E-authentication architecture due in December

E-Authentication site

Look for draft architecture by mid-December to replace the original concept of a gateway to secure agencies' electronic transactions, the person overseeing the administration's E-Authentication initiative said this week.

Officials recently convened a technology advisory council to look at the state of the authentication industry, from passwords to public-key infrastructure. That council's new architecture working group will meet for the first time next week, said Steve Timchak, director of the E-Authentication initiative at the General Services Administration this week.

"We need to begin to look at an authentication architecture rather than a central gateway," Timchak said, speaking at the Federal Information Assurance Conference in College Park, Md.

A prototype gateway is already in use at the Social Security Administration, but officials found that they had to develop custom code for every agency application that needed to use the gateway — and that was just not feasible, Timchak said.

The General Accounting Office last week issued a report criticizing delays in the deployment of the gateway and the GSA-led team's plans for buying the solution. Following up on the report, Rep. Tom Davis (R-Va.), chairman of the House Government Reform Committee, issued a letter to GSA Administrator Stephen Perry outlining his concerns that E-Authentication delays could ripple through e-government work at all federal agencies.

Moving to the draft architecture should make it much easier for agencies to develop their own authentication measures for initiatives and services, Timchak said.

"I think this is an important step," he said. "It provides a standard application programming interface that agencies can map to — the E-Authentication Gateway did not afford us that opportunity...We think that we are at the point where there is sufficient interoperability in a number of products that we can run with it."

Officials with the E-Authentication program are working with the National Institute of Standards and Technology to develop an authentication interoperability lab that can test products and publish a list of those that will work together, Timchak said.

And commercial and government experts will form an Electronic Authentication Council to develop identity management rules for areas such as trust standards for credential issuers and third-party credentials. The council's first meeting will be Dec. 10, Timchak said.