Policy creates bridge to digital certificates

Federal PKI Steering Committee

Federal employees will soon have the policy basis for using electronic authentication

technologies across agencies, and before the end of the year, they should

have the technologies to support those policies.

The Federal Public Key Infrastructure Steering Committee developed the Federal

Bridge Certificate Authority to provide each agency with the ability to

accept digital certificates from other agencies. The committee will make

its policy available through a federal policy authority group that will

be in place by the end of the month, said Richard Guida, chairman of the

committee, at the E-Gov conference in Washington, D.C., Tuesday.

"The policy authority being in place will be the opening bell for agencies

to develop applications to interoperate with the bridge," he said.

Five agencies have working PKI systems and at least a dozen more are using

digital certificates in pilots to authenticate and encrypt their electronic

transactions, so each agency must be able to accept the certificates from

other agencies, Guida said. The policy governing that will be developed

and enforced by the policy authority, a group of representatives from each

of the agencies involved in the bridge.

The policy authority group includes the departments of Justice, Treasury,

Defense and Commerce, the General Services Administration and the Office

of Management and Budget. As agencies decide to use the bridge, they will

also join the policy authority, Guida said.

The PKI Steering Committee, now under the CIO Council's Enterprise Interoperability

and Emerging IT Committee, successfully demonstrated the bridge in April.

The committee is working on a two-node bridge that should be operational

in October. The steering committee is waiting for funding in the fiscal

2001 budget to complete the full bridge, Guida said.