datarightplus-parity S. Low Internet-Draft B. Kolera Intended status: Informational Biza.io Expires: 2 October 2024 31 March 2024 DataRight+ Rosetta Stone draft-authors-datarightplus-rosetta-latest Abstract A rosetta stone for the DataRight Plus specifications. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 2 October 2024. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Scope 2. Terminology 3. Ecosystem Specific Mappings 3.1. Australian Consumer Data Right 3.1.1. CDR Consumer 3.1.2. Data Holder Brand 3.1.3. Legal Entity 3.1.4. Data Recipient 3.1.5. Software Product 3.1.6. CDR Register 4. Acknowledgement 5. Normative References Authors' Addresses 1. Scope The scope of this document is limited to the conversion of terms utilised within the DataRight Plus specification suite to jurisdictional terms within legal frameworks. The intent of delivering this document is to remove ambiguity from the broader specification set by isolating, generally legal, terms within a single document. 2. Terminology This document defines the following terms: Consumer A Consumer represents an individual or a business for which a User has been granted permissions to perform actions on behalf of. Ecosystem Authority The Ecosystem Authority represents the designated arbiter of trust between Providers, Initiators and the Consumer. Further elaboration on the Ecosystem Authority is provided within [DATARIGHTPLUS-ADMISSION-CONTROL]. Electricity Authority The Electricity Authority represents the holder of information pertaining to electricity meters and usage. Initiator A Initiator is a client application which conducts activities with a Provider server. In an authorisation context a Initiator is analogous with an [OIDC-Core] Relying Party (RP). Initiator Brand TODO Personally Identifiable Information (PII) Information that (a) can be used to identify the natural person to whom such information relates, or (b) is or might be directly or indirectly linked to a natural person to whom such information relates. Provider A Provider is a piece of server infrastructure which receives requests from an Initiator. In an authorisation context a Provider is analogous with an [OIDC-Core] OpenID Provider (OP). User A User is a human who provides an identifier unique to the individual and for which correlates to one or more Consumer relationships. In an authorisation context a User is analogous with an [OIDC-Core] End-User. 3. Ecosystem Specific Mappings The following table provides a mapping from DataRight+ terminology to ecosystem specific terms. +=======================+=============================+ | DataRight+ | Australian CDR | +=======================+=============================+ | Electricity Authority | AEMO | +-----------------------+-----------------------------+ | Initiator | Software Product | +-----------------------+-----------------------------+ | Initiator Brand | Data Recipient Brand | +-----------------------+-----------------------------+ | Initiator Entity | Data Recipient Legal Entity | +-----------------------+-----------------------------+ | Initiator Base URI | Recipient Base URI | +-----------------------+-----------------------------+ | Provider | Data Holder Brand | +-----------------------+-----------------------------+ | Provider Entity | Data Holder | +-----------------------+-----------------------------+ | Consumer | CDR Consumer | +-----------------------+-----------------------------+ | Ecosystem Authority | CDR Register | +-----------------------+-----------------------------+ | User | User | +-----------------------+-----------------------------+ | User Agent | User Agent | +-----------------------+-----------------------------+ Table 1 3.1. Australian Consumer Data Right 3.1.1. CDR Consumer A CDR Consumer is a business or individual who authorises the sharing of data stored by a CDR Data Holder on their behalf to a CDR Software Product with their permission. A User, regardless of their individual relationship with a Data Holder may also have access to zero or more non-individual Consumer's, for instance businesses that they have permission to make decisions for. It is critical to note that a CDR Consumer is the individual entity of which data is being shared or actions are being performed on. Within the CDR there are various relationship types including: * Nominated Representatives: Authorised representatives of a specific corporate entity, for instance a company director * Secondary Users: Authorised parties who can access an individual Consumers data 3.1.2. Data Holder Brand For the purposes of this specification a Data Holder is described as the party who is offering or has offered services to the Consumer and/or holds relevant data related to those services on behalf of the Consumer. The types and format of that data is outside the scope of this particular specification but traditionally includes: * specific customer information such as name, addresses and phone numbers; * information related to services such as account numbers, pricing information and balances; * transaction/ledger information pertaining to services provided Within the CDR ecosystem the mandated Data Holders are ostensible Banking and Energy providers. Additional sectors can be designated by way of a legally binding Designation Instrument coupled with changes to the CDR Rules. 3.1.3. Legal Entity 3.1.4. Data Recipient A CDR Data Recipient is a party that provides activities, such as data sharing, through the Consumer who participates in the authorisation process initiated by a Initiator. Please refer to the expanded description of Provider within this document. 3.1.5. Software Product A Software Product is the listed value proposition, provided by a Data Recipient, which accesses a Data Holder Brand. 3.1.6. CDR Register 4. Acknowledgement The following people contributed to this document: * Stuart Low (Biza.io) - Editor * Ben Kolera (Biza.io) 5. Normative References [DATARIGHTPLUS-ADMISSION-CONTROL] Low, S., "DataRight+ Admission Control: Baseline", . [OIDC-Core] Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., and C. Mortimore, "OpenID Connect Core 1.0 incorporating errata set 1", 8 November 2014, . Authors' Addresses Stuart Low Biza.io Email: stuart@biza.io Ben Kolera Biza.io Email: bkolera@biza.io