...
| Panel |
|---|
Level 1: No confidence in identity - Users register themselves with no proof or evidence to confirm their identity. Registration allows users to create customized "My.agency.gov" pages, and allows the agency to recognize repeat customers. The agency doesn't know who the customer is, but, they can tell that "this is the same customer who was here yesterday". Owen reported that 20-25 of there 3,000 interactions require only level 1 access. These tend to be complex "lookups" where personalizing the page is a significant convenience to the customer. |
...
Owen also noted that some of the 135 interactions that were initially presumed to require level 3 access may actually be satisfied with level 2 e-authentication because they have mitigating controls elsewhere in the business process. An example given was commodity payments to farmers. In the case of these commodity payments, the relationship with the farmer is an ongoing relationship. The relationship of the farmer to the land and to a bank account has already been established through presentation of deeds checked against county land ownership records, and similar confirmation of banking information. In this case the e-authentication and e-signature involved in a transaction to claim a commodity payment does not expose the agency to significant risk because these other mitigating controls severely constrain the types of mistakes or fraud that could be achieved through the electronic transaction.
The USDA Rural Housing Authority is also considering using e-authentication to protect online statements, and they may consider different identity proofing mechanisms because the loan application process has already "identity-proofed" the borrower above and beyond examination of a photo-id.
Owen noted that they have 2,500 offices that have employees trained in identification procedures. The costs of these employees are born by the line offices, but the cost of the identification training is born by the e-authentication program. The employees who do identification are employees who would be present in these office anyway, and with the e-authentication program covering the cost of the additional training the line offices do not appear to resent the additional workload.
...
Owen also mentioned that Department of the Interior has some applications using the USDA e-authentication system, and that the National Science Foundation has an e-authentication system with considerable customer acceptance.
Owen noted that the e-signature process does include some form of signing ceremony and that Document Binding, Integrity, and Audit Trails are accomplished with standard database practices.