E-Government Government Gateway Overview

What is the Gateway? A conduit for secure transactions between customers and government, covering Inputs, Outputs and Payments to Government; Gateway does not host e-forms or applications that generate or consume transactions; Gateway must communicate with front office and back office components to deliver an e-service.

What does the Gateway do? Single route into any government system; Processes and routes XML “e-forms”; Provides “single identity” access for users; Highly secure, resilient “always on” environment; Delivers outbound messages securely; Capacity to handle high volumes; Provides payment facilities.

Who can use the Gateway? Customers: Government: Citizens, businesses, intermediaries Using ANY application, ANY device, ANY digital ID service that is t-Scheme approved Government: Departments Local Authorities Agencies Devolved Administrations Digital ID services. t-Scheme approved providers, currently are: British Chambers of Commerce (using Royal Mail’s ViaCode) Equifax Software developers: Software Vendors

Gateway Overview Commercial Portals Government Portals Applications For Example Yahoo MSN Bank sites Insurance sites Government Portals HMCE Inland Revenue ukonline.gov.uk Applications Accounting packages Home finance packages Front Office Middle Office Gateway Internet Transaction Engine Payments Credit Card Debit Card Direct Debit Back Office Internet (Via VPN) or GSI DIS LA Inland Revenue DEFRA Registration and Enrolment Data Secure Mail

Front Office Encourage multiple channels for any transaction; Open standards allow easy integration with applications using UkGovTalk compliant XML; Support for Government portals with external authentication capability.

Middle Office Gateway provides generic building blocks for creation of end-to-end services: Registration and Enrolment engine for authentication Transaction engine for routing Payment Engine for payment of government related bills by credit, debit card or for setting up direct debits Secure Mail system for secure communications between user and Government

Back Office Department Interface Service (DIS) boxes provide off the shelf connectivity to Gateway; DIS box can be used to transform XML messages into other formats when they reach departments.

Registration & Enrolment The R&E system: enables users to have one account whilst having access to a diverse set of transactions and departments; authenticates all incoming transactions; remembers relationships between users and intermediaries (such as accountants).

Registration and Enrolment this is the process of creating the user account, specifying passwords and providing information such as email address (optional); the service that is being enrolled for will dictate the level of authentication required (either certificate or userid/password). Enrolment this is the process of enrolling for one or more services that the citizen or business wants to use. Activation Activation PINs are used to ensure the enroller is who they claim to be. PINS are sent to the name and address held by the back office system.

Process Overview Internet Key Facts Government Gateway Letter contents Address Request Address Response Secure Printers User ID / Activation PIN Gov Dpt

What Does The Transaction Engine Do? Authenticate authentication of transactions from the Internet; authentication of department connections over the Government Secure Intranet (GSI)/Virtual Private Network (VPN). Consumes the transaction apply a unique identifier and timestamp. Validate validate the content of the document header and check the structure. Route routing to departmental systems. Audit audit and logging; transaction integrity.

Main functions of Transaction Engine Transaction id routine; timestamp routine; call R&E for authentication and service list; XML Header validation routine; forward authenticated document to DIS; “response to customer” routine.

Add transaction id and timestamp Transaction Engine Gateway transaction engine Authenticate Add transaction id and timestamp Parse XML Internet acknowledgement Route Transaction PC Application/browser prepare transaction prepare form sign and send display response Transaction response GSI / VPN DIS transform data validate Department Back End Server validation processing storage

XML Platform independent; XML allows the tagging of data; language used to describe structure and/or content of a document; makes data more portable and therefore is a keen enabler of BtoB e-commerce; does not provide presentation information - require XSL for this, which allows you to apply stylesheets to XML to present the information back to the user; All transactions are submitted using HTTP Post to the Gateway URL using XML.

Scenarios The following scenarios show the different modes of operation you can take advantage of when designing services

E-Forms example User e-Forms server Gateway Dpt System Authenticated Form X Please Gateway Prepopulated Form Completes form Signs and sends completed form Dpt System Authenticated Form x please completed form X Form Validated

Standards Customer Applications Internet Gateway GSI ( & Variants) Any application: Dept/Portal/3rd party Any host Any device XML using XSD schemas and GovTalk header 128 bit SSL encryption HTTP tScheme digital ID (optional) Customer Applications Application SSL HTTP Internet Authentication Store & forward Transformation Routing tScheme digital certificates HTTP and SSL server certificates XML and GovTalk SMTP for email acknowledgements Reliable messaging using SOAP and Biztalk Gateway Gateway GSI ( & Variants) HTTP SSL for authentication Backend Systems System XML and GovTalk HTTP Reliable messaging

Inputs Scenario 1 – Pre-populate form with data Log on and pre-populate form Complete form Sign and send Customer Applications DA web form 3rd party application Application 1 2 Auth request & response Input Transaction Internet Authentication & routing Optionally query backend system for data to pre-populate form. Gateway Gateway 1 2 Authorised Data request Authorised Input GSI ( & Variants) Provide data Consume transaction Optionally, validate and respond Backend Systems System

Inputs Scenario 2 – Fill form and send DA web form 3rd party application 1. Complete form 2. Sign and send Customer Applications Application Response Input Transaction Internet Gateway 1. Authentication 2. Routing to URL for recipient LA Gateway Response Authorised Input form GSI (& Variants) Backend Systems LA 1. Consume transaction 2. Optionally, validate and respond LA

Outputs Scenario 1 – Customer request for self service output Web form 3rd party application 1. Raise request 2. Sign and send Customer Applications Application Output Payload Output request Internet Gateway 1. Authentication of request 2. Route to URL for target dept Gateway Output Payload Authorised Output request GSI (& Variants) DIS Backend Systems Self-service data source 1. Access data source 2. Return output

Outputs Scenario 2 – Department triggered output Receive email ’you have mail’ Click link to Gateway View output or download Customer Applications Browser/ Application 1 2 3 1. ‘You have mail’ email Request for output Output payload Internet Hold output awaiting collection Send email ‘You have mail’ Authenticate requests for output Display or download output Gateway Gateway GSI ( & Variants) DIS Backend Systems Prepare output Transfer to Gateway Output to go

Outputs Scenario 3 – User sends mail to department Click link to Gateway Access secure mailbox Compose mail to department Customer Applications Browser/ Application Internet Show recipient list based on enrolled services. Route composed mail to department Gateway Gateway GSI ( & Variants) Receive message in DIS Transfer to internal mail or similar systems. Department can then respond to user (see scenario 2) DIS Backend Systems

Secure Mail Provides a web based mail system for all users; Allows Government to deliver correspondence into the users’ secure mailbox; Users can send mail direct to Government departments whose services they have enrolled for.

Payments Engine Will allow bill payment with credit, debit card or direct debit (dept can specify which is acceptable for each service); Payments can be taken as part of a transaction (Self Assessment transaction could contain a payment section) or via the payment web site; User can receive bills via the secure mailbox and pay in the same session on the payment engine.

Summary Gateway provides a conduit for secure transactions between customers and government, covering Inputs, Outputs and Payments to Government; Need to register with the Gateway and then enrol for specific services; Transaction engine always ensures that there is a response to each request and assurance that government has received the transaction; DIS boxes are housed at departments.