To improve the public's access to government services and information and to tighten the security of unclassified government information systems, the federal government must work in partnership with the private sector to design and build a public-key infrastructure (PKI), according to a report being prepared by the National Partnership for Reinventing Government.
PKI, a framework of technology and policy regarding the use of digital signatures, will be a foundation to support trusted communication among federal government agencies and between those agencies and the private sector, according to a draft version of the report "Access With Trust." This security framework is vital to the creation of online loan applications, electronic voting and tax filing, according to the report.
PKI will provide four basic security services: authentication, data integrity, nonrepudiation (verification that an electronic message has been sent) and confidentiality. It will be designed not with a "government-only approach" but as part of the evolving private-sector PKI being built using commercial products. For the needs of federal customers, PKI must be secure, reliable, flexible and cost-effective and must provide a level of assurance based on the requirements of each application while ensuring proper privacy protection, the report noted.
"A critical goal in developing PKI is ensuring that it meets the needs of its users without undue complexity or cost," according to the report. "This is no small matter because potential users represent a broad spectrum, ranging from those who need a modest level of security and cannot tolerate substantial expense for that purpose, to those who need much higher levels of security and are willing to incur the expenses associated with having those services."
To launch the development of PKI, the report calls for the federal government to:
* Identify its own business requirements and the requirements of its customers.
* Prepare and implement appropriate standards in cooperation with industry.
* Articulate sound business practices governing agency use of PKI.
* Conduct pilot demonstration projects to explore the ways in which public-key technology can enhance agency operations and promote interactions with citizens and companies.
Digg
De.licio.us
Slashdot
Technorati
