Measuring trust

Federal officials involved in developing policies for electronic government are asking researchers if they can devise a quick and standard way of determining the degree to which someone's electronic identity credentials can be trusted.

In January, officials at the National Institutes of Health issued a request for information about the feasibility of developing an algorithm to calculate the trustworthiness of any electronic credential, including a user name and password or a smart card with digital certificates embedded on a microprocessor chip.

Federal officials currently rely on what are essentially subjective methods for deciding how far they can trust a person's electronic credentials before letting that person gain online access to government information systems, such as access to loan accounts at the Agriculture Department.

As e-government and e-commerce expand, federal agencies and corporations may need to evaluate identity credentials automatically, said Peter Alterman, assistant chief information officer for e-authentication at NIH's Center for Information Technology and chairman of the Federal Public Key Infrastructure Policy Authority. The latter sets policies for the secure electronic infrastructure group known as the Federal Bridge Certification Authority.

"Once there is an algorithmic method that is reliable, one can automate a whole lot of stuff that has got to be done manually at the present time," Alterman said.

He said private companies that belong to the E-Authentication Partnership might be willing to pay for the development of an algorithm that could provide an objective measure of trustworthiness. The partnership consists of about 60 companies that are working in concert with the federal government's e-Authentication initiative, particularly in developing policies and practices for issuing and managing electronic identity credentials.

"E-authentication can go forward without this" RFI, Alterman said, but it is important for the future. "Somebody's got to do research for what's coming the day after tomorrow."

The success of the governmentwide e-Authentication initiative, one of the Bush administration's 24 e-government initiatives, is spotty, Alterman said. He added, however, that some "fantastic successes" have been achieved in working with higher education and other institutions.

E-authentication, Alterman said, is like a steam engine that is going to leave the station "regardless of how well or how poorly the engine runs."

Featured

  • FCW Perspectives
    remote workers (elenabsl/Shutterstock.com)

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

Stay Connected