GSA urges use of PKI bridge

Having agencies join the Federal Bridget Certificate Authority is 'an affirmation of what we've done.'

'Judith Spencer, Chairwoman of the Federal PKI Steering Committee

Every agency with a public-key infrastructure will likely join the Federal Bridge Certification Authority'eventually, said Judith Spencer, chairwoman of the General Services Administration's Federal PKI Steering Committee.

Joining the authority is something agencies should strive toward, she said. 'It's an affirmation of what we've done.'

And the ranks of the group are growing from within the federal government and elsewhere. In addition to the Agriculture Department's National Finance Center, the Defense and Treasury departments, and NASA, two states, Illinois and Kansas, are planning to join.

But agencies face some hurdles before becoming part of the Bridge.

Arthur Purcell, senior computer scientist at the Patent and Trademark Office, about a year ago began technical feasibility testing on the agency's two-year-old closed-system PKI to see if it could join.

As its own certificate authority, PTO has issued 13,000 digital certificates to patent attorneys and inventors. Now, Purcell is looking forward to opening the agency's doors to more international commerce.

'The patent business is heavily international,' Purcell said. 'It's the director's vision that in the 21st century plan, it would be a single international practice of some sort.'

On the bandwagon

Though PTO has a PKI incorporated into its enterprise architecture, migrating to another certificate authority and eventually to the bridge is difficult.

'How to do this is one of the great joys of IT,' Purcell said. 'PTO is changing and wants to be part' of the administration's e-government initiatives.

Purcell will likely adapt the Agriculture Department's National Finance Center's PKI to PTO.
NFC project manager Kathy Sharp said the agency's PKI has worked in tests with the E-Authentication project, the security gateway for the Office of Management and Budget's Quicksilver projects.

Getting the members of the bridge to work with the E-Authentication project is an important step. GSA officials are discussing how to connect the bridge and E-Authentication gateway with OMB officials.

For agencies securing transactions with digital certificates, the Federal Bridge Certification Authority will link PKI trusted domains.

'The gateway will interface with the bridge and validate PKI credentials,' said Steve Timchak, program executive for E-Authentication in GSA's Office of Governmentwide Policy.

A visitor goes through the governmentwide FirstGov portal or to an application via an agency's Web site and presents some form of credential to use an agency initiative. That information would pass back to the gateway for validation, he said.

Digital certificates would go through the Federal Bridge to a certification authority for validation.
The Federal Bridge follows the international X.500 Directory Service standard, whereas most agencies have implemented the Lightweight Directory Access Protocol.

Tim Polk, a program manager at the National Institute of Standards and Technology, said there are different implementations of X.500.

Some agencies have had to ask their digital certificate providers to make upgrades for compatibility with the bridge's X.500 directory, he said.

Three of the cross-certifying agencies use certificate software from Entrust Inc. of Dallas. DOD uses iPlanet software from Sun Microsystems Inc.

Early last month, GSA approved another vendor's PKI technology as technically compatible with the Federal Bridge, opening the door for more agencies to join.

inside gcn

  • Pushing cybersecurity for counties

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group