GSA overhauls solicitation for ACES
- By Diane Frank
- Jan 10, 1999
The General Services Administration has released a "massive rewrite" of its solicitation for a project that will verify individuals' identities for electronic transactions between agencies and the public - a critical component for the concept of a digital government.
The Access Certificates for Electronic Services (ACES) project, first scheduled for award a year ago, is intended to provide commercial off-the-shelf products that will issue and authenticate digital certificates for citizens accessing or providing data to federal agencies. This will form the basis for the new electronic government, GSA officials said.
"It's just another piece in the whole puzzle...particularly electronic-government stuff where citizens are looking to do business with the government," said Tony Trenkle, co-chairman of GSA's E-Commerce Program Management Office. "What comes out of [ACES] will be the infrastructure for electronic commerce and electronic government."
ACES also is one of the initiatives needed to form a common public-key infrastructure (PKI) across government, said Richard Guida, chairman of the Federal PKI Steering Committee for the Government Information Technology Services Board. "ACES is aimed right at the heart of what Access America is trying to do," he said. (See related story, "Report: PKI key to digital government," at www.fcw.com.)
ACES has been under development since 1997, and GSA intended to award the original contract in January 1998, but it was held up because of concerns from vendors and public interest groups. "What we have done is fully consider all of the issues in question to do a massive rewrite of the framework," said Jon Faye, contracting officer for ACES. "But we have not changed the requirements."
One change GSA made in the request for proposals - a change that vendors applauded - is that vendors can use many types of digital signature algorithms to make up the security of the certificates, instead of restricting vendors to just one algorithm.
"We were happy to see that they were looking at the full range of options out there," said Skip Hirsh, director of federal programs at Certicom Corp. "The original ACES didn't have that spectrum. They just arbitrarily picked RSA," the Rivest, Shamir and Alderman algorithm, which is the most widely used commercial algorithm.
"From a technology point of view, they have taken a major step forward," agreed John Pescatore, senior security consultant with Entrust Technologies Inc.
Vendors backed away from the draft ACES RFP because GSA gave no guarantee that agencies would buy off the contract, Hirsh said. GSA plans to release a list of agencies interested in using the program, said Judith Spencer, director of the Center for Governmentwide Security at GSA.
The basic aspects of the contract have not changed, even though in July many vendors expressed the concern that federal requirements would change the products and services offered under ACES to "government off-the-shelf" rather than COTS. The purpose of the program is to satisfy the needs that agencies have expressed to GSA, Faye said.