by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : May 15, 2015
however. Indeed, the NSTIC program office continues to spawn a variety of pilot projects for identity management. ID.me, for example, has been working on a project to build on its Troop ID credential, which lets military person- nel obtain discounts at online retailers. The pilot project aims to expand Troop ID’s scope to include government services. In the initial phase of the expansion, veterans will be able to use the credential to access online services at the VA, said Matthew Thompson, founder and chief operating officer at ID.me. The company plans to replicate that approach elsewhere. “We can scale that out to other government agencies,” Thompson said. Another expansion in the works will enable Troop ID credential holders to use that solution to access services at other government agencies via Connect.gov. Resilient Network Systems, meanwhile, was among the first companies to receive pilot funding via NSTIC. The pro- gram office selected the company and its partners to create two pilot solutions for boosting information access in the education and health care fields, using Resilient Network Systems’ Trust Network platform. (Note: Richard Spires, Resilient Network Systems’ CEO and a former CIO at the Department of Homeland Security and the IRS, writes fre- quently for FCW.) Grant, who helped launch the NSTIC program office, said more than a dozen pilot projects have been funded thus far, and he is excited about what they have accomplished. “We actively chose pilots that pushed the envelope, with a focus on making something happen in the marketplace that otherwise would not,” he said. “And while not every pilot has been a smashing success, collectively, the pilots have had a major impact in helping to catalyze the marketplace.” The hurdles New identity management solutions face a number of chal- lenges, but technical issues rate below other considerations. “In the few occasions where pilots have struggled, it’s rarely been because of technical challenges,” Grant said. “The bigger issues have been around the policies and busi- ness rules involved with rolling out a new identity solution that is trusted by multiple parties across different sectors.” At GSA, Kerber said getting the public comfortable with using credentials via Connect.gov is one of the ongoing challenges. She said the important task is instilling trust in users, who are often concerned that a credential pro- vider will keep track of the government websites they visit. However, the Connect.gov website states that the program “prevents sign-in partners from knowing which agencies or applications customers are accessing.” Grant also pointed to privacy protection as a key issue. He said officials have been addressing the challenge of creating identity solutions that handle individuals’ personal data fairly and transparently without enabling new types of tracking. “There are some great ways to build privacy into identity solutions right from the start, but it takes some extra effort,” Grant said. “And in many cases, we’ve seen that unless organizations are proactive about protecting privacy from the start, these privacy-enhancing elements don’t always make it into systems.” A poor user experience can discourage people from using an identity management system. Spires said issues can arise when a system doesn’t fit what users are accustomed to or fails to conform to the users’ notion of a good solution. If “they have to go through a number of hoops to get data that they normally have access to,” he said, it can prove difficult to retrain users to work with such a solution. n ExecTe c h 26 May 15, 2015 FCW.COM What’s next? • Standards development. Many government organizations have adopted single-sign-on solutions that are based on Security Assertion Markup Language. Although SAML’s deployment history gives it staying power, standards such as OpenID Connect are growing in importance. Stu Vaeth, senior vice president of business development at Secure- Key Technologies, said OpenID Connect offers a simpler approach and a modern application program- ming interface. He added that where legacy infrastructure isn’t an issue, new identity management solutions will move to OpenID Connect. • Identity as a service. Identities provided as a service — and not bound to a specific application — will become more prevalent in the next three years, said Paul Christ- man, vice president of the public sector at Dell Software. He said the approach will provide advantages in security, usability and application development. • Usability gains. Industry and gov- ernment are working on improving the usability of identity manage- ment technologies. The National Institute of Standards and Technol- ogy, for example, issued guidelines last year for derived credentials, which can be deployed directly on smartphones and tablets. That method lets users avoid having to attach a personal identity verifica- tion card reader to a mobile device, which can be awkward. Jeremy Grant, senior executive adviser for identity management at NIST, said new solutions are being built into computers and mobile devices that will free users from carrying a sepa- rate verification tool. — John Moore 0515fcw_024-026.indd 26 4/22/15 12:21 PM
April 30, 2015
May 30, 2015