Tax office goes Ubuntu for AUSkey Linux standard

Generic Linux and Unix port to go public

The Australian Taxation Office is preparing to release a Linux port of its AUSkey authentication software with Ubuntu being the reference distribution for testing and development.

AUSkey is the federal government’s security key that can be used for single sign-on across a number of online services and is required to use the Department of Treasury’s new Standard Business Reporting (SBR) service.

The ATO has started using AUSkey as a replacement to its legacy digital certificates, but some Linux users reported compatibility problems as the client is only available for Windows and Mac OS X.

However, earlier this month the Australian Linux community announced it would collaborate with Treasury on an open interface for SBR and the ATO said it will provide AUSkey for Linux.

Bettina Konti, assistant commissioner of business solutions at the ATO’s online and e-security division told TechWorld the tax office is not looking to “overtly support” Linux as there are “many flavours”, but work is being done to remove the preclusion for AUSkey on Linux.

“Once we do that we will take Ubuntu and test the registration and download process through that version of Linux to make sure it works,” Konti said.

While the reference distribution is Ubuntu, Konti said other Linux distributors like Red Hat are also encouraged to get AUSkey working on their platforms.

Konti could not give an exact date as to when the Linux AUSkey port will be available, but said it will be released before the end of the year.

“We now have 87,500 AUSkeys in the public domain and about one third of those are new accounts,” she said.

AUSkey technical architect, Paul Cuthbert, says it was never the intention to preclude AUSkey from any platform, but give priority to the most popular platforms.

“By enabling Linux support we are effectively removing a defect,” Cuthbert said.

The AUSkey software itself it developed in Java and ported to Windows and Mac OS X so it will be “updated” to support Linux and Unix platforms.

“We will support Unix platforms, including Solaris, in as generic a way as possible,” Cuthbert said. “There are limitations to our testing capability, but certainly the intent is to provide cross-platform access to SBR.”

Cuthbert said using AUSkey on a client or server is largely the same, with the Client designed to be used through a Web browser.

“The server software doesn’t have a UI and is designed to be implemented in a way the software designer chooses to use it, but it uses AUSkey the same way,” he said.

General manager of SBR core services at the Department of Treasury, Geoff Turner, said this week the department will commence discussions with Linux Australia on an open source integration tool for SBR.

“From the SBR program sense it is a voluntary program and we have to make it attractive to as many software developers across Windows, Java and open source implementations,” Turner said.

“We will release Windows and Java-compliant products initially, but will also assist other implementations and are working with groups to expand the SDK capability.”

Turner said only in the past three months the open source community has expressed interest in SBR.

“The range of products we provide are standards complaint and we haven’t had any stumbling blocks,” he said.

The ATO’s Bettina said in addition to commercial and open source products, AUSkey can be used by SaaS providers.

“In a SaaS model the business can get a device AUSkey and choose the SaaS provider to be the host for the AUSkey,” she said.

Rodney Gedda is Editor of TechWorld Australia. Follow Rodney on Twitter at @rodneygedda. Rodney's e-mail address is Follow TechWorld Australia on Twitter at @Techworld_AU.

Join the CSO newsletter!

Error: Please check your email address.

Tags unixSBRATOjavaauthenticationDepartment of TreasuryubuntuAuskey

More about Australian Taxation OfficeLinuxRed HatUbuntu

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Rodney Gedda

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place