Conformance Test Suite process
The Australian Competition and Consumer Commission (ACCC) manages the Conformance Test Suite, which is a key part of the Consumer Data Right on-boarding process.
The Consumer Data Right Conformance Test Suite confirms the technical conformance of your production-ready software using a range of test scenarios targeting specific areas.
The Conformance Test Suite has two modes allowing for either provider (also known as participant) type, data holder and data recipient, to perform relevant tests. If you are a data holder, the tests provide a simulated data recipient and a simulated Register to support the test scenarios. You test in isolation against the simulated providers and the simulated Consumer Data Right Register, so you don’t interact with live consumer data.
The diagram below shows how data holders each interact with the Conformance Test Suite.
The Conformance Test Suite is not a testing tool to assist you during the development of your software (see Participant tooling), rather, it is available to you during on-boarding, once registered as a data holder and before you become activated on the Register.
The Conformance Test Suite tests your conformance with the Consumer Data Standards before entering into the Consumer Data Right system. You should have a production-ready brand before undertaking the Conformance Test Suite.
Completing the Conformance Test Suite
The Conformance Test Suite is an automated testing suite and can be completed within an hour if all provider configurations are completed correctly and no errors are encountered. It is important to ensure your solution has been adequately tested before executing the Conformance Test Suite to minimise the test completion period.
If errors are encountered, the completion period can be lengthy (for example, days or weeks) as errors need to be diagnosed and resolved, and your solution made ready for retesting.
Conformance Test Suite tests for data holders
The Conformance Test Suite for data holders comprises a number of test scenarios that are crucial for ensuring compliance. These test scenarios include:
- Dynamic Client Registration: this scenario tests whether the data holder can respond to a data recipient's registration request via dynamic client registration, validate the request against the Register, and return a client ID.
- Concurrent Consent: this scenario tests the establishment of multiple consent arrangements for a single data recipient-consumer pairing.
- Polling the Register for Software Product Status: This scenario tests whether the data holder correctly polls the CTS Register at least every five minutes for a Participant ADR's Software Product Status changes.
- Polling the Register for Data Recipient: this scenario tests whether the data holder correctly polls the CTS Register at least every five minutes for the list of data recipients.
- Client Certificates: this scenario tests whether the data holder can handle an invalid client certificate received from a Participant ADR.
- Holder of Key: this scenario tests the data holder's compliance with the Holder of Key (HoK) mechanism when accessing resource APIs.
- Client Assertion: this scenario tests whether the data holder responds correctly to poorly formed Client Assertions within requests.
- Amending Consent: this scenario tests the correct treatment of the amendment of an existing consent arrangement.
- Removed Software: this scenario tests whether the data holder fulfills its responsibilities when a data recipient software product status changes.
- Consent Revocation: this scenario tests whether the data holder correctly handles situations when a customer withdraws their consent from the data holder (either via the ADR or directly with the data holder) and that the data holder handles the arrangement revocation correctly.
- Token Revocation: this scenario tests whether the data holder can receive and handle a token revocation request.
The Conformance Test Suite: version history and guidance page provides in-depth information on each of these test scenarios.
Using the Conformance Test Suite to test as a data holder
The Conformance Test Suite for data holders supports a user interface (UI) where you can log in, using a valid account, and self-manage the test runs, including result submissions.
Conformance Test Suite data holder guidance material provides more information about how to prepare, execute and complete the Conformance Test Suite.
Data holders need to follow the steps below for testing using the Conformance Test Suite.
be registered as a data holder
have a valid account in the Consumer Data Right participant portal
sign and submit your ACCC PKI Subscriber Agreement and Relying Party Agreement through the portal
complete and submit your Conformance Test Suite enrolment form and Conformance Test Suite acknowledgement through the portal
request your CTS test certificate from the participant portal
review the technical instructions on how to initiate the Conformance Test Suite tests.
apply the CTS client certificate to your solution
establish trust with the CTS Certificate Authority by configuring the root and intermediate certificates
if necessary, configure your solution to interact with the Conformance Test Suite. Infrastructure changes, such as firewall rules or IP allowlisting, may need to be configured
update your solution to use the CTS Register connection details.
Please refer to the Connection Datasheet for Data Holders for further information.
pass all the tests in your Conformance Test Suite test plan
run report of test results in the Conformance Test Suite and analyse the results
submit the results through the Conformance Test Suite
notify the ACCC On-boarding Team via email for final assessment.
Conformance Test Suite release notes
The Conformance Test Suite: version history and guidance page lists details of current and previous versions of the Conformance Test Suite including the standards they align with, the release date, the test scenarios included, and the high-level scenario changes between versions.