Digital certificate clearinghouse needs work
- By Diane Frank
- Oct 22, 2003
Federal Bridge Certification Authority
The mechanism that allows a digital certificate to be used across government agencies must be upgraded before it will be available for the entire government, a federal information technology official said today.
The Federal Bridge Certification Authority (FBCA) is the central mechanism that handles digital certificates for transactions secured by any participating agency's public-key infrastructure (PKI). Clients of FBCA participants do not need certificates from every agency with which they do business.
Officials have determined that the existing architecture can likely handle cross-certification with about 50 agencies, said Peter Alterman, assistant chief information officer for electronic authentication at the National Institutes of Health and a member of the Federal PKI Steering Committee.
"We do know that, at some point, technology innovation will probably be necessary," said Alterman, speaking at the Federal Information Assurance Conference in College Park, Md.
Eventually, officials hope to create an interlacing system of bridge certification authorities with other communities and countries.
The committee is monitoring the issue. When further resources or infrastructure are needed, the program will expand, but "this version is adequate for our first steps into creating an interoperable PKI universe," he said.
So far, the federal bridge certification has a core of agencies that includes NASA, the Treasury Department and the National Finance Center at the Agriculture Department. Officials expect the authority soon will add the State and Labor departments, the state of Illinois and other organizations.