Wherefore art thou?
Program lacks back-end network, authentication architecture
- By Wilson P. Dizard III
- Mar 30, 2007
The federal Real ID program to help states develop secure biometric driver's licenses that also serve as proof of citizenship or legal residence will require major work on back-end systems, and it will require 56 states and territories to agree on a common enterprise identity management architecture that doesn't yet exist.
'The concern of the state CIOs is to craft an enterprise solution for identity management,' said Doug Robinson, executive director of the National Association of State Chief Information Officers.
Solving that problem for a program such as Real ID would call for states to agree on a common architecture for identification and authentication, Robinson explained.
As part of that process, the state motor vehicle agencies would benefit greatly by agreeing on a common schema, or technical pattern, for the data elements used in driver's license systems.
Robinson pointed to the Law Enforcement Information Sharing Program, sponsored by the Justice Department, as an example of a structure that has harmonized data definitions and schema that provides a common framework for systems spanning all state and federal police and justice agencies.
The Justice program relies on the department's Global Justice XML Data Model as its base.
'I don't think these issues are going to come down to technology,' Robinson said. 'It's all about governance and organizational dynamics and funding.'
Unless states concur on an architecture for the systems to support the Real ID program, 'there will be a lot of heavy lifting' via the data exchange engines the motor vehicle departments will use to share driver's license information, Robinson said.
Four states have taken the lead in wrangling with the Real ID technical issues, Robinson and other sources said.
The California, Iowa, Massachusetts and New York DMVs formed a federation in July 2006 that gave formal shape to an informal Real ID technical working group that had been meeting for several months.
The federation has worked with DHS and the American Association of Motor Vehicle Administrators' Real ID Steering Committee to set up a Real ID governance structure for all 56 DMVs, according to various sources.
DHS has laid out plenty of work for the DMV officials in its recently released draft Real ID regulation.
For example, DHS expects the 56 agencies to document their business rules, reconcile data quality and formatting issues, and develop best practices and common business rules for Real ID work.
DHS noted in its rulemaking proposal that the Real ID law and the draft regulation call for states to provide electronic access among one another's DMVs to certain specified driver's license data.
The draft regulation shifts much of the responsibility for creating links from the DMVs to federal identity databases to other organizations.
The proposal calls for DMVs to query various federal databases to obtain new kinds of information needed for the upgraded driver's licenses, especially that regarding the applicants' citizenship or visa status.
DMVs will face various choices for obtaining the new kinds of federal information they will need from the federal 'reference databases' of visa status and other information under the Real ID law, according to the draft rule. The draft rule states that the DMVs could:
- Maintain or establish direct access to the reference databases of federal information the states will need
- Combine direct access with partial use of the common querying service
- Verify applicant data against the reference databases in some other manner.
While the states mull their choices for accessing the federal reference databases, they will have time to consider DHS' admission in the draft rule that those databanks need to be improved to serve the Real ID law's purposes.
DHS stated that it seeks to upgrade the federal reference databases to meet the Real ID law's standards for data quality, reliability, integrity and completeness.
'While some of these reference databases are mature and fully operational, others are still under development and need investments of resources,' according to DHS.