ACCC
Australian Competition and Consumer Commission
The ACCC is a co-regulator of the Consumer Data Right (CDR) regime. The OAIC is the other co-regulator.
accreditation
The status provided to an organisation that has met the requirements to be considered an Accredited Data Recipient (ADR). The Australian Competition and Consumer Commission (ACCC) is responsible for accreditation, and for the accreditation requirements.
ADI
Authorised Deposit-taking Institution
This has the meaning specified in the Banking Act 1959.
ADR
Accredited Data Recipient
See accreditation. The Australian Competition and Consumer Commission (ACCC) maintains a CDR register of ADRs and Data Holders.
API
Application Programming Interface
An API is a software intermediary that allows two applications to talk to each other. In the case of the CDS the APIs are RESTful interfaces.
AT
Access Token
authentication
The consumer authenticates with the Data Holder (DH). Authentication occurs alongside of authorisation.
authorisation
Authorisation occurs when a consumer consents to disclosure of CDR data from a DH.
CDR
Consumer Data Right
See Treasury Consumer Data Right documentation.
CDR Rules
Rules defined by the ACCC outlining how CDR works. Current rules are Consumer Data Right Rules 2019.
CDR Register
The Australian Competition and Consumer Commission (ACCC) maintains a CDR register of Accredited Data Recipients (ADRs) and Data Holders (DHs). Visit the CDR Register Github site to engage in the consultation process. UK Open Banking uses the term Directory.
CDS
Consumer Data Standards
These Standards have been developed as part of the Australian Government's introduction of the Consumer Data Right legislation to give Australians greater control over their data.
CORS
Cross-Origin Resource Sharing
See:
CX
Consumer Experience
The consumer experience for end users (consumers) interacting with the Consent Model and the CDR ecosystem. For CX Standards and CX Guidelines, search for CX Standards and CX Guidelines on the Consumer Data Standards web site.
Data cluster
A data cluster is a grouping of data, as specified in the Data Language Standards of the Consumer Experience Guidelines. The CX Guidelines provide advice on use of data clusters. For a full discussion of data clusters and data cluster language, search for CX Guidelines on the Consumer Data Standards web site. In the latest CX Guidelines document, search for Data Language Standards.
DCR
Dynamic Client Registration
This protocol defines mechanisms for dynamically registering OAuth 2.0 clients with authorisation servers. It is used by Accredited Data Recipients and Data Holders for obtaining credentials.
DH
Data Holder
The organisation that holds the information and supplies it at the request of the ADR or consumer.
DLP
Data Loss Prevention
DLP is an information industry term referring to a comprehensive strategy for information security, including the protection of data in use, data at rest, and data in motion.
DSB
Data Standards Body
The Data Standards Body assists the Data Standards Chair in making and reviewing the data standards. CSIRO is currently designated as the DSB.
DSC
Data Standards Chair
The DSC is the authority that makes and reviews the CDR Data Standards. Mr Andrew Stevens is the inaugural Data Standards Chair.
designated sector
A designated sector means a sector of the Australian economy that is to adopt the CDR. The minister designates sectors via legislative instrument.
duration
Duration of consent
The period for which the consumer consents to share CDR data with an ADR.
notification
A notice sent to a consumer related to a data sharing arrangement.
MFA
Multi-Factor Authentication
Typically MFA requires two authenticators: a password, and a code that has been sent to the consumer separately, for example by SMS, by a phone app or by email.
OAIC
Office of the Australian Information Commissioner
The OAIC is a co-regulator of the Consumer Data Right (CDR) regime. The ACCC is the other co-regulator.
OTP
One Time Password
A single-use password generated by a Data Holder and used by a consumer to authenticate. One time passwords can be provided to the consumer by various means such as SMS message, app notification, or email.
OSP
Outsourced Service Provider
A person (or corporation) to whom an accredited person discloses CDR data under a CDR outsourcing arrangement.
PDS
Product Data Specification
A collection of data that describes a product. The details are specified in the Consumer Data Standards, Get Products section.
permission
The specific data in an authorisation scope is referred to as a permission. Permissions are grouped by data cluster.
PAR
Pushed Authorisation Request
See OAuth 2.0 Pushed Authorization Requests.
PII
Personally Identifiable Information
Personally identifiable information (PII) is data that might identify an individual. Transmitting PII without adequate protection is a threat to privacy and security, and may provide the opportunity for identity theft.
PRD
Product Reference Data
PRD is the generic description of a product offering provided to consumers as part of a Product Data Specification. It does not include any personal customer information. A PRD must be provided to the public for every banking product. The DSB has a Banking Products comparator demo.
reauthorise
Permission given by a consumer for a sharing arrangement to continue (for an agreed period) beyond the expiry date of the current sharing arrangement.
register
This can refer either to the CDR Register, or to what clients do in the process of Dynamic Client Registration (DCR).
REST
REpresentational State Transfer
An architecture for web services. Services using this architecture are described as RESTful.
withdrawal
Withdrawing consent or authorisation. This occurs when a consumer stops sharing or cancels a sharing arrangement.
Comments
0 comments
Please sign in to leave a comment.