CoFFEE-MRR. Conflict of interest

Information consultation on those authorised to consult/carry out conflict of interest analyses with the AEAT system

The service allows verifying whether a person has been authorised in CoFFEE to carry out tasks related to the conflict-of-interest analysis using the MINERVA tool provided by the State Tax Administration Agency [Agencia Estatal de Administración Tributaria].

The service will be activated exclusively from the Tax Information Technology Department (DIT) systems each time a person intends to use MINERVA's facilities, to ensure that they have the authorised permissions from CoFFEE. The two systems communicate over a channel that guarantee authenticity, confidentiality, availability, and information conservation.

The service is provided through mechanisms established by the budgetary administration. This requires administrative and technical tasks to ensure operators are legitimate and that the service can be maintained in the future.

To attain interoperability between a client application outside of the Budgetary Informatics Office's scope and the CoFFEE-MRR web service, you must complete the following steps:

• Please request access to the web service by following the procedure outlined on the web services catalogue page of the Virtual Office of the Budget Administration. Specifically, refer to the document “Procedimiento de solicitud de acceso de entidades externas a los servicios WEB corporativos de la Oficina de Informática Presupuestaria” [“Procedure for requesting access for external entities to the corporate WEB services of the Office of Budget Informatics”] published on the page. During the registration process, we will provide information on both the technical contact for resolving technical issues and the mechanism for connecting to our services (the certificate used for secure connections).
• Internally, approval will be sought from the Head of Operations of CoFFEE-MRR, who will verify the legitimacy of the intended exchange.
• During the process, an application identifier (WS_CODE) and a user code (USER_CODE) will be assigned for use in exchanging information with the service (see below).

The entry point is shared for this, and other web services provided by the Budget Informatics Office and is called WSSAccess. This entry point will direct requests to the appropriate service (in this case, CoFFEE - Conflict of Interest) identified by its WS_CODE.

PREPRODUCCIÓN
https://webpubpre.igae.hacienda.gob.es/WSSAccesoAdmonPresupuestaria/services/WSSAcceso?idAplicacion=<WS_CODE>&idUsuario=<USER_CODE>

PRODUCCIÓN
https://webpub4.igae.hacienda.gob.es/WSSAccesoAdmonPresupuestaria/services/WSSAcceso?idAplicacion=<WS_CODE>&idUsuario=<USER_CODE>

WS_CODE is the web service code that enables WSSAccess to distinguish the web service for which the request is made.

USER_CODE is the service account code allocated to the client application that will interact with the web service. Therefore, internally CoFFEE will be able to verify, integrated with its security system, that the service is only accessed for the intended functions.

An HTTP GET verb containing these parameters will be used to invoke the access point. The message body shall contain the SOAP message.

Compliance with the WS-Security standard for Web services is ensured by the Access Point. Requests must be electronically signed with the organisation’s stamp to which the client application invoking the web service belongs, and responses will be stamped with the electronic seal of the Budget Informatics Office.

The CoFFEE web service is described in the following attachment: coffeemrrci.wsdl

An example of a request that adheres to the provided WSDL would be:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ci="http://coffeemrrci">
  <soapenv:Header/>
  <soapenv:Body>
    <ci:ConsultaConflictoInteresRequest>
     <ci:NIF>96084666G</ci:NIF>
    </ci:ConsultaConflictoInteresRequest>
  </soapenv:Body>
</soapenv:Envelope>

When following WS-Security, the client must include the security information required by the standard as an element of in the message.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ci="http://coffeemrrci">
  <soapenv:Header>   
        
   <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1">      
   
   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2">
        ...      
   
   </ds:Signature>
      <wsu:Timestamp   xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1">
        ...      
   
   </wsu:Timestamp>      
    
   </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
    <ci:ConsultaConflictoInteresRequest>
      <ci:NIF>96084666G</ci:NIF>
    </ci:ConsultaConflictoInteresRequest>
  </soapenv:Body>
</soapenv:Envelope>

In particular, the signed part is the Body of the SOAP message.

A possible response from the service would be

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header>      
     <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1">      
      <ds:Signature  xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2">
        ...      
   </ds:Signature>
      <wsu:Timestamp  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1">
        ...      
   </wsu:Timestamp>      
   </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
    <ci:ConsultaConflictoInteresResponse xmlns:ci="http://coffeemrrci>
      <ci:Operacion>
        <ci:Codigo>MRR$xxxxxx</ci:Codigo>
        <ci:TipoAcceso>TOTAL</ci:TipoAcceso>
      </ci:Operacion>
      <ci:Operacion>
        <ci:Codigo>MRR$yyyyyyy</ci:Codigo>
        <ci:TipoAcceso>CONSULTA</ci:TipoAcceso>
      </ci:Operacion>
    </ci:ConsultaConflictoInteresResponse>
  </soapenv:Body>
</soapenv:Envelope>