Federated identity gets a boost

No matter how the November elections turn out, Cabinet changes and other reorganizations are inevitable. I just hope the Federal E-Authentication Initiative doesn't get lost in the shuffle.

E-Authentication is one of 25 e-gov services intended to improve interfaces between citizens, businesses and government. It also is the first component of the Federal Enterprise Architecture.

As I've discussed in previous columns, the future of identity management is federated. By specifying the standard identity assertion formats, federation lets autonomous security domains cooperate in providing single sign-on and other services for users. Organizations from many industries are adopting this approach on small-scale projects, yet analysts generally agree that we as an industry must overcome hard interoperability and trust issues to achieve federation's full potential.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

No matter how the November elections turn out, Cabinet changes and other reorganizations are inevitable. I just hope the Federal E-Authentication Initiative doesn't get lost in the shuffle.

E-Authentication is one of 25 e-gov services intended to improve interfaces between citizens, businesses and government. It also is the first component of the Federal Enterprise Architecture.

As I've discussed in previous columns, the future of identity management is federated. By specifying the standard identity assertion formats, federation lets autonomous security domains cooperate in providing single sign-on and other services for users. Organizations from many industries are adopting this approach on small-scale projects, yet analysts generally agree that we as an industry must overcome hard interoperability and trust issues to achieve federation's full potential.

E-Authentication is the government's take on federation. The inter-agency team that runs the initiative got the federated identity religion last October. Just a year later, they have six active pilots, seven approved products, multiple approved credential providers and a green light to go into production this month.

How are they doing it? They're working the interoperability and trust issues that any large federation must overcome. E-Authentication standardizes four levels of authentication assurance, assessment guidelines and processes for each assurance level, and procedures for using Security Assertion Markup Language (SAML) and public-key infrastructure between credential service providers and agency applications.

Because SAML is young, the General Services Administration (GSA) set up an Interoperability Lab to test among seven products. Check out the vendor listing here.

Impressive as the E-Authentication Initiative's progress has been to date, much remains to be done. Success requires that most or all federal agencies sign up and bring additional applications to the table. Because the Government Paperwork Elimination Act requires that thousands of government applications support electronic forms submission, and most of these forms require authentication, the opportunities are legion. But it's always tough to get everyone in the government to move in the same direction, especially in an election year.

Gaining state, bank, corporate and other credentials services to enable seamless user logon to government services is the harder challenge. To address this, the GSA participates in the Electronic Authentication Partnership (EAP). EAP is a government/industry collaboration that plans to enable federation using common trust guidelines and rules; that is, without requiring bilateral agreements.

By testing federation products for interoperability and supporting the EAP, the E-Authentication Initiative is having a positive impact on federated identity adoption. If E-Authentication is broadly adopted by federal agencies in production federations, it will spur the formation of multiple federated communities. Together with the EAP, Liberty Alliance and other initiatives, E-Authentication could help usher in dynamic federation for the industry as a whole.

Read more about security in Network World's Security section.