Grants.gov gets set for E-Authentication

Grants.gov is expanding the choice of credential service providers for agencies and users that post their grant opportunities and apply for federal money online.Agencies will have three federally approved credential providers from which to choose their authentication services beginning Aug. 30. Grants.gov will be the first major e-government initiative to adopt the federal E-Authentication model.Now, under the federal E-Authentication initiative, the process to certify an individual’s identity will be more efficient, said Terry Nicolosi, deputy program manager for Grants.gov.Individuals will manage their own authentication instead of Grants.gov handling the establishing of credentials.The governmentwide grants management site has been preparing since early this year to phase in grant-making agencies to use additional providers available through the federal E-Authentication initiative.“This will affect agency users, but not agency systems, and only enhances the functionality of the Grants.gov site,” Nicolosi said.Starting in fiscal 2005, OMB said, all agencies must have at least one application using e-authentication services and one in this year. An OMB official said 13 agencies met the requirement by as of this month, and more are working on it. Overall, nine applications use e-authentication services.E-Authentication is considered by many to be the main cog in the e-government machine: It gives users a single log-on password and can help Web sites conduct transactions. It eliminates the need for each program to develop a new or duplicative application for identity verification and electronic signatures.After agencies have started using the approved credential providers, Grants.gov will prepare end users, or grantees, to choose from among credential providers in August 2007.Until now, Grants.gov has used a single e-authentication provider, Operational Research Consultants Inc. of Fairfax, Va.Grants.gov allows agencies to electronically post and manage grant applications from its site, and those seeking grants to apply through the portal. OMB has given agencies the goal this year of posting 75 percent of their grant application packages on Grants.gov, Nicolosi said.Grants.gov agency users will have the choice of two federally approved credential providers—the Agriculture Department and the Office of Personnel Management’s Employee Express—in addition to ORC, Nicolosi said. ORC was the first commercial provider under E-Authentication for Level 1 and Level 2 Security Assertion Markup Language 1.0 credentials.Grants.gov last year pledged to phase in E-Authentication over two years in an agreement with the E-Authentication Project Management Office and the Office of Management and Budget.In the first phase, Grants.gov is reconfiguring its Grantors system so agency users can select from the list of credential providers. It is testing and simulating the expansion of credentialing choices with agencies to smooth the transition.“The result is a look and feel of the log-in process that remains largely unchanged,” Nicolosi said.In the second phase, Grants.gov will move its applicant users to the E-Authentication system. Users who already hold a Grants.gov user name and password through ORC will not experience much change. New users will be able to choose from the credential providers on the federation list. Testing with a limited number of users will begin in spring 2007. The new system will be fully functional by Aug. 30, 2007.Instead of entering user names and passwords on the site, Grants.gov will take users to the federated credential service providers, where users will enter their single sign-on. Users will control their own credentials, choose and change their user names and passwords, and manage their identities.In moving to SAML technology, Grants.gov will limit its use of a standard Lightweight Directory Access Protocol technology to link user names and passwords with specific user profiles.Grants.gov will continue to maintain user profiles in LDAP but will associate them with the secure user codes that are issued by SAML-using credential service providers.