Federal e-government projects ultimately will be only as good as their authentication—the guarantee that users and transactions are secure.
For the Office of Management and Budget’s Quicksilver initiatives, the guarantor is the E-Authentication Gateway, which is entering the last stages of development.
Project manager Stephen Timchak said he expects the General Services Administration to solicit bids for a production version of the gateway this fall and establish full operations by March.
The gateway, which began initial operation last fall, provides the 24 other Quicksilver initiatives a common path for authenticating users of online government applications. [IMGCAP(2)] Agencies that supply electronic services to citizens, contractors and other agencies need servers on the back end to recognize who is accessing the applications from the front end. This requires authentication—a system for verifying the identifying credentials. They can be simple passwords or personal identification numbers, or digital certificates stored on tokens, hard drives or browsers.
“There is typically a 1-to-1 relationship between the credential and the application it’s designed for,” Timchak said.
As the number of applications grows, managing individual credentials becomes burdensome, for both users and owners of the applications. So GSA is working to break that 1-to-1 ratio and get government out of the business of issuing and managing credentials.
“To the maximum extent possible, we want citizens to use credentials that have been issued by the private sector,” Timchak said. One credential should be acceptable to multiple applications.
Stop to pay the toll
To make this a reality, the E-Authentication Gateway will act as a central clearinghouse for credentials submitted online to e-government applications. [IMGCAP(3)] Adrian Fish, deputy e-authentication program director at GSA, said the gateway is only one piece of the authentication puzzle. Agencies must have policies for application use, risk levels have to be assessed for each type of transaction, and assurance levels have to be assigned to each type of credential being evaluated.
In designing the gateway, the technology came last, Timchak said.
“Everybody thinks it’s about technology, and it’s not,” he said. “The key to making it successful is cross-agency collaboration.”
But that doesn’t mean that a lot of thought has not gone into the technology.
“The technology is a challenge because it is all proprietary,” Timchak said. “There is no standards-based interoperability.”
Work on the gateway began in February 2001, when the E-Authentication Program Management Office got together with OMB’s e-government leaders to establish a mission and set of goals. The E-Authentication Gateway had an advantage over similar projects because it has a built-in customer base, Timchak said.
Digg
De.licio.us
Slashdot
Technorati
