Postal Service Pilots Next-Gen Authentication Tech

  /     /     /  
Publicated : 22/11/2024   Category : security


Postal Service Pilots Next-Gen Authentication Tech


U.S. Postal Service pilots an implementation of the Federal Cloud Credential Exchange to facilitate use of government online services.



IW500: 15 Top Government Tech Innovators (click image for larger view and for slideshow)
The U.S. Postal Service will be the guinea pig for a White House-led effort to accelerate government adoption of technologies that allow federal agencies to accept third-party identity credentials for online services. The program involves using services from organizations like PayPal and Google through standards like OpenID rather than requiring users to create government usernames and passwords.
The government hopes the pilot will serve as the foundation for a wider, federated approach to identity management for government services.
Procurement documents
characterize the goal as having a single broker to validate disparate identity credentials across a wide range of federal agencies. Federal CIO Steve VanRoekel set a requirement in October 2011 that within three years from that date, federal agencies would be able to accept third-party credentials to facilitate access to online government services.
The federated identity effort, known as the Federal Cloud Credential Exchange, is just one piece of a broader Obama administration online identity initiative: the
National Strategy for Trusted Identities in Cyberspace
(NSTIC), which aims to catalyze private sector-led development of a secure, digital identity ecosystem to better protect identities online.
[ The FedRAMP program aims to make it easier for government agencies to adopt cloud services. Read about it at
Feds Issue First Cloud Services Security Authorization
. ]
NSTIC calls on the government to be an early adopter of technologies that may become a part of the identity ecosystem. A few agencies, such as the National Institutes of Health, have tested third-party credentialing, but by and large, federal agencies have been slow to adopt these technologies. Technical, policy and cost barriers, according to procurement documents for the Postal Service pilot, have held up agencies from offering many transactional services to the American public, such as applying for benefits, transacting business at agency Websites, downloading healthcare data and filing taxes.
These challenges have recently begun to be ironed out via a set of standards and requirements drawn up by a group of agencies that have large numbers of citizens accessing their services online. The Post Offices Digital Solutions Group will pilot these ironed-out federated credentialing requirements with some help from the General Services Administration and a third-party provider or providers of software-as-a-service-based credentialing exchange.
The Postal Service pilot has a long list of requirements as to how authentication should work, how privacy should be handled, audit and reporting requirements, compliance with federal law and standards, availability and scalability. FCCX will most likely not store personally identifiable information and will not have any visibility into any such data, but rather will rely on and support a number of third-party credentialing systems and protocols like SAML and OpenID.
The one-year pilot will need to scale to support large numbers of users. It must be capable of supporting 135 million customers and as many as one million transactions hourly, according to procurement documents. The Postal Service has been
eyeing
more advanced digital authentication capabilities for some time.
Among the vendors already expressing interest in the pilot project are Symantec, McAfee, Amazon Web Services, Akamai, hybrid cloud authentication vendor Xceedium and a number of government contractors.
The Postal Service pilot is but
one of several
different pilots that are part of NSTIC. There are also three cryptography pilots and two non-cryptographic privacy pilots in the works. Each of those pilots is being carried out by multiple private sector organizations ranging from the Virginia Department of Motor Vehicles to AOL to AARP to Aetna.
Federal guidelines call for a move to virtualized environments, yet little funding exists to make that happen. Without a mandate, it may take decades to finish the job. Also in the new, all-digital
Server Virtualization
issue of InformationWeek Government IT Trends: Our survey shows no progress in using shared clouds within federal government, but theres growing interest in using commercial cloud services and running private clouds. (Free registration required.)

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Postal Service Pilots Next-Gen Authentication Tech