E-Authentication reaches testing stage
- By Jason Miller
- Jul 16, 2004
Agreements on pilots to test the E-Authentication architecture should be signed soon, says Steve Timchak, project executive for the Quicksilver project.
Henrik G. de Gyor
Five agencies will receive funds to attempt nailing down a security architecture for e-government transactions.
The departments of Health and Human Services, Treasury and Veterans Affairs, and the Environmental Protection Agency and National Park Service will implement portions of the E-Authentication 1.0 architecture, released last week.
The E-Authentication executive committee has not finalized the pilots or the funding amounts, but detailed agreements should be signed soon, said Steve Timchak, project executive for the Quicksilver project, led by the General Services Administration.
The project team is testing the architecture's validation service component with the Federal Supply Service's eOffers system, which lets vendors submit and sign FSS schedule applications digitally.
Timchak said eOffers soon will accept credentials from Illinois state agencies, which will further test the architecture.
Version 1.0's guidelines tie together administration policy on authentication levels with technical guidance from the National Institute of Standards and Technology.
The architecture will let users authenticate offers through a portal, an agency transaction or a credential provider. The portal will use Security Assertion Markup Language to verify the identity of remote users.
GSA released the schema for the SAML architect profile and interface specifications for the SAML profile, as well as guidance on how SAML works with e-mail and forms software.
'This is a huge step for government and industry,' said David Temoshok, GSA's director of identity policy and management. 'We put in place an operating environment where multiple products talk to each other.'
E-Authentication will accept credentials from multiple domains. The architecture, which Timchak said is based on open standards and industry-accepted protocols, accommodates personal identification numbers, passwords and public-key infrastructure certificates.
The project team by the end of July will issue guides to help agencies implement the architecture with GSA-approved commercial products.
'We spent a lot of effort with HHS, Agriculture and the National Science Foundation on how to implement the products,' Temoshok said. 'The how-to guides will provide a step-by-step process, but agencies still will need considerable support.'
Timchak said there only are five approved products now, but 14 other vendors have submitted software for compliance testing.
The project team also is working with the Employee Express portal, which is run by the Office of Personnel Management, to let 1.2 million feds initiate electronic processing of their discretionary personnel-payroll transactions.