Authentication and Authorisation

Want to stay up- to-date with the USI System?

The USI Registry System uses a combination of an Organisation’s AUSkey, ABN and OrgCode for authentication and authorisation through either web service calls or direct web access through the Organisation Portal.

Authentication options:

Desktop software
Cloud software

Software Developer Kit (ADK)

Two developer kits need to be obtained – an AUSkey kit and a USI kit.

AUSkey Kit

You need to register as a Software Developer with SBR in order to obtain the latest version of the AUSkey AKM kit: http://www.sbr.gov.au/software-developers/what-can-i-expect/registration-form

Please ensure that you enter ‘Department of Education and Training – USI’ in the agency field to identify you as a USI Software Developer.

USI Kit

Complete the USI Developer Kit application form and send it to USIIT@education.gov.au.

You will then be issued with an onboarding pack containing:

VANguard Security Token Technical Services Contract
A copy of the current version of the USI Security Token Service – Service Definitions
The USI Algorithm
Connection Instructions
AUSkey Device Key and organisation codes for the test environment
A PowerPoint presentation on USI web services

Obtaining a Production AUSkey

For web services, a Device AUSkey is used. To be issued with a Device AUSkey, an organisation must first have, or register for, an administrator AUSkey with the Australian Business Register. Organisations are most likely to already have an AUSkey administrator in their financial/tax matters area.

When applying for an AUSkey with the Australian Business Register you will need an ABN.
For more information on AUSkey and how to apply please visit Australian Business Register.

Connecting to the USI System

When accessing the USI Registry System, an organisation is first authenticated in VANguard using their AUSkey. The Org code is then submitted to the USI Registry System, and checked that it:

Is registered in the USI Registry System
Has an ABN that matches the certificate generated from the AUSkey
Has been authorised to use the USI web services by the Student Identifiers Registrar

Is of the correct organisation type (training organisation or other VET related body) to use the called functions

If you need additional information you can email USIAdmin@education.gov.au.

Authentication options

Desktop software

Clients will download your software to their own environment and use their own AUSkey authentication to secure their transactions to Government agencies.

Cloud software

The USI Office has been working with the Australian Taxation Office to adapt to the increased demand for businesses to use cloud based software. The Cloud Software Authentication and Authorisation (CAA) solution will allow software developers (SWDs) to design and implement a solution for clients using cloud enabled software to securely communicate information with the USI Office.

Policy advice from the Department of Finance regarding the use of an AUSkey in the cloud identifies that SWDs remotely storing a client’s AUSkey in cloud based solutions is in breach of the AUSkey terms and conditions. The CAA solution has been assessed and meets the terms and conditions of the AUSkey Certification Practices Statement (CPS) and Certificate Policies (CP).

The CAA solution will:

improve the client authentication experience by removing the need for them to obtain and manage an AUSkey to transmit to government via cloud based software,
reduce the administrative and support burden for software providers, enabling them to deliver contemporary solutions, online anytime from any device, for their clients,
ensure AUSkey compliance and is in alignment with future government strategic direction and initiatives.

This solution allows businesses to notify Government of their software provider’s services, and the software provider’s dedicated device AUSkey is used to ensure secure transmissions.

For additional information on the CAA solution please refer to the WofG Cloud Software Authentication and Authorisation Information Kit from the ATO.

If you’ve missed any of the USI Developer Forums you can catch-up with all the CAA presentations and outcomes on the USI Developer Forums page.

What does it mean to 'call' the web service?

Calling the web service means sending a HTTP request to the USI or VANguard Web Service.

Close the What does it mean to 'call' the web service? FAQ item.
What is the USI Developers Kit?

The USI Developers Kit is provided by the USI Office and contains everything that is necessary to connect to USI web services. This includes test AUSkey and org codes, checksum algorithm, technical service contract, a web services presentation and other information.

Close the What is the USI Developers Kit? FAQ item.
How do I collect a log for my escalated enquiry?

Various programs are available that can capture appropriate logs, such as Fiddler. The USI Office is happy to receive a .saz trace file.

Close the How do I collect a log for my escalated enquiry? FAQ item.
What information should be included in my log?
Decrypted HTTP logs of your requests to and responses from ‘VANguard STS’ and ‘USI Batch Service’ (i.e. 4 messages).

This log MUST contain at least:

Request URL + HTTP Method

Request date and time

HTTP headers

Request/response content including the entire SOAP envelope (header + body)
Close the What information should be included in my log? FAQ item.
What is a device key?

Device AUSkeys are used for system to system web services and are installed on the server hosting a training organisation’s system. A Device AUSkey identifies a business rather than a person. This means users of a USI web service enabled Student Management Systems (SMSs) do not need their own individual AUSkey.

Device keys are used in two environments, Third Party Testing (3PT) and production.

The USI Office issues AUSkeys for the Third Party Testing.

The ABR manages all other AUSkeys for the production environment.

Further information and help is available at https://abr.gov.au/AUSkey

Close the What is a device key? FAQ item.
I want to know how to use web services to connect to the USI Registry System?
To establish web service functionality you will need the Technical Services Contract which includes details of the available USI web services. These services allow an authorised consumer to perform the following actions:

Create a USI record for an individual and receive an immediate response

Submit a batch of USI creation requests for processing

Retrieve the results of a previously submitted batch request

Verify a USI for an individual and receive an immediate response

Verify a batch of USIs and receive an immediate response.
Close the I want to know how to use web services to connect to the USI Registry System? FAQ item.
What is the Technical Service Contract (TSC)?

The TSC is a set of codes that can be consumed by the organisation's Student Management System in order to use the USI Registry System web services component. Technical services contract.

Close the What is the Technical Service Contract (TSC)? FAQ item.
How can I test that my system integrates with the USI Registry System?

Arrangements can be made for third party testing of the integration of software with the USI Registry System by registering for access to the testing environment. Complete ADK request form.

Close the How can I test that my system integrates with the USI Registry System? FAQ item.
What do I need to be able to test my system connectivity with the USI Registry System

You will need to register for web services testing by completing the AUSkey ADK request form. More information.

Close the What do I need to be able to test my system connectivity with the USI Registry System FAQ item.
What happens after I submit my USI Authentication Developers Kit (ADK) form

The USI Office will send you the USI Developers Kit which includes test AUSkey and org codes, checksum algorithm, technical service contract, a web services presentation and other useful web service testing information.

Close the What happens after I submit my USI Authentication Developers Kit (ADK) form FAQ item.

Last modified on Friday 9 February 2018 [3211|41746]

Quick skip links and site assistance

USI - Unique Student Identifier

Authentication and Authorisation

Want to stay up- to-date with the USI System?

Software Developer Kit (ADK)

AUSkey Kit

USI Kit

Obtaining a Production AUSkey

Connecting to the USI System

Authentication options

Desktop software

Cloud software

What does it mean to 'call' the web service?

What is the USI Developers Kit?

How do I collect a log for my escalated enquiry?

What information should be included in my log?

What is a device key?

I want to know how to use web services to connect to the USI Registry System?

What is the Technical Service Contract (TSC)?

How can I test that my system integrates with the USI Registry System?

What do I need to be able to test my system connectivity with the USI Registry System

What happens after I submit my USI Authentication Developers Kit (ADK) form

Quick skip links and site assistance

USI - Unique Student Identifier

Search the site

You are here

Authentication and Authorisation

Want to stay up- to-date with the USI System?

Software Developer Kit (ADK)

AUSkey Kit

USI Kit

Obtaining a Production AUSkey

Connecting to the USI System

Authentication options

Desktop software

Cloud software

What does it mean to 'call' the web service?

What is the USI Developers Kit?

How do I collect a log for my escalated enquiry?

What information should be included in my log?

What is a device key?

I want to know how to use web services to connect to the USI Registry System?

What is the Technical Service Contract (TSC)?

How can I test that my system integrates with the USI Registry System?

What do I need to be able to test my system connectivity with the USI Registry System

What happens after I submit my USI Authentication Developers Kit (ADK) form