18F offers specs on gov-wide login
In a public notice, the innovation group 18F offered a glimpse into the data a planned governmentwide login site would collect.
The federal innovation shop 18F is getting closer to testing a system to provide citizens with a single account to access government services.
The planned Login.gov digital identifier could begin an open beta test in about a month, according to an Aug. 24 notice in the Federal Register.
Login.gov is an effort to create a single sign-on to facilitate the delivery of government services. Users will establish an account through a combination of public and private identifiers, including basic biographical information (such as name, date of birth, address, phone number and Social Security number) and information about financial accounts and history.
The account will be assigned a "meaningless but unique identifier number" that presumably is not disclosed outside the system, the notice says. The one-time data used to verify identities is not stored, but the system will maintain some personal information shared by users.
According to the notice, Login.gov does not store the commercial account and identity details used to confirm a user. The construct sounds similar to the data hub that connected the front end of the HealthCare.gov system with the various agency databases needed to determine individuals' eligibility for health insurance under the Affordable Care Act.
The development of a single, secure login for accessing services across the government has been a longtime goal of the Obama administration. Digital identity efforts have sprawled across agencies and taken different forms. The National Strategy for Trusted Identities in Cyberspace, housed at the National Institute of Standards and Technology, led an effort to develop secure online ID-proofing with grants to private-sector researchers and academics. NSTIC is still giving grants, but it is no longer the hub of the digital ID effort.
In an Aug. 25 blog post announcing $15 million in new grant funding, NSTIC Acting Director Mike Garcia wrote, "It's a tricky needle to thread for government to successfully catalyze a marketplace of solutions without government creating the solutions itself."
18F is not bound by those constraints and is working toward a shared-services solution along the lines of the United Kingdom's GOV.UK Verify system. But that's not to say that 18F is not building on the work done by NSTIC. The Login.gov effort will draw on commercial and third-party identity service providers to verify user accounts.
18F officials are hoping for a system that integrates ID services in days and offers near-real-time alerts about potential fraud and security breach attempts. Users will remain in control of their data, according to the notice, and in a future version of the application, they will have the option of deleting their own information.
Clarification: This story was updated Aug. 29 to reflect the kinds of user data maintained in the planned Login.gov system.