|
APPLICANT SYSTEM-TO-SYSTEM FAQs
What are the prerequisites for using the S2S interface?
Where do I find documentation for creating a system-to-system application?
Can I use a self-signed certificate?
What is a certificate? How is it related to an AOR?
What steps should I follow for the certificate/authorization process?
Where do I get a certificate? What kind of certificate do I need?
What security controls are used to prevent loss of data to outside entities?
I need to get my public certificate registered with Grants.gov. What information do I need to provide to Grants.gov to ensure registration?
What do I need to do to ensure that my organization's certificate has been setup in the Grants.gov acceptance testing environment?
What assistance is available for S2S developers from Grants.gov?
Is there a sample S2S client that I can use as an example as I build my own application? How is Web Services Security Implemented by Grants.gov? How can I track the status of my application submission?
What are the prerequisites for using the S2S interface?
The S2S interface is intended to be used by organizations that have an existing grants management system (which does not use the application forms provided by Grants.gov), and yet want to submit applications directly from that system to Grants.gov. Integrating your system with Grants.gov can take a significant amount of effort. Factors to consider when determining if you should use the S2S interface include the following:
- Application volume: Using the S2S interface might not be cost effective if you are submitting less than 100 applications per year.
- Technical capacity: Your organization must have the technical capacity to develop to and integrate with the S2S interface. This includes having a technical staff member familiar with Web Services technology, XML, and SOAP with Attachments.
- Knowledge of the Grants.gov forms and submission process: Your organization must be familiar with the flow of applications processed through the graphical user interface (GUI), since the S2S interface works with the same process. Using a third-party system that has already been integrated with Grants.gov requires substantially less effort. Some knowledge of system configuration and the role of digital certificates for S2S authentication is required.
Where do I find documentation for creating a system-to-system application?
This documentation can be found on the Applicant System-to-System page. Can I use a self-signed certificate?
No, only certificates from a recognized certificate authority can be used. Self-signed certificates are too difficult to set up and maintain. What is a certificate? How is it related to an AOR?
A certificate is digitally signed information that allows the Grants.gov system to identify your system and securely exchange information with it. Just as GUI users provide a user ID and password to identify themselves, S2S clients use a certificate (rather than storing user ID's and passwords in code). The primary difference between the two methods is that certificates identify your system but may or may not identify the individual user, i.e. an Authorized Organization Representative (AOR). Your system is responsible for ensuring that only AORs can submit applications. Associating your certificate with an AOR is part of the registration process for S2S users. What steps should I follow for the certificate/authorization process? Where do I get a certificate? What kind of certificate do I need?
If you are using a third-party grants application system, your service provider can supply a certificate. You can also get certificates from a recognized certificate authority such as Comodo, DigiCert, Entrust, GoDaddy, Incommon, Verisign, and Thawte. You will need a 1024 or 2048 bit RSA SSL certificate. The
Applicant Web Services Security document provides detailed information on obtaining and using certificates. What security controls are used to prevent loss of data to outside entities?
Grants.gov uses the SSL protocol with mutual authentication to provide a secure communication channel between your system and Grants.gov. I need to get my certificate registered with Grants.gov. What information do I need to provide to Grants.gov to ensure registration?
Provide the Grants.gov PMO the following information in a Certificate Request Form. - Certificate Serial Number
- Expiration Date
- Organizational DUNS
- Organization Name
- Environment to which certificate will be installed (Production or Training)
- Email address associated with certificate
- Your contact information
What do I need to do to ensure that my organization's certificate is setup in the Grants.gov Production and/or Acceptance Testing (AT) environment?
You will need to complete and submit the Certificate Request Form. Normally, certificates are installed within a few business days but may take up to one week after the certificate request form is received to be installed. You will receive a notification email confirming that your certificate has been installed from the Grants.gov Program Management Office (PMO).
Please remember to keep track of your certificate expiration date, since Grants.gov does not maintain your organization’s certificate expiration information. What assistance is available for S2S developers from Grants.gov?
Grants.gov provides limited support to S2S developers. Please see the documentation for information on contacting Grants.gov for support. Is there a sample S2S client that I can use as an example as I build my own application?
Yes, a reference implementation is available for developers to give them a head start in the development process. The reference implementation was developed using the Java programming language and MySQL database. The full source code is available at:
ApplicantWebServices . How is Web Services Security Implemented by Grants.gov? Grants.gov uses Secure Socket Layer (SSL) and mutual authentication for managing the security of a message transmission over the Internet. Grants.gov requires both server-side and client-side authentication. Web Services needs to be implemented securely; i.e., the data transferred over the Web Service needs to be safe from interception, tampering and unauthorized access. Please refer to the Grants.gov
Applicant Web Services Security document for in-depth information on security. How can I track the status of my application submission? Once Grants.gov has received your submission, Grants.gov will send email messages (to email address associated with S2S certificate) to advise you of the progress of your application through the system. These email messages will contain a tracking number that you may use to track the status of that submission. To check the status of your application(s), anytime after submission, use the " Track My Application" feature available from the left hand navigation.
|
