GSA Team prepares to test authentication gateway

Photo Courtesy of Washington's Information Services Department

GSA might build a centralized portal similar to Transact Washington, says Scott Bream, manager of the state gateway.

The General Services Administration is building a prototype gateway to authenticate transactions for agencies' e-government programs.

The E-Authentication project underpins all of the Office of Management and Budget's e-government initiatives.

GSA plans to begin a pilot of the gateway in September.

The bulk of the agencies developing initiatives under the OMB e-government umbrella need to launch their e-government portals before the security infrastructure can be layered on top, said David Temoshok, GSA's senior public-key infrastructure policy analyst and spokesman for the Federal Bridge Certification Authority.

E-Authentication will 'consummate the business process,' he said. 'We want to have common solution sets that are going to address the needs of all those 24 initiatives.'

GSA next month will select four of the initiatives for the pilot: two from the government-to-government category and two from the efficiency category, said Mary Mitchell, program executive for e-government policy at GSA.

'I don't think we need every initiative to declare success' before E-Authentication can proceed, Mitchell said.

After starting the pilot with four participants, GSA will ramp up the other projects through September of next year, when E-Authentication would become fully operational.

GSA will choose the four pilot initiatives based on their readiness, information flow and authentication needs.

'We've identified four that look like they're ready,' Mitchell said. 'We hope to have two of them that are really ready to put a couple of applications online.'

Labor gets a go?

Two project leaders told GCN they are confident that their projects will be among the four chosen.

One is the GovBenefits project at the Labor Department. 'We plan to participate' using GSA's Access Certificates for Electronic Services program, said Ed Hugler, project manager for GovBenefits and deputy assistant secretary for operations.

But Hugler's project falls in the government-to-citizen category, not in the G-to-G or efficiency categories. The govbenefits.gov site, which consolidates access to federal benefits through a single portal, came online earlier this month and had its official launch this week.

The other project whose chief wants to be a pilot member? The Office of Personnel Management's E-Clearance.

John Crandell, project manager for the OPM initiative and chief of oversight and technical assistance for OPM's Investigations Service, said his E-Clearance would likely participate in the pilot.

The reason, he said, is that the e-Quip electronic questionnaire for investigations processing is already being beta-tested by the Drug Enforcement Administration and the Immigration and Naturalization Service.

E-Clearance will be ready by June, Crandell said. The project's online questionnaire will replace SF 86, the form people must complete to precipitate the federal security clearance process, Crandell said.

'I volunteered because [the questionnaire] was being beta-tested,' he said, adding that his initiative is further along than others are.

Crandell, like Hugler, said he expects the pilot ultimately will include one project from each of the four project areas: G-to-G, efficiency'mentioned above'plus the government-to-business and G-to-C categories.

GSA has $2 million, allotted by OMB from the $100 million e-government fund, available for the first year of the E-Authentication pilot.

'We're delighted to get some funding,' Mitchell said. 'This is just a down payment.'

GSA will spend $1.1 million to develop the prototype gateway software, $500,000 for setting requirements and doing risk analyses of projects using the gateway, and $400,000 for independent validation.

Did the research

The E-Authentication team based its cost breakdown on experiences of other organizations, both public and private, that have created similar gateways.

More funds will be provided as needed by other agencies' discretionary budgets, said Lee Holcomb, NASA CIO and a member of the CIO Council's Architecture and Infrastructure Committee. He said the committee meets monthly with GSA to discuss E-Authentication.

'Each of the initiatives will require some degree of authentication,' Temoshok said, so it makes sense for them all to contribute to the project.

Although public-key infrastructure will not be the only means of authentication, GSA has not selected any other methods for securing less-sensitive transactions.

'PKI and digital certificates are certainly necessary tools,' Temoshok said. If PKI or biometric identification plus PKI is overkill, 'a personal identification number and passcode are sufficient,' he said. 'We don't want to have 24 different forms of authentication for citizens and businesses. We want just a couple.'

He said agencies could choose other means of authentication such as smart cards to validate identity for specific G-to-G functions.

The federal bridge authority will oversee the interoperability of digital certificates issued by federal and state agencies for the gateway, GSA's Mitchell said.

Holcomb said GSA must decide who is responsible for guarding personal information passing through the gateway.

'Where it's controlled and where it lives are thorny issues in the privacy space,' Mitchell said.

For online transactions involving credit cards, the card issuers assume the risk of theft or misuse, Holcomb pointed out. Similarly, 'citizens will want evidence that the government is providing adequate security,' and they are going to have higher expectations when dealing with the government, he said.

GSA has not figured out who will maintain the personal information or which agency might help with archiving data. 'We're not that far along,' Temoshok said.

But he said he expects the authentication gateway to work like those of the United Kingdom, the government of Canada and the state of Washington.

Washington's way

Washington's PKI program manager, Scott Bream, said he met with GSA in February and 'talked about the benefits and that [the state gateway] checked certificates at the door and then let clients visit multiple sites unchallenged.'

Bream said GSA officials are looking for a centralized portal similar to Transact Washington, which checks digital certificates from various agencies yet preserves their applications' autonomy.

The Washington portal's underlying software is IBM Tivoli Policy Director.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above