Presented by:
Paul Dwyer
Director, Digital Wholesale Services
Australian Taxation Office
03 April 2019
Digital Service Provider
Architecture Reference Group
(DARG)
Welcome and introductions
DARG change to traditional
scheduling and timings
Presented by:
Paul Dwyer
Director, Digital Wholesale Services
Australian Taxation Office
E-Commerce Platform Roadmap
How to use this slide pack
UNCLASSIFIED – Digital Architecture Reference Group – 03 April 2019 4
E-Commerce Platform| On-Going Tuning
Three key operational priorities were identified in preparation for Tax
Time 2019:
1. Stuck batches
2. Unexpected component failures
3. Leverage Cloud Capabilities & Scale
Three strategic areas of focus
1. Increasing Batch Record Size
2. Proactive Business Solutions to meet ATO’s Future Growth
3. Reducing the imposition on adopting and conforming to the
current Channel Ecosystem
Database Monitoring and Enhancements
Upgrading old infrastructure
Performance tuning (MAAS & MATS Focus)
Stuck Batches
Message Tracker
Throttling Solution
0
20
40
60
80
100
120
140
160
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Transactions Volume Growth (M) 2018 Actuals v 2019 Forecast
Inbound Outbound 2018 Actuals
UNCLASSIFIED – Digital Architecture Reference Group – 03 April 2019 5
6
E-Commerce Platform | Product Upgrades Future Design
Parameters of SBR2 The ATO has provided input and expectations directly with the product
developers.
Updates to the product suite are coming. Future enhancements we may wish to
implement but will need to make decisions around existing implementation.
Changes to implementation would be carried out in iteration so as to minimise
the risk to production use.
Option Cost Elastic Complexity Notes
Leverage Cloud Native
(PAAS) *
Shifting away from the current IAAS approach using cloud native
PAAS offerings where possible for the processing of messages.
Leverage Cloud Native
(Container)
*
Shifting away from the current IAAS approach using cloud native
containerisation offerings where possible for the processing of
messages.
Add an additional
gateway
Standing up an additional gateway for either specific DSPs or
specific market segments
Horizontally scale
Adding more nodes to the current solution in order to handle
UNCLASSIFIED – Digital Architecture Reference Group – 03 April 2019 6
E-Commerce Platform | Product Upgrades Future Design
Parameters of SBR2 The ATO has provided input and expectations directly with the product
developers.
Updates to the product suite are coming. Future enhancements we may wish to
implement but will need to make decisions around existing implementation.
Changes to implementation would be carried out in iteration so as to minimise
the risk to production use.
UNCLASSIFIED – Digital Architecture Reference Group – 03 April 2019 7
ATO Digital Services
Modernisation (ADSM)
Request for information
Presented by:
Paul Dwyer
Director, Digital Wholesale Services
Australian Taxation Office
WHAT IS ATO DIGITAL SERVICES MODERNISATION (ADSM)?
ATO Digital Services Modernisation Program
Digital Services Gateway
• Provide new light-touch and
lightweight messaging standards
• Service real time, digital event
single transactions
The ATO is seeking a new innovative solution
to deliver lightweight digital services. This
solution will enable clients to interact and
consume quick, small and data driven
services. This capability is referred to as the
Digital Services Gateway (DSG).
In addition, the ATO is seeking to modernise
an existing platform, which provides business
event, bulk and batch style digital services and
supports existing messaging capabilities. This
capability is referred to as the Digital
Reporting Channel (DRC).
The ATO requires a solution or solutions that
will service both capabilities (DSG and DRC)
and that can be deployed with minimal
disruption to the consumers of the current
services.
Single entry point
Internal ATO processing systems
A solution that achieves high service availability targets, is secure and efficient.
Digital Reporting Channel
• Continue to provide existing
services
• Provide backwards compatibility
• Service bulk and single
transactions
Service
Integration
UNCLASSIFIED – Digital Architecture Reference Group – 03 April 2019 9
COMMUNICATION TO DATE
Date Discussion Forum / Channel
20 Mar 2018 SBR Evolution and e-Invoicing: the Broader Context
• SBR Evolution
ABSIA Forum
31 May 2018 SBR System Evolution presentation to Governance and Committees ATO Executive & ABSIA Board
meeting
27 Jun 2018 Improving SBR2 Platform Super Industry Engagement Forum
• Digital Services Gateway – Simplifying ‘event based’ interactions Super Industry Engagement Forum
23 Aug 2018 ATO Digital Services Modernisation SBR2 Platform & Digital Services Gateway
• Digital Services Gateway and future SBR
Combined Strategic Working Group
and ABSIA Board meeting
24 Aug 2018 Standard Business Reporting Resilience & Future Tax Practitioner Stewardship Group
03 Sept 2018 ADSM Overview discussion - SBR Evolution Westpac and ATO Senior Executive
Round Table
18 Sept 2018
ATO’s Digital Delivery
• ATO Digital Services Modernisation
• Digital Services Gateway and Future SBR
SuperStream Reference Group
10 Oct 2018 DSP Operational Framework
• ATO Digital Services Modernisation – 2020 Vision Superannuation Fund administrators
03 Dec 2018 ATO Technology Enabling our digital business Vendor Briefing
IT Journalist
05 Dec 2018 News item advising of RFI 2227 – ATO Digital Services Modernisation DSPs Newsletter
13 Dec 2018 ADSM – Industry Brief ATO ADSM Industry Brief
UNCLASSIFIED – Digital Architecture Reference Group – 03 April 2019 10
ADSM SO FAR
2018
5 December Request for Information published on AusTender
12 December Email to Industry Leaders
13 December Industry Briefing held, 160 external attendees
2019
13 February
RFI closed
260 entities registered for updates and downloaded the AusTender documentation.
ATO responded to 118 questions from Industry.
ATO received 23 compliant responses.
14 February RFI Evaluation Plan signed off
01 March Evaluation of RFI responses commenced
Current update
The ATO is currently reviewing and evaluating the responses for RFI 2227. At this stage, the ATO is unable to provide a date of when the RFI
outcome will be finalised. The ATO will provide another update as the evaluation process is finalised.
UNCLASSIFIED – Digital Architecture Reference Group – 03 April 2019 11
Direction of Technology
Open discussion
Presented by:
Paul Dwyer
Director, Digital Wholesale Services
Australian Taxation Office
The drivers
• Are we on the right mission?
• How do we enable agility and the innovation that provides delightful user experience?
• What are the changes we can make to:
– Provide quality
– Contain costs
– Increase velocity
– Enable the exponential growth in demand
Putting a light on the hill
• Helps to determine the value of an idea.
How we’re moving forward
• Plans are only good if they can be executed
UNCLASSIFIED – Digital Architecture Reference Group – 03 April 2019 13
INTRODUCTION
CONCEPTUAL | Digital Decoupling to support Bimodal
Features for software
developers:
Independence
Tested and Operational
Quality of service
Features for the ATO:
Protection of core systems
‘Space’ to re-architect and
revolutionise the monoliths
− Real-time over batch
− Fit-for-purpose
“Software Developers”
DHS MYOB
ATOO ATO STAFF GOV - DHS MYOB DSP
PRODUCT LAYER
GST SUPER IT STP/Pay
Report +More
INNER API LAYER
CLIENT
ACCOUNT
INSIGHTS &
INTELLIGENCE
CLIENT
PROFILE
ENTERPRISE
ADMIN
ADVICE AND
SUPPORT
CASE & WORK
MANAGEMENT
EVENT
PROCESSING
API API
SOLUTION
API API
SOLUTION
API API
SOLUTION
API API
SOLUTION
API API
SOLUTION
API API
SOLUTION
API API
SOLUTION
Inner API are platform
based. Priority
determined by
operational needs.
Outward API Priority
determined by
service demand from
Software Developers
OUTER API LAYER
Reporting Informational Traditional
Digital Services Gateway Digital Reporting Channel
UNCLASSIFIED – Digital Architecture Reference Group – 03 April 2019 14
API
Core System
Master
Cache
Informational
Service
Informational
Service Cache for
performance,
availability and
resilience
Consumer
API
Core System
Master
Informational
Service
X
Providing innovative lightweight data driven digital services requires strengthening of the solutions that deliver them to meet growth and
modern service expectations
UNCLASSIFIED – Digital Architecture Reference Group – 03 April 2019 15
CONCEPTUAL | Managing new load and meeting service expectations
DARG focus groups
Presented by:
Paul Dwyer
Director, Digital Wholesale Services
Australian Taxation Office
Improving the test environment
Focus group
UNCLASSIFIED – Digital Architecture Reference Group – 03 April 2019 17
UNCLASSIFIED – Digital Architecture Reference Group – 03 April 2019 18
FOCUS GROUP | Improving the test environment
WHERE WE HAVE COME FROM
• EVTE is a stubbed environment to provide an efficient capability to test the transmission of
messages to the ATO
• EVTE offers unlimited testing of messages without resetting data and will prove the successful
transmission of a message to the ATO and includes verification of;
– Correct message format being used
– certificate installation correctly embedded into message
– error messages and exceptions generated from the ATO system are processed
correctly by the calling system
• A comprehensive conformance suite is provided. This includes test cases, associated
credentials and the request and response messages as templates.
• EVTE does not allow for load or performance testing to be carried out in the environment
• The use of EVTE and the conformance suite is expected to be part of a greater test process by
individual DSP’s
• The number of conformance test cases has been kept to a minimum to reduce impact to the
range of DSP’s
UNCLASSIFIED – Digital Architecture Reference Group – 03 April 2019 19
FOCUS GROUP | Improving the test environment
WHERE WE ARE NOW
• Improving conformance test cases by setting
– Realistic data
– End to end scenarios with single credential
• Updates to the Business Implementation Guide (BIG)
– More detailed descriptions of the business use of the service to
provide a greater context for the use of the service.
– Format changes to simplify the document
• Increasing automated testing in all environments
UNCLASSIFIED – Digital Architecture Reference Group – 03 April 2019 20
FOCUS GROUP | Improving the test environment
THE FUTURE
• Dev/Op practices to improve delivery turn around
– Continuous build could mean smaller and faster delivery to
EVTE.
• DSP gateway to improve the interaction between the ATO and DSP’s
– Access to information and feedback in order to reduce delivery
and testing timelines.
– Larger repository of test cases to consume as optional test to
assist in verifying quality of delivery.
• Improved tooling to assist;
– Creation and aging of test data
– Generate test cases to be consumed by specific DSP’s
BIG review
Focus group
UNCLASSIFIED – Digital Architecture Reference Group – 03 April 2019 21
FOCUS GROUP | BIG review
UNCLASSIFIED – Digital Architecture Reference Group – 03 April 2019 22
Purpose
A focus group has been formed through the DARG to provide initial feedback on the current structure and content of Business
Implementation Guides (BIGs). With the intent to improve future content and remove any redundant and/or duplicated information.
Items identified for review:
Proposed changes to BIG:
• Update to the purpose statement
• Removal of some information
For example: Removal of taxpayer declaration information as it is already in the Taxpayer Declaration Guide
• Intent to move some content to a common BIG:
o Audience
o Document context
o Channel availability for the interaction
o Intermediary relationship
o AUSkey and authentication information
o TFN and ABN algorithm validation
o Truncating amounts
More consultation will occur with industry
Machine to machine
credentials
Presented by:
Hoshedar Elavia and Claire Miller
Director, Digital Wholesale Services
Australian Taxation Office
What will replace AUSkey?
The ATO is building:
• myGovID: A way to prove who you are. You will be able to authenticate and access government online services using myGovID
• Relationship Authorisation Manager (RAM): Whole of government relationship and authorisation manager. RAM lets businesses and tax agents control who can act on their behalf across eligible government online services
• A new machine to machine (M2M) solution to support existing M2M arrangements – replacing device AUSkey
• Combined, these solutions will replace AUSkey
• ATO is also building a SAML service (Business Authentication Manager) to enable agencies to on-board with minimal impact
Why are we replacing AUSkey?
AUSkey has not kept pace with changes in technology and doesn’t meet the future needs of most businesses. AUSkey is:
• not supported on mobile devices
• not compatible with all internet browsers
• difficult to setup and maintain
• is restricted to online services and authorisations does not carry across channels (i.e. cannot be used to contact the ATO by phone)
• Unable to provide password reset functionality, forcing users to re-register when a password is forgotten
• difficult for users who want to view and manage multiple AUSkeys with some businesses having up to 200 AUSkeys
• reaching end of life in March 2020
AUSkey replacement
24 UNCLASSIFIED – Digital Architecture Reference Group April 2019
The AUSkey replacement will include a new machine credential, which will be issued and managed via RAM. • The new machine credential is backwards compatible with existing device AUSkeys, and DSPs will
only need to download new credential/s, then update the authentication endpoint in their software products
• During the transition period, existing device AUSkeys will work with the new ATO Secure Token Service (STS) endpoint
• The new machine credential is compatible with the existing Software Developer Kit
• A new Software Developer Kit will be issued later in the year with some new features, however this is not required for transition prior to March 2020
25
New Machine to Machine solution (replacing device AUSkey)
UNCLASSIFIED – Digital Architecture Reference Group April 2019
UNCLASSIFIED – Digital Architecture Reference Group April 2019
26
M2M Authentication │ DSP experience roadmap
Planned releases
March Jan
Initial meeting
16 Mar
Workshops x2
17 & 30 May
4th meet
7 Jun
5th meet
7 Aug
6th meet
11 Dec
EVTE
18 Apr 2019
Public Beta (TBC)
Sep 2019
- Developer introduction to the Digital Identity program of work
- Introduction to WofG Digital Identity program components including Exchange ecosystem
End to end encryption
2019 2020
Full implementation of M2M solution, including supply chain
visibility
Sep
2018 2019
Dec
ATO DSP engagement (DIWG)
Ap
r
- Provide Digital Identity Program of work update to DSP including solution rebranding, B2B position and MFA position
- Establish Core Design Principles for M2M solution
- Present M2M design plan
- Gather DSP M2M use cases
- Development of component requirements
- Endorse and accept design principles
- Complete component requirement draft
- Validate use cases and component requirements
- Develop M2M high level architecture design including server & client side diagrams
- Update on open source options
- Confirm use of Trusted Platform Module (TPM) is not mandated by DTA
- Endorse and accept M2M high level architecture design including server & client side diagrams
- Confirm the client side SDK will be open source
- Present draft M2M detail design for discussion
- M2M EVTE Private BETA (Phase 0)
- SBR / DSPs can install and test new key in test environment
- M2M Production Public BETA (Phase 1)
- Machine credential – I can create a machine credential to secure M2M transactions
MACHINE-TO-MACHINE AUTHENTICATION | Client Model
UNCLASSIFIED – Digital Architecture Reference Group April 2019
RAM
Business owner
Has Machine Credential
Administrator (MCA) role
but will generally delegate
this to another person
PREREQUISITES
All users have myGovID
All users are authorised for the
business In RAM
Must have SDK loaded
Must have credential
Principal Authority
When creating a machine
credential, they will be the
custodian. Machine
Credential
Administrator (MCA)
Request machine credential
Credential custodian
Server
Machine
credential
created in MAS
via RAM
Download (or install)
credential (different for
each DSP business)
PR
INC
IPA
L
AU
TH
OR
ISE
D A
FF
ILIA
TE
SDK installed
1
3
4
2 MAS
Now has ‘Machine
Credential Admin’ role
Role flow
Credential flow
Grant ‘Machine Credential
Admin’ role to authorised
person via RAM
RAM – Relationship Authorisation Manager
MAS – Machine Authentication Service
MCA requests
new credential
via RAM
27
MACHINE-TO-MACHINE AUTHENTICATION | Data Flow
UNCLASSIFIED – Digital Architecture Reference Group April 2019
Software sends valid
certificate to MAS
Software MAS Software
Validates that the
certificate is correct.
Provides a SAML token
back to software
M2M
SAML
Processes
the request
ATO
SBR Core
Verifies that
machine credential
ABN and reporting
party ABN match
Business
Business initiates a
transaction and signs the
information using their
machine credential stored
Attaches SAML and
related business
information to the SBR
payload. Submits a single
SBR payload to ATO
S B R
P A Y L O A D
28
UNCLASSIFIED – Digital Architecture Reference Group April 2019
MACHINE-TO-MACHINE AUTHENTICATION | Impacts
We are designing the machine credential to be backward compatible to limit the impact for DSPs
and their users.
DSPs that use CAA
• Will be required to generate and install the new machine credential as well as update their software to point
to the new STS endpoint address.
• There will be no impact to users.
DSPs that do not use CAA
• DSPs will be required to update their software to point to the new STS endpoint address and deploy the
updates to their users.
• Users will need to log into RAM to nominate a Machine Credential Administrator to generate a machine
credential. Users will then need to install the machine credential into their software.
Users who have updated their software can continue to use their AUSkey until 2020
29
Wrap up