USDA centralizes online user ID authentication

Featured eBooks
Changes in State and Local Government Workforces
NASCIO Special Report 2024
A New Era of Social Media Regulation
Insights & Reports
Unlocking digital potential: Strategies for modernizing government services
Presented By Adobe
Download Now
Unlocking public sector potential
Presented By NTT DATA
Download Now
By William Jackson
 

Connecting state and local government leaders

By William Jackson

|

In the last year, the Agriculture Department has connected 30 applications to a central authentication service that manages the online identities of USDA employees and customers alike.

In the last year, the Agriculture Department has connected 30 applications to a central authentication service that manages the online identities of USDA employees and customers alike.

The Web-based Centralized Authentication and Authorization Facility provides a common platform to verify user credentials so that each application doesn't have to duplicate the function.

'We used the approach of 'build it and they will come,' ' said Owen Unangst, USDA e-authentication project head. 'It's up to the business unit to create business processes around the Web that make sense.'

The business units using WebCAAF so far are USDA's county-based agencies'the Natural Resources Conservation Service, Farm Service Agency and Rural Development Agency.

Although the three agencies are located together at 2,500 service centers in the nation's counties and deal with many of the same customers and businesses, they have kept separate records with much duplicate information. Each app has required separate passwords and user IDs.

Under WebCAAF, the agencies' users can access any of the apps with a single sign-on and set of credentials. WebCAAF, which went into operation in June 2002, eventually will become an element of the governmentwide E-Authentication Gateway.

The core of WebCAAF is SiteMinder software from Netegrity Inc. of Waltham, Mass. SiteMinder consists of an agent on the Web host and a policy server behind a firewall. The policy server processes user ID and entitlement data.

Transparent to user

'It is transparent to the user,' Unangst said. 'All the user sees is the business application that is being protected.'

The policy server matches user IDs and passwords against a Lightweight Directory Access Protocol directory. The server returns valid authentications to the app, along with data from the directory that says what those users are entitled to access and do.

The policy server is hosted at a data center at Fort Collins, Colo., with backup in St. Louis. WebCAAF operates within the four-level assurance hierarchy set out by the General Services Administration and the Office of Management and Budget.

The two highest levels of assurance, required for official business, use digital certificates; the lower two levels require only user names and passwords. WebCAAF is a Level 2 credentialing service, adequate for some official business but not requiring digital certificates.

To get Level 1 WebCAAF credentials, users enroll online, choosing their own IDs and passwords. Level 1 carries essentially no assurance of identity.

To get Level 2 credentials, users must go in person to a service center with two forms of identification.

When WebCAAF becomes part of the E-Authentication Gateway, its credentials will be acceptable to other federal apps requiring those security levels. WebCAAF could also accept level 2, 3 and 4 credentials from other agencies.

'We have issued credentials to 6,000 customers and 50,000 employees,' Unangst said. The number of users reflects the applications supported by WebCAAF.

'You could say that after a year, 6,000 customers is not very many, and this is true,' he said. 'It has taken some time to get the infrastructure geared up.'

The volume of use varies widely depending on the app. Not surprisingly, USDA employees are the most frequent users, making 160,000 log-ins to a time and attendance application every two weeks.

Business users

Service providers'agribusinesses and individuals who supply conservation measures to farmers'are a small but frequent subset of users, accounting for several thousand log-ins each week.

Individual farmers who log in for information or to submit applications are a small part of WebCAAF's traffic.

'Although this may be seen as a slow start, applications coming online in the coming months will continue the growth,' Unangst said.

USDA's e-authentication project staff works with the department's 18 agencies to integrate their apps. Up to 550 customer interactions could be required to go online under the Government Paperwork Elimination Act. Because many interactions could be part of a single application, it is unclear how many apps that represents, Unangst said.

A significant difference between the USDA platform and the E-Authentication Gateway is the double-A in WebCAAF, which stands for authentication and authorization. Those are separate processes.

Authentication means verification of ID credentials'making sure users are who they say they are. Authorization means matching an ID against access privileges. WebCAAF performs both functions, whereas the E-Authentication Gateway does only authentication and leaves authorization up to individual apps.

No consensus exists about whether authorization should be centralized or distributed, said Pete Morrison, vice president of public-sector business for Netegrity, whose software is part of both WebCAAF and the gateway.

'There is no clear-cut distinction,' Morrison said. 'It is a policy issue.'

The key to making online government work is to keep an eye on the big picture, Unangst said.

'When an agency wants to deliver a product or a service electronically, realize that a whole infrastructure is needed,' Unangst said. 'You can't let the IT folks build the service and feel it's done. It's going to take everybody's effort to make it a success,' from application owners to IT shops, help desks and authentication services.

NEXT STORY: L.A. suburb dials up VOIP, reaches cost savings

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.