Measuring trust

Federal officials involved in developing policies for electronic government are asking researchers if they can devise a quick and standard way of determining the degree to which someone's electronic identity credentials can be trusted.

In January, officials at the National Institutes of Health issued a request for information about the feasibility of developing an algorithm to calculate the trustworthiness of any electronic credential, including a user name and password or a smart card with digital certificates embedded on a microprocessor chip.

Federal officials currently rely on what are essentially subjective methods for deciding how far they can trust a person's electronic credentials before letting that person gain online access to government information systems, such as access to loan accounts at the Agriculture Department.

As e-government and e-commerce expand, federal agencies and corporations may need to evaluate identity credentials automatically, said Peter Alterman, assistant chief information officer for e-authentication at NIH's Center for Information Technology and chairman of the Federal Public Key Infrastructure Policy Authority. The latter sets policies for the secure electronic infrastructure group known as the Federal Bridge Certification Authority.

"Once there is an algorithmic method that is reliable, one can automate a whole lot of stuff that has got to be done manually at the present time," Alterman said.

He said private companies that belong to the E-Authentication Partnership might be willing to pay for the development of an algorithm that could provide an objective measure of trustworthiness. The partnership consists of about 60 companies that are working in concert with the federal government's e-Authentication initiative, particularly in developing policies and practices for issuing and managing electronic identity credentials.

"E-authentication can go forward without this" RFI, Alterman said, but it is important for the future. "Somebody's got to do research for what's coming the day after tomorrow."

The success of the governmentwide e-Authentication initiative, one of the Bush administration's 24 e-government initiatives, is spotty, Alterman said. He added, however, that some "fantastic successes" have been achieved in working with higher education and other institutions.

E-authentication, Alterman said, is like a steam engine that is going to leave the station "regardless of how well or how poorly the engine runs."

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.