DOD tests single sign-on system for paperless contracting
- By Jason Miller
- May 23, 2002
The Defense Department this summer will test a one-stop security sign-in for its paperless contracting environment.
Should the single point of entry prove effective, DOD could offer the service departmentwide or even governmentwide, E-Business Program Office officials said.
But before the program office starts signing up the rest of DOD to use the Electronic Portal Access Service, or EPASS, the pilot team must first ensure the system is secure enough to manage user access.
'We will do a small rollout to prove it works,' said Dan Deitz, EPASS program manager. 'There are a lot of people who are interested, but we are not exactly sure with which departments it will start.'Software combination
The single sign-on system is beyond the proof-of-concept stage and ready for testing by DOD employees, said Evelyn DePalma, former head of the DOD e-business team. She spoke about EPASS at this month's Association for Federal IRM luncheon in Washington.
The system will use a combination of commercial and government software to provide DOD contracting personnel and vendors with Web access to the Electronic Document Access site. EDA is an online storage and retrieval site for contracting and financial documents.
DOD in September finished testing a prototype in a research lab, Deitz said.
Users of EPASS will sign on through Siteminder from Netegrity Inc. of Waltham, Mass. It will check for public-key infrastructure certificates from the DOD PKI authority and the external certification authority. If users are not enrolled in either PKI program, they will be asked to provide a user name and password for identification.
Once a user is approved, he or she must sign up for document access through Enrole from Access360 of Irvine, Calif. The system stores user data in an Oracle8i database.
'The first time a user requests access, the request will go to the inbox of an authorizing agent who would approve or disapprove access,' Deitz said. 'The next time they sign on, they only will be challenged by Siteminder, and then pick up their Web session to go from one application area to the next.'
The front end of the system will let users register through a graphical user interface, created in-house in Java2 Enterprise Edition using Java Server Pages.
If the pilot is successful, Deitz said, DOD will gradually expand the system. 'The project was developed with an enterprise approach in mind,' DePalma said. 'Once we create the security front end, we could offer it to others.'Legacy systems
DePalma said DOD also is looking at other ways for disparate legacy systems to interact through the Defense Electronic Business Exchange system. DOD and vendors use DEBX to provide translation, routing and archiving services through electronic data interchange. DEBX removes the need to keep re-entering data for different systems.
Lien Dinh, an engineer for EPASS who is familiar with DEBX, said the Defense Logistics Agency is considering using Extensible Markup Language to exchange information.
'It is more flexible than EDI and easier for the user,' De-Palma said. 'We are expanding the system so others can use it. Right now the main users are the logistics, transportation and financial communities within DOD.'