GSA seeks input on gateway project

E-Authentication initiative

The government team leading the development of a security gateway designed to authenticate users accessing e-government services has turned to industry for help.

The Technical Exchange Day June 7 at Mitretek Systems Inc., a nonprofit organization assisting the General Services Administration-led team on the e-Authentication project, was the first chance for the government to outline its plans to a large industry gathering.

The lack of a defined technology architecture surprised many of the vendors attending the briefing, but Tice DeYoung, the project's technical lead and a research scientist at NASA, said the government did not want to restrict itself to any specific architecture or products.

But the approach makes sense and is catching on in government, said Robert Guerra, president of Robert J. Guerra and Associates. "This is tantamount to performance-based contracting, and I think that's appropriately growing in our industry," he said. In performance-based contracting, an agency presents a business problem to a vendor and asks for help in solving it, including appropriate best practices and past experiences.

Reaching out to industry should happen more, he said. "It's a culture change we need to foster in our community."

"It's easier to recognize a good idea than to invent one," said Chip Mather, senior vice president of Acquisition Solutions Inc. He tells his agency clients to rely on industry for solutions. "We tell them, 'Stop buying compliance and start buying results.'"

Vendors do have some idea of what to expect from the project. The concept outlined at the briefing reiterated that the gateway would validate any type of credential, such as a password or digital certificate, issued to access any government application.

The agency program offices will determine what level of credential is necessary for each of the applications connected to the gateway, while the gateway will likely serve as a central point to validate credentials issued by multiple organizations, DeYoung said.

The gateway prototype is expected to be operational in September, working with two to four of the other e-government initiatives overseen by the Office of Management and Budget as part of the Bush administration's e-government strategy.

Last week, GSA began providing the other e-government initiative leaders with an online tool to start evaluating their authentication needs, and soon they will be using a modified version of the Operationally Critical Threat, Asset and Vulnerability Evaluation tool developed by the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, Pa., said Steve Timchak, program manager for the e-Authentication initiative.

The team will conduct a discussion of the policy considerations for the gateway at its Industry Day Conference at the Commerce Department scheduled for June 18 and to be led by Mark Forman, the associate director for information technology and e-government at OMB.