Connect.Gov solidifies, expands ID credential plan for federal agencies

SecureKey Technologies continues as cloud broker service; ForgeRock, Ping Identity bring IAM integrations for identity and access management

A government program that supports a range of non-government-issued identity credentials for citizens logging into federal agencies has cemented its infrastructure and taken on new integrations for access management.

The Connect.Gov cloud service ensures citizens won't need a separate user name and password for each government agency they deal with such as the IRS or the Social Security Administration. And it guarantees those identities don't have to be issued by the federal government.

From the perspective of federal agencies, they can tap into the Connect.Gov service and get out of the business of issuing and managing identities.

The program, funded by $15 million, is a federated identity effort being led by the United States Postal Service (USPS), and it is one of three core initiatives of the National Strategy for Trusted Identities in Cyberspace (NSTIC).

The other two are the creation of the Identity Ecosystem Steering Group (IDESG) and the funding of a series of pilot projects to support NSTIC's goal of creating an "identity ecosystem" built and maintained by the private sector.

On Tuesday, the USPS and SecureKey Technologies renewed their contract to have the vendor's Exchange continue to anchor the Connect.Gov cloud-based broker service. In addition, SecureKey answered demands for pre-integration with popular identity and access management (IAM) platforms. The pre-integrations verify that an IAM platform is able to accept credentials and attributes compliant with the U.S. Federal Identity, Credential and Access Management program (FICAM).

ForgeRock and Ping Identity are the first platforms to be integrated with Connect.Gov for managing user access to online government services.

Connect.Gov, however, isn't just a federation proxy that takes in credentials on the citizen side and pushes them out the other side in a way that meets government configurations and protocols.

Per NSTIC guidelines, Connect.Gov must provide anonymity so that the public data it takes in cannot be linked to its owner. It must also provide that the parties in the transaction cannot be identified, and that activity on government Web sites cannot be linked to third-party identity providers and vice versa, a condition known as "unlinkabilitiy."

The goal is that private organizations that issue credentials to citizens - and the agencies that accept them - will have no way to track where citizens use those credentials.