Cloud credential exchange enables feds to accept multiple online IDs
The United States Postal Service is trying to reinvent itself as a cutting edge provider of cloud-based identity systems.
Federated identity is a hot topic among relying parties and identity providers and one of the most anticipated pilots will be the U.S. Postal Service’s work with the Federal Cloud Credential Exchange (FCCX, pronounced F-Six). “The exchange is a pilot project designed to enable more efficient and secure credentialing of citizens visiting federal government web sites,” explains Darleen Reid, senior public relations representative for Postal Service.
The goal for the exchange is to relieve government agencies from managing independent username and password systems to authenticate citizens to government services. The intent is to expand agency acceptance of credentials issued by third parties. In short, FCCX aims to simplify the technical integration for accepting certified, externally issued digital credentials, explains Jeremy Grant, senior executive advisor for Identity Management at NIST.
Policies mandate that federal agencies are to accept credentials that have gone though an approval process, but delays have prohibited this from happening. The main reason that it has taken so long to accept third-party credentials is the level of integration required for each individual credential provider.
FCCX will change this and enable agencies to integrate once with the cloud-based solution and then be able to accept numerous types of credentials. “It makes it an ‘Easy Button’ for agencies that want to accept federated credentials,” Grant explains.
Once a credential is approved, the FCCX will have 30-days to make sure it can be accepted for use on federal sites.
The exchange and the strategy
The Federal Cloud Credential Exchange also supports the National Strategy for Trusted Identities in Cyberspace (NSTIC) by echoing the need for and vision of an identity ecosystem. The national strategy is an initiative that fosters a safer, more secure cyber environment that will improve – and ultimately transcend – the oft-used password for logging in online.
“NSTIC has a vision for the identity ecosystem that enables individuals and organizations to utilize secure, efficient, easy-to-use and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice and innovation,” says Reid.
The fundamental idea behind NSTIC is straightforward. A student, for example, gets a digital credential from their mobile provider and takes steps to have additional verifications performed so there is greater assurance behind that credential. It can then be used to login to banking, e-mail, social networking sites and even conduct business with federal agencies – without having to memorize the dozens of accompanying passwords.
It is this added level of assurance that the national strategy is so keen to push to the masses. The hope is that citizens and organizations alike will discover a renewed comfort and trust in the online environment, as all participating service providers will have agreed en masse to consistent standards for identification, authentication, security and privacy.
How does FCCX work?
The exchange effectively acts as the central hub for the authentication of credentials from multiple agencies, spanning all different levels of assurance. Put another way, the exchange is a cloud-based go-between for third-party credential providers and agencies.
“The exchange would act as an integration ‘middleman’ between federal agencies and approved digital credential providers,” says Reid. “It would streamline digital credentialing, authentication and reduce costs for government agencies while also providing secure, privacy-enhancing and easy-to-use solutions for citizens.”
The project aims to create a hardware and software solution that will make it possible for citizens to access services on numerous government web sites using externally issued digital credentials brokered through the platform. The middleman would stand between the credential service provider and relying party services. This architecture enables relying parties to interact with multiple credential providers without the effort and cost of integrating each of them: the basis for the cloud credential exchange.
The USPS will be the operating entity for the exchange, managing the implementation and working with the GSA, NIST and other agencies, explains Reid.
Who’s using FCCX?
The future of FCCX looks promising. “We anticipate up to six government agencies with citizen-facing services to utilize the service within the pilot year,” says Reid.
In the meantime, the move to FCCX makes sense for the Postal Service as it creates a unique opportunity to expand to the digital realm in a way that places the agency at the forefront of a new identity ecosystem, perhaps cementing the agency’s relevance for years to come.