Feds to use 'federated' ID checks

Federal government officials will rely on other organizations to verify users' identities when they apply online for government loans or jobs.

The General Services Administration is building a system to help people feel safe conducting transactions with the federal government via the Internet, said David Temoshok, director of identification policy and management at GSA.

Behind the ambitious project is a federally run interoperability-testing lab to ensure the compatibility of commercial authentication products on which the infrastructure will depend. GSA officials will continue to operate the lab until industry establishes a similar facility, Temoshok said.

Speaking today at an industry event sponsored by the market research firm Input, in Falls Church, Va., Temoshok said citizens would use a Web browser to have their identities verified. Then, they would be redirected to agency Web sites where they will be authorized, or not, to apply for a loan or government benefits, for example.

Depending on the type of transaction, citizens will present different kinds of credentials to prove their identities, Temoshok said. The authentication infrastructure will not require a nationwide system of unique identification such as Social Security numbers or a central registry of personal information, he said.

Instead, the infrastructure will be based on what Temoshok called a federated identity management model. That model, which is in line with commercial trends, depends on relationships of trust among the federal government and others, including international governments, he said.

The federated approach also requires establishing trusted relationships with higher education, health care, financial services and travel industry groups, for example. That trust will be built on common business rules, policies and technologies, Temoshok said.

Using Web browsers for e-authentication is the only practical solution for 280 million U.S. citizens, he said. But for internal transactions among agencies and within agencies, GSA will follow the Defense Department's lead in adopting secure smart cards to verify the identities of federal employees, Temoshok said. A list of GSA-approved smart card suppliers is posted on a GSA Web site.

The governmentwide e-authentication infrastructure will support various government-to-citizen, government-to-business and government-to-government initiatives, and internal efficiency efforts now under way, Temoshok said.

A Transportation Department official who spoke at the morning event said DOT officials plan to be among the first to hook some of their programs into the e-authentication infrastructure. Provided it has the money to do so, the department will make that a major project in fiscal 2005, said Lisa Schlosser, associate chief information officer for information technology program management at DOT.

DOT is beginning to get its computer security problems under control, and the e-authentication infrastructure will play a big part in doing so, Schlosser said. "We were in a terrible cycle," said. "We had no strategic plan. We had no plans."

And with no plans, she said, the department could get no money to fix the security problems.