Government's credential exchange to go live soon
- By William Jackson
- Apr 09, 2014
One of the goals of the National Strategy for Trusted Identities in Cyberspace (NSTIC) is for agencies to be early adopters of the identity ecosystem being developed.
The 2011 plan envisioned building an “online environment where individuals and organizations will be able to trust each other because they follow agreed-upon standards to obtain and authenticate their digital identities—and the digital identities of devices. The Federal Cloud Credential Exchange (FCCX) is a big part of that effort, said Jeremy Grant, NIST’s senior executive advisor for identity management, and it is expected to begin operations this spring.
FCCX, hosted by the U.S. Postal Service, will be a federated identity management hub to let participating agencies accept online credentials issued by trusted third parties.
This would relieve agencies of the burden of managing credentials and allow citizens to login for government services using tokens or digital keys issued by third parties. USPS last summer selected SecureKey Technologies to provide the cloud-based platform for the pilot program.
The infrastructure provided by FCCX is only one element in enabling interoperable identity and access management governmentwide, however. Another key piece is standardized credentials.
The Postal Service, along with the General Services Administration and the National Institute of Standards and Technology, is addressing the issue of standardized identity solutions with a governmentwide contract for authentication and attribute validation services. A Request for Proposals has been issued by GSA for a limited quantity of authentication services to support the first phase of the FCCX pilot.
“This model shifts the government’s acquisition focus to what it needs: services that provide authentication and attributes,” officials from GSA, NIST and USPS said in a prepared statement. “Credentials are of course a necessary element of these services – but that fact alone does not mean the government should embrace a model where it pays for citizen credential issuance.”
William Jackson is freelance writer and the author of the CyberEye blog.