Services Catalogue - Welcome to VANguardvanguard.business.gov.au/Documents/VANguardServicesCatalogue.pdf · VANguard Service Catalogue 1 Contents 1 Introduction 2 VANguard Services

Services Catalogue

Department of Industry and Science

1VANguard Service Catalogue

Contents

1 Introduction 2

VANguard Services 2

About the VANguard Services Catalogue 2

Contact Details 2

2 VANguard Services 3

User Authentication Service (UAS) 4

Signature Verification Service (SVS) 6

Timestamping Service (TSS) 8

Security Token Service (STS) 10

Federated Authentication Service (FAS) 14

3 Related Services 16

Certificate Issuance Service 16

Technical Support Desk 17

External Monitoring Portal 18

Solution Assistance and Advice 19

2 Department of Industry and Science

Introduction

VANguard is a whole of government program delivered by the Department of Industry and Science. VANguard delivers a range of authentication services to secure business to government (B2G) and government to government (G2G) online transactions. These services are driven by the requirement to increase the uptake of electronic commerce in Australia and to help reduce the compliance burden on business interacting with government.

VANguard Services User Authentication Service

The User Authentication Service (UAS) verifies a business user’s online identity for access to secure government agency websites using a single login. UAS allows agencies and users to securely interact with government with the assurance of each other’s identity.

Signature Verification Service

The Signature Verification Service (SVS) verifies a business user’s digital credential when used to sign an agency’s online form. A business user’s digital credential is recognised as having equal legal status to a traditional signature.

A signed form submitted to an agency can be sent to the SVS to confirm the validity of the digital credential. The service verifies the digital signature and provides the online identity information of the signatory.

Timestamping Service

The Timestamping Service (TSS) records a date and time for an electronic transaction using certified date and time from the National Measurement Institute (NMI). An agency can use the timestamp as evidence of the transaction.

A timestamp request containing electronic content is issued over the internet for a timestamp token. The TSS issues a hashed timestamp of the electronic transaction record. A transaction can still be timestamped even if the entire transaction content is not made available to VANguard.

Security Token Service

The Security Token Service (STS) generates an electronic security token to ensure transactions between two parties, either business or government, or between agencies, are secure. The STS provides the technology for an agency to authenticate a second party without having to store any digital identity information.

The STS also includes a delegation feature that allows an agency to act on behalf of a business user with another agency.

Federated Authentication Service

The Federated Authentication Service (FAS) allows users logged on to their own agency’s network to authenticate and then use web applications in another agency. Authentication occurs transparently without additional credentials or software being required on the user’s computer.

About the VANguard Services CatalogueThe Services Catalogue:

n Provides an overview of the authentication rservices VANguard has on offer.

n Explains what VANguard clients can expect from rour services.

Contact detailsVANguard CustomerDepartment of Industry and Science

Physical Address:Industry House10 Binara StreetCanberra City ACT 2601

Postal Address:GPO Box 9839Canberra ACT 2601

Email:[email protected]

1


VANguard Services

Service Description

Each service is described as follows:

Description A brief non-technical description of the service.

Standard service features

Features and functions of the service available to all client organisation users who receive the service. These are provided under the Service Level Agreement (SLA).

Delivery scope The client organisation units who are able to receive the service.

Delivery channels How the service is to be received – for example, via a computer, the internet or email.

Service hours Timeframes and hours when the service is operational.

Service level The expectations for standards of service delivery in non-technical terms.

Test environment Availability of a test environment.

Reporting Frequency of reports and description of content.

User requirements Prerequisites the client organisation users must fulfil in order to successfully use the service.

Service initiation Tasks that client organisations, or their users, must complete in order to successfully use the service.

Service support Where client organisation users can go to obtain support for the service.

Standard costs Any client organisation or unit costs for provision of the standard service features.

Related services Other services that are associated with the service.

Additional information Reference material that supports the service – for example, guides or standards.

Process diagram A high level business process model describing the service.

2


User Authentication Service (UAS) - Single Sign-On Service

Description The User Authentication Service (UAS) verifies a business user’s digital identity for access to secure agency portals and websites with a single login.

This service obtains, verifies and provides agencies with an assertion of a user’s identity.


n Login.n Re-login (session timeout).

n Re-authentication (for important transactions).

n Supports a range of digital credentials.

n Supports customisable user interface.

n Provides a standard security token (SAML).

Delivery scope Government agencies (federal, state and local).

Delivery channels Internet (browser-based).

Service hours 24 x 7.

Service level Availability:99.5% for standard business hours (08:00 to 18:00 AEST Monday to Friday) and 98.5% for non-business hours.

Latency:Return responses within three seconds for 95% of requests.

Integrity:Responses are clearly distinguished as either processed successfully or in error. All responses are digitally signed.

Test environment Agencies have unlimited access to a dedicated testing environment for integration with this service.

Reporting Monthly reports on transaction volumes, service availability and service performance.

User requirements The user must assert their online identity using a recognised digital credential.

Service initiation When a business user attempts to login to an agency website, the agency connects to this service. The business user is presented with the whole of government login screen and is required to assert their identity. If a business user has recently been authenticated (in the same browser session) then those authentication details are used.

Service support Technical Service Desk.

Agencies provide support to their users.

Standard costs This service incurs no charge for small transaction volumes. Larger transaction volumes are offered on a cost recovery basis subject to negotiation with VANguard.

Agencies are responsible for their integration costs with this service.

Related services n Certificate Issuance Service.

n External Monitoring Portal.

n Solution Assistance and Advice.


Additional information n UAS – Technical Service Contract.

n Common Elements – Technical Service Contract.

n VANguard Service Level Agreement (SLA).

n VANguard Memorandum of Understanding (MOU).

n VANguard website: www.vanguard.business.gov.au.


Signature Verification Service (SVS)

Description The Signature Verification Service (SVS) can verify a person’s digital signature across a range of formats.

Agencies send signed PDF forms, data signed using the Cryptographic Message Syntax format or signed XML content to the service to verify that the digital signature is valid.


Supported formats:

n PDF document signatures (up to five on a single document).n XML-DSIG (XML signature syntax and processing).n CMS (Cryptography Message Syntax).

Provides a standard security token (SAML).


Delivery channels Web service.



Latency:Return responses within three seconds for 95% of requests for an XML or PDF with one signature that is less than 1MB in size.




User requirements A business user must digitally sign a PDF form, sign XML-based content, or a signed CMS document.

Service initiation The agency connects to this service to verify the business user's digital signature on the form or XML-based content.









Additional information n SVS – Technical Service Contract.




n Web Service Definition Language (WSDL).



Timestamping Service (TSS)

Description The Timestamping Service (TSS) proves what a transaction looked like at a particular point in time by recording its digital fingerprint (timestamp) along with the date and time the transaction occurred. Using certified time from the National Measurement Institute, the TSS issues a digitally signed timestamp of the transaction.

An agency can use the timestamp as evidence that a transaction existed in a particular form at the point in time the timestamp was issued.


Two supported formats:

n RCF3161 (Time-Stamp protocol).n XML-DSIG (XML Digital Signature Services Standard).





Latency:Return responses within three seconds for 95% of requests for files less than 200KB in size.




Service initiation The agency connects to this service to obtain a timestamp token for the electronic content.









Additional information n TSS– Technical Service Contract.







Security Token Service (STS)

Description The Security Token Service (STS) ensures that transactions are secure between a business and a government agency, or between government agencies.

A business or an agency obtains a security token that identifies it. The token is then secured for use by the intended recipient.


The STS validates a request from an initiating party and, on success, issues a security token (SAML).

The token and information identifying the initiating party is only accessible to the agency.


The service request must be signed using a recognised digital certificate issued by VANguard.








Service initiation The business or initiating agency can obtain a security token that identifies them to the relying agency.









Additional information n STS – Technical Service Contract.







Security Token Service (STS) with Delegation

Description The Security Token Service (STS) ensures that transactions are secure between a business and an agency, or between government agencies.

The STS with Delegation enables agencies, acting on behalf of business users, to conduct secure online business.


The STS with Delegation validates the request from an initiating party, and on success, issues a security token. The security token contains the identities of both the initiating party and the business user. This information is only available to the relying party agency.


The service request must be signed using a recognised digital credential issued by VANguard.








User requirements The business user has authenticated with the initiating party agency using the User Authentication Service.

Service initiation The initiating party requests a security token from VANguard that can be used to verify identity with a relying party agency.





Related services n User Authentication Service (UAS).

n Certificate Issuance Service.




Additional information n STS – Technical Service Contract.

n UAS – Technical Service Contract.







Federated Authentication Service (FAS)

Description The Federated Authentication Service (FAS) allows users logged on to their own agency’s network to authenticate and then use web applications in another agency. Authentication occurs transparently without additional credentials or software being required on the user’s computer.


The FAS currently supports the WS-Federation Protocol only. SAML protocol support may be added at a later time.

The service returns SAML 1.1 tokens for maximum compatability with existing Vendor products. SAML 2 products may be available in the future.


The service request must be signed using a recognised digital credential issued by VANguard.

Delivery channels Internet (browser-based).





Test environment Agencies have unlimited access to a dedicated testing environment for integration with this service. This test environment can be used for testing user organisation access, and agency service integration, independently.


User requirements User organisations must support WS-Federation, for example by installing Microsoft Active Directory Federation Services (ADFS).

Service initiation When a business user attempts to login to an agency website, the agency redirects the user to this service for authentication.

A business user can navigate directly to this service, and then be redirected to the service provider after authentication.



Standard costs This service is provided on a cost recovery basis subject to negotiation with VANguard.


Related services n User Authentication Service (UAS).

n Certificate Issuance Service.




Additional information n FAS – Technical Service Contract.






Related Services

Certificate Issuance Service

Description VANguard provides an agency with a digital certificate to authenticate requests for VANguard services. The agency certificates can also be used to facilitate other government to government communication.


Issuance of an agency digital certificate is based on a 100 point evidence of identity (EOI) check for two required custodians.

VANguard will manage the following aspects of an agency digital certificate issued to the agency:

n Notification of pending expiration.n Revocation on request.n Reissue on expiration or revocation.


Delivery channels Production is onsite at an agency to conduct the EOI checks and to assist the agency in the generation of certificates.

Service hours Standard business hours (08:00 to 18:00 AEST Monday to Friday).

Service level Standard business hours (08:00 to 18:00 AEST Monday to Friday).

Test environment Test credentials required to access the third party test environment can be requested by any agency that has signed a Memorandum of Understanding (MOU).

Service initiation Email request.



Standard costs This service incurs no charge.

Related services n Technical Service Desk.


Additional information n VANguard Service Level Agreement (SLA).


3


Technical Service Desk

Description The Technical Service Desk operates 24/7 to support email and phone requests. This is the first point of contact for issues or queries relating to VANguard government authentication services, along with 2nd and 3rd level support to address escalated requests.


Provide resolution of incident or service requests for all VANguard services including:

n Information on service interruptions and changes.n Email contact for incident or service request logging.n Logging, prioritising and communicating request statuses as per SLAs.

Delivery scope The service will be provided to agencies that have a signed SLA with VANguard.

Delivery channels Email, telephone.


Outside of these hours the agency will be directed to a Department of Industry on-call staff member.

Service level Phones:Answered within two minutes during full support hours 95% - minimum.

Answered within 15 minutes between on-call hours 95% - minimum.

Email/Form:Specific issue acknowledgment within 15 minutes during full support hours 95% - minimum.

User requirements Users must provide a clear and specific description of the problem or request, including any error messages received.

Service initiation Email: [email protected]

Phone: 1800 000 384 or (02) 6213 7007.

Service support Feedback on performance can be provided to the Technical Service Desk.


Related services n External Monitoring Portal.


Additional information



Process diagram N/A.


External Monitoring Portal

Description VANguard provides a public portal that indicates the availability status of the suite of VANguard services in near real-time.


Indicates VANguard service availability.


Delivery channels Internet (browser-based), XML download.


Service level VANguard does not guarantee the availability of the External Monitoring Portal.

Service initiation URL.





Related services n Solution Assistance and Advice.

Additional information n VANguard Service Level Agreement (SLA).



Solution Assistance and Advice

Description Provide technical and business advice, tools, best-practice PKI standards and other resources to assist agencies to enable whole of government authentication services and adopt best practice.


Delivery channels Telephone, email.


Service initiation Contact:VANguard CustomerDepartment of Industry and Science

Physical Address:Industry House10 Binara StreetCanberra City ACT 2601

Postal Address:GPO Box 9839Canberra ACT 2601

Email:[email protected]


Department of Industry and Science

VANguard Service Catalogue


> vanguard.business.gov.au