Input sought on security gateway

[InfoSec News <isn () c4i org>]

http://www.fcw.com/fcw/articles/2002/0610/web-gate-06-10-02.asp

By Diane Frank 
June 10, 2002

The government team leading the development of a security gateway
designed to authenticate users accessing e-government services asked
industry last week for possible solutions to make the initiative a
reality.

The "technical exchange day" held June 7 at Mitretek Systems Inc., the
nonprofit organization assisting the General Services
Administration-led team on the E-Authentication project, was the first
chance for government to outline its plans to a large industry
gathering.

The lack of a defined technology architecture surprised many of the
vendors attending the briefing, but Tice DeYoung, the e-authentication
project's technical lead and a research scientist at NASA, said the
government did not want to restrict itself to any specific
architecture or particular products.

The basic concept outlined at the briefing reiterated that the gateway
will validate any type of credential - such as a password or digital
certificate - issued to access any government application that wishes
to participate.

The agency program offices will be responsible for determining what
level of credential is necessary for each of the applications
connected to the gateway, while the gateway will likely serve as a
central point to validate credentials issued by multiple
organizations, DeYoung said.

The gateway prototype is expected to be operational in September,
working with two to four of the other e-government initiatives
overseen by the Office of Management and Budget as part of the Bush
administration's E-Government Strategy.

This week, GSA will be providing the other e-government initiative
leaders with an online tool to start evaluating their authentication
needs, and soon they will be using a modified version of the
Operationally Critical Threat, Asset and Vulnerability Evaluation tool
developed by the CERT Coordination Center at Carnegie Mellon
University in Pittsburgh, Pa., said Steve Timchak, program manager for
the e-authentication initiative.

This evaluation will be the basis for any future decisions about what
functions the gateway needs to perform, he said.

The team will conduct a discussion of the policy considerations for
the gateway at its industry day conference at the Commerce Department
scheduled for June 18 and to be led by Mark Forman, the associate
director for information technology and e-government at OMB.
 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.