E-Authentication waits for rest of the pack

Technically, e-Authentication is ready—and waiting.

The government has had a working prototype of the online certificate authentication gateway for several months.

Now the initiative’s leaders at the General Services Administration await the completion of the other 24 Quicksilver e-government initiatives and for the Office of Management and Budget to set security policies.

“The gateway has to come up with some assurance levels based on risks of e-gov initiatives,” said Steve Timchak, program executive for e-Authentication in GSA’s Office of Governmentwide Policy. OMB is supposed to develop those policies, he said.

As agencies work on their e-government projects this year, OGP is developing a written taxonomy that will establish a process by which credential providers such as smart-card developers, biometric systems providers and certificate authorities can link to the gateway.

The classifications will define the “levels of applications that require different levels of authentication,” G. Martin Wagner, associate administrator for the policy office.

E-Authentication is the linchpin of the Quicksilver initiatives, Wagner said. “It makes everything work and is absolutely critical,” he said.

Because the gateway is scheduled for launch this fall, it will run with or without a completed set of rules and policies, said David Temoshok, director for identity policy and management in the policy office.

The GSA team plans to link about a dozen e-government applications to the gateway this year.

OMB is guiding agencies on the level of authentication for their e-government initiatives. Some will choose to secure their transactions with digital certificates within a public-key infrastructure.

Agencies will have to analyze the costs, risks and potential benefits of the authentication level they are considering, Temoshok said. Surfing the Internet requires few security measures; getting government-issued identification could require something stronger, such as a digital certificate.

OMB will create the common policies, protocols and rules for all initiatives that connect to the gateway.

For agencies securing transactions with digital certificates, the Federal Bridge Certification Authority will link PKI trusted domains.

“The gateway will interface with the bridge and validate PKI credentials,” Timchak said.

A visitor goes through firstgov.gov or to an application via an agency’s URL, presents some form of credential to use an agency initiative, and that information would pass back to the gateway for validation, he said.

Cross that bridge

Digital certificates would go through the Federal Bridge to a certification authority for validation.

Now, the prototype manages access to the National Finance Center’s time-and-attendance and payroll reporting systems. Mitretek Systems Inc., a nonprofit research organization in Falls Church, Va., is hosting the prototype for the Agriculture Department organization’s system, which handles payroll services for many government agencies.

But the gateway isn’t yet ready to handle full-scale traffic from e-government initiatives.
It’s up to the managers of the other Quicksilver projects to catch up and use the gateway, Temoshok said.

“We’re looking for applications to link to the gateway,” he said. “We have not done scalability” testing.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.