PKI bridge milestone approaches

Later this month, the General Services Administration will announce the first government agencies to be cross-certified with the federal public-key infrastructure bridge, making it easier for agency users to exchange data securely.

The PKI bridge is designed as a way to link agencies' certificate authorities (CAs), which is the server used to generate and manage digital certificates to identify users and secure their transactions.

The bridge acts as a trusted third party that enables an agency involved in a transaction to objectively verify that a certificate issued by another agency meets a baseline level of trust. It does this by mapping one agency's trust levels — such as high, medium or low — to another agency's.

On Sept. 18, GSA plans to hold a cross-signing ceremony that will show that certificates from the Defense Department, the Agriculture Department's National Finance Center, NASA and the Treasury Department can interoperate, said David Temoshok, PKI policy manager at GSA's Office of Governmentwide Policy.

GSA officials hope to add Illinois and Canada in 2003, with others to follow soon after. Temoshok spoke at the Interagency Resources Management Conference in Hershey, Pa., last week.

But there is still much work to be done, because few agencies have fully deployed PKIs to support their applications, such as e-mail, said John Pescatore, a research director at Gartner Inc. However, "it potentially eliminates one of the two largest barriers to interoperable communications between agencies." The other barrier, he said, is lack of e-mail directories.