Contract for free credentials and digital certificates designed to encourage public to use online services
For the past four years, the promise of E-Government has hinged on the ability of users to authenticate themselves to systems. Without a trusted federation to exchange security information over the Internet, E-Government applications are nothing more than consolidated Web sites.
Many times since the Office of Management and Budget launched the 25 E-Government initiatives in 2001 and assigned the E-Authentication project to the General Services Administration, experts have said the government has put the horse before the cart—having vendors or agencies offer credentials without systems ready to use them.
First things first
But it seems the horse and the cart are finally in order. GSA late last year awarded a contract to Operational Research Consultants Inc. of Fairfax, Va., to become the first commercial provider of Level 1 or Level 2 Security Assertion Markup Language 1.0 credentials. The contract, along with at least four agency applications prepared to accept the credentials from the public, makes E-Government more of a reality than ever.
“This is part of the evolution of E-Authentication,” said Steve Timchak, the former GSA E-Authentication project executive, who retired this month. “This is no longer a concept. It is working and growing, and that is the important thing.”
Under the contract, for which GSA paid $900,000, ORC will provide up to 250,000 credentials to the public at no cost.
SAML 1.0-compliant Level 1 and 2 means that users will receive a user name and a password that is at least eight characters long, can be upper and lower case, and uses special characters.
“GSA is priming the pump,” said Daniel Turissini, president and chief executive officer of ORC. Once a handful of credentials are out there, he added, and “a lot of people [are] providing or getting these services across multiple applications, we will see a lot more movement in the credentialing and public-key infrastructure environment.”
OMB tried to jump-start the process in the fiscal 2005 budget by requiring all agencies to have at least one application using e-authentication services last year and one in 2006. An OMB official said 11 agencies met the requirement by December and more are working on it. Overall nine applications use e-authentication services, the official added.
Digg
De.licio.us
Slashdot
Technorati
