Layer Security



The Layer Security LS-ATO client provides a secure ebMS3/AS4 transport for applications needing to communicate with the Australian Government's Standard Business Reporting (SBR) services.

LS-ATO is a fully standards compliant messaging client which makes it easy to send documents to the ATO and other agencies using AS4. It handles all the required security including certificates (MyGov M2M) and obtaining a SAML (Security Assertion Markup Language) token from the STS (Secure Token Server).


SBR2 Environment

SBR2 is a message-based system based on ebMS3/AS4 (Electronic Business Messaging System 3, Application Statement 4) and other international standards such as SAML, WS-Security, SOAP, HTTPS etc.

In practice, SBR2 is quite complex because it must meet a broad range of reporting requirements. This means that a general AS4 client can't be used. Instead, an AS4 client must be customized or specially built to meet the additional requirements of the ATO. For example:

  • ATO extensions (e.g. roles, delegations, legacy modes)
  • Multiple interaction types (e.g. synchronous, batch, bulk, batch of bulk)
  • Strong security (e.g. SAML, signing, authorisations, MyGovID M2M keystore)
  • Custom ATO formats (e.g. payloads, responses, errors)
  • Other details (e.g. network addresses, timeouts, polling, compression etc).



LS-ATO Functions

LS-ATO is a small, fast, secure and standards-compliant ebMS3/AS4 client custom-built for the ATO. The interface is a simple command line with parameters and a configuration file. This makes it very easy to configure, manage and integrate into other applications.

Business Features

  • Support for all SBR2 actions and services
  • Support for all SBR2 document types and schedules
  • Support for special SBR2 modes
    (e.g. ELS, Cloud Authentication, Gateways etc)
  • Conformance tested

Security Features

  • SAML token handling
  • Message signing and certificate validation
  • Support for AUSkey and M2M credentials
  • Support for end-to-end encryption (CMS)
  • TLS on all connections (using latest v1.2)

Integration Features

  • Runnable from any language or script
  • Support for command files and filename wildcards
  • Request meta data and SOAP information saved
  • Trigger to run a notify command on receiving response
  • Exit codes conveying most operational situations

Operational Features

  • Automatic attachment compression/decompression
  • Automatic assembly/disassembly of batch/bulk/collect files into ATO's single file format
  • Automatic polling of batch/bulk/collect interactions
  • Intelligent handling of response files and error conditions
  • Scalable to any number of payloads
  • Support for both Windows and Linux
  • Comprehensive documentation

Deployment Features

  • Easy to configure and manage - just a single executable and configuration file
  • Tiny - about 3 MB in size
  • Very fast and efficient - with minimal memory and CPU requirements
  • Standalone - with no special installation, privileges nor operating system packages
  • Proxy server support


LS-ATO consists of a standalone executable and a configuration file.

  • It is tiny (less than 3M in size) and does not require any special operating system privileges or packages to run.
  • LS-ATO runs as a simple command line tool. This makes it easy to integrate into scripts or embed into any third party application.

The release package also contains documentation and example test scripts. Examples in the documentation are included in the "test" directory. These examples are derived from the ATO's conformance test suite and work against the ATO's test environment (EVTE).