Here is a list of topics raised by you all that we will touch on

Weekly OpenADE Meeting NotesTuesday, July 7, 2015OpenADE Task Force TopicsGreen Button Connect My Data Testing and Certification (target fall 2014) Complete function block descriptions Complete test case requirementsAmend CMD test requirements if gaps are discovered in dry run or other processIssues Raised and Implementation Questions How to use BR=bulkID with application to account and account groupings, as well as, large ThirdParty collections of Authorizations. Service Request 83 including Function Block for optional customer info (service point address, etc.) Service Request 84 having scope selection screen on Data Custodian Site vs 3rd Party site (need to write up description) Service Request 85 Duplicating TOU and CPP from ReadingType to IntervalReading as in SEP 2.0Service Request 86 Desire to add digital signature to Green Button data to protect against tamper. Service Request 90 Error in GB TestPlan: FB_07,08 AccumulcationBehavior should be 4 Service Request 91 Error in Test Plan: FB_04 Mega Third Party Service Request 92 Certificate referenceService Request 93 -- Customers have requested access to the Green Button CMD API interface to access their own account information Enhancement of UsageSummary.CostAdditionalDetail to indicate kind of billing determininantNew Resources for OpenADE Exchange requestedTariff Model Resource Customer Information Resource

TopicsTarget Firm Up List end of July: UsageSummary.CostAdditionalDetail.itemKindTaxThirdParty energy provider feeThirdParty energy provider usageCreditDiscountUsage ??? Covered in reference measurement???Demand ??? Covered in reference measurement???TOU ??? Covered in reference measurement???

Customer ChargeEnergy ChargesSupply ChargesDistribution ChargesTransmission ChargesGeneration ChargesState Gross Receipts TaxState Tax AdjustmentAdministrative ChargeAncillary ChargeBalancing Service ChargeWorking Capital ChargePurchased Generation AdjustmentCost AdjustmentService Location Distribution ChargeOtherMinimum chargeTier ChargeAdjustment ChargeProgram Charge/CreditAmount Paid???Target Firm Up end of July: Retailcustomer.xsdNeed to define function blocks -- Potentials:Minimal that only provides actual IDs and UsagePointsAddresses and location, End devicePricing StructureDMDGET Subscription w/wo query parameters Default required behaviorsProblem: The amount of data that is in a: GET /Batch/Subscription/{subscriptionId}can potentially be very large. What is the obligation of a DC when that message is received without query parameters? What about the desire of some DCs to provide only a fixed size response of say X months? What about when a subscription contains 1/10/1000 UsagePoints?Alternatives1) Requires date range in GET /Batch/Subscription/{subscriptionId}DC responds with 202 if data is too large to return right awayReturns with notification when data is ready and can provide query distinguished URIs2) DC decides maximum depth to return when no query parametersTP may get whole history (from scope parameter HistoryLength) or may get less.3) Term in Scope for default GET Subscription depthThe scope can indicate for the specific subscription what the default length is. The DC decides during scope selection what to include in the offered scopes. Solution:Publish min/max required on resource/Batch/XXXXX APIsDiscussion of responses to requests for large data setsGiven:It's possible for a subscription to have small or enormous at data sets There GB CMD applications on the market that don't require query parameters Query parameters are specified and the Min and Max public support required for our minimum setIf you have or don't have query parameters the third party is likely always to ask the first time for everything We agreed in a face-to-face that we were going to support a response of 202 when large off-line data sets are requestedIn a response asking for everything it should be the discretion of the data custodian to determine what the largest response it's willing to giveSome data custodians want to define a fixed maximum size for any requestAn empty response (feed with no resources) implies no more dataTherefore: Query parameters should remain optional in any given request Absence of query parameters means everything this means all available data that DC is willing to provide 202 is a valid response for ./Batch/ followed by a notification when data is ready The DC decides how much a maximum data response to an API request will be A TP that receives less than anticipated can ask for older data. If he gets back an empty feed, he has it all. Note: that if there is a gap in the data and he asks for the gap, he may get empty feed but there may be more data behind it.CIM Tariff Model

Charges associated with time threshholdsCharges associated with value threshholdsAdditional Information for UsageSummary.CostAdditionalDetailAdd an enumeration tag to lineitem to indicate what kind of charge it isitemKindTaxTOUDemandThirdParty energy provider feeThirdParty energy provider usage

Solutions to Add Customer Account NumbersAdd linkAdd Atom ExtensionExtend each Class with IdentifiedObject.nameMake non-obfuscatedIdAccount/Agreement Topology

Separation of PII containing Resource RetailCustomer from Subscription*KeyNew ResourceExisting ResourceNon-Resource Class*This data structure is to be developed on an aggressive schedule based on HelpDesk issue #83 and PAP10 NAESB Std REQ.18. No single API request can retrieve both PII and Anonymous dataRetailCustomerUsagePointEndDeviceAssetServiceLocationPostionPointPricingStructureCustomer AgreementAuthorizationServiceSupplierNormal ESPIResourcesSubscriptionAnononymous EUIPII Containing informationCustomerAccountModelUsagePoints of RetailCustomerLocation of premiseAccount IDSub Account (SA) IDService Agreement / Account is name depending on utilityCustomer name, nickname (or short name)Address and infoSDG&E provides only email address and UPID correspondence csv email and UsagePoint ID (Customer Obfuscated Key)MeterIDServicePointIdPnodeLoadAggregationPoint, SubloadAggregationPointClimate zoneAccount open dateAccount close dateSA Open and Close dateMDM Agent Id (who does meter read)ServiceSupplierIdEnergyServiceProviderId (may be same as service supplier)Demand Response Provider May need list of Ids for service providers rather than explicit?? (0..* relationship{role, href})Related assets ???? For example pool pump and pool pump participation in a program.Related programs ????

RetailCustomer APIGET .../resource/Batch/RetailCustomer/{id}GET .../resource/RetailCustomer/{id}GET .../resource/RetailCustomer/{id}/CustomerAccount/{id}/CustomerAgreement/{id}GET .../resource/CustomerAgreement/{id}GET .../resource/Batch/BulkRetailCustomerInfo/{id}

AuthorizationScope string addition? X RCInfo=AC where A=Address included , C=AccountInfo included X RCBulkId=123 for access to account info in bulkAccess tokens to access? Individual with access_token, bulk with client_access_tokenThoughts: Simpler to use the one authorization and the one bulkID for this data which would be used with /Bulk/{bulkId} and with /BulkRetailCustomer/{bulkId}X Desire to select which APIs query parameters are valid for but, currently we only test for the specific query paramters needed for IntervalBlock date ranges. Other parameters and which resources they apply to are optional. Leave generic query parameters as is for all resources but no requirements to support any specific set by resource.FBX Has RetailCustomer Just one FB_4X with RCInfoX Has Additional Detail indicated by content of RCInfo Alternative just like EUI data have separate function blocks for groupings of data (along resource lines) and they are part of scope=FB_xxxxxxxxxxNeed to work out FBs that make sense for RetailCustomer

Document as a separate document to maintain isolation of the PII and related discussions (CustomerResourceModelHelpdesk83.docx)

Older or other slidesWill build deck with new content over time.Mega Third PartyHost Third Party for smaller third partiesSmall solar companies that dont want to implement ESPI technical requirementsHave simple web siteWant customer dataWhy does small third party interface to mega third party have to be standardized?Have consulting company they are hosting GB on behalf ofRetail Customer authorizes little third party and mega third party to access the dataHow does mega third party track the authorization which occurs from the little third partyWants ability to tag a OAuth sequence to associate with the little third party perhaps a state parameter???IssuesWhat if one customer authorizes for two different provider using mega-third partyPG&E only permits one authorization for actual customer/third party pair.Same customer goes to Solar1 and Solar2 who are using the services of MegaTPHow can DC know one authorization from the next Consensus: let this be private matter between MegaThirdParty and customer. No additional protocol required.What if wordpress directs to DC and not TP?

GBCMD Test HarnessUsing Stunnel Proxy to isolate https from http on test harnessThree message types:1) DataCustodian to Mock Server https httpUse stunnel server config (tpserver.conf)2) SOAPUI to DataCustodian using groovy script and httpbuilderhttp httpsUse stunnel client config (tpclient.conf) host must be what is in ApplicationInformation remapped to port 8080.3) SOAPUI to DataCustodian via Selenium https web browser integrationUse Selenium browser with what is in ApplicationInformation bypassing stunnel for these messages

Certified Link

Added to feed (or if only entry, added to entry)Assigned by GBA at test request submissionUntil certified, may return in progress or some useful statusOptional request of return type for GET (returned by GBA site):GET https://cert.greenbuttonalliance.org/92348981231GET https://cert.greenbuttonalliance.org/92348981231?format=JSONGET https://cert.greenbuttonalliance.org/92348981231, Header parameter Accept: application/jsonReturn (XML Version) exact form tbd.

Chunking When the DataCustodian needs to provide data in chunksHave huge data set that DC wants to provide in chunks over HTTPSUse common URI Subscription or Bulk / idChunked by index and date?Use ESPI query parameters (FB_37) to distinguish chunks

../espi/1_1/resource/Batch/Bulk/1?start-index=1&max-results=1000&published-max=2012-04-02T04:00:00Z&published-min=2012-04-02T04:00:00Z ../espi/1_1/resource/Batch/Bulk/1?start-index=1&max-results=1000&published-max=2012-04-02T04:00:00Z &published-min=2012-04-02T04:00:00Z

Deferred Response when DC does not have data readyDCTPRequest:HTTP POSThttps://localhost/ThirdParty/espi/1_1/NotificationContent-type: application/xmlResponse:ThirdParty makes asynchronous requestDataCustodian does not have the data ready returns HTTP 202Some time later (when ready no guarantees or time limit) DataCustodian sends Notification with original URL in BatchListDataCustodian provides the resultRequest:HTTP GEThttps://localhost/DataCustodian/espi/1_1/Subscription/1Content-type: application/xmlHTTP returns 202Request:HTTP GEThttps://localhost/DataCustodian/espi/1_1/Subscription/1Content-type: application/xmlHTTP returns 200 and DataGreen Button Data File SummaryCan there be a digest of what is in a Green Button data set (i.e. feed) so that the whole data set returned by a GET or DMD can be judged for content without reviewing the contentsDifferent Usage Points in file may have different contentsContent may be dependent on when data is retrievedSimple xpath statements can be used to understand the contentsUnsuitable data is likely to be asked for once not repeatedlyConsensus: Not neededNew XML Schema TagscertificationNumberProvides information about the certificate issued to the creator of the file

contentHashProvides a checksum value of the files contents the recipient of the file may use to confirm the file has not been tampered with and all elements of the file were receivedResponse to OpenADE Help Desk item 86 http://osgug.ucaiug.org/HelpDesk/Lists/servicerequests/DispForm.aspx?ID=86&Source=http%3A%2F%2Fosgug%2Eucaiug%2Eorg%2FHelpDesk%2FLists%2Fservicerequests%2FGreenButton%2EaspxConsider RFC 4287 Atom Syndication Format section 5.1 which describes Digital Signatures for Atom: https://tools.ietf.org/html/rfc4287#section-5.1

Certification Structurelink type=text/html href=https://cert.greenbuttonalliance.org/certificate/987654321987654321 />

Possible OptionsGET https://cert.greenbuttonalliance.org/92348981231?ThisGuysScopeIs=FB_01040507PGE -92348981231 scopes=1_4_5,1_4_10,1_4_5_10Variable return typesQuery Parameter:GET https://cert.greenbuttonalliance.org/92348981231?format=XMLAccept Header Parameter:Accept: Application/XMLAtom link types

Certificate SolutionsCreate new required resource for GB*** Create a required feed related linkLook at other atom feed attributes to implement

[FB_14] OAD011 [NEG] Malformed Refresh Token RequestVerify Data Custodian rejects a malformed Refresh Token Access Token RequestRefresh_token field-value pair that was issued to another Third PartyThe current CMD test harness can only simulate a single Third Party application and thus is not able to present a refresh_token request using another Third Partys assigned refresh_tokenTwo application information structures would need to be registered at the Data Custodian under test to be able to support this requirementRefresh_token field-value pair has expiredA short lived refresh_token would need to be available to perform this test requiring the Data Custodian under test to be able to modify the refresh_token expiration periodThe authorization servers token expiration test should not be based on the type of token issued, therefore the existing test in OAD016 [NEG] Invalid Access Token Request (Access Token contained in the Authorization Header has expired) makes this test redundantCell Phone API ModelHow to do authorization for cell phone APPStill need to involve App developer (DC may not accept request from any app)API FBsCustomer and his app authenticationGet an access tokenDiffers in certificate management and securitySecurityPrivacyRetail Customer vs SubscriptionOne Data Custodians Potential Design Dimensions for UsageSummaryNEM: NettableUDCCommodityTaxes (DWR, City and State)DiscountsCareFERAEmployee discountsNon-nettableDemandsMinimum charge Customer chargeEvent daysGHGNon-NEM customers:NettableUDCTaxes (DWR, City and State)T&DDiscountsCareFERAEmployee discounts.Non-nettableEvent daysGHGNettable: total cost = sum of nettable componentsNEM: Net MeteringImplementation Perspective to Billing dataMeter Relationships (Additive-Conjunctive, Subtractive)Special Bill ItemsNEM StatementShadow Bill InfoLevel Pay Plan customers Rates (bill periods: pricing changes, seasons)

TopicsMultiple ReadingTypes in file not referenced by contents Proposal permit (right now excluded)Definition of Net metering FB_07 vs. FW/REV metering FB_08FB_03espiderived.xsdthirdPartyUserPortalScreen vs. client_uriAppears to duplicate same functionclient_uri is optional by dynamic registration OAuth protocolSolutionMake client_uri and thirdPartyUserPortalScreen optional in schemaAuthorization.authorizedPeriod and publishedPeriod should be optional since not needed in authorizations for client admin and registrationSolutionMake both fields optional in the schemaEnsure they are present for access_token based authorizationsIf present validate authorizedPeriod and publishedPeriod are valid date formatIf either authorizedPeriod or publishedPeriod is present, both are required Allow duration to be present with 0 values implying non-expiring authorizationsgrant_types for ApplicationInformationShould it be set of grant_types that DC supports?Spring requires separate client_id for client_credentials flowSolution:Nothing needs to change

FB_03grant_types test assertion in FND002 re: redirect_uriSolution:Remove the test from FND002 and OADxxxresponse_types should be code Solution:Add test to validate content of response_types is codeLifetime of client_access_tokenIf shortlived, you need to do client_credentials each day to get a new oneThis forces you to use the secret often which is a greater risk than client access tokenWhat does this do the lifetime of the AuthorizationCMD T&CT&C Plan12/23GreenButton Connect My Data Conformance Testing Requirements ReviewFor ReviewFB_03 Core GB CMDFB_39 PUSH model-REST Notifications/bulk transferFB_34 SFTP for bulkFB_35 REST for BulkFB_13 SecurityFB_14 Authorization and AuthenticationNot yet ready for reviewFB_19 Partial data updateFB_40 Offline RetailCustomer authorizationFB_37 Query parametersCMD Test Development PlanPhase I - 11/17/2014..11/21/2014Ron/Don Complete Spreadsheet with Test Requirements and Test Steps.In parallel John/Marty get scheduled with consenting Data Custodians for an initial test GET ServiceStatus which requires a target URL and a client_access_token for a preconfigured test Third Party.Phase II - 11/19/2014..11/26/2014OpenADE/OpenESPI Participants review test requirements and procedures and report by exceptionDon/Ron are building testsPhase III 12/1/2014..12/31/2014Don/Ron are building testsJohn/Marty are running tests with consenting Data Custodians

Set UUT Into Test HarnessHarness acts as a TPNeed test third party accountAt least three Test AccountsTwo authorized for this third partyOne known and authorized for any other third partyCreate / Exchange ApplicationInformation for Test TPCreate / ExchangeTP client_access_tokenTP registration_access_tokenTwo Subscription access_token (may included OAuth authorization process)Third subscription access_token (not owned by TP and used in negative tests)Data Custodian Test CapabilitiesAny given data custodian might fall into three possible capability categories:The DC has the ability to clear created authorizationsThe DC has multiple accounts to authorize so that when a new authorization is needed it can be createdThe DC has to accept that one test failure may preclude going on to perform other testsIssuesHow to expire an access token so it can be tested along with refresh_token Testee can manually or otherwise expire an access tokenRemoval of client_credential flow testing until dynamic registration Support the APIDont support in minimum requiredHow the transition from scope selection which is not OAuth, to the OAuth sequence which must originate at the Third Party occurs.Need to review Authorization document (needs corrections) and implementers need to check what they are implementingDataCustodian Registration Values to Communicate with the Certification Test HarnessthirdPartyNotifyUrihttps://services.greenbuttondata.org/CertificationThirdParty/espi/1_1/Notification thirdPartyScopeSelectionScreenURIhttps://services.greenbuttondata.org/CertificationThirdParty/espi/1_1/RetailCustomer/ScopeSelection thirdPartyUserPortalScreenURIhttps://services.greenbuttondata.org/CertificationThirdParty/espi/1_1/RetailCustomer/home client_nameCertification Test Harnessclient_urihttps://services.greenbuttondata.org/CertificationThirdParty GBCMD Testing and Certification StatusTest Project and HarnessNeed to add target UUT configuration and refactor testsFB_3 Core Green Button Connect My DataStatus: Tests almost completeFB_13 Security and PrivacyStatus: Initial set of test complete; need to adjust to test harness and needs some small enhancementsFB_14 Authorization and AuthenticationStatus: Repertoire of test cases initially identified by Don Coffin and they need to be reviewed and implemented implementation begunFB_19 Partial Update DataStatus: not startedFB_37 Query ParametersStatus: not startedFB_39 PUSH ModelStatus: substantially completeFB_34 Bulk SFTPStatus: substantially complete (not on github)FB_35 Bulk RESTStatus: substantially complete (not on github)Authorization ResourceCurrently, client_access token can retrieve the collection of authorizations for the specific third party. A concern was raised that theft of that one token would provide access to all tokens (in the Authorization resource) a serious vulnerability. Proposed solutions:Keep API and schema constant but require the omission of access_token and refresh_token tags.Make access to Authorization only based on the contained access_token. That is, the client_access_token can only retrieve the corresponding Authorization resource; registration_access_token can only retrieve the corresponding Authorization resource; the individual access_tokens can only retrieve the corresponding Authorization resource.Consensus solution: Remove access tokens from the schema.Access TokensReference: http://www.greenbuttondata.org/espi/access_tokens/ACUDR access_tokenclient_access_tokenupload_access_token (used only in FB 45)datacustodian_access_token (used only in FB_33)registration_access_token

refresh_token ?

CMD Test Development Plan ReferencesAll the test development is being done on the https://github.com/energyos/OpenESPI-GreenButtonCMDTest project, and, The test requirements and test procedures maintained in the spreadsheet at https://github.com/energyos/OpenESPI-GreenbuttonDataSDK/tree/master/GreenButtonTestingRequirements.You can enter issues for discussion on either project as you see appropriate.For Test Code Issues: https://github.com/energyos/OpenESPI-GreenButtonCMDTest/issuesFor Test Requirements Issues: https://github.com/energyos/OpenESPI-GreenbuttonDataSDK/issues

Retail CustomerObject IdentificationObjects are instances of classesObjects need to be identified uniquely becauseData in a repository needs to be identified as to where it came fromUpdates to data (for example from raw to validated) need to identify that its the same data that has been updatedDevices from which data originates often needs to be associated with the dataDevices need to be labeled multiple ways for various purposes e.g. in a building topology (2nd floor floodlight), in an electrical hierarchy (branch 2 load 3)

Master resource identifier issued by a model authority. The mRID is globally unique within an exchange context.Global uniqeness is easily achived by using a UUID for the mRID. It is strongly recommended to do this.The Name class provides the means to define any number of human readable names for an object. The name can be further attributed by a NameType and a NameTypeAuthority.IEC 61970 IdentifiedObjectA simple string to identify the object.IdentifiedObjectmRID usually a UUID that represents the object instancename simple string to identify the objectName a class that allows additional names to be used for the same object in different hierarchies. different naming authorities may have the right to name devices for their own purposesit is important to identify the naming authority and naming convention (type)These must also be properties of the object to which they represent since it is the same unique objectESPI Mapping of IdentifiedObject to AtomESPI endpoints expose resources as described by Atom, IETF RFC 4287.Representations are identified as media type application/atom+xmlESPI namespace and types (http://naesb.org/espi) are used for objects in elementespi:mRID is implemented by atom:idUUIDs are used, as specified in IETF RFC 4122espi:description is implemented by atom:titleatom:published and atom:updated are usedAssociated objects use atom:link (rel=related)espi:name is implemented a resource.name

Solutions to Add Customer Account NumbersAdd linkAdd Atom ExtensionExtend each Class with IdentifiedObject.nameMake non-obfuscatedIdAccount/Agreement Topology

Separation of PII containing Resource RetailCustomer from Subscription*KeyNew ResourceExisting ResourceNon-Resource Class*This data structure is to be developed on an aggressive schedule based on HelpDesk issue #83 and PAP10 NAESB Std REQ.18. No single API request can retrieve both PII and Anonymous dataRetailCustomerUsagePointEndDeviceAssetServiceLocationPostionPointPricingStructureCustomer AgreementAuthorizationServiceSupplierNormal ESPIResourcesSubscriptionAnononymous EUIPII Containing informationCustomerAccountModelUsagePoints of RetailCustomerLocation of premiseAccount IDSub Account (SA) IDService Agreement / Account is name depending on utilityCustomer name, nickname (or short name)Address and infoSDG&E provides only email address and UPID correspondence csv email and UsagePoint ID (Customer Obfuscated Key)MeterIDServicePointIdPnodeLoadAggregationPoint, SubloadAggregationPointClimate zoneAccount open dateAccount close dateSA Open and Close dateMDM Agent Id (who does meter read)ServiceSupplierIdEnergyServiceProviderId (may be same as service supplier)Demand Response Provider May need list of Ids for service providers rather than explicit?? (0..* relationship{role, href})Related assets ???? For example pool pump and pool pump participation in a program.Related programs ????

RetailCustomerAPIGET .../resource/Batch/RetailCustomer/{id}GET .../resource/RetailCustomer/{id}GET .../resource/RetailCustomer/{id}/CustomerAccount/{id}/CustomerAgreement/{id}GET .../resource/CustomerAgreement/{id}GET .../resource/Batch/BulkRetailCustomerInfo/{id}

AuthorizationScope string addition? RCInfo=AC where A=Address included , C=AccountInfo included RCBulkId=123 for access to account info in bulkAccess tokens to access? Individual with access_token, bulk with client_access_tokenFBHas RetailCustomer Just one FB_4X with RCInfoHas Additional Detail indicated by content of RCInfo

February Event Preliminary PlanningCelebrate: Birth of the Green Button EcosystemTesting and Certification Complete for DMD/CMDUCAIug ITCA fully establishedInitial Data Custodians successfully certified for DMD and CMDShower Successful T&C Adopters with Fame and CongratulationsVenue and participation TBD in coming weeks

Best Practice Reading Quality FlagsReadingType.defaultQuality contains the default quality that applies to all corresponding IntervalReading data.IntervalReading.ReadingQuality.quality allows specific Intervals to override the default in ReadingTypeUsageSummary.qualityOfReading if present overrides default in ReadingType for those IntervalBlocks within the scope of the UsageSummary.billingPeriodIf IntervalReading data are modified, DataCustodian should notify of this change so ThirdParty can retrieve the changes.If UsageSummary.qualityOfReading overrides the ReadingType or IntervalReadings, the IntervalReading qualities would change and a subsequent retrieval (not required) of the IntervalBlocks would come with the corresponding quality flag.

The qualityOfReading flag for Usage Summary will indicate latest overriding quality of previously provided interval values corresponding to BillingPeriod datesThe Default Quality (from ReadingTypeRef) for OverallConsumptionLastPeriod will indicate quality of total billed usage

Requests that are not inside authorization period

Date of request April 5 Consensus:i agree on 403ii agree on 403FB3 - Core REST Services[R] GET resource/ApplicationInformation/{ApplicationInformationID}[POS] Accept of valid request[NEG] Reject by invalid ID[NEG] Reject by invalid access-token[POS] Results valid to schema and include required fields for OAuth and TP/DC interaction[C] GET resource/Authorization[C] GET resource/Authorization/{AuthorizationID}[A] GET resource/Batch/Subscription/{SubscriptionID}[C] GET resource/ReadServiceStatusPOST: How to test for TP NotificationTriggerUses notification URI from ApplicationInformationExpected content at least one URI that can be GETd?

FB_03 Core GB CMDCovers core services, resources and access controlatom:entry, atom:feedGET, PUT, POST, DELETE (negative only)ApplicationInformationAuthorization (feed)Authorization (entry)Subscription (entry) only available through batch/subscriptionReadServiceStatus (entry)Access token expiration testing?Authorization expiration?Notification move to FB_39?FB_03 Core GB CMDatom:entry / ApplicationInformationUsing required access token of R(registration_access_token)Verify successful GET and response contents (which subset of app info is required in the response?)If it is required by OAuth2 dynamic registration it must be presentOther fields not derived from OAuth2?i.e. ContactInfo used in the case of a failed notification to TPVerify negative response to PUT, POST, DELETE: 403 forbiddenUsing other access tokens(A,C) or none Verify negative response to GET, PUT, POST, DELETE: 403 forbiddenNo token: 401 unauthorizedFB_03 Core GB CMDatom:feed / AuthorizationUsing required access token of C(client_access_token)Verify successful GET and response contents (which subset of Authorization info is required in the response?)Verify negative response to PUT, POST, DELETE: 403 forbiddenUsing other access tokens (AR) or noneVerify negative response to GET, PUT, POST, DELETE: 403 forbiddenNo token: 401 unauthorizedFB_03 Core GB CMDAuthorization(C)- all fields(except error fields), some have of which have req. valuesSubscriptions(A) - feed with at least 1 UsagePointReadServiceStatus(C) all fields with content of 0/1 Using required access tokens Verify successful GET and response contentsVerify negative response to PUT, POST, DELETETBD?: Using other access tokens or noneVerify negative responseFB_39 Push Model REST notificationsSend Notification to TPpre-test set up DC needs to know TP stand-in URI (FB_33 could automate this?)DC UT has manual trigger method to generate notificationApplicationInformationAuthorizationSubscriptionVerify well-formed contents of the NotificationGet the data (w/ correct access token) and validate the data[NEG] Test GET out of bounds and deferred response (should be moved to or is already present in other FB tests)Authorization no longer valid (how?) MOVE to FB_14Data no longer available (i.e. TP took too long for requesting the data) SFTP error 2 ref to file that does not exist / REST GET error Issue REST GET with wrong token (what token should the test use?) applies specifically to FB_39 to ensure notification data is secure[NEG] If TP Notify fails, verify by demonstration that failure was detectedTP is off-line

FB_34 SFTP for Bulk PrerequisitesPre configured AuthorizationsAuthorizations need bulk scopeNotification of Bulk sent to test harnessi.e. sftp://services.greenbuttondata.org/DataCustodian/espi/1_1/resource/Batch/Bulk/{BulkID}Test harness retrieves data via SFTPValidate the dataPass schemaMust contain 1 feed w/ 1 or more entry(s)Verify there is a valid authorization for each entry and the scope of each authorization for each entry has BR=BulkIdUse https://services.greenbuttondata.org/DataCustodian/espi/1_1/resource/Authorization for list of authorizations to check againstIs URI a pointer to a folder or a pointer to a file?SFTP GETALL could retrieve a set of files from a folder orSFTP GET single fileFB_35 REST for Bulk Notification of BulkAuthorizations must be presentAuthorizations need bulk scopei.e. sftp://services.greenbuttondata.org/DataCustodian/espi/1_1/resource/Batch/Bulk/{BulkID}Test harness retrieves data via REST GETValidate the dataPass schema1 feed w/ 1 or more entry(s)Verify there is a valid authorization for each entry and the scope of each authorization for each entry has BR=BulkIdUse https://services.greenbuttondata.org/DataCustodian/espi/1_1/resource/Authorization for list of authorizations to check against

FB 13: Security TestingCyber Security and Privacy Test RequirementsBased on Authorization.docx section 2.7From SGIP SGCC Committee review of REQ.21Reviewed with NIST Cyber Security staffNAESB REQ.21 sectionInitial set of test requirements on next slideFB 13: Security Testing Initial Set of Test Requirements[TR_TC001] Test software shall issue a service request over an SSL session and shall verify that the response HTTP header contains the following fields and information fields TBD[TR_TC002] Verify that REST request headers include fields TBD[TR_TC003] Verify that the Data Custodian implements TLS 1.2.[TR_TC004] Verify that when communicating with a Retail Customer the Data Custodian negotiates the highest level of TLS mutually supported.[TR_TC005] Verify that when communicating with a Retail Customer the Data Custodian rejects TLS_RSA_WITH_NULL_SHA cipher suites.[TR_TC006] Verify that when communicating with a Retail Customer at a minimum the Data Custodian accepts the TLS_RSA_WITH_AES_128_CBC_SHA cipher suite.[TR_TC007] Verify that when communicating with a Third Party the Data Custodian negotiates the highest level of TLS mutually supported.[TR_TC008] Verify that the Data Custodian maintains an unexpired unrevoked RSA certificate with a public key length of at least 2048 bits.FB 13: Security Testing Initial Set of Test Requirements[TR_TC009] Test software or manual inspection shall verify that the Data Custodian RSA certificate was issued by a Certificate Authority (CA) that has been successfully audited according to the criteria of ETSI or WebTrust.[TR_TC010] Test software or manual inspection shall verify that Tokens and IDs communicated by the Data Custodian are opaque and if based on actual Customer information that they are randomized using a secure method to protect privacy.[TR_TC011] Test software or manual inspection shall verify that Tokens and IDs communicated by the Data Custodian consist of at least 48 bits and can be the random number part of an RFC2422 UUID.[TR_TC012] Manual inspection of supporting documentation shall confirm that the Data Custodian implementation utilizes software libraries which are FIPS 140-2 level 1 or higher and listed on the CMVP website.[TR_TC013] Verify that the Third Party implements TLS 1.1 or higher.[TR_TC014] Verify that when communicating with a Retail Customer the Third Party negotiates the highest level of TLS mutually supported.FB 13: Security Testing Initial Set of Test Requirements[TR_TC015] Verify that when communicating with a Data Custodian the Third Party negotiates the highest level of TLS mutually supported.[TR_TC016] Verify that the Third Party maintains an unexpired unrevoked RSA certificate with a public key length of at least 2048 bits.[TR_TC017] Test software or manual inspection shall verify that the Third Party RSA certificate was issued by a Certificate Authority (CA) that has been successfully audited according to the criteria of ETSI or WebTrust.[TR_TC018] Test software or manual inspection shall verify that Tokens and IDs communicated by the Third Party are opaque and if based on actual Customer information that they are randomized using a secure method to protect privacy.[TR_TC019] Test software or manual inspection shall verify that Tokens and IDs communicated by the Third Party consist of at least 48 bits and can be the random number part of an RFC2422 UUID.[TR_TC020] Manual inspection of supporting documentation shall confirm that the Third Party implementation utilizes software libraries which are FIPS 140-2 level 1 or higher and listed on the CMVP website.

FB_14: Authorization and Authentication (OAuth) Initial Set of Test Requirements[TR_OA001] Verify Data Custodian provides an Authorization Endpoint per OAuth 2.0 specification [TR_OA002] Verify Data Custodian provides a Token Endpoint per OAuth 2.0 specification[TR_OA004] Verify Data Custodian provides client with Third Party ID value per OAuth 2.0 specification[TR_OA005] Verify Data Custodian provides client with Third Party Secret value per OAuth 2.0 specification [TR_OA007] Verify Data Custodian rejects an Authorization Code Request with NO "Response Code" parameter [TR_OA008] Verify Data Custodian rejects an Authorization Code Request with NO "client_id" parameter [TR_OA009] Verify Data Custodian rejects an Authorization Code Request with NO "scope" parameterCheck on redirect_uri parameter Check on state parameter[TR_OA010] Verify Data Custodian rejects an Authorization Code Request containing multiple "response_type" parameters [TR_OA011] Verify Data Custodian rejects an Authorization Code Request containing multiple "client_id" parameters [TR_OA012] Verify Data Custodian rejects an Authorization Code Request containing multiple "scope" parameters FB_14: Authorization and Authentication (OAuth) Initial Set of Test Requirements[TR_OA013] Verify Data Custodian rejects an Authorization Code Request containing multiple "redirect_uri" parameters [TR_OA014] Verify Data Custodian rejects an Authorization Code Request containing multiple "state" parameters [TR_OA015] Verify Data Custodian rejects an Authorization Code Request containing an INVALID parameter [TR_OA016] Verify Data Custodian rejects an Authorization Code Request with an INVALID "Response Code" parameter [TR_OA017] Verify Data Custodian rejects an Authorization Code Request with an INVALID "client_id" parameter [TR_OA018] Verify Data Custodian rejects an Authorization Code Request with an INVALID "redirect_uri" parameter [TR_OA019] Verify Data Custodian rejects an Authorization Code Request with an INVALID "scope" parameter [TR_OA020] Verify Data Custodian properly validates Retail Customer while processing a valid Authorization Code Request[TR_OA021] Verify Data Custodian proper handles a Retail Customer who fails to pass authentication testing while processing a valid Authorization Code Request[TR_OA022] Verify Data Custodian properly obtains the Retail Customer's authorization for the Third Party to access their data while processing a valid Authorization Code Request[TR_OA023] Verify Data Custodian properly processes a Retail Customer's denial to allow a Third Party to access their data while processing a valid Authorization Code RequestFB_14: Authorization and Authentication (OAuth) Initial Set of Test Requirements[TR_OA024] Verify Data Custodian properly processes a Retail Customer's authorization to allow a Third Party to access their data while processing a valid Authorization Code Request[TR_OA027] Verify Data Custodian properly authenticates and accepts an Access Token Request with a valid HTTP BASIC Authorization header [TR_OA028] Verify Data Custodian rejects an Access Token Request with an INVALID HTTP BASIC Authorization header[TR_OA029] Verify Data Custodian properly authenticates the authorization_code contained in the "code=" parameter of an Access Token Request was issued to the "client_id" in the Access Token Request [TR_OA030] Verify Data Custodian accepts an Access Token Request containing an authorization_code ("code=" parameter) issued to the "client_id" in the Access Token Request [TR_OA031] Verify Data Custodian rejects an Access Token Request with NO "grant_type" parameter [TR_OA032] Verify Data Custodian rejects an Access Token Request with NO "code" parameter [TR_OA033] Verify Data Custodian rejects an Access Token Request with NO "redirect_uri" parameter [TR_OA034] Verify Data Custodian rejects an Access Token Request with NO "client_id" parameter FB_14: Authorization and Authentication (OAuth) Initial Set of Test Requirements[TR_OA035] Verify Data Custodian rejects an Access Token Request with multiple "grant_type" parameters [TR_OA036] Verify Data Custodian rejects an Access Token Request with multiple "code" parameters [TR_OA037] Verify Data Custodian rejects an Access Token Request with multiple "redirect_uri" parameters [TR_OA038] Verify Data Custodian rejects an Access Token Request with multiple "client_id" parameters [TR_OA039] Verify Data Custodian rejects an Access Token Request with a "client_id" parameter and a HTTP BASIC authorization field [TR_OA040] Verify Data Custodian rejects an Access Token Request containing an authorization_code ("code=" parameter) NOT issued to the "client_id" in the Access Token Request [TR_OA041] Verify Data Custodian rejects an Access Token Request containing an INVALID authorization_code ("code=" parameter) [TR_OA042] Verify Data Custodian rejects an Access Token Request not containing a "redirect_uri" parameter if the original Authorization Request contained a "redirect_uri" parameter [TR_OA043] Verify Data Custodian rejects an Access Token Request containing a "redirect_uri" parameter if the "redirect_uri" does NOT match the "redirect_uri" parameter contained in the original Authorization Request parameter

FB_14: Authorization and Authentication (OAuth) Initial Set of Test Requirements[TR_OA044] Verify Data Custodian rejects an Access Token Request containing a "redirect_uri" parameter if the original Authorization Request did NOT contain a "redirect_uri" parameter [TR_OA045] Verify Data Custodian rejects an Access Token Request containing a previously used authorization_code [TR_OA046] Verify Data Custodian rejects an Access Token Request containing an expired authorization_code [TR_OA047] Verify Data Custodian issues a properly formatted Access Token Response (grant_type=authorization_code) [TR_OA050] Verify Data Custodian issues a properly formatted Access Token Response (grant_type=client _credentials) [TR_OA051] Verify Data Custodian rejects an Access Token Request with multiple "grant_type" parameters [TR_OA052] Verify Data Custodian rejects an Access Token Request with multiple "scope" elements [TR_OA053] Verify Data Custodian rejects an Access Token Request with an INVALID "scope" parameter [TR_OA056] Verify Data Custodian rejects a Refresh Token Request with NO "grant_type" parameter [TR_OA057] Verify Data Custodian rejects a Refresh Token Request with NO "refresh_token" parameter [TR_OA058] Verify Data Custodian rejects a Refresh Token Request with multiple "grant_type" parameters

FB_14: Authorization and Authentication (OAuth) Initial Set of Test Requirements[TR_OA059] Verify Data Custodian rejects a Refresh Token Request with multiple "refresh_token" parameters [TR_OA060] Verify Data Custodian rejects a Refresh Token Request with multiple "scope" parameters [TR_OA061] Verify Data Custodian properly authenticates and accepts a Refresh Token Request with a valid HTTP BASIC Authorization header [TR_OA062] Verify Data Custodian rejects a Refresh Token Request with a INVALID HTTP BASIC Authorization header [TR_OA063] Verify Data Custodian rejects a Refresh Token Request containing a "refresh_token" element that was NOT issued to the requesting Third Party Application [TR_OA064] Verify Data Custodian rejects a Refresh Token Request containing a "refresh_token" element that is expired [TR_OA065] Verify Data Custodian rejects a Refresh Token Request containing a "scope" element that does NOT match the "scope" element value used to obtain the original Access Token. [TR_OAxxx] Verify Data Custodian handling of expired Access Token and Refresh TokenFB_19: Partial update of dataIs this requirement for upload role and not core data custodian?[FB_37] Query ParametersSupport published_min, published_max[FB_40] Offline RetailCustomer AuthorizationManual Creation of ApplicationInformation, Authorization(s)ReadingType AttributesPG&E notices that their MDM uses various ReadingType attribute values that are not the same as those in the DMD test suite.Question should meter data reflect the diversity of the meter system or the meaning of data conveyed to the ThirdPartyFolks will look at their data and thinking further.Interpretation of Quality Flags for UsageSummary, ReadingType, and IntervalReadingReadingType.defaultQuality contains the default quality that applies to all corresponding IntervalReading data.IntervalReading.ReadingQuality.quality allows specific Intervals to override the default in ReadingTypeIf IntervalReading data or quality tags are modified, DataCustodian should notify of this change so ThirdParty can retrieve the changes.UsageSummary.qualityOfReading if present indicates that those IntervalBlocks within the scope of the UsageSummary.billingPeriod may have changed quality as well. Third Party may want to retrieve data again to see the revisions if any.The DC may indicate to the TP that IntervalBlock data has changed by sending a notification for the IntervalBlocks that changed.Testing and Certification IssuesTest Third Party role for testing DataCustodianTest accounts (how many ; real-or-not ; how much history?)Test Set up Application Information How to put DC in reproducible state reset?Minimum FBs to test FB_3, 13, 14, 19,37,39Alternative Test Environment that is same as the Live environment Same Certs etc Does it need to be real data?ElectricPowerUsageSummaryMake general UsageSummary and deprecate ElectricPower oneLet query determine period not current/lastHow to rename fields to remove current/last ambiguity for past requestsDetermine what required fields might be and some possible new FB to support ecosystem interoperabilitySingle Demand fields too limiting for modern tariffs.UsageSummary RecommendataionsCreate new UsageSummary (which is NAESB REQ.18 name)Add new tags recommended by PG&ERetain all existing tags and make UsageSummary and ElectricPowerUsageSummary identical but mark old one deprecated for backwards compatibility new implementations will have to accept either Resource on inputRevise descriptions of existing tags to make clear what goes with billing period etc.Provide documentation on how to interpret query parameters for GET UsageSummaryUsageSummary Use CasesI ask for summary today (with day later publishing)I ask for 3 months last year (query parameters?)Billing period is non-calendarJohn: I ask for an arbitrary period roll-up of consumptionGET UsageSummary min=1/15/2014&max=2/28/2014&rollup=TrueIn PGE concept you get 2 UsageSummarys one for billing period January and one for billing period FebruaryIn John concept you get 1 UsageSummary with totals for 1/15..2/28Documentation IssuesDo in GreenButtonAuthorization.docx section 2.4Use Cases for Authorization Termination (revocation) --DC-oriented control of termination process due regulatory requirements in Ca.Do in section 2.8 Behavior of GET UsageSummary with query parametersService Request 83 including Function Block for optional customer info (service point address, etc.)RequirementsUsagePoints of RetailCustomerLocation of premiseAccount IDSub Account (SA) IDService Agreement / Account is name depending on utilityCustomer name, nickname (or short name)Address and info from Lynn will provide more informationSDG&E provides only email address and UPID correspondence csv email and UsagePoint ID (Customer Obfuscated Key)Current ESPI resources will never return PIIGET Subscription does not contain PIISingle Authorization covers entire Subscription and Authorization ScopeMeterIDServicePointIdPnodeLoadAggregationPoint, SubloadAggregationPointClimate zoneAccount open dateAccount close dateSA Open and Close dateMDM Agent Id (who does meter read)ServiceSupplierIdEnergyServiceProviderId (may be same as service supplier)Demand Response Provider May need list of Ids for service providers rather than explicit?? (0..* relationship{role, href})Related assets ???? For example pool pump and pool pump participation in a program.Related programs ????ImplementationResource DefinitionProbably multiple resources are good ideaREST service to exchange resource(s)GET only Function Block(s)Wholesale vs RetailOptionality vs RequiredPossible Scope spec For May 20 TopicsUse Case for verified for billingAdded

ServiceStatus return dataSimple status or, outstanding batchlistsConsensus: Dont really need this extension because the DC can determine if it wants to send a notification of what hasnt been retrieved at its discretion.Revised Authorization document Use Case for Small ThirdParty / Mega ThirdParty maybe another day in future

revenue-quality data that is valid for billing purposes

Service StatusConsensus: Dont really need this extension because the DC can determine if it wants to send a notification of what hasnt been retrieved at its discretion.As is in standard

Enhanced to add current outstanding batchlist

text 65535 ../espi/1_1/resource/Batch/Bulk/1?start-index=1&max-results=1000&published-max=2012-04-02T04:00:00Z& published-min=2012-04-02T04:00:00Z ../espi/1_1/resource/Batch/Bulk/1?start-index=1&max-results=1000&published-max=2012-04-02T04:00:00Z& published-min=2012-04-02T04:00:00Z

1

AuthorizationWhat happens when authorization changes UsagePoints or periodWhen Authorization changes, place authorizationUri in notification to ThirdParty which can then re-establish its stateWhat can you negotiate with Scope?FBTerms data content, CMD servicesValueTerms default durations and blocking, history length, subscription frequency (i.e. daily data cycle)ResourceTerms specific resources available by api, bulkID assignments, bulkaccountOther?Scope NegotiationDCTPHTTP Redirect withScope={scope1} {scope2} RCLogonLogonAuthorization requestScope={scope2}Authorization response

Scope={scope2}access-tokenresourceUriauthorizationUrireferenceIdOversimplified sequence diagram of Use Case #2 showing essence of scope negotiationScope issuesLimit Scope to access-token and minimal exchange requirementsAdd list of UPs in a subsequent GET requestCould include UPs, optional location, additional dataWe would define new resource that has this dataAre there options?FB_XX Minimum data UsagePointFB_XY Optional datalocationShould it be a different namespace and XSD?We need to make sure they are mutually exclusive the usage and the PII containing dataNamespace and separate schema minimize the opportunity for comingling of dataSingle authorization with multiple UPs with different scopesDon suggested that the scope is a union of capabilities. You need to get the data to see detailsJerry suggests scope be provided with UP?CSV from GB Data

CSV File that opens in ExcelNotification

DCTPHTTP POSTContent-type: application/atom+xmlA Couple of Use CasesUse Case 1: How to do Gas and Electric in one AuthorizationAn AuthorizationTwo UsagePointsOne Gas One ElectricDifferent Scope

Use Case 2: CISR based AuthorizationCustomer logs in has id for utility websiteEach login has multiple electricity accounts Each account can be multiple usage points

Customer login id becomes obfuscated {referenceId} which can be used in REST Uris of the form: /espi/1_1/resource/RetailCustomer/{referenceId}/**Authorization enables a subcriptionID and authorizationID which is (internally) correlated to the customer and the subselection of usagepointsDiscussion on Authorization StructureAuthorization enables the following URLs:http://localhost:8080/DataCustodian/espi/1_1/resource/Batch/Subscription/1http://localhost:8080/DataCustodian/espi/1_1/resource/Authorization/1/espi/1_1/resource/RetailCustomer//UsagePoint/...(SA == UsagePoint, CISR == subscription == authorization)with Access-tokenGET /espi/1_1/resource/RetailCustomer//UsagePoint

urn:uuid:40BE6242-F7E6-4B51-828E-59B5FC0C35F0 a galaxy far, far away 0 2012-05-03T04:00:00Z 2012-05-03T04:00:00Z ...

Customer Information ResourceRequirementsUsagePoints of RetailCustomerLocation of premiseAccount IDSub Account (SA) ID -- Service Agreement / Account is name depending on utilityCustomer nameSDG&E provides only email address and UPID correspondence csv email and UsagePoint ID (Customer Obfuscated Key)Current ESPI resources will never return PIIGET Subscription does not contain PIISingle Authorization covers entire Subscription and Authorization ScopeImplementationResource DefinitionREST service to exchange resource(s)Function BlockPossible Scope spec

NAESB REQ.18 Extended Customer InformationThis data is already part of the PAP10 parent model to ESPI REQ.18

This data is part of CIM and associated with CustomerAgreement ServiceLocation may be equal to ServiceDeliveryPoint which is no longer in CIMCommon Information Model (CIM) Customer OverviewIEC 61968 and IEC 61970

UsagePoint (from espiderived.xsd)

Obfuscated tariff IDObfuscated customerAgmtIDPossible Arrangement of Datapulling the stringRetailCustomerUsagePointEndDeviceAssetServiceLocationPostionPointTariffProfileCustomer AgreementAuthorizationServiceSupplierKeyAccount ResourceExisting ResourceERP ResourceNormal ESPIResourcesPossible Arrangement of Datapulling the stringRetailCustomerUsagePointEndDeviceAssetServiceLocationPostionPointTariffProfileCustomer AgreementAuthorizationServiceSupplierKeyNew ResourceExisting ResourceNon-resource includedFB3 - Core REST Services[TR_CR003] Verify ReadServiceStatus returns active status

FB31 - Core REST Services[TR_CR001] Verify the Authorization can be retrieved using the authorizationUri (from the authorization process in FB-14 or FB-40)[TR_CR002] Verify the Authorization resource does not contain PII by inspection[TR_CR003] Verify ReadServiceStatus returns active status[TR_CR004] Verify Batch/Subscription/{subscriptionId} returns a valid Atom feed with all UsagePoints and related data including all interval data[TR_CR005] Verify structured URIs are of the form {DataCustodianResourceEndpoint}[/{keyterm}/{id}]* based on the structure of Green Button APIs[TR_CR006] Verify /RetailCustomer/{retailCustomerID}/UsagePoint Returns list of UsagePoints only under the Authorization[TR_CR007] Verify Batch/RetailCustomer/{RetailCustomerId}/UsagePoint/{UsagePointId} Returns all data under and including a single UsagePoint[TR_CR008] Verify that resources returned by the resourceUri are valid to the schema, proper linking, and verify that the data meets the test requirements based on PICS for content and consistency

FB 13: Security TestingCyber Security and Privacy Test RequirementsBased on Authorization.docx section 2.7From SGIP SGCC Committee review of REQ.21Reviewed with NIST Cyber Security staffNAESB REQ.21 sectionInitial set of test requirements on next slideInitial Set of Test Requirements[TR_TC001] Test software shall issue a service request over an SSL session and shall verify that the response HTTP header contains the following fields and information fields TBD[TR_TC002] Verify that REST request headers include fields TBD[TR_TC003] Verify that the Data Custodian implements TLS 1.2.[TR_TC004] Verify that when communicating with a Retail Customer the Data Custodian negotiates the highest level of TLS mutually supported.[TR_TC005] Verify that when communicating with a Retail Customer the Data Custodian rejects TLS_RSA_WITH_NULL_SHA cipher suites.[TR_TC006] Verify that when communicating with a Retail Customer at a minimum the Data Custodian accepts the TLS_RSA_WITH_AES_128_CBC_SHA cipher suite.[TR_TC007] Verify that when communicating with a Third Party the Data Custodian negotiates the highest level of TLS mutually supported.[TR_TC008] Verify that the Data Custodian maintains an unexpired unrevoked RSA certificate with a public key length of at least 2048 bits.[TR_TC009] Test software or manual inspection shall verify that the Data Custodian RSA certificate was issued by a Certificate Authority (CA) that has been successfully audited according to the criteria of ETSI or WebTrust.[TR_TC010] Test software or manual inspection shall verify that Tokens and IDs communicated by the Data Custodian are opaque and if based on actual Customer information that they are randomized using a secure method to protect privacy.[TR_TC011] Test software or manual inspection shall verify that Tokens and IDs communicated by the Data Custodian consist of at least 48 bits and can be the random number part of an RFC2422 UUID.[TR_TC012] Manual inspection of supporting documentation shall confirm that the Data Custodian implementation utilizes software libraries which are FIPS 140-2 level 1 or higher and listed on the CMVP website.[TR_TC013] Verify that the Third Party implements TLS 1.1 or higher.[TR_TC014] Verify that when communicating with a Retail Customer the Third Party negotiates the highest level of TLS mutually supported.[TR_TC015] Verify that when communicating with a Data Custodian the Third Party negotiates the highest level of TLS mutually supported.[TR_TC016] Verify that the Third Party maintains an unexpired unrevoked RSA certificate with a public key length of at least 2048 bits.[TR_TC017] Test software or manual inspection shall verify that the Third Party RSA certificate was issued by a Certificate Authority (CA) that has been successfully audited according to the criteria of ETSI or WebTrust.[TR_TC018] Test software or manual inspection shall verify that Tokens and IDs communicated by the Third Party are opaque and if based on actual Customer information that they are randomized using a secure method to protect privacy.[TR_TC019] Test software or manual inspection shall verify that Tokens and IDs communicated by the Third Party consist of at least 48 bits and can be the random number part of an RFC2422 UUID.[TR_TC020] Manual inspection of supporting documentation shall confirm that the Third Party implementation utilizes software libraries which are FIPS 140-2 level 1 or higher and listed on the CMVP website.[FB_14] Authorization and Authentication (Oauth 2.0)

Verifying response to invalid authorization request (invalid access-token for resource)Verify rejection of request missing access-tokenMissing header parametersInvalidation of access-token at end of authorization period

Function Blocks for CMDFunctionBlocks for Green Button Connect My DataDescription[FB_3] Core Green Button Connect My DataCore Services[FB_13] Security and Privacy classesHTTPS support[FB_14] Authorization and Authentication (Oauth 2.0)Oauth[FB_19] Partial update dataIntervalBlocks without full data sets e.g. just entrys containing IntervalBlocks[FB_31] Core Rest ServicesThird Party Access to Subscription/Authorization[FB_32] Resource Level RESTThird Party Access to UsagePoints, MeterReading, and collections[FB_33] Management REST InterfacesGET PUT POST DELETE individual resources [FB_34] SFTP for BulkOptionally support the SFTP delivery of Bulk for Bulk request[FB_35] REST for BulkSupport the REST request for Bulk[FB_36] Third Party (Client) Dynamic RegistrationUse Case 1[FB_37] Query Parameters[FB_38] On Demand RequestsWithout Notification[FB_39] PUSH modelNotification followed by GET[FB_40] Offline RetailCustomer Authorization to Complement OAuthThis is a out of band authorization process without the automated OAuth protocol exchange but producing the same artifacts.[FB_42] Third Party Core REST Services[FB_43] Third Party Management REST Services[FB_xx] Not a Function Block (Implementation Specific)Implementation Specific RESTful API[FB_44] Security and Privacy for Simple Third Party[FB_45] Security and Privacy for Certificate-based Third PartyOpaque vs Structured URIsNo structure, support Opaque URIs using either HTTPS or FTPS protocols inconjunction with the espiDerived.xsd schema.Make Opaque URIs part of theCORE CMD function block.Optional support Structured URIsusing either HTTPS or FTPS protocols:make Opaque URIs part of the CORE CMD function block,andstructured URIs an optional Function Block in CMD Testing & Certificationinconjunction with theespiDerived.xsdschemaRequired Structure, make structured URIs a requirement but allow some variability e.g. User versus RetailCustomer;Thus structured URIs would be part of the CORE CMD function block in CMD Testing & Certificationinconjunction withtheespiDerived.xsdschema. Specific Required Structure based on espiDerived.xsd Resource Names as described in two documents: GreenButtonAtomLinksand Authorization document

Changes in espiderived.xsd from espi.xsd*Enumerations: The largest volume of changes is in the explicit documentation of the many enumerations in the standard. In the standard, only a few examples from the IEC standard were provided in a comment. Values that distinguish measurements of Wh, W, VAr, VA, gas, water, etc are tested for in DMD if corresponding FBs are indicated.*Errors of data type corrected value, cost, and currency all had deficient data types that were recognized early on*Representation of conversion factors from UTC to Local Time: LocalTimeParameters resource was added*Missing overallConsumptionLastPeriod was added to make ElectricPowerUsageSummary rational as a record of billing period consumptionSupport for OAuth 2.0: the second largest volume of changes to the schemas is in support of CMD (no impact to DMD)

* Differences tested for in T&CTest Requirements for CMD BrainstormFB31 - Core REST ServicesVerify the authorization can be retrievedLack of PIIDitto Batch/Subscription, Batch/RetailCustomer, and UsagePointVerify that resource returned is valid to schema and links are correctVerify structured URIs Verify all required content is present (based on PICs)Could be FB_14Verifying response to invalid authorization request (invalid access-token for resource)Verify rejection of request missing access-tokenMissing header parametersInvalidation of access-token at end of authorization period

For February 25John Teeter raises issue of path vs opaque URIs for REST services for individual and subscription resourcesDoes the uri give any indication of what will be retrieved or not?

Some URIs Found In GBDMD FilesURI ::= protocol://hostname:port/datacustodian/espi/1_1/resource/ resource endpoint of the server

Opaque URIsOpaque URIsNo need to test structureNo need to recognize structure in swStructured URIsEasier to recognize the linksEasier to validate what you are doing by looking at themIf I have interval block, I know all the possible URIs for that UsagePointPossible Outcomes of OpenADE Discussion?No structure, support opaquenessOptional Structure, make structured URIs an optional Function BlockRequired Structure, make structured URIs a requirement but allow some variability e.g. User versus RetailCustomer Single Required Structure defined structure based roughly on GreenButtonAtomLinks and Authorization documents

SFTP for Bulk TransferPertinent to the SFTP discussion are the concepts that each Third Party has a defined relationship with the Data Custodian. For automated exchange of information about his relationship there is a special Authorization obtained in Use Case #1 (see the Authorization.docx -- http://osgug.ucaiug.org/sgsystems/OpenADE/Shared%20Documents/Testing%20and%20Certification/GreenButtonTestPlan/referenceMaterial/GreenButtonAuthorization.docx).We anticipate that when the Data Custodian has data available, it sends an asynchronous Notification to the Third Party. This Notification provides URIs of note that it is assumed the Third Party will want to retrieve. For the purposes of Bulk transfer, this URI will be:sftp://hostname:port/DataCustodian/espi/1_1/resource/Batch/Bulk/{bulkId} where {bulkId} is a unique identifier assigned by the Data Custodian and the balance of the URI is presented in the ApplicationInformation resource that both parties share (contains all relevant URIs and data for interchange via OAuth etc). The Third Party would then retrieve the bulk data by using an SFTP client with that URI. This is a straw man concept for discussion on the call. Its advantage is that it in harmony with overall architecture of the Green Button Connect My Data RESTful architecture and simply adds SFTP as a means of transfer when a large data set is to be returned.Used to Retrieve the data using SFTP protocolsHow to initiate the SSH connection?What is the role if any of the client_credentials authorization to control access to SFTP enabled resources?

Discussion After authorization of TP, they use Pene test, so what is benefit of access-token?sftp user:pw, user=, password=Summarysftp://hostname:port/DataCustodian/espi/1_1/resource/Batch/Bulk/{bulkId} sftp user:pw, user=, password=

Function Blocks for CMDFunctionBlocks for Green Button Connect My DataDescription[FB_3] Core Green Button Connect My DataCore Services[FB_13] Security and Privacy classesHTTPS support[FB_14] Authorization and Authentication (OAuth)Oauth[FB_19] Partial update dataIntervalBlocks without full data sets (Ups,MR, )[FB_31] Core Rest ServicesThird Party Access to Subscription/Authorization[FB_32] Resource Level RESTThird Party Access to UsagePoints, MeterReading, and collections[FB_33] Management REST InterfacesGET PUT POST DELETE individual resources [FB_34] SFTP for BulkOptionally support the SFTP delivery of Bulk for Bulk request[FB_35] REST for BulkSupport the REST request for Bulk[FB_36] Third Party (Client) Dynamic RegistrationUse Case 1[FB_37] Query Parameters[FB_38] On Demand RequestsWithout Notification[FB_39] PUSH modelNotification followed by GET[FB_40] Offline Authorization to Complement OAuth[FB_42] Third Party Core REST Services[FB_43] Third Party Management REST Services[FB_xx] Not a Function Block (Implementation Specific)Implementation Specific RESTful APIAuthorization SequenceScopeaccess-tokenRefresh-tokenresourceUri (the subscription)authorizationUri expiration of the access-token and refresh-tokentoken-typeProposed CMD Function BlocksFunctionBlocks for Green Button Connect My DataDescription[FB_3] Core Green Button Connect My DataCore Services[FB_13] Security and Privacy classesHTTPS support[FB_14] Authorization and Authentication (OAuth)Oauth[FB_19] Partial update dataIntervalBlocks without full data sets (Ups,MR, )[FB_31] Core Rest ServicesThird Party Access to Subscription/Authorization[FB_32] Resource Level RESTThird Party Access to UsagePoints, MeterReading, and collections[FB_33] Management REST InterfacesGET PUT POST DELETE individual resources [FB_34] SFTP for BulkOptionally support the SFTP delivery of Bulk for Bulk request[FB_35] REST for BulkSupport the REST request for Bulk[FB_36] Third Party (Client) Dynamic RegistrationUse Case 1[FB_37] Query Parameters[FB_38] On Demand RequestsWithout Notification[FB_39] PUSH modelNotification followed by GET[FB_40] Offline Authorization to Complement OAuthNEED to Discuss[FB_42] Third Party Core REST Services[FB_43] Third Party Management REST Services[FB_xx] Not a Function Block (Implementation Specific)Implementation Specific RESTful APIDraft of API Allocations to FBsFunction BlocksCRUDAPI URL[FB_3] Core Green Button Connect My DataGETresource/ReadServiceStatus[FB_31] Core Rest ServicesGETresource/ApplicationInformation/{ApplicationInformationID}[FB_31] Core Rest ServicesPUTresource/ApplicationInformation/{ApplicationInformationID}[FB_31] Core Rest ServicesDELETEresource/ApplicationInformation/{ApplicationInformationID}[FB_31] Core Rest ServicesGETresource/Authorization/{AuthorizationID}[FB_31] Core Rest ServicesPUTresource/Authorization/{AuthorizationID}[FB_31] Core Rest ServicesDELETEresource/Authorization/{AuthorizationID}[FB_31] Core Rest ServicesGETresource/Batch/Subscription/{SubscriptionID}[FB_31] Core Rest ServicesGETresource/Batch/RetailCustomer/{retailCustomerID}/UsagePoint[FB_31] Core Rest ServicesGETresource/Batch/RetailCustomer/{RetailCustomerId}/UsagePoint/{UsagePointId}[FB_31] Core Rest ServicesGEThttps://services.greenbuttondata.org/DataCustodian/espi/1_1/RetailCustomer/{RetailCustomerID}/UsagePoint/{UsagePointID}/ElectricPowerQualitySummary[FB_31] Core Rest ServicesGEThttps://services.greenbuttondata.org/DataCustodian/espi/1_1/RetailCustomer/{RetailCustomerID}/UsagePoint/{UsagePointID}/ElectricPowerQualitySummary/{ElectricPowerQualitySummaryID}[FB_31] Core Rest ServicesGEThttps://services.greenbuttondata.org/DataCustodian/espi/1_1/RetailCustomer/{RetailCustomerID}/UsagePoint/{UsagePointID}/ElectricPowerUsageSumary[FB_31] Core Rest ServicesGEThttps://services.greenbuttondata.org/DataCustodian/espi/1_1/RetailCustomer/{RetailCustomerID}/UsagePoint/{UsagePointID}/ElectricPowerUsageSumary/{ElectricPowerUsageSummaryID}[FB_31] Core Rest ServicesGETresource/RetailCustomer/{RetailCustomerID}/UsagePoint/{UsagePointID}/MeterReading/{MeterReadingID}/IntervalBlock[FB_31] Core Rest ServicesGETresource/RetailCustomer/{RetailCustomerID}/UsagePoint/{UsagePointID}/MeterReading/{MeterReadingID}/IntervalBlock/{IntervalBlockID}[FB_31] Core Rest ServicesGETresource/LocalTimeParameter[FB_31] Core Rest ServicesGETresource/LocalTimeParameter/{LocalTimeParameterID}[FB_31] Core Rest ServicesGETresource/MeterReading[FB_31] Core Rest ServicesGETresource/MeterReading/{MeterReadingID}[FB_31] Core Rest ServicesGETresource/RetailCustomer/{RetailCustomerID}/UsagePoint/{UsagePointID}/MeterReading[FB_31] Core Rest ServicesGETresource/RetailCustomer/{RetailCustomerID}/UsagePoint/{UsagePointID}/MeterReading/{MeterReadingID}[FB_31] Core Rest ServicesGETresource/ReadingType[FB_31] Core Rest ServicesGETresource/ReadingType/{ReadingTypeID}[FB_31] Core Rest ServicesGETresource/Subscription/{SubscriptionID}[FB_31] Core Rest ServicesGETresource/RetailCustomer/{RetailCustomerID}/UsagePoint[FB_31] Core Rest ServicesGETresource/RetailCustomer/{RetailCustomerID}/UsagePoint/{UsagePointID}ScopeTermExpansionScope [ FBTerms ], [ ValueTerms ], [ ResourceTerms ];FBTerms FB=, { [FBTerm], _} , FBTerm, ScopeDelimiter ;FBTerm 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 15 | 16 | 17 | 18 | 19 | 27 | 28 | 29ValueTerms { ( "IntervalDuration=", nonNegativeNumber | namedFrequency), | ( "BlockDuration=", nonNegativeNumber | namedFrequency), | ( "HistoryLength=", nonNegativeNumber),| ( "SubscriptionFrequency=", nonNegativeNumber | namedFrequency), ScopeDelimiter }; ResourceTerms{ (ApplicationInformation, | Authorization, | UsagePoint, | IntervalBlock, | MeterReading, | ElectricPowerQualitySummary, | ElectricPowerUsageSummary, | ReadingType, | Subscription, | LocalTimeParameters, | (BulkAccountCollection=, nonNegativeNumber) | BR=, brID), ScopeDelimiter}ScopeDelimiter;namedFrequency billingPeriod | daily | monthly | seasonal | weekly | nonNegativeNumberdigit, { digit };digit0 | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" ;Where:ResourceTermsThe ESPI resource default is Subscription. If a Bulk resource is specified via the BR term, the value of the {bulkID} is provided after the equals sign (=). There could be one or more terms in this list that express the granularity of notifications about resource changes.FBTermsThe function blocks supported (only data content FBs are listed)ValueTermsThese are parameterized termsIntervalDurationThis is the minimum default length of an interval in seconds (e.g. 900 for 15 minutes, 3600 for one hour, )BlockDurationThis is the length of a block that contains the intervals (based on enumeration of MacroPeriodKind in ESPI above as namedFrequency)HistoryLengthThis is the length of history buffer of records in number of Interval Blocks (e.g. 12 for a year if BlockDuration is monthly). Note: this is what the DataCustodian offers; however, the buffer may not be full for transitional metering systems; in these cases less data will be returned until the buffer is full.BulkAccountCollectionUsed where the DC wants to provide for the reporting of multiple UsagePoints in a single Subscription. The number of UsagePoints is represented by the value in the assignment statement e.g. 4 UsagePoints would be BulkAccountCollection=4.Green Button Connect My Data Testing and CertificationComplete function block descriptionsCurrent:[FB_3] Green Button Connect My Data[FB_13] Security and Privacy classes[FB_14] Authorization and Authentication (OAuth)[FB_19] Partial update data

New?:Core Rest ServicesGET Batch/SubscriptionResource Level RESTGET PUT POST DELETE individual resources SFTP for BulkREST for BulkUse Case 1: Client RegistrationQuery ParametersOn Demand Requests (as opposed to Notification followed by GET)PUSH modelOffline Authorization to Complement OAuth should this be outside the scope of standard and testing or standardized?No standard isolated way to get the token to a third party without OAuthOn exceptional basis some customers cant be required to use a web accountSometime commercial accounts dont need privacy and want a service provider just to register the data.Could use Notification service to tell TP about new authorizations made by DC. Out of band how RetailCustomer is identified to the TPtransitive model TP gets bulk data from DC and then becomes DC can this architecture be of help here?Possible provision by DC of access token for conveyence to thirdparty devoid of customer information. Maybe even encrypted for TP as in software activations:Please provide this to your TP (the text between the ====)=============================================ashoiqwherfhdjnvcjq2dhijvkqnvoiikdfv=============================================

QuestionsretailCustomerID=authorization=subscriptionCorresponds to a single authorizationResults in one or more usagePoints being associated with subscriptionScope= FB=4,5,15;IntervalDuration=3600;BlockDuration=monthly;HistoryLength=13;BulkAccountCollection=10Says that the BulkAccountCollection has 10 usage pointsAuthorization provides two URIs that can be used:resourceUri GET this to retrieve usage data (all UPs)authorizationUri GET/PUT details of AuthorizationNotification is a list of URIsAll nested resources under the UPs are accessible under the single authorization

Service Request 83 including Function Block for optional customer info (service point address, etc.)Service Request 84 having scope selection screen on Data Custodian Site vs 3rd Party site[85] Time of Use tier indicator alignment with SEP 2.0Here is a list of topics raised by you all that we will touch on

Issues Raised and Implementation QuestionsHow to use BR=bulkID relates to HD #61Service Request 83 including Function Block for optional customer info (service point address, etc.)Service Request 84 having scope selection screen on Data Custodian Site vs 3rd Party siteTariff Model ResourceGreen Button Connect My Data Testing and CertificationComplete function block descriptionsComplete test case requirements

How to use BR=bulkID relates to HD #61

Application ProfilesBulkID was proposed for large sets of authorizations One account level authorization on top of service level accounts how to do thisDegrees of freedom we have now can we coverSubscription 1 or more Usage PointsGranularity of a customer authorizationBulkIDmacro for a large set of existing authorizationsIs there another degree needed?

Contributed by Jerry YipClarification/confirmation about ESPI standard: Does shared resource key referenced in the NAESB Ratified word doc correspond to Access Token for oAuth?Yes: This is the access token in the new Oauth 2.0 paradigm.Formal Submission of Application Profile for bulk (vs. batch?) use case as part of GB/GBC Conformance Testing PlanWrite up coming to test concept of BulkIDsQuestion: (options to address 1 Acct to many SA issue)- Does UUID correspond to usage point (1-to-1 relationship)? Is there passing of UUIDs (as resource terms in Scope section of GBAuthorization) during authorization sequence? (how would 3rd Party know multiple usage points have been authorized via single oAuth sequence/login?)- Can multiple access tokens be issued (1 token per SA) per oAuth session?An Authorization is one access_tokenHow does Third Party get to know the depth of data (how many Ups) are in the authorizationPerhaps an extension of scope string to have numUPs?Request to consider scope selection screens at Data Custodian Portal instead of 3rd party portal (Need customer to select SAs to share only Data Custodian has that info) also minimizes number of redirects (?)Customer info as optional functional block (atom feed) for authorization (sharing with 3Ps)

John suggests prep a large multi account data set and test against a reference sw implementation and measure. SFTP and Streaming, compressed and non-compressed method and compare.

=How to use BR=bulkID with application to account and account groupings, as well as, large ThirdParty collections of AuthorizationsEstablish Use Case Story for Commercial AccountsDesign Scope String(s) that convey itRepaint the storyboard with appropriate contentApplication ProfilePer footnote 1, pg 20 of GBAuthorization.doc:A Web Customer may actually manage more than one Retail Customer where Retail Customer is an actual Customer Account. Thus identifying the specific Retail Customer may be part of the scope selection on both sides. The scenarios in this section refer to the Retail Customer for simplicity.Suggest: new FB or Application Profile to properly capture this scenario[FB_31] Web Customer Manages Multiple Customer Accounts (OR: 3.9 Application Profile)For GBCMD, this FB/AP contains tests associated with a Web Customer accessing a Data Custodians Web Portal to manage multiple customer accounts. Upon log in to the Data Custodians Web Portal, the web customer can manage multiple customer accounts, for which each customer account can represent multiple usage points (for electricity and/or gas). This mostly impacts large agricultural and commercial customer accounts for which a single web customer can represent hundreds to thousands of individual usage points imagine a franchise manager with multiple branch locations across a data custodians service territory.In this scenario, the Web Customer should have the ability to authorize, deauthorize and change scope on an individual usage point basis and optionally at the larger aggregated web customer or customer account basis. This includes the ability to perform one-time authorization of multiple customer accounts by a single web customer to third party, and any subsequent scope changes (whether on an aggregated or individual basis) third party acknowledgement/communication of which customer accounts have been authorized, deauthorized or whose scope has changed needs to be determined. Notes:Whether scope selection in this scenario should live on the 3rd party portal vs. the Data Custodians portal needs to be determined as well.Collection has one description or multiple?What is the scope string for this use case?Is there a need for a bulkId in this case (maybe not).New Scope Resource Term= BulkAccountCollectionScope= FB=4,5,15;IntervalDuration=3600;BlockDuration=monthly;HistoryLength=13;BulkAccountCollection

1/14/2014To allow the TP to know how many Ups are being provided, suggest Add to BulkAccountCollection a number of UsagePoints BulkAccountCollection=nnnUsagePoint Grouping in Commercial Account Management

BulkId

SubscriptionId

UsagePointId/web accountVia guiScope= FB=4,5,15;IntervalDuration=3600;BlockDuration=monthly;HistoryLength=13;BulkAccountCollection