GSA proposes e-authentication plan

The General Services Administration is requesting comments on its plan to establish a decentralized identity management system that would enable secure single sign-on access for users of online government services.

The E-Authentication Service Component does not involve the creation of a central system for managing access to online services. Instead, it would create a common network linking government or commercial entities that provide identity management services with the agency applications that use those services.

This federated approach would make it possible for online service in one agency to find out if a user has already received credentials from a trusted supplier to access an online service at another agency.

It would enable potential users of a government application -- whether citizens, government employees, contractors, private businesses or government entities -- to establish a single authenticated identity through a trusted credential supplier, which they can then use to access any government application.

It would also save government agencies the time and money involved in developing their own e-authentication infrastructures, a notice in today’s Federal Register states. Those agencies that want to take advantage of the service component simply purchase and integrate a product from a government-approved provider list (www.cio.gov/eauthentication/documents/ApprovedProviders.htm), which gives information on the Web servers and operating systems that are supported, compatible third-party software and pricing models, for example.

The plan also calls for an E-Authentication Portal, through which those who want to use government applications could find identity management service providers and agency applications.

The service component and the federation are critical components of the President's Management Agenda, since e-authentication is the principal crosscutting initiative linking all the e-government initiatives in the agenda.

The Office of Management and Budget made GSA the lead agency for development, implementation and operation of the service, and OMB has established a program management office to oversee the federation. GSA will also determine which credential providers appear on a "trust list" of providers (www.cio.gov/eauthentication).

The service component can use most forms of authentication methods, including personal identification numbers, passwords, digital certificates and other forms of strong authentication. It currently supports the Security Assertion Markup Language 1.0 standard, but over time, it will support multiple protocols and communication schemes, the Federal Register notice states.

Comments must be submitted by Sept. 6.

Robinson is a freelance journalist based in Portland, Ore. He can be reached at hullite@mindspring.com.