USPS to pilot cloud-based federal ID credential hub
The Postal Service is soliciting vendor proposals for cloud services that would act as hub for validating digital credentials for citizen access to government services.
USPS was tapped late last year to run a one-year pilot program for the Federal Cloud Credential Exchange, an effort under the president’s National Strategy for Trusted Identities in Cyberspace (NSTIC) to create trusted and easily managed means of authenticating identities online. FCCX would offload from agencies the current burden of managing user names and passwords used to authenticate citizens, and could spur broader agency acceptance of third-party credentials.
The RFP seeks a software-as-a-service solution that would provide access to non-government providers of ID credentials who have been approved under the Federal Identity, Credential, and Access Management (FICAM) initiative. FCCX would act as a central hub for multiple agencies authenticating credentials from multiple providers, across the full range of Levels of Assurance defined by the National Institute of Standards and Technology.
FCCX will help the government “provide a consistent approach to authentication for citizens seeking online access to individualized federal agency systems and applications,” according to the solicitation. “Customers will be able to use the existing credentials they already hold with the credential providers approved under the FICAM Trust Framework Solutions Program.”
The deadline for submitting proposals is Feb. 11.
NSTIC calls for the private sector to take the lead in developing a secure identity ecosystem to support the growing demand for online transactions, and its success requires government to be an early adopter of the technology. However, “agencies have been challenged in this to date due to technical, policy and cost barriers that have made it challenging to accept third-party credential providers,” according to the solicitation.
FCCX is an outgrowth of an October 2011 memo from Federal CIO Steven VanRoekel requiring agencies to “begin leveraging externally issued credentials, in addition to continuing to offer federally issued credentials.”
The memo cites pilot programs that have demonstrated the feasibility of the idea, including the National Institutes of Health’s PubMed site, launched in 2010 using third-party credentials for access. The site had more than 72,000 users by late 2011 and NIH estimated that it would save nearly $3 million by 2015.
FCCX would jumpstart this effort and expand it to the general public by provided a cloud-based hub using commercial services for authentication. A successful pilot could help expand markets for commercial identity tools, enable more government services to be provided online rather than in person or by paper-based mail, and allowing government to stay out of the business of providing and authenticating credentials for citizens.
The White House convened what it called the FCCX Tiger Team in April 2012, composed of representatives from agencies that have large populations of external customers accessing their applications. The team identified requirements for a federated identity system. USPS was chosen to lead the pilot because of what the agency called its “experience and capabilities managing digital privacy and security, and its ability to leverage the unique legal and enforcement resources of the Postal Inspection Service.”
The program also is seen as helping the cash-strapped Postal Service expand its digital offerings to consumers at a time when its traditional physical mail delivery service is being undermined by electronic competition.