Fed CIO discourages agency web credentials
- By Alice Lipowicz
- Oct 13, 2011
Federal agencies should prepare to accept identity credentials provided by third parties as an alternative to managing their own identity credentialing systems as a cost-saving measure, according to Federal Chief Information Officer Steven VanRoekel.
Currently, many people who interact with the government online must register an identity with a federal website. The agency must maintain backend systems to manage the online identities.
However, there are benefits to using externally-issued identity credentials, including decreased burden and reduced operating costs for federal IT systems, as well as cost avoidance for the agencies, VanRoekel wrote in an memo to federal CIOs.
VA errors compromise identity verification credentials
In the memo, he provides guidelines for agencies on when they must begin accepting third-party credentials, and names several providers of credentialing systems and trust frameworks that have been accepted for those purposes. VanRoekel's memo was published online by the Kantara Initiative, a trust framework provider named in the memo as one of about a dozen providers of credentialing services that have met federal guidelines. The memo, dated Oct. 6, had not been published online by the Office of Management and Budget as of Oct. 13
As an example of success, VanRoekel offered the National Institutes of Health’s PubMed2 website of biomedical studies, which has been utilizing externally-issued credentials for access since June 2010, VanRoekel wrote in the memo. More than 72,000 users have accessed PubMed2 by registering and utilizing third-party credentials.
“NIH estimates that its identity management initiative will result in cost avoidance of more than $2.98 million for fiscal years 2011 through 2015,” VanRoekel wrote in the memo. “These savings will result from not having to manage user IDs and passwords for external users across approximately 50 systems.”
Further details about the implementation of externally-issued credentials are to be published on the federal identity management website IDmanagement.gov, VanRoekel wrote.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.