schemas - Corrected dataRecipientBrands description - Added 401 error response as per RFC6750
- Added 406 error response for invalid header - Renamed HYBRIDFLOW-JWKS to SIGNED-JWT to remove confusion on the usage of DH authentication |
| GetSoftwareStatementAssertion |
Updated Swagger |
- Added 401 error response as per RFC6750 - Removed 404 error response as this is inconsistent with CDS
- Added 406 error response for invalid header |
| GetSoftwareProductStatus |
Updated Swagger |
- Added 406 error response for invalid header |
| GetDataRecipientsStatus |
Updated Swagger |
- Added 406 error response for invalid header |
| GetDataRecipients |
Updated Swagger |
- Added 406 error response for invalid header - Updated LegalEntityDetail making registeredCountry optional |
DCR APIs
| Section |
Change |
Description |
| General |
Updated Swagger |
- Added required scope for authenticated API calls |
| Client Registration |
Updated Swagger |
- Updated iss, iat and aud claim descriptions to be consistent with documentation |
| Delete Client Registration |
Updated Swagger |
- Updated 405 error response description to clarify that the method is unsupported |
