Reporting Issues Encountered on Web Service Testing

Consent-Based Social Security Number Verification Service (CBSV)

ETE_CBSVUserAgreement Final

Reporting Issues Encountered on Web Service Testing

OMB: 0960-0760

Document [docx]
Download: docx | pdf









________________________________________________________________________

CBSV User Agreement


Between the Social Security Administration (SSA)


And


External-to-SSA Developers


For External Testing Environment (ETE)

________________________________________________________________________




  1. Purpose


The External Testing Environment (ETE) provides a dedicated test environment to be used by external-to-SSA developers for Consent Based Social Security Number Verification (CBSV) web services to test their software independent of SSA’s development activities. The ETE gives the external developers the flexibility to test on an “as needed” basis to make sure their software remains up-to-date and continues to provide accurate data on behalf of the public to SSA systems.


The purpose of this User Agreement is to establish the conditions, terms, and safeguards under which the Social Security Administration (SSA) will provide access to external-to-SSA developers for testing within the ETE.



  1. Definitions


Name

Description

SSA

Social Security Administration

External to SSA Developer (ETSSAD)

Employee designated by Requesting Party to process submissions.

Requesting Party

Company desiring to access and use the ETE as represented by an Officer or Employee of Company possessing authority to make legally binding commitments on behalf of the Company.

Application Sponsor

Owner of SSA application with authority to approve ETSSAD request

ETE Administrator

Employee responsible for the management of the External Testing Environment

Credentials

Personal Identification Number (PIN) and Password to access SSA systems.



  1. Technical Specifications and Systems Security & Related Business Process Requirements


The Requesting Party shall secure, at its own expense, the necessary hardware, software, etc. to establish connection to the ETE. The Requesting Party must have, and shall provide at its own expense, Internet access in order to access the ETE. The Requesting Party shall provide SSA with a valid e-mail address for its representative so that SSA may communicate with the Requesting Party via electronic mail. 

 

All Requesting Party site preparation, connection, and operating costs, as well as any other miscellaneous costs incurred by the Requesting Party to enable its participation in the ETE, are the responsibility of the Requesting Party.


SSA shall give access to ETE documentation to the Requesting Party, which SSA may amend from time to time at its discretion without amendment to this User Agreement. The requirements for submitting files, checking status, and retrieving results are set forth in the User’s Guide.


General Participation Requirements


In order to meet general expectations for participation, the ETSSAD will need to:

  • Execute test scenarios over a stated period on a repetitive basis to ensure connectivity to SSA systems.

  • Interpret test results and accurately report issues encountered during Web service testing in enough detail that they can be reproduced.

  • Provide feedback to SSA regarding the application’s reliability, stability, and user experience.

  • Provide feedback to SSA regarding product enhancements, documentation, and help systems.

  • Be able to react to SSA’s software changes.

  • Have technical team members available to work with the SSA technical team to troubleshoot and resolve any connectivity or compatibility challenges incurred during the testing process.


Environment and Platform


In order to meet the environment requirements the ETSSAD must:

  • Have a Web service development environment that supports development using a .NET and/or Java-based industry standard technologies.

  • Have a test environment that can be setup to connect to SSA’s testing environment. If necessary, the ETSSAD test environment should be configured to use digital certificates generated by SSA for testing purposes.


Web Service Specific Expertise


The Requesting Party must have the following technical expertise in developing Web service clients for external Web services that have the following characteristics:

  • Conformance to the World Wide Web Consortium (W3C) Web service standards (Simple Object Access Protocol (SOAP), Web Service Definition Language (WSDL), Web Service Security [WS-Security]).

  • A transport layer security using Hypertext Transfer Protocol Secure (HTTPS), using Secure Socket Layer (SSL) Certificates signed by well-known Certification Authorities (CAs).

  • Protected Web services that require the following authentication mechanisms:

  • Client Authentication using the Personal Identification Number (PIN)/Password as a part of the WS-Security SOAP header, and;

  • Strong Authentication (using X.509 Client Certificates), which authenticates the ETSSAD based on a digital signature over the SOAP body and timestamp element.

  • Experience in successful Web service testing.


Ability to meet SSA’s Schedule


The ETSSAD must work within SSA’s schedule constraints. The applicant therefore must be able to:

  • Perform testing during the agreed-upon time frame with help support available on weekdays between 9 A.M. and 5 P.M. Eastern Standard Time (EST),

  • Support a flexible test schedule, and

  • Participate in pre-scheduled technical status conference calls for the duration of testing.


  1. Responsibilities


Requesting Party’s Responsibilities:


The Requesting Party agrees to create electronic file(s) to be used to test an SSA developed web service. The Requesting Party may be asked to process SSA generated test data when required.

All requests will conform to the submission requirements outlined in the ETE documentation which the Requesting Party will have access to upon successful registration for access to the ETE.


The Requesting Party agrees to provide the name, phone number, email address, and timeframe for testing. Further, the Requesting Party agrees to notify SSA if there is any change to employment status (including but not limited to, for example, long-term absence, termination of employment, change of duties relevant to ETE) for any ETSSAD authorized to use ETE. The Requesting Party will also notify SSA if they wish to revoke any employee’s authorization to use SSA’s ETE. The registration process will be completed by issuance of a unique access code by SSA to the Requesting Party. The Requesting Party is required to provide this code to the ETSSAD as authentication of the employee’s relationship to the Requesting Party as well as being authorized by the Requesting Party to submit such requests.


SSA may change its method of receiving verification requests and providing the results to the Requesting Party at any time. The Requesting Party shall be responsible for any costs generated by SSA's decision to change its method of using the ETE.


Requesting Party Acknowledgements:


  1. The Requesting Party acknowledges that Section 1140 of the Social Security Act authorizes SSA to impose civil monetary penalties on any person who uses the words "Social Security" or other program-related words, acronyms, emblems and symbols in connection with an advertisement, solicitation or other communication, "in a manner which such person knows or should know would convey, or in a manner which reasonably could be interpreted or construed as conveying, the false impression that such item is approved, endorsed, or authorized by the Social Security Administration . . . ." 42 U.S.C. § 1320b-10(a); and


  1. The Requesting Party acknowledges that it is specifically prohibited from using the words "Social Security" or other program-related words, acronyms, emblems and symbols in connection with an advertisement for products or services; and


  1. The Requesting Party acknowledges that the information received from records maintained by SSA is protected by Federal statutes and regulations, including 5 U.S.C. § 552a(i)(3) of the Privacy Act. Under this section, any person who knowingly and willfully requests or obtains any information from SSA under false pretenses shall be guilty of a misdemeanor and fined not more than $5,000.


Note: These acknowledgements shall extend to ETSSAD that are not the Requesting Party.


SSA’s Responsibilities:


SSA mission-related work will have priority over ETE requests on SSA’s information systems and, therefore, SSA does not guarantee that ETE request results will be available to the Requesting Party within a specified time frame. SSA’s posting of ETE request results may be delayed while SSA performs mission-related work, or while SSA performs systems maintenance.


SSA agrees to provide limited Security and Application specific Help support to ETSSAD. The intent of this support is not to troubleshoot the Requesting Party’s application, rather to verify that SSA’s environment is operational. ETSSAD are expected to develop their Web Service Definition Language (WSDL) based on documentation provided by SSA after successful registration.


  1. Duration of Agreement and Suspension of Services


Duration of Agreement


This User Agreement is effective upon signature of the Requesting Party and issuance of security credentials and ends in the following situations:


  • The time frame stated by the Requesting Party during the registration process has ended, leading to the account being suspended.


  • SSA cancels any ETE application or the entire environment at any time. However, SSA will make a reasonable effort to provide 5 days notice prior to such action.


  • The Requesting Party gives notice of its decision to cancel its Agreement. In the event that the Requesting Party gives notice of its intent to cancel the Agreement, the Agreement shall terminate immediately or at the specified notice date;


  • SSA and the Requesting Party mutually agree to cancel the Agreement;


  • Cancellation of the Agreement is required by law and shall be effective as specified.


This agreement will come to an end if determined that the ETSSAD does not demonstrate the technical and environmental expertise as stated in Section III of this document.


Note: The completion of application testing within the ETE has no bearing on access to SSA Production systems. ETSSAD’s must apply for access to SSA Production systems.


Suspension of Services


Not withstanding any other provision of this Agreement, SSA may unilaterally suspend access of the Requesting Party to ETE services at the Agency’s discretion. Suspension will be effective immediately upon notice by SSA to the Requesting Party and will remain in effect until lifted by SSA. During the suspension period, notifications will be sent to all ETSSAD who have used the ETE environment on updates relating to the application tested.


The Requesting Party specifically waives any right to judicial review of SSA’s decision to suspend or cancel this Agreement.


  1. Amendments to Agreement


Unilateral Amendments


SSA reserves the right to make the following types of unilateral amendments to this Agreement at any time:


  • Minor administrative changes (for example, changes to SSA mailing addresses, email addresses, names of personnel, locations, etc.); and/or

  • Process changes (for example, how submissions are to be received and results provided to business partners)


Unilateral amendments will be sent to the Requesting Party to notify them of the change. If the Requesting Party chooses to cancel this Agreement as a result of a unilateral amendment, notice to SSA is required.



  1. Indemnification


Notwithstanding any other provision of this User Agreement, the Requesting Party agrees to indemnify and hold SSA harmless from all claims, actions, causes of action, suits, debts, dues, sums of money, accounts, covenants, contracts, controversies, agreements, promises, representations, restitutions, damages, costs, fees, judgments, and any other liabilities associated with, or resulting directly or indirectly from, any action, including but not limited to, actions involving the disclosure of information released by the Requesting Party. SSA shall not be responsible for any financial loss or other loss incurred by the Requesting Party, whether directly or indirectly, through the use of any data furnished pursuant to this User Agreement. SSA shall not be responsible for reimbursing the Requesting Party any costs incurred by the Requesting Party pursuant to this User Agreement.



  1. Disclaimers


SSA is not liable for any damages or loss resulting from errors in information provided to the Requesting Party under this User Agreement. Furthermore, SSA is not liable for damages or loss resulting from the destruction of any materials or data provided by the Requesting Party. All information furnished to the Requesting Party will be subject to the limitations and qualifications, if any, transmitted with such information.


The delivery by SSA of services described herein and the timeliness of the delivery are authorized only to the extent that they are consistent with proper performance of the official duties and obligations of SSA and the relative importance of this request to others. If for any reason SSA delays or fails to provide services, or discontinues the services or any part thereof, SSA is not liable for any damages or loss resulting from such delay or for any such failure or discontinuance.



  1. Integration


This User Agreement constitutes the entire agreement of the parties with respect to its subject matter. There have been no representations, warranties or promises made outside of this User Agreement. This User Agreement shall take precedence over any other documents that may be in conflict with it.



  1. Resolution Mechanism


In the event of a disagreement between the parties to this User Agreement, the parties shall meet and confer to attempt to negotiate a resolution. If the parties cannot negotiate a resolution, the dispute shall be submitted in writing to the Deputy Commissioner of Systems, who will render a final determination binding on both parties.










  1. Persons to Contact


SSA Contacts:


ETE Project Team


Electronic Mail: [email protected]


  1. Authorizing Signatures and Dates

The signatories below warrant and represent that they have the competent authority on behalf of their respective agencies or companies to enter into the obligations set forth in this User Agreement.


____________________________________ ____________________________________
Requesting Party SSA Representative

Company

1 of 10

User Agreement Between SSA and Requesting Party for ETE

File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File TitleETE User Agreement - SSA and External-to-SSA Developer
AuthorSyed Alavi
File Modified0000-00-00
File Created2021-01-29

© 2024 OMB.report | Privacy Policy