Agencies ramp up use of E-Authentication
- By Jason Miller
- Mar 12, 2005
The General Services Administration's E-Authentication initiative has overcome turbulent beginnings and is setting standards for electronic credential holders in both the public and private sectors.
With the implementation of th E-Authentication guidance, agencies and vendors have a common way to assess risk and a standard set of business rules to validate digital certificates.
The E-Authentication program involves adopting the four assurance levels and two types of authentication'identity and attribute'as well as the system to assess the risks.
Through the E-Authentication Partnership, more than 50 IT companies and federal agencies have agreed to Version 1 of the National Identity Trust Framework. The group, which includes companies such as Entrust Corp. of Dallas, Microsoft Corp., RSA Security Inc. of Bedford, Mass., and VeriSign Inc. of Mountain View, Calif., published the first draft version of the framework earlier this year.
'We were very interested in making sure the government wasn't going too far out in front or being inconsistent with the direction of industry,' said David Temoshok, GSA's director of identity policy and management and former vice chairman of the partnership. 'The trust framework reaffirms what we are doing. Just doing e-authentication was a lot, but it was much more in the interest of the public to make sure, as we move forward in this new arena, that we walk in step with industry.'
The recent success of E-Authentication, one of the 25 Quicksilver e-government projects, represents major progress for the initiative, which struggled to gain a foothold in 2003.
After working for a year to develop a centralized gateway for the project, GSA's project team in 2003 had to scrap its plans after the Government Accountability Office and numerous vendors said developing interoperability with commercial products was too difficult.
Now, GSA is developing a federated model that depends on third-party credential providers to validate transactions between agencies and the public.
Temoshok said the standard will increase the number of government services and products available, reduce their cost and accelerate the delivery of authentication systems.
'We are very encouraged by this partnership and framework, because it will facilitate how identification management gets organized across the government and commercial sectors,' he said.
The business rules for how one organization trusts a credential issued by another organization is one of the most significant parts of the agreement. Without the common procedures, citizens or federal workers would have to obtain a separate certificate for each transaction.
'We are all talking about the same thing, which is what makes the portability of the certifications happen,' said Keith Thurston, GSA's deputy associate administrator for e-government and technology. 'The common thing that connects all of us is identity-proofing. This is a common way to describe a reliable identity proof.'