E-Authentication pilot set for fall'no IT plan yet

The General Services Administration's E-Authentication Joint Program Management Office is preparing to fire up a pilot Sept. 30, but it doesn't yet know exactly how the system is going to work.

Project leaders last week said they plan to issue a request for information early next month. The RFI will cover everything from how to set interagency security policies to raising funds for a full-scale system.

'We're working on a very accelerated schedule, and we're being driven by an accelerated schedule' set by the Office of Management and Budget, said David Temoshok, GSA's public-key infrastructure policy manager and a member of the project team.

GSA and OMB officials said they will identify technical problems during the pilot to prepare for opening a full-service authentication gateway by September 2003.

GSA is testing security requirements for each of the 24 OMB e-government initiatives because not all will require the same degree of authentication, said Steve Timchak, E-Authentication program manager.

GSA still hasn't decided which four of the e-government initiatives will take part in the pilot, but Timchak said E-Training and E-Travel would definitely participate.

Ed Hugler, project manager for the Labor Department's GovBenefits portal and deputy assistant secretary for operations, and John Crandell, manager of the Office of Personnel Management's E-Clearance project, have said they expect to take part in the pilot.

GSA is requiring agencies to set their own security policies for e-government applications. The E-Authentication gateway would check the identities of people who want to use the various applications against a database of the agencies' security rules.

Mitretek Systems Inc., a nonprofit research and systems engineering organization in Falls Church, Va., is developing an architecture for the pilot that might not carry over to the full project.

'If you don't start someplace, you're never going to get to that picture,' Temoshok said.
The pilot will support several authentication methods. Besides testing the level of security needed for each project, GSA wants to give entities that do business with the government the option of smart-card or biometric verification.

Although the 19 agencies involved in OMB-tapped e-government initiatives are all adopting some type of PKI or security architecture for online transactions, many are still erecting stovepipes, said Mark Forman, OMB's associate director for IT and e-government.

Security barrier

The barrier to e-government 'is not having security in place,' he said. 'All agencies will get access to [E-Authentication], not just the 24 initiatives.'

And the funds are going to come out of the participants' budgets. 'We're going to have to retool the investment that agencies are making,' Forman said.

The $2 million pilot draws on the administration's $100 million e-government fund, but the full-scale project has no funding yet.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above