Following delays, GSA releases RFP for governmentwide digital certificate service

After making significant revisions, the General Services Administration last month
issued a final request for proposals for a digital certificate service to be used by
agencies governmentwide.

Through the Access Certificates for Electronic Services program, GSA wants a vendor to
provide a certificate service that will make it possible for citizens to do business
electronically with agencies. The winning vendor must establish a public-key
infrastructure using commercial products.

GSA’s Federal Technology Service originally had wanted to award an ACES contract
last year, but the agency backed away from that schedule after receiving critical comments
on its draft RFP [GCN, April 27, 1998, Page 3].
FTS has been working on the project since 1997.

Despite the delays, many federal officials are tracking the project and consider it a
bellwether for other PKI applications.

“It is hoped that the ACES project can be used to evaluate the adoption of a
uniform and simple identity certificate, thus promoting interoperability among agency
implementations,” noted the recent Access With Trust report from the Office of
Management and Budget and the Government Information Technology Services Board (see
related story, above).

ACES has the potential to spur development of digital certificates and a government
PKI, said Richard Guida, the GITS Board’s security champion and chairman of its PKI
Steering Committee.

The ACES project has a catch-22, Guida said: It is tough to figure out pricing for
digital certificates when vendors do not know how many will be used or how often;
meanwhile, price will influence use.

The project is the first government effort to move beyond that
“chicken-or-the-egg” question, Guida said.

ACES is also an opportunity for vendors, he said. If it works, ACES “will result
in the issuance of hundreds of thousands to millions of certificates for real, live
applications, and that has to be good for the providers,” Guida said.

The final RFP is more flexible, he said. The draft required that agencies be charged
each time a certificate is used. Some agencies were interested in buying certificates that
could be used for unlimited time periods.

For more information about the project, go to

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.