Authentication and authorisation
The USI Registry System uses a combination of an Organisation’s ABN and USI OrgCode for authentication and authorisation to establish web service connections.
Software Developer Kit
Two developer kits are needed – an Authentication kit and a USI Developer Kit.
For all enquiries relating to the Authentication kit, please contact the Digital Partnership Office (DPO) at firstname.lastname@example.org.
USI Developer Kit
You will then be issued the USI Developer Kit including:
- USI Web Service Technical Services Contract
- The current version of the Security Token Service – Service Definitions
- The USI Check Character Algorithm
- Connection Instructions
- Machine-to-Machine (M2M) authentication and organisation codes for the test environment.
Connecting to the USI Registry System
When accessing the USI Registry System an organisation is authenticated. The Org code is submitted to the USI Registry System, and checked that it:
- is registered in the USI Registry System
- has an ABN that matches the certificate generated from authentication credentials
- has been authorised to use the USI web services by the Student Identifiers Registrar
- is of the correct organisation type (Registered Training Organisation (RTO), VET related body, Higher Education Provider or Tertiary Admission Centre) to use the called functions.
If you need additional information you can email email@example.com
Obtaining Machine-to-Machine (MSM) authentication
For web services, Machine-to-Machine (M2M) authentication is used. To be issued with M2M, an organisation and its staff must first set up a myGovID and Relationship Authorisation Manager (RAM).
Organisations will download software to their own environment and use their secure M2M credential for transactions to the USI Registry System.
The Cloud Software Authentication and Authorisation (CAA) solution allows software developers (SWDs) to design and implement a solution for clients using cloud enabled software to securely communicate information with the Office of the Student Identifiers Registrar.
An organisation using cloud-hosted services does not have to obtain their own M2M credential. The host service provider is required to use their M2M credential to authenticate a connection to the USI Registry.
After obtaining a Digital Identity and claiming their business in Relationship Authorisation Manager (RAM), the business associate of an approved organisation needs to access RAM and nominate the host service provider submitting transactions on their behalf.