Welcome to the Consumer Data Right Support Portal

Check out our guides, browse through our FAQs, and post your own questions for Support.

New to the Consumer Data Right? Learn more

Glossary Follow

Avatar
Neale Morison
  • Created:
  • Last edited:
  • Updated

Introduction

This glossary lists terms and their definitions in the context of the Consumer Data Right and Consumer Data Standards. 

See also thef CX Glossary.

ACCC

Australian Competition and Consumer Commission

The ACCC is a co-regulator of the Consumer Data Right (CDR) regime. The OAIC is the other co-regulator.

accreditation

The status provided to an organisation that has met the requirements to be considered an Accredited Data Recipient (ADR). The Australian Competition and Consumer Commission (ACCC) is responsible for accreditation, and for the accreditation requirements. 
See:

ACCC, 

ADI

Authorised Deposit-taking Institution

This has the meaning specified in the Banking Act 1959.

ADR

Accredited Data Recipient

See accreditation. The Australian Competition and Consumer Commission (ACCC) maintains a CDR register of ADRs and Data Holders. See ACCC, Information for accredited data recipients.

AEMO

Australian Energy Market Operator

AEMO is designated as a Data Holder for the energy sector. AEMO may be pronounced 'aim-o' or 'ay-ee-mo'.

AER

Australian Energy Regulator

The AER is designated as a Data Holder for the energy sector. 

API

Application Programming Interface

An API is a software intermediary that allows two applications to talk to each other. In the case of the CDS the APIs are RESTful interfaces.

APRA

Australian Prudential Regulation Authority

arrangement

In the context of consent and an authorisation, an arrangement is the continuous relationship established by one or more consecutive consent and authorisations between the ADR and the DH. An arrangement is identified by a cdr_arrangement_id that connects the revoked consent with the new consent. 

The original existing consent is revoked, and a new consent is created, connected to the original consent by an arrangement.

An arrangement allows a consent effectively to continue beyond the maximum 12 month duration for a consent. An arrangement also allows a consent effectively to be amended.

See: 

AT

Access Token

An access token in the context of the Consumer Data Standards is the token specified in the OAuth 2.0 standard. See CDS Client Authentication

authentication

The consumer authenticates with the Data Holder (DH). Authentication occurs immediately prior to  authorisation.

authorisation

Authorisation occurs when a consumer consents to disclosure of CDR data from a DH.

BECS

Bulk Electronic Clearing System

 

CA

Certificate Authority

 

CDR

Consumer Data Right

See Treasury Consumer Data Right documentation.

CDR Rules

Rules defined by the ACCC outlining how CDR works. Current rules are Consumer Data Right Rules 2019.

CDS

Consumer Data Standards

The Consumer Data Standards are developed by the DSB as part of the Australian Government's introduction of the Consumer Data Right legislation to give Australians greater control over their data. The standards are binding, mandatory requirements on participants. The creation of Consumer Data Standards is legislated in the Competition and Consumer Act 2010, particularly section 56FA, Making data standards. 

CDR Register

The Australian Competition and Consumer Commission (ACCC) maintains a CDR register of Accredited Data Recipients (ADRs) and Data Holders (DHs). Visit the CDR Register Github site to engage in the consultation process. UK Open Banking uses the term Directory.

The CDR Register is the source of truth regarding Accredited Data Recipients (ADRs) and the status of their accreditation. The CDR Register is in the process of merging with the Consumer Data Standards.

Consumer Data Standards

See CDS above.

convention

A convention is a suggestion, intended to bring together a common view of participants on how to deal with a matter that is not covered by a standard.
See Conventions.

CORS

Cross-Origin Resource Sharing

See:

CR

Change Request

See:

CRN

Customer Reference Number

CTS

Conformance Test Suite

The Conformance Test Suite is managed by the ACCC. See ACCC, Conformance Test Suite.

CX

Consumer Experience

The consumer experience for end users (consumers) interacting with the Consent Model and the CDR ecosystem. For CX Standards and CX Guidelines, search for CX Standards and CX Guidelines on the Consumer Data Standards web site.

Data cluster

A data cluster is a grouping of data, as specified in the Data Language Standards of the Consumer Experience Guidelines. The CX Guidelines provide advice on use of data clusters. For a full discussion of data clusters and data cluster language, search for CX Guidelines on the Consumer Data Standards web site. In the latest CX Guidelines document, search for Data Language Standards.

DCR

Dynamic Client Registration

This protocol defines mechanisms for dynamically registering OAuth 2.0 clients with authorisation servers. It is used by Accredited Data Recipients and Data Holders for obtaining credentials.

DELWP

Department of Environment, Land, Water and Planning (Victoria)

The Victorian Department of Environment, Land, Water and Planning is designated as a Data Holder for the energy sector. DELWP may be pronounced 'delp', to rhyme with 'whelp'. 

designated sector

A designated sector means a sector of the Australian economy that is to adopt the CDR. The minister designates sectors via legislative instrument.

DH

Data Holder

The organisation that holds the information and supplies it at the request of the ADR or consumer. The Australian Competition and Consumer Commission (ACCC) maintains a CDR register of Accredited Data Recipients (ADRs) and Data Holders (DHs). Visit the CDR Register Github site to engage in the consultation process.

DLP

Data Loss Prevention

DLP is an information industry term referring to a comprehensive strategy for information security, including the protection of data in use, data at rest, and data in motion.

DOMS

Disclosure Option Management Service 

DOMS can be considered to be JAMS 2.0.

DP

Decision Proposal

Decision Proposals are a component of the DSB consultation process. Decision Proposals are posted as issues on the DSB GitHub standards repository, for comments and discussion. See Guide to Decision Proposals.

DSB

Data Standards Body

The Data Standards Body assists the Data Standards Chair in making and reviewing the data standards.

DSAC

Data Standards Advisory Committee

DSAC may be pronounced 'dee-sack'. 

DSC

Data Standards Chair

The DSC is the authority that makes and reviews the CDR Data Standards. Mr Andrew Stevens is the inaugural Data Standards Chair.

duration

Duration of consent

The period for which the consumer consents to share CDR data with an ADR.

EME

Energy Made Easy

Energy Made Easy (EME) is a free Australian Government energy price comparison service for households and small businesses in New South Wales, Queensland, South Australia, Tasmania and the Australian Capital Territory. For Victoria price comparison, see VEC (Victorian Energy Compare)

guideline

A guideline is a suggestion, often a strong suggestion, which contributes to a consistent experience for participants and consumers. For example, see CX Guidelines

Insight

In the CDR Context, an Insight is consumer data, supplied by an ADR to a non-accredited recipient, with the consumer's consent. Insight data can be used for verifying the consumer's identity, account balance, or a transaction on the consumer account.

See CDR Rules, main section, 1.3 Interpretation

Insight disclosure consent

An insight disclosure consent gives permission for an Accredited Data Recipient to share consumer data, as an insight, with a non-accredited person, specified by the consumer.

See CDR Rules, main section, 1.3 Interpretation, 1.10A Types of consents, (3) Insight disclosure consent

JA

Joint Account

JA may also stand for the plural, Joint Accounts. 

JAMS

Joint Account Management Service 

JAMS is now obsolete. See DOMS, which is JAMS 2.0.

JARM

JWT Secured Authorization Response Mode for OAuth 2.0

In the Authorisation Code Flow, Data Holders and Accredited Data Recipients must support JARM in accordance with FAPI-1.0-Advanced. See:

JWKS

JSON Web Key Sets

JSON Web Key Sets is a set of JWK keys containing the public keys used to verify a JSON Web Token (JWT). See RFC 7571.

JWT

JSON Web Token

JSON Web Token is an open standard for transmitting information. See RFC 7519.

MFA

Multi-Factor Authentication

Typically MFA requires two authenticators: a password, and a code that has been sent to the consumer separately, for example by SMS, by a phone app or by email.

MI

Maintenance Iteration

See:

mTLS

mutual Transport Layer Security

NMI

National Meter Identifier 

A NMI is an ID that identifies a service point, or connection to the national grid. NMI may be pronounced Nee-mee. NMI also refers to the dataset maintained by AEMO of NMIs and associated information. 

normative

Where the DSB uses the term normative, in reference to other open standards, it means that the open standard referred to is part of the Consumer Data Standard, and compliance is required. See CDS Normative references.

notification

A notice sent to a consumer related to a data sharing arrangement.

Noting Paper

Noting Papers are a component of the DSB consultation process. Noting Papers are posted as issues on the DSB GitHub standards repository, for comments and discussion. See Guide to Noting Papers.

OAIC

Office of the Australian Information Commissioner

The OAIC is a co-regulator of the Consumer Data Right (CDR) regime. The ACCC is the other co-regulator. OAIC may be pronounced 'awake'.

OIDD

OpenID Connect Discovery

See

optional

In relation to a field in a CDS schema, optional means that the field is not mandatory if there is no available value for the field. However if information is available for an optional field, that field and value must be supplied. See also definitions for mandatory and conditional. See:

OTP

One Time Password

A single-use password generated by a Data Holder and used by a consumer to authenticate. One time passwords can be provided to the consumer by various means such as SMS message, app notification, or email.

OSP

Outsourced Service Provider

A person (or corporation) to whom an accredited person discloses CDR data under a CDR outsourcing arrangement.

PDS

Product Data Specification

A collection of data that describes a product. The details are specified in the Consumer Data Standards, Get Products section.

permission

The specific data in an authorisation scope is referred to as a permission. Permissions are grouped by data cluster.

PAN

Primary Account Number

A unique number with a varying length assigned to the primary account. The Primary Account Number is also known as the unique identifier of the embossed card number designated to payment cards.

PAR

Pushed Authorisation Request

See OAuth 2.0 Pushed Authorization Requests.

PII

Personally Identifiable Information

Personally identifiable information (PII) is data that might identify an individual. Transmitting PII without adequate protection is a threat to privacy and security, and may provide the opportunity for identity theft.

PRD

Product Reference Data

PRD is the generic description of a product offering provided to consumers as part of a Product Data Specification. It does not include any personal customer information. A PRD must be provided to the public for every banking product. The DSB has a Banking Products comparator demo.

reauthorise

Permission given by a consumer for a sharing arrangement to continue (for an agreed period) beyond the expiry date of the current sharing arrangement.

register

This can refer either to the CDR Register, or to what clients do in the process of Dynamic Client Registration (DCR).

REST

REpresentational State Transfer

An architecture for web services. Services using this architecture are described as RESTful.

revocation

In the CDS context, revocation refers to withdrawing of consent. 

The DH informs the ADR that consent has been withdrawn via the DH revocation endpoint.

The ADR informs the DH that consent has been withdrawn via the ADR token revocation endpoint. 

The ADR determines the DH recovation endpoint by the recovation_uri in the DH RegistrationProperties schema.

See: 

revoke

The CDR Rules use the word revoke in the context of revoking accreditation. The CDS uses revoke in that context. The CDS also uses revoke in the context of withdrawing consent. See also revocation.

service point

In the context of the Energy sector, a service point is a connection to the Australian national electricity network. A service point is identified by a NMI (National Meter Identifier).

standard

A standard is a binding, mandatory requirement for participants. See Consumer Data Standards.

TA

Trusted Adviser

A TA is a non-accredited person, authorised to receive data by the consumer, via a consent given to an Accredited Data Recipient (ADR).

See CDR Rules, main section, 1.3 Interpretation, 1.10C Trusted Advisers

TLA

Three Letter Acronym

A Three Letter Acronym, or TLA, is intended to be an abbreviation for a term that takes longer to write or say. It also satisfies the bizarre psychological need to create jargon that is incomprehensible to others. 

upstream standard

See normative.

VEC

Victorian Energy Compare

Victorian Energy Compare (VEC) is an independent Victorian Government energy price comparison site. For other states and territories, see EME (Energy Made Easy).

WCAG

Web Content Accessibility Guidelines

The Web Content Accessibility Guidelines are published by the W3C (World Wide Web Consortium). The CX Standards refer to these guidelines. See CDS Accessibility Standards

withdrawal

Withdrawing consent or authorisation. This occurs when a consumer stops sharing or cancels a sharing arrangement. The CDS uses the word revoke to mean the same as the word withdraw in the context of consent. 

 

Comments

0 comments

Please sign in to leave a comment.