Note: This article is out of date and has been archived.
For the latest information, please refer to the Consumer Data Standards - Software Statement Assertion
Archived Text
Question
Is there a way that facilitates obtaining an SSA (Software Statement Assertion) from the register for testing purposes?
Answer
The SSA definition section of the CDR Register design documentation contains an example SSA (Software Statement Assertion) with associated JWK (JSON Web Key) to check the signature.
Comments
2 comments
Note that the example SSA can only ever be used once, as it contains a jti, a unique identifier for the JWT, used to prevent reuse of the SSA.
To overcome this difficulty, we have had to create a Mock CDR Register, capable of issuing SSAs, and providing a JWKS endpoint.
It would speed up development enormously if the CDR had a sandbox available, free to use to any interested party in the development ecosystem, and not just DRs or DHs in the process of certification.
Single use of the SSA is by design. The ACCC appreciates the development effort involved in creating a mock register to circumvent this constraint.
The ACCC is developing a Participant Education and Tooling (PET) Strategy which will consider options to alleviate the development overhead for participants testing solutions ahead of entering the ecosystem.
An announcement will be made in the ACCC’s CDR Newsletter when more information on the PET Strategy is available. If you’re not already, we encourage you to subscribe to CDR updates https://www.accc.gov.au/media/subscriptions/consumer-data-right-updates.
Please sign in to leave a comment.