GSA taps Liberty Alliance for E-Authentication interops testing

The General Services Administration has chosen the Liberty Alliance consortium to do SAML 2.0 interoperability testing for products in its E-Authentication Solution program.

E-Authentication Solutions is part of the president's e-government initiative. 'The purpose is to provide credentialing services for outward facing government applications on the Web,' said acting program executive Tom Kireilis.

The Security Assertion Markup Language specifies an Extensible Markup Language standard for exchanging data for authentication and authorization between security domains. GSA has adopted Version 2.0, the latest version, but SAML interoperability testing has been required throughout the program.

'Before we were doing this in-house,' Kireilis said. 'That is resource-intensive. It became evident' that going to an outside testing authority 'was the thing to do. Given the community that Liberty Alliance represents, they were in the perfect place to provide the testing for us.'

Liberty Alliance is an identity industry consortium whose members include technology vendors and consumer service providers as well as educational and government organizations. The Liberty Alliance Management Board includes representatives from AOL, Ericsson, Fidelity Investments, France Telecom, HP, Intel, Novell, NTT, Oracle and Sun Microsystems.

The E-Authentication program provides assurance level 1 and 2 credentials, which can be a user identification and password. The goal of the program is to enable sign-on with a single set of credentials across multiple applications. In addition to the U.S. program, several other national governments also are deploying SAML 2.0-based applications to enable identity-based access. Use of a common standard could allow federated identity access controls across multiple enterprises.

GSA has certified seven products under its own interoperability testing program, but that number could expand rapidly. Kireilis said there could be hundreds of products tested.

Currently there are 65 relying parties or applications now in the E-Authentication Federation, using these technologies. 'We'll more than double that this year,' Kireilis said. The Office of Management and Budget has directed agencies to prepare plans for enabling targeted applications, and GSA has been working with them in developing their timelines. 'So we know what is coming down the road,' he said.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • digital key (wavebreakmedia/Shutterstock.com)

    Encryption management in government hyperconverged IT networks

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group