[ISN] Input sought on security gateway

From: InfoSec News (isnat_private)
Date: Mon Jun 10 2002 - 03:12:14 PDT

  • Next message: InfoSec News: "[ISN] Old code in Windows is security threat"

    By Diane Frank 
    June 10, 2002
    The government team leading the development of a security gateway
    designed to authenticate users accessing e-government services asked
    industry last week for possible solutions to make the initiative a
    The "technical exchange day" held June 7 at Mitretek Systems Inc., the
    nonprofit organization assisting the General Services
    Administration-led team on the E-Authentication project, was the first
    chance for government to outline its plans to a large industry
    The lack of a defined technology architecture surprised many of the
    vendors attending the briefing, but Tice DeYoung, the e-authentication
    project's technical lead and a research scientist at NASA, said the
    government did not want to restrict itself to any specific
    architecture or particular products.
    The basic concept outlined at the briefing reiterated that the gateway
    will validate any type of credential - such as a password or digital
    certificate - issued to access any government application that wishes
    to participate.
    The agency program offices will be responsible for determining what
    level of credential is necessary for each of the applications
    connected to the gateway, while the gateway will likely serve as a
    central point to validate credentials issued by multiple
    organizations, DeYoung said.
    The gateway prototype is expected to be operational in September,
    working with two to four of the other e-government initiatives
    overseen by the Office of Management and Budget as part of the Bush
    administration's E-Government Strategy.
    This week, GSA will be providing the other e-government initiative
    leaders with an online tool to start evaluating their authentication
    needs, and soon they will be using a modified version of the
    Operationally Critical Threat, Asset and Vulnerability Evaluation tool
    developed by the CERT Coordination Center at Carnegie Mellon
    University in Pittsburgh, Pa., said Steve Timchak, program manager for
    the e-authentication initiative.
    This evaluation will be the basis for any future decisions about what
    functions the gateway needs to perform, he said.
    The team will conduct a discussion of the policy considerations for
    the gateway at its industry day conference at the Commerce Department
    scheduled for June 18 and to be led by Mark Forman, the associate
    director for information technology and e-government at OMB.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Jun 10 2002 - 06:11:00 PDT