Security bridge nears opening

Federal PKI Steering Committee

The federal government will soon put online its central mechanism for enabling agencies' security authentication systems to interact, and officials are working to extend it to nonfederal partners.

The Federal Bridge Certification Authority (FBCA), hosted by the General Services Administration, will enable agencies to recognize the assurance levels of digital certificates from other agencies.

A digital certificate, used within a public-key infrastructure, can store identification, authentication and authorization information as well as provide encryption for electronic transactions.

GSA and five other organizations tested the FBCA last year, and now that the fiscal 2001 funding has come through, it should become operational by early April, said Judith Spencer, chairwoman of the Federal PKI Steering Committee, speaking Wednesday at the Securing Electronic Government conference in Washington, D.C.

So that the policy and technical aspects are ready at the same time, the Federal PKI Policy Authority is in the final stages of reviewing the agreements that agencies must sign to interoperate with the bridge, said Michelle Moldenhauer, chairwoman of the policy authority. The documents will be available for agencies on the policy authority's Web site, which should be going online in the next month, she said.

The steering committee and the policy authority function under the federal CIO Council.

Once the bridge is running, the steering committee will act to allow state and local governments, as well as private-sector organizations, to interoperate with the bridge, Spencer said. GSA officials are talking with some states and market sectors, including health care and education, that are forming their own bridges and want to be able to cross-certify with the federal bridge.

The steering committee's Legal and Policy Working Group is looking at what actions must be taken to allow this kind of cross-certification, Spencer said. The cross-certification would mean, for example, that a federal certificate from the Environmental Protection Agency could be accepted by a state agency that is involved in environmental regulation.