Introduction
This glossary lists terms and their definitions in the context of the Consumer Data Right and Consumer Data Standards.
See also thef CX Glossary.
ACCC
Australian Competition and Consumer Commission
The ACCC is a co-regulator of the Consumer Data Right (CDR) regime. The OAIC is the other co-regulator.
accreditation
The status provided to an organisation that has met the requirements to be considered an Accredited Data Recipient (ADR). The Australian Competition and Consumer Commission (ACCC) is responsible for accreditation, and for the accreditation requirements.
See:
ACCC,
ADI
Authorised Deposit-taking Institution
This has the meaning specified in the Banking Act 1959.
ADR
Accredited Data Recipient
See accreditation. The Australian Competition and Consumer Commission (ACCC) maintains a CDR register of ADRs and Data Holders. See ACCC, Information for accredited data recipients.
AEMO
Australian Energy Market Operator
AEMO is designated as a Data Holder for the energy sector. AEMO may be pronounced 'aim-o' or 'ay-ee-mo'.
AER
Australian Energy Regulator
The AER is designated as a Data Holder for the energy sector.
API
Application Programming Interface
An API is a software intermediary that allows two applications to talk to each other. In the case of the CDS the APIs are RESTful interfaces.
APRA
Australian Prudential Regulation Authority
arrangement
In the context of consent and an authorisation, an arrangement is the continuous relationship established by one or more consecutive consent and authorisations between the ADR and the DH. An arrangement is identified by a cdr_arrangement_id that connects the revoked consent with the new consent.
The original existing consent is revoked, and a new consent is created, connected to the original consent by an arrangement.
An arrangement allows a consent effectively to continue beyond the maximum 12 month duration for a consent. An arrangement also allows a consent effectively to be amended.
See:
AT
Access Token
An access token in the context of the Consumer Data Standards is the token specified in the OAuth 2.0 standard. See CDS Client Authentication.
authentication
The consumer authenticates with the Data Holder (DH). Authentication occurs immediately prior to authorisation.
authorisation
Authorisation occurs when a consumer consents to disclosure of CDR data from a DH.
BECS
Bulk Electronic Clearing System
CA
Certificate Authority
CDR
Consumer Data Right
See Treasury Consumer Data Right documentation.
CDR Rules
Rules defined by the ACCC outlining how CDR works. Current rules are Consumer Data Right Rules 2019.
CDS
Consumer Data Standards
The Consumer Data Standards are developed by the DSB as part of the Australian Government's introduction of the Consumer Data Right legislation to give Australians greater control over their data. The standards are binding, mandatory requirements on participants. The creation of Consumer Data Standards is legislated in the Competition and Consumer Act 2010, particularly section 56FA, Making data standards.
CDR Register
The Australian Competition and Consumer Commission (ACCC) maintains a CDR register of Accredited Data Recipients (ADRs) and Data Holders (DHs). Visit the CDR Register Github site to engage in the consultation process. UK Open Banking uses the term Directory.
The CDR Register is the source of truth regarding Accredited Data Recipients (ADRs) and the status of their accreditation. The CDR Register is in the process of merging with the Consumer Data Standards.
Consumer Data Standards
See CDS above.
convention
A convention is a suggestion, intended to bring together a common view of participants on how to deal with a matter that is not covered by a standard.
See Conventions.
CORS
Cross-Origin Resource Sharing
See:
CR
Change Request
See:
CRN
Customer Reference Number
CTS
Conformance Test Suite
The Conformance Test Suite is managed by the ACCC. See ACCC, Conformance Test Suite.
CX
Consumer Experience
The consumer experience for end users (consumers) interacting with the Consent Model and the CDR ecosystem. For CX Standards and CX Guidelines, search for CX Standards
and CX Guidelines
on the Consumer Data Standards web site.
Data cluster
A data cluster is a grouping of data, as specified in the Data Language Standards of the Consumer Experience Guidelines. The CX Guidelines provide advice on use of data clusters. For a full discussion of data clusters and data cluster language, search for CX Guidelines
on the Consumer Data Standards web site. In the latest CX Guidelines document, search for Data Language Standards
.
DCR
Dynamic Client Registration
This protocol defines mechanisms for dynamically registering OAuth 2.0 clients with authorisation servers. It is used by Accredited Data Recipients and Data Holders for obtaining credentials.
DELWP
Department of Environment, Land, Water and Planning (Victoria)
The Victorian Department of Environment, Land, Water and Planning is designated as a Data Holder for the energy sector. DELWP may be pronounced 'delp', to rhyme with 'whelp'.
designated sector
A designated sector means a sector of the Australian economy that is to adopt the CDR. The minister designates sectors via legislative instrument.
DH
Data Holder
The organisation that holds the information and supplies it at the request of the ADR or consumer. The Australian Competition and Consumer Commission (ACCC) maintains a CDR register of Accredited Data Recipients (ADRs) and Data Holders (DHs). Visit the CDR Register Github site to engage in the consultation process.
DLP
Data Loss Prevention
DLP is an information industry term referring to a comprehensive strategy for information security, including the protection of data in use, data at rest, and data in motion.
DOMS
Disclosure Option Management Service
DOMS can be considered to be JAMS 2.0.
DP
Decision Proposal
Decision Proposals are a component of the DSB consultation process. Decision Proposals are posted as issues on the DSB GitHub standards repository, for comments and discussion. See Guide to Decision Proposals.
DSB
Data Standards Body
The Data Standards Body assists the Data Standards Chair in making and reviewing the data standards.
DSAC
Data Standards Advisory Committee
DSAC may be pronounced 'dee-sack'.
DSC
Data Standards Chair
The DSC is the authority that makes and reviews the CDR Data Standards. Mr Andrew Stevens is the inaugural Data Standards Chair.
duration
Duration of consent
The period for which the consumer consents to share CDR data with an ADR.
EME
Energy Made Easy
Energy Made Easy (EME) is a free Australian Government energy price comparison service for households and small businesses in New South Wales, Queensland, South Australia, Tasmania and the Australian Capital Territory. For Victoria price comparison, see VEC (Victorian Energy Compare).
guideline
A guideline is a suggestion, often a strong suggestion, which contributes to a consistent experience for participants and consumers. For example, see CX Guidelines.
Insight
In the CDR Context, an Insight is consumer data, supplied by an ADR to a non-accredited recipient, with the consumer's consent. Insight data can be used for verifying the consumer's identity, account balance, or a transaction on the consumer account.
See CDR Rules, main section, 1.3 Interpretation
Insight disclosure consent
An insight disclosure consent gives permission for an Accredited Data Recipient to share consumer data, as an insight, with a non-accredited person, specified by the consumer.
See CDR Rules, main section, 1.3 Interpretation, 1.10A Types of consents, (3) Insight disclosure consent
JA
Joint Account
JA may also stand for the plural, Joint Accounts.
JAMS
Joint Account Management Service
JAMS is now obsolete. See DOMS, which is JAMS 2.0.
JARM
JWT Secured Authorization Response Mode for OAuth 2.0
In the Authorisation Code Flow, Data Holders and Accredited Data Recipients must support JARM in accordance with FAPI-1.0-Advanced. See:
JWKS
JSON Web Key Sets
JSON Web Key Sets is a set of JWK keys containing the public keys used to verify a JSON Web Token (JWT). See RFC 7571.
JWT
JSON Web Token
JSON Web Token is an open standard for transmitting information. See RFC 7519.
MFA
Multi-Factor Authentication
Typically MFA requires two authenticators: a password, and a code that has been sent to the consumer separately, for example by SMS, by a phone app or by email.
MI
Maintenance Iteration
See:
mTLS
mutual Transport Layer Security
NMI
National Meter Identifier
A NMI is an ID that identifies a service point, or connection to the national grid. NMI may be pronounced Nee-mee. NMI also refers to the dataset maintained by AEMO of NMIs and associated information.
normative
Where the DSB uses the term normative, in reference to other open standards, it means that the open standard referred to is part of the Consumer Data Standard, and compliance is required. See CDS Normative references.
notification
A notice sent to a consumer related to a data sharing arrangement.
Noting Paper
Noting Papers are a component of the DSB consultation process. Noting Papers are posted as issues on the DSB GitHub standards repository, for comments and discussion. See Guide to Noting Papers.
OAIC
Office of the Australian Information Commissioner
The OAIC is a co-regulator of the Consumer Data Right (CDR) regime. The ACCC is the other co-regulator. OAIC may be pronounced 'awake'.
OIDD
OpenID Connect Discovery
See
optional
In relation to a field in a CDS schema, optional means that the field is not mandatory if there is no available value for the field. However if information is available for an optional field, that field and value must be supplied. See also definitions for mandatory and conditional. See:
OTP
One Time Password
A single-use password generated by a Data Holder and used by a consumer to authenticate. One time passwords can be provided to the consumer by various means such as SMS message, app notification, or email.
OSP
Outsourced Service Provider
A person (or corporation) to whom an accredited person discloses CDR data under a CDR outsourcing arrangement.
PDS
Product Data Specification
A collection of data that describes a product. The details are specified in the Consumer Data Standards, Get Products section.
permission
The specific data in an authorisation scope is referred to as a permission. Permissions are grouped by data cluster.
PAN
Primary Account Number
A unique number with a varying length assigned to the primary account. The Primary Account Number is also known as the unique identifier of the embossed card number designated to payment cards.
PAR
Pushed Authorisation Request
See OAuth 2.0 Pushed Authorization Requests.
PII
Personally Identifiable Information
Personally identifiable information (PII) is data that might identify an individual. Transmitting PII without adequate protection is a threat to privacy and security, and may provide the opportunity for identity theft.
PRD
Product Reference Data
PRD is the generic description of a product offering provided to consumers as part of a Product Data Specification. It does not include any personal customer information. A PRD must be provided to the public for every banking product. The DSB has a Banking Products comparator demo.
reauthorise
Permission given by a consumer for a sharing arrangement to continue (for an agreed period) beyond the expiry date of the current sharing arrangement.
register
This can refer either to the CDR Register, or to what clients do in the process of Dynamic Client Registration (DCR).
REST
REpresentational State Transfer
An architecture for web services. Services using this architecture are described as RESTful.
revocation
In the CDS context, revocation refers to withdrawing of consent.
The DH informs the ADR that consent has been withdrawn via the DH revocation endpoint.
The ADR informs the DH that consent has been withdrawn via the ADR token revocation endpoint.
The ADR determines the DH recovation endpoint by the recovation_uri in the DH RegistrationProperties schema.
See:
revoke
The CDR Rules use the word revoke in the context of revoking accreditation. The CDS uses revoke in that context. The CDS also uses revoke in the context of withdrawing consent. See also revocation.
service point
In the context of the Energy sector, a service point is a connection to the Australian national electricity network. A service point is identified by a NMI (National Meter Identifier).
standard
A standard is a binding, mandatory requirement for participants. See Consumer Data Standards.
TA
Trusted Adviser
A TA is a non-accredited person, authorised to receive data by the consumer, via a consent given to an Accredited Data Recipient (ADR).
See CDR Rules, main section, 1.3 Interpretation, 1.10C Trusted Advisers
TLA
Three Letter Acronym
A Three Letter Acronym, or TLA, is intended to be an abbreviation for a term that takes longer to write or say. It also satisfies the bizarre psychological need to create jargon that is incomprehensible to others.
upstream standard
See normative.
VEC
Victorian Energy Compare
Victorian Energy Compare (VEC) is an independent Victorian Government energy price comparison site. For other states and territories, see EME (Energy Made Easy).
WCAG
Web Content Accessibility Guidelines
The Web Content Accessibility Guidelines are published by the W3C (World Wide Web Consortium). The CX Standards refer to these guidelines. See CDS Accessibility Standards.
withdrawal
Withdrawing consent or authorisation. This occurs when a consumer stops sharing or cancels a sharing arrangement. The CDS uses the word revoke to mean the same as the word withdraw in the context of consent.
Comments
0 comments
Please sign in to leave a comment.