WidePoint’s Federated E-Authentication Gateway (EAG) includes components to address specific needs and provide optimized response time to be used by all FirstGov applications relying on internet accessibility. The EAG consists of a repository to store user information, an on-line subscription module (providing levels 1, 2, 3, and 4 credentials), a credential validation module, a relying party interface module, and an administration module. Applications relying on the Gateway draw on this information with confidence and for a variety of purposes.
The EAG supports multiple authentication methods including user id/ passphrase, shared secrets known only by the user. It can also trust multiple PKIs, such as the Access Certificates for Electronic Services (ACES), the Department of Defense PKI (including the External Certificate Authorities (ECAs)), and other FBCA-compliant PKIs to authenticate users and validate their credentials.
A Federated Identity Management system is a set of technologies and standards that allows users from one domain to access resources in other domains. The most common use is Web-based Single Sign-On, where a user can access multiple websites, with only one login required. Authentication and non-repudiation can be accomplished in several ways. They vary in cost, sophistication, and resistance to spoofing/defeat. The need to achieve a reasonable level of authentication and non-repudiation is raised by public expectations, GPEA, the Privacy Act, and local policies and regulations.
Among high-assurance communities, PKI has been implemented and policy exists to cover authentication requirements. But the certificates used (e.g., ACES and ECA) usually can only be issued to Government employees, certain contractors, and members of the Armed Forces. Other means of authentication exist and are used by other agencies, businesses, and U.S. and foreign citizens, but there is no interoperability among them, within or outside PKI technology. Those who cannot afford the up-front cost of PKI, are intimidated by the questions they cannot answer, and/or do not seek to be Information Technology “pioneers,” await introduction of a government-wide cure-all.
WidePoint subsidiary ORC’s Federated Solutions leverage existing methods of authentication that can be used to allow organizations already connected by the Internet to consider before exercising their own access policies and mechanisms. Once begun, subscribers could develop increasingly mature policies to ensure only those entitled gain access to their databases while facilitating expedited secure communications with their partners and customers. The process will also expedite development of an increased number of authentication methods with confidence levels that can only increase with use.
Real time consumer and business authentication methods can greatly extend the scope and reach of the e-Authentication Gateway by addressing broad new audiences of users for e-Government applications in a timely manner. Proven capabilities that are compliant with existing law and regulation can be integrated and rapidly deployed. Telephony-based confirmation and a range of other commercially accepted methods will further demonstrate the flexibility and extensibility of this approach.
Said another way, the ORC EAG will mature more quickly, and develop confidence among its subscribers quickly, if alternative methods are incorporated and validated in order to contribute to system timeliness and acceptance.
As a GSA E-Authentication Credential Service Provider (CSP), WidePoint has the engineering expertise to design, build, and host solutions to fit your needs, using a variety of technologies including:
- SAML 1.0 / 1.1 / 2.0
- ORC Translation Service (Single Sign-On, using certificate-based authentication)
- ORC Manage Validation Service (including OCSP, SCVP, and PDVAL)
- The Federation for Identity and Cross-Credentialing Systems (FiXs)