Federal officials want a quick and standard way of determining the degree to which electronic identity credentials can be trusted.
Federal officials involved in developing policies for electronic government are asking researchers if they can devise a quick and standard way of determining the degree to which someone's electronic identity credentials can be trusted.
In January, officials at the National Institutes of Health issued a request for information about the feasibility of developing an algorithm to calculate the trustworthiness of any electronic credential, including a user name and password or a smart card with digital certificates embedded on a microprocessor chip.
Federal officials currently rely on what are essentially subjective methods for deciding how far they can trust a person's electronic credentials before letting that person gain online access to government information systems, such as access to loan accounts at the Agriculture Department.
As e-government and e-commerce expand, federal agencies and corporations may need to evaluate identity credentials automatically, said Peter Alterman, assistant chief information officer for e-authentication at NIH's Center for Information Technology and chairman of the Federal Public Key Infrastructure Policy Authority. The latter sets policies for the secure electronic infrastructure group known as the Federal Bridge Certification Authority.
"Once there is an algorithmic method that is reliable, one can automate a whole lot of stuff that has got to be done manually at the present time," Alterman said.
He said private companies that belong to the E-Authentication Partnership might be willing to pay for the development of an algorithm that could provide an objective measure of trustworthiness. The partnership consists of about 60 companies that are working in concert with the federal government's e-Authentication initiative, particularly in developing policies and practices for issuing and managing electronic identity credentials.
"E-authentication can go forward without this" RFI, Alterman said, but it is important for the future. "Somebody's got to do research for what's coming the day after tomorrow."
The success of the governmentwide e-Authentication initiative, one of the Bush administration's 24 e-government initiatives, is spotty, Alterman said. He added, however, that some "fantastic successes" have been achieved in working with higher education and other institutions.
E-authentication, Alterman said, is like a steam engine that is going to leave the station "regardless of how well or how poorly the engine runs."
NEXT STORY: NIST, NSA create security language