USPS chooses vendor to take identity management to the cloud

Wednesday - 8/21/2013, 8:29pm EDT

The Postal Service plans to take the pain out of accessing federal services online.

USPS late Tuesday awarded a three-year, $15.1 million contract to SecureKey Technologies to build a portal in the cloud to handle the identity management process and connect one username or password or digital certificate to many services.

"SecureKey's proposal was determined to offer the best value because SecureKey had the highest rated technical proposal and offered the second lowest price," USPS wrote in the award notice.

A USPS spokeswoman said the pilot will give them a private and secure credential program.

"The Postal Service has been chosen to take part in an innovative cross-agency governmental task team established to create a digital Federal Cloud Credential Exchange (FCCX) platform," a USPS spokeswoman told Federal News Radio. "Credential exchange will allow individuals to access online services at participating government agencies using their existing commercially issued digital identification. USPS is well positioned to be a part of this transformational pilot project to develop a credential exchange program that will offer security, privacy and efficiency for the federal government."

The Federal Cloud Credential Exchange (FCCX) pilot falls under the National Strategy for Trusted Identities in Cyberspace (NSTIC) program, and it is one example of how to create an identity ecosystem.

"The Veterans Affairs Department and the National Institute for Standards and Technology will be participating in the pilot," wrote Naomi Lefkovitz, a senior privacy policy advisor for NIST, who works on the NSTIC program, in a blog post. "We expect that additional agencies will be announcing their participation over the next few months. Implementation is more than just the deployment of a technical hub-style federation solution, though. The General Services Administration has established a program management office to coordinate the integration between the cloud solution and Federal Identity, Credential and Access Management (FICAM) policy around approved identity providers, as well as to support continued agency engagement in building a governance framework and a successful business model."

Lefkovitz said the policy, framework and cloud exchange will benefit agencies in several ways, including cost reductions and simplifying the citizens' interaction with the government.

"Moreover, we anticipate that progress in addressing the knotty areas of governance, liability and business models will facilitate maturation of the Identity Ecosystem," she said.

SecureKey Technologies beat out 17 other vendors to win the award. While it's not a high dollar contract, it's prestigious and could open the door for future cloud and identity management opportunities.

The company said it will implement its SecureKey briidge.net Exchange, a cloud-based authentication and credential brokerage service. SecureKey said the exchange will enable cost-effective credential broker and management capabilities for tens of millions of people.

"Last year, SecureKey successfully launched its innovative SecureKey Concierge credential broker service as part of the Government of Canada's Cyber Authentication Renewal initiative," Andre Boysen, chief marketing officer for SecureKey, said in a release.

Lefkovitz said SecureKey Technologies will use a "double blind" architecture that will prevent the tracking of credential use among providers and relying parties to ensure privacy and civil liberties.

"In addition, the FCCX team will be working on the capability for identity providers to share needed attributes with federal agencies while limiting the attributes' exposure within the hub through the development of privacy-enhancing cryptography in a commercially deployable protocol," she wrote. "Notwithstanding the number of NSTIC pilots exploring this latter subject, broad commercial deployment of privacy-enhancing cryptography remains elusive."

Vendors and others in the identity management community have closely watched this contract opportunity. USPS issued the solicitation in January.

The goal of the FCCX is to let citizens log onto federal services using usernames and passwords from third parties, such as Google or PayPal, as long as those companies meet federal standards under the Federal Identity Credential and Access Management framework (FICAM).

USPS volunteered to run the pilot under its Digital Solutions Group.

According to a slide presentation from June posted on IDManagement.gov, the FCCX would create a single interface between agencies and identity service providers, speed up integration and reduce costs and complexity.

USPS told industry that the FCCX should be able to support 135 million customers and up to 1 million customer transactions per hour. The FCCX pilot is expected to last one year, the Postal Service said.

RELATED STORIES:

Inside the Reporter's Notebook: A new job for a former VA senior official; Countdown to cloud credential pilot begins

Cloud is the next chapter in the government's identity management saga