Government’s E-Authentication scheme just might work, study says

The government’s E-Authentication Initiative could serve as a model for far-reaching authentication programs linking government and private-sector organizations, an independent study of the system has concluded.

“It’s an opportunity to do something right once and reuse it,” said Dan Blum, one of the authors of the report from Burton Group.

The E-Authentication Initiative is a governmentwide infrastructure allowing agencies to rely on digital credentials issued by other organizations. Because the government does not expect to issue a national identification card and individual agencies do not want to be in the business of issuing and managing digital certificates, the goal is to leverage standards-based off-the-shelf technology to authenticate the identity of persons accessing government information or services.

The initiative specifies four levels of assurance, with technical requirements for each level, and has standardized on version 1.0 of the Security Assertion Markup Language.

The program is in governmentwide pilot and is authorized to go into live production. A handful of agencies are participating in pilot programs using E-Authentication.

The General Services Administration hired the Burton Group, an IT research and consulting company in Midvale, Utah, to review the program.

“The E-Authentication Initiative’s goals are achievable,” the August report concluded. “The anticipated benefits are real and far-reaching.”

But the government can expect increasing challenges in expanding the scheme into an operational program. Business rules and contract terms for using the system may pose a greater challenge than the technology.

The advantage of a federated scheme based on industry standards is that agencies do not have to maintain their own credentialing infrastructure. For end users, it can provide a way to access resources with a single set of credentials.

Eventually, the trust relationships are expected to extend across public and private-sector boundaries in dynamic relationships.

“It is going to take five years or more before we have dynamic federations,” Blum said Wednesday in a briefing on the initiative.

The government has financially supported and cooperated with the Electronic Authentication Partnership, an industry organization working to establish business rules for interoperable authentication.

The Burton Group report recommends continuing and extending private-sector collaboration and expanding the standards supported by the initiative, converging on SAML 2.0 in the next two or three years.


About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.