Internaut: To keep up with PKI, agencies need XML, and vice versa

Shawn P. McCarthy

It's a daunting task to get multiple federal agencies to agree on an Extensible Markup Language standard for data sharing.

A GCN reader responded to my Jan. 27 column, saying that XML use is advancing the need for public-key infrastructures on government networks. In turn, PKI requires interoperability and standardization in data exchange, so that security can be maintained. So, the reader speculated, PKI might be the catalyst that will push agencies to a general government XML standard.

If he's right, agencies' XML schemas for their business functions must keep step with any broad PKI implementation, such as the General Services Administration's online certificate authentication gateway.

If they ignore the broader initiatives, agencies risk establishing isolated instances of data sharing that cannot plug into e-government.

An e-government enterprise guidance document posted last year, at www.cio.gov/documents/E-Gov_Guidance_July_25_Final_Draft_2_0a.pdf, warned that federal lines of business not only need to be standardized for agencies themselves but also for interactions with state and local governments and industry. The CIO Council has recommended that all e-gov initiatives define an approach for using XML.

PKI infrastructures encrypt, apply digital signatures, authenticate users and control access. They let organizations secure transactions over nonsecure networks. The most common PKI application today is online banking, but it can also secure interagency data exchanges.

The sticking point is the way agencies plan to share data after their users are authenticated. Unless they hammer out a governmentwide XML standard, they will be forced to roll their own solutions for each instance of data sharing.

PKI does indeed seem like a driving force to make agencies use XML. Network administrators who want to participate in broad XML and PKI efforts can find more information at these sites:

The Federal PKI Deployment Workshop, cosponsored by the Federal PKI Policy Authority and the National Institute of Standards and Technology, will take place March 12 and 13 in Arlington, Va. Call 410-684-6520 for details.

Shawn P. McCarthy can be reached at < a="" href="mailto:[email protected]">[email protected]

About the Author

Shawn McCarthy, a former writer for GCN, is senior analyst and program manager for government IT opportunities at IDC.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected