Input sought on security gateway

E-Authentication initiative

The government team leading the development of a security gateway designed to authenticate users accessing e-government services asked industry last week for possible solutions to make the initiative a reality.

The "technical exchange day" held June 7 at Mitretek Systems Inc., the nonprofit organization assisting the General Services Administration-led team on the E-Authentication project, was the first chance for government to outline its plans to a large industry gathering.

The lack of a defined technology architecture surprised many of the vendors attending the briefing, but Tice DeYoung, the e-authentication project's technical lead and a research scientist at NASA, said the government did not want to restrict itself to any specific architecture or particular products.

The basic concept outlined at the briefing reiterated that the gateway will validate any type of credential — such as a password or digital certificate — issued to access any government application that wishes to participate.

The agency program offices will be responsible for determining what level of credential is necessary for each of the applications connected to the gateway, while the gateway will likely serve as a central point to validate credentials issued by multiple organizations, DeYoung said.

The gateway prototype is expected to be operational in September, working with two to four of the other e-government initiatives overseen by the Office of Management and Budget as part of the Bush administration's E-Government Strategy.

This week, GSA will be providing the other e-government initiative leaders with an online tool to start evaluating their authentication needs, and soon they will be using a modified version of the Operationally Critical Threat, Asset and Vulnerability Evaluation tool developed by the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, Pa., said Steve Timchak, program manager for the e-authentication initiative.

This evaluation will be the basis for any future decisions about what functions the gateway needs to perform, he said.

The team will conduct a discussion of the policy considerations for the gateway at its industry day conference at the Commerce Department scheduled for June 18 and to be led by Mark Forman, the associate director for information technology and e-government at OMB.