Outside firms to help with online ID checks

Officials at the General Services Administration are building a system to check the identities of users doing business with agencies online, and they plan to rely on outside organizations to generate users' digital credentials.

GSA's e-Authentication system will enable users to access agency networks using a Web browser, which will contain their digital identities, said David Temoshok, director of identity policy and management at GSA. The verification system will be flexible enough to potentially let millions of Americans, businesses and government entities gain access to protected federal networks and information systems, he said.

Rather than require users to have federally issued digital credentials, the government will accept credentials issued by organizations it trusts such as banks, colleges or security firms. That trust will be built on commonly agreed-upon business rules, policies and technologies, Temoshok said.

Support for GSA's plan appears to be growing inside and outside the government.

"It's taking the level of security up a couple of notches," said John Hunt, a partner with PricewaterhouseCoopers, a management consulting company. "And it's going to save taxpayer money."

A Transportation Department official said the agency will be among the first to hook some transactional systems into the user-authentication infrastructure that GSA is building. The effort will be DOT's largest security project in fiscal 2005, said Lisa Schlosser, the department's associate chief information officer for information technology program management.

Last week, GSA officials released more details about the infrastructure and how it will be used. For example, it could help verify that citizens who apply online for federal loans or grants are who they claim to be.

Depending on the type of transaction, the public will present different credentials to prove their identities. Transactions requiring a high degree of security, such as applying for government benefits, will require stronger security credentials than gaining access to a password-protected federal Web site.

After passing an authentication test, citizens will be authorized, or not, to gain access to a particular agency network and information system.

GSA's e-Authentication service will not require a nationwide system of unique identifiers such as Social Security numbers or a central registry of personal information, Temoshok said. Instead, it will be based on what he called a federated identity management model, which depends on relationships of trust among the federal government, other governments and businesses that issue identity credentials.

Behind GSA officials' ambitious project is a federally run interoperability-testing lab to ensure the compatibility of commercial authentication products on which the service will depend. Agency officials will continue to operate the lab until industry leaders come together around a single standard for e-authentication or establish a similar interoperability testing facility, Temoshok said.

Using Web browsers for e-authentication is the only practical solution for 280 million U.S. citizens, he said. But for internal transactions among agencies and within agencies, GSA will follow the Defense Department's lead in adopting secure smart cards to verify federal employees' identities for both online access and physical access to government buildings.

The public is confident, for example, in financial institutions' ability to protect electronic information, which should translate well into public acceptance of the federated identity model, said Maurice McTigue, director of the Government Accountability Project at George Mason University's Mercatus Center.

"If GSA is a trader in there, instead of a rule maker," McTigue said, "it's going to keep its services very current."

He said GSA's plan reflects another broader government trend. "Governments are accepting that they have to move away from command-and-control approaches to an approach that looks for high standards...but does not try to control the situation all the time," he said.


GSA: In search of e-authentication partners

The General Services Administration has adopted a federated identity management model for its online user-authentication service. For the model to work, GSA officials must:

Create voluntary partnerships with other government, private-sector and nonprofit organizations.

Agree with the agency's partners on common policies and practices for using electronic credentials.

Develop a process for evaluating credentials.

Work with other nations' online identity systems.

Source: Electronic Authentication Partnership

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group