Department of Industry and Science

Transcription

1 Services Catalogue

2 Department of Industry and Science

3 Contents 1 Introduction 2 VANguard Services 2 About the VANguard Services Catalogue 2 Contact Details 2 2 VANguard Services 3 User Authentication Service (UAS) 4 Signature Verification Service (SVS) 6 Timestamping Service (TSS) 8 Security Token Service (STS) 10 Federated Authentication Service (FAS) 14 3 Related Services 16 Certificate Issuance Service 16 Technical Support Desk 17 External Monitoring Portal 18 Solution Assistance and Advice 19 VANguard Service Catalogue 1

4 1 Introduction VANguard is a whole of government program delivered by the Department of Industry and Science. VANguard delivers a range of authentication services to secure business to government (B2G) and government to government (G2G) online transactions. These services are driven by the requirement to increase the uptake of electronic commerce in Australia and to help reduce the compliance burden on business interacting with government. VANguard Services User Authentication Service The User Authentication Service (UAS) verifies a business user s online identity for access to secure government agency websites using a single login. UAS allows agencies and users to securely interact with government with the assurance of each other s identity. Signature Verification Service The Signature Verification Service (SVS) verifies a business user s digital credential when used to sign an agency s online form. A business user s digital credential is recognised as having equal legal status to a traditional signature. A signed form submitted to an agency can be sent to the SVS to confirm the validity of the digital credential. The service verifies the digital signature and provides the online identity information of the signatory. Timestamping Service The Timestamping Service (TSS) records a date and time for an electronic transaction using certified date and time from the National Measurement Institute (NMI). An agency can use the timestamp as evidence of the transaction. A timestamp request containing electronic content is issued over the internet for a timestamp token. The TSS issues a hashed timestamp of the electronic transaction record. A transaction can still be timestamped even if the entire transaction content is not made available to VANguard. Security Token Service The Security Token Service (STS) generates an electronic security token to ensure transactions between two parties, either business or government, or between agencies, are secure. The STS provides the technology for an agency to authenticate a second party without having to store any digital identity information. The STS also includes a delegation feature that allows an agency to act on behalf of a business user with another agency. Federated Authentication Service The Federated Authentication Service (FAS) allows users logged on to their own agency s network to authenticate and then use web applications in another agency. Authentication occurs transparently without additional credentials or software being required on the user s computer. About the VANguard Services Catalogue The Services Catalogue: Provides an overview of the authentication rservices VANguard has on offer. Explains what VANguard clients can expect from rour services. Contact details VANguard Customer Department of Industry and Science Physical Address: Industry House 10 Binara Street Canberra City ACT 2601 Postal Address: GPO Box 9839 Canberra ACT [email protected] 2 Department of Industry and Science

5 2 VANguard Services Service Description Each service is described as follows: Description Standard service features Delivery scope Delivery channels Service hours Service level Test environment Reporting User requirements Service initiation Service support Standard costs Related services Additional information Process diagram A brief non-technical description of the service. Features and functions of the service available to all client organisation users who receive the service. These are provided under the Service Level Agreement (SLA). The client organisation units who are able to receive the service. How the service is to be received for example, via a computer, the internet or . Timeframes and hours when the service is operational. The expectations for standards of service delivery in non-technical terms. Availability of a test environment. Frequency of reports and description of content. Prerequisites the client organisation users must fulfil in order to successfully use the service. Tasks that client organisations, or their users, must complete in order to successfully use the service. Where client organisation users can go to obtain support for the service. Any client organisation or unit costs for provision of the standard service features. Other services that are associated with the service. Reference material that supports the service for example, guides or standards. A high level business process model describing the service. VANguard Service Catalogue 3

6 User Authentication Service (UAS) - Single Sign-On Service Description Standard service features Delivery scope Delivery channels The User Authentication Service (UAS) verifies a business user s digital identity for access to secure agency portals and websites with a single login. This service obtains, verifies and provides agencies with an assertion of a user s identity. Login. Re-login (session timeout). Re-authentication (for important transactions). Supports a range of digital credentials. Supports customisable user interface. Provides a standard security token (SAML). Government agencies (federal, state and local). Internet (browser-based). Service hours 24 x 7. Service level Availability: 99.5% for standard business hours (08:00 to 18:00 AEST Monday to Friday) and 98.5% for non-business hours. Latency: Return responses within three seconds for 95% of requests. Integrity: Responses are clearly distinguished as either processed successfully or in error. All responses are digitally signed. Test environment Reporting User requirements Service initiation Service support Standard costs Agencies have unlimited access to a dedicated testing environment for integration with this service. Monthly reports on transaction volumes, service availability and service performance. The user must assert their online identity using a recognised digital credential. When a business user attempts to login to an agency website, the agency connects to this service. The business user is presented with the whole of government login screen and is required to assert their identity. If a business user has recently been authenticated (in the same browser session) then those authentication details are used. Technical Service Desk. Agencies provide support to their users. This service incurs no charge for small transaction volumes. Larger transaction volumes are offered on a cost recovery basis subject to negotiation with VANguard. Agencies are responsible for their integration costs with this service. Related services Certificate Issuance Service. External Monitoring Portal. Solution Assistance and Advice. 4 Department of Industry and Science

7 Additional information UAS Technical Service Contract. Common Elements Technical Service Contract. VANguard Service Level Agreement (SLA). VANguard Memorandum of Understanding (MOU). VANguard website: VANguard Service Catalogue 5

8 Signature Verification Service (SVS) Description Standard service features The Signature Verification Service (SVS) can verify a person s digital signature across a range of formats. Agencies send signed PDF forms, data signed using the Cryptographic Message Syntax format or signed XML content to the service to verify that the digital signature is valid. Supported formats: PDF document signatures (up to five on a single document). XML-DSIG (XML signature syntax and processing). CMS (Cryptography Message Syntax). Provides a standard security token (SAML). Delivery scope Delivery channels Government agencies (federal, state and local). Web service. Service hours 24 x 7. Service level Availability: 99.5% for standard business hours (08:00 to 18:00 AEST Monday to Friday) and 98.5% for non-business hours. Latency: Return responses within three seconds for 95% of requests for an XML or PDF with one signature that is less than 1MB in size. Integrity: Responses are clearly distinguished as either processed successfully or in error. All responses are digitally signed. Test environment Reporting User requirements Service initiation Service support Standard costs Agencies have unlimited access to a dedicated testing environment for integration with this service. Monthly reports on transaction volumes, service availability and service performance. A business user must digitally sign a PDF form, sign XML-based content, or a signed CMS document. The agency connects to this service to verify the business user's digital signature on the form or XML-based content. Technical Service Desk. Agencies provide support to their users. This service incurs no charge for small transaction volumes. Larger transaction volumes are offered on a cost recovery basis subject to negotiation with VANguard. Agencies are responsible for their integration costs with this service. Related services Certificate Issuance Service. External Monitoring Portal. Solution Assistance and Advice. 6 Department of Industry and Science

9 Additional information SVS Technical Service Contract. Common Elements Technical Service Contract. VANguard Service Level Agreement (SLA). VANguard Memorandum of Understanding (MOU). Web Service Definition Language (WSDL). VANguard website: VANguard Service Catalogue 7

10 Timestamping Service (TSS) Description The Timestamping Service (TSS) proves what a transaction looked like at a particular point in time by recording its digital fingerprint (timestamp) along with the date and time the transaction occurred. Using certified time from the National Measurement Institute, the TSS issues a digitally signed timestamp of the transaction. An agency can use the timestamp as evidence that a transaction existed in a particular form at the point in time the timestamp was issued. Standard service features Delivery scope Delivery channels Two supported formats: RCF3161 (Time-Stamp protocol). XML-DSIG (XML Digital Signature Services Standard). Government agencies (federal, state and local). Web service. Service hours 24 x 7. Service level Availability: 99.5% for standard business hours (08:00 to 18:00 AEST Monday to Friday) and 98.5% for non-business hours. Latency: Return responses within three seconds for 95% of requests for files less than 200KB in size. Integrity: Responses are clearly distinguished as either processed successfully or in error. All responses are digitally signed. Test environment Reporting Service initiation Service support Standard costs Agencies have unlimited access to a dedicated testing environment for integration with this service. Monthly reports on transaction volumes, service availability and service performance. The agency connects to this service to obtain a timestamp token for the electronic content. Technical Service Desk. Agencies provide support to their users. This service incurs no charge for small transaction volumes. Larger transaction volumes are offered on a cost recovery basis subject to negotiation with VANguard. Agencies are responsible for their integration costs with this service. Related services Certificate Issuance Service. External Monitoring Portal. Solution Assistance and Advice. 8 Department of Industry and Science

11 Additional information TSS Technical Service Contract. Common Elements Technical Service Contract. VANguard Service Level Agreement (SLA). VANguard Memorandum of Understanding (MOU). Web Service Definition Language (WSDL). VANguard website: VANguard Service Catalogue 9

12 Security Token Service (STS) Description Standard service features Delivery scope Delivery channels The Security Token Service (STS) ensures that transactions are secure between a business and a government agency, or between government agencies. A business or an agency obtains a security token that identifies it. The token is then secured for use by the intended recipient. The STS validates a request from an initiating party and, on success, issues a security token (SAML). The token and information identifying the initiating party is only accessible to the agency. Government agencies (federal, state and local). The service request must be signed using a recognised digital certificate issued by VANguard. Web service. Service hours 24 x 7. Service level Availability: 99.5% for standard business hours (08:00 to 18:00 AEST Monday to Friday) and 98.5% for non-business hours. Latency: Return responses within three seconds for 95% of requests. Integrity: Responses are clearly distinguished as either processed successfully or in error. All responses are digitally signed. Test environment Reporting Service initiation Service support Standard costs Agencies have unlimited access to a dedicated testing environment for integration with this service. Monthly reports on transaction volumes, service availability and service performance. The business or initiating agency can obtain a security token that identifies them to the relying agency. Technical Service Desk. Agencies provide support to their users. This service incurs no charge for small transaction volumes. Larger transaction volumes are offered on a cost recovery basis subject to negotiation with VANguard. Agencies are responsible for their integration costs with this service. Related services Certificate Issuance Service. External Monitoring Portal. Solution Assistance and Advice. 10 Department of Industry and Science

13 Additional information STS Technical Service Contract. Common Elements Technical Service Contract. VANguard Service Level Agreement (SLA). VANguard Memorandum of Understanding (MOU). Web Service Definition Language (WSDL). VANguard website: VANguard Service Catalogue 11

14 Security Token Service (STS) with Delegation Description Standard service features Delivery scope Delivery channels The Security Token Service (STS) ensures that transactions are secure between a business and an agency, or between government agencies. The STS with Delegation enables agencies, acting on behalf of business users, to conduct secure online business. The STS with Delegation validates the request from an initiating party, and on success, issues a security token. The security token contains the identities of both the initiating party and the business user. This information is only available to the relying party agency. Government agencies (federal, state and local). The service request must be signed using a recognised digital credential issued by VANguard. Web service. Service hours 24 x 7. Service level Availability: 99.5% for standard business hours (08:00 to 18:00 AEST Monday to Friday) and 98.5% for non-business hours. Latency: Return responses within three seconds for 95% of requests. Integrity: Responses are clearly distinguished as either processed successfully or in error. All responses are digitally signed. Test environment Reporting User requirements Service initiation Service support Standard costs Agencies have unlimited access to a dedicated testing environment for integration with this service. Monthly reports on transaction volumes, service availability and service performance. The business user has authenticated with the initiating party agency using the User Authentication Service. The initiating party requests a security token from VANguard that can be used to verify identity with a relying party agency. Technical Service Desk. Agencies provide support to their users. This service incurs no charge for small transaction volumes. Larger transaction volumes are offered on a cost recovery basis subject to negotiation with VANguard. Agencies are responsible for their integration costs with this service. Related services User Authentication Service (UAS). Certificate Issuance Service. External Monitoring Portal. Solution Assistance and Advice. 12 Department of Industry and Science

15 Additional information STS Technical Service Contract. UAS Technical Service Contract. Common Elements Technical Service Contract. VANguard Service Level Agreement (SLA). VANguard Memorandum of Understanding (MOU). Web Service Definition Language (WSDL). VANguard website: VANguard Service Catalogue 13

16 Federated Authentication Service (FAS) Description Standard service features Delivery scope Delivery channels The Federated Authentication Service (FAS) allows users logged on to their own agency s network to authenticate and then use web applications in another agency. Authentication occurs transparently without additional credentials or software being required on the user s computer. The FAS currently supports the WS-Federation Protocol only. SAML protocol support may be added at a later time. The service returns SAML 1.1 tokens for maximum compatability with existing Vendor products. SAML 2 products may be available in the future. Government agencies (federal, state and local). The service request must be signed using a recognised digital credential issued by VANguard. Internet (browser-based). Service hours 24 x 7. Service level Availability: 99.5% for standard business hours (08:00 to 18:00 AEST Monday to Friday) and 98.5% for non-business hours. Latency: Return responses within three seconds for 95% of requests. Integrity: Responses are clearly distinguished as either processed successfully or in error. All responses are digitally signed. Test environment Reporting User requirements Service initiation Service support Standard costs Agencies have unlimited access to a dedicated testing environment for integration with this service. This test environment can be used for testing user organisation access, and agency service integration, independently. Monthly reports on transaction volumes, service availability and service performance. User organisations must support WS-Federation, for example by installing Microsoft Active Directory Federation Services (ADFS). When a business user attempts to login to an agency website, the agency redirects the user to this service for authentication. A business user can navigate directly to this service, and then be redirected to the service provider after authentication. Technical Service Desk. Agencies provide support to their users. This service is provided on a cost recovery basis subject to negotiation with VANguard. Agencies are responsible for their integration costs with this service. Related services User Authentication Service (UAS). Certificate Issuance Service. External Monitoring Portal. Solution Assistance and Advice. 14 Department of Industry and Science

17 Additional information FAS Technical Service Contract. Common Elements Technical Service Contract. VANguard Service Level Agreement (SLA). VANguard Memorandum of Understanding (MOU). VANguard website: VANguard Service Catalogue 15

18 3 Related Services Certificate Issuance Service Description Standard service features Delivery scope Delivery channels Service hours Service level Test environment Service initiation Service support Standard costs VANguard provides an agency with a digital certificate to authenticate requests for VANguard services. The agency certificates can also be used to facilitate other government to government communication. Issuance of an agency digital certificate is based on a 100 point evidence of identity (EOI) check for two required custodians. VANguard will manage the following aspects of an agency digital certificate issued to the agency: Notification of pending expiration. Revocation on request. Reissue on expiration or revocation. Government agencies (federal, state and local). Production is onsite at an agency to conduct the EOI checks and to assist the agency in the generation of certificates. Standard business hours (08:00 to 18:00 AEST Monday to Friday). Standard business hours (08:00 to 18:00 AEST Monday to Friday). Test credentials required to access the third party test environment can be requested by any agency that has signed a Memorandum of Understanding (MOU). request. Technical Service Desk. Agencies provide support to their users. This service incurs no charge. Related services Technical Service Desk. Solution Assistance and Advice. Additional information VANguard Service Level Agreement (SLA). VANguard Memorandum of Understanding (MOU). 16 Department of Industry and Science

19 Technical Service Desk Description Standard service features Delivery scope Delivery channels Service hours Service level User requirements The Technical Service Desk operates 24/7 to support and phone requests. This is the first point of contact for issues or queries relating to VANguard government authentication services, along with 2nd and 3rd level support to address escalated requests. Provide resolution of incident or service requests for all VANguard services including: Information on service interruptions and changes. contact for incident or service request logging. Logging, prioritising and communicating request statuses as per SLAs. The service will be provided to agencies that have a signed SLA with VANguard. , telephone. Standard business hours (08:00 to 18:00 AEST Monday to Friday). Outside of these hours the agency will be directed to a Department of Industry on-call staff member. Phones: Answered within two minutes during full support hours 95% - minimum. Answered within 15 minutes between on-call hours 95% - minimum. /Form: Specific issue acknowledgment within 15 minutes during full support hours 95% - minimum. Users must provide a clear and specific description of the problem or request, including any error messages received. Service initiation [email protected] Phone: or (02) Service support Standard costs Feedback on performance can be provided to the Technical Service Desk. This service incurs no charge. Related services External Monitoring Portal. Solution Assistance and Advice. Additional information Process diagram VANguard Service Level Agreement (SLA). VANguard Memorandum of Understanding (MOU). N/A. VANguard Service Catalogue 17

20 External Monitoring Portal Description Standard service features Delivery scope Delivery channels VANguard provides a public portal that indicates the availability status of the suite of VANguard services in near real-time. Indicates VANguard service availability. Government agencies (federal, state and local). Internet (browser-based), XML download. Service hours 24 x 7. Service level Service initiation Service support Standard costs VANguard does not guarantee the availability of the External Monitoring Portal. URL. Technical Service Desk. Agencies provide support to their users. This service incurs no charge. Agencies are responsible for their integration costs with this service. Related services Solution Assistance and Advice. Additional information VANguard Service Level Agreement (SLA). VANguard Memorandum of Understanding (MOU). 18 Department of Industry and Science

21 Solution Assistance and Advice Description Delivery scope Delivery channels Service hours Service initiation Provide technical and business advice, tools, best-practice PKI standards and other resources to assist agencies to enable whole of government authentication services and adopt best practice. Government agencies (federal, state and local). Telephone, . Standard business hours (08:00 to 18:00 AEST Monday to Friday). Contact: VANguard Customer Department of Industry and Science Physical Address: Industry House 10 Binara Street Canberra City ACT 2601 Postal Address: GPO Box 9839 Canberra ACT Standard costs This service incurs no charge. VANguard Service Catalogue 19

22 Department of Industry and Science

23 VANguard Service Catalogue

24 22 Department of Industry and Science > vanguard.business.gov.au