Central authentication gateway plan is history
- By Jason Miller
- Oct 23, 2003
'E-Authentication is moving in a new technical direction that is not centered around the development of a gateway.'
'OMB's Karen Evans
The administration is scrapping plans for a centralized E-Authentication gateway, which has been touted as a cornerstone of e-government.
'E-Authentication is moving in a new technical direction that is not centered around the development of a gateway,' said Karen Evans, the Office of Management and Budget's administrator for e-government and IT.
The decision follows the release of a scathing General Accounting Office report and inquiries from lawmakers.
Evans would not offer more information about the new direction the government's authentication efforts will take.
Meanwhile, the General Services Administration, the project's leader, has come under fire from lawmakers, who want explanations about why the Quicksilver project is not moving forward.
Rep. Tom Davis (R-Va.) recently asked GSA whether the project would be completed by March, as planned, and if a delay in the gateway's fielding would have a domino effect on the other 24 Quicksilver e-government initiatives.
In a letter to GSA administrator Stephen Perry earlier this month, the chairman of the House Government Reform Committee requested a briefing on GSA's efforts to address the E-Authentication problems detailed in the GAO report done for Davis.
'According to GAO, essential activities, such as developing authentication profiles for the other 24 initiatives, have not been completed,' Davis said. 'GSA also eliminated a step in the acquisition process to award a new contract for the operational systems. This action could mean the GSA will miss an opportunity to explore other potential solutions for designing the gateway.'
GAO reported that GSA has reached few of its policy, procurement and technology objectives for E-Authentication, which OMB has touted as the central cog for e-government.
'The modest progress achieved to date calls into question the likelihood that the project can successfully field an operational gateway, even within the revised schedule,' noted the report, Electronic Government: Planned E-Authentication Gateway Faces Formidable Development Challenges.
GSA expected to finish the gateway last month, but OMB extended the deadline to March. That deadline now might be irrelevant given the changes planned for federal authentication.
GSA would not comment on the letter from Davis.
'The letter arrived Oct. 17. It would be inappropriate to comment until administrator Perry has responded, which he will do in a timely manner,' GSA spokeswoman Viki Reath said.
Davis said his chief concerns stem from GAO's finding that GSA's project schedule is unrealistic.
The auditors said GSA must:
- Establish policies for consistency and interoperability among different authentication systems and develop technical standards.
- Finish defining user authentication requirements for the 24 other e-government projects. GSA said 12 have been completed.
- Deal with funding, security and privacy problems.
GAO is troubled by the project's progress, said John de Ferrari, an assistant director in GAO's Office of Information Management Issues. 'Our biggest concern is with the amount of work that needs to be done to make the gateway really work. The idea of doing it extremely quickly in a matter of months seems to be unrealistic.'
GAO does not believe the development work has been mishandled, but GSA should take the time necessary, de Ferrari said. Developing policy and achieving interoperability are GSA's main hurdles, he said.No time to customize
'Commercial authentication products are not interoperable, and that will take time to solve,' de Ferrari said. 'You can't expect to have an efficient system with all 24 initiatives needing unique interfaces.'
GAO said one way to tackle the interoperability issue would be to develop an application programming interface based on open, nonproprietary standards to connect agency apps to the gateway.
GSA officials told GAO they drafted a technical guidance document to encourage the use of the Security Assertions Markup Language as a standard to connect to the gateway. But GSA has not issued the guidance yet, GAO said.
In his response to a draft of the GAO report, Perry said, 'GSA is pleased with its progress but realizes there is a long way to go to achieve the vision that the President's Management Council approved for this initiative.'