Internaut: To keep up with PKI, agencies need XML, and vice versa
Shawn P. McCarthy
It's a daunting task to get multiple federal agencies to agree on an Extensible Markup Language standard for data sharing.
A GCN reader responded to my Jan. 27 column, saying that XML use is advancing the need for public-key infrastructures on government networks. In turn, PKI requires interoperability and standardization in data exchange, so that security can be maintained. So, the reader speculated, PKI might be the catalyst that will push agencies to a general government XML standard.
If he's right, agencies' XML schemas for their business functions must keep step with any broad PKI implementation, such as the General Services Administration's online certificate authentication gateway.
If they ignore the broader initiatives, agencies risk establishing isolated instances of data sharing that cannot plug into e-government.
An e-government enterprise guidance document posted last year, at www.cio.gov/documents/E-Gov_Guidance_July_25_Final_Draft_2_0a.pdf
, warned that federal lines of business not only need to be standardized for agencies themselves but also for interactions with state and local governments and industry. The CIO Council has recommended that all e-gov initiatives define an approach for using XML.
PKI infrastructures encrypt, apply digital signatures, authenticate users and control access. They let organizations secure transactions over nonsecure networks. The most common PKI application today is online banking, but it can also secure interagency data exchanges.
The sticking point is the way agencies plan to share data after their users are authenticated. Unless they hammer out a governmentwide XML standard, they will be forced to roll their own solutions for each instance of data sharing.
PKI does indeed seem like a driving force to make agencies use XML. Network administrators who want to participate in broad XML and PKI efforts can find more information at these sites:
The Federal PKI Deployment Workshop, cosponsored by the Federal PKI Policy Authority and the National Institute of Standards and Technology, will take place March 12 and 13 in Arlington, Va. Call 410-684-6520 for details.Shawn P. McCarthy can be reached at < a="" href="mailto:email@example.com">firstname.lastname@example.org.