Can the U.S. Postal Service Find a Future Running a Gov't Cloud-Based Authentication Service?
Can the U.S. Postal Service (USPS) find a new future running a cloud-based authentication service for the government? The USPS intends to try and do just that under a three-year $15.12 million contract awarded to SecureKey Technologies today for some foundation technology to build a cloud-based authentication exchange.
Wed, August 21, 2013
Network World — Can the U.S. Postal Service (USPS) find a new future running a cloud-based authentication service for the government? The USPS intends to try and do just that under a three-year $15.12 million contract awarded to SecureKey Technologies today for some foundation technology to build a cloud-based authentication exchange.
While in the early stages, the USPS-managed Federal Cloud Credential Exchange (FCCX), as it's being called, is envisioned as a way that people can use their existing online credentials to gain access to U.S. government agency online services in the future.
What third-party credentials would be used as part of FCCX is not yet decided, but ideas in play include credentials that users already have with the likes of Google and PayPal, for example, says Andre Boysen, executive vice president for marketing at SecureKey. It's anticipated these credentials would be of various strengths and types, from simple names and passwords to the government-designed Personal Identity Verification cards.
The RFP for the FCCX contract was originally put out for bid last January and the award today to Toronto-based SecureKey means that the USPS will be proceeding with its plans to try and operate a cloud-based authentication exchange for the government.USPS spokeswoman Darleen Reid-DeMeo said USPS is "implementing a pilot software solution to enable the public to use commercially issued digital credentials to access government services online with greater security, privacy and efficiency."
Many details, however, need to be ironed out as what would be the nation's first-of-its-kind authentication service to federal government in the U.S. A
"Participants have not been finalized at this time," says Reid-DeMeo. "However, some of the agencies that have been assisting in developing the requirements for the pilot are the Veterans Administration, the Department of Education, the Social Security Administration and the Internal Revenue Service." It's anticipated that the FCCX pilot project would begin this fall.
The USPS pilot project for a cloud-based exchange is one of several experimental approaches to online access to government services envisioned under the Obama Administration's A National Strategies for Trusted Identities in Cyberspace (NSTIC) program.
The NSTIC program seeks to find new ways to reduce password use online for security reasons or to facilitate novel ways to facilitate government services in the future. Reid-DeMeo says the FCCX pilot project is being led by the White House Office of the Federal Chief Information Officer.
The FCCX project basically involves the USPS setting up a kind of credential-brokerage service using SecureKey's federated authentication platform. It's hoped that FCCX will work behind the scenes so when users go to a government agency's online service, they can enter a credential they already have that was not necessarily issued by the government to get access rather than having to go ask for a credential from the agency itself.