Versions Compared

Version Old Version 4 New Version 5
Changes made by

Larry Talley - NOAA Federal

Larry Talley - NOAA Federal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

On September 3, 2008, Larry Talley and Steve Holden had a teleconference with Owen Unangst of USDA. Owen explained that the USDA e-authentication program's "levels" are based on the OMB assurance levels published in NIST 800-63: Electronic Authentication Guideline. Owen explained that the impetus for USDA e-authentication came from the Freedom to E-File Act passed in 2002. Analysis at USDA at that time documented over 3,000 separate types of interaction with the public. Of those 3,000 interactions, it was concluded that only 135 required OMB level 3 access. Based on this analysis, USDA focused initial efforts on level 1 and level 2 access.

Owen further described The characteristic features of USDA levels 1 and 2 as followsare:

Panel

Level 1: No confidence in identity - Users register themselves with no proof or evidence to confirm their identity. Registration allows users to create customized "My.agency.gov" pages, and allows the agency to recognize repeat customers. The agency doesn't know who the customer is, but, they can tell that "this is the same customer who was here yesterday". Owen reported that 20-25 of there 3,000 interactions require only level 1 access. These tend to be complex "lookups" where personalizing the page is a significant convenience to the customer.
Level 2: Significant confidence in the original identity proofing, somewhat less confidence in the custody of the credential - Applicants first register themselves for a level 1 credential. They then present government-issued photo ID to agency employees who have been trained in identification procedures. If the agency employee accepts the identification, then the customer's level 1 credential is changed to a level 2 credential. At this point there is strong confidence in the customer's identity. However, there are no controls to prevent the customer from revealing their username and password to a third party, so unique custody of the credentials cannot be guaranteed.

As of our conversation, USDA has 290 applications which subscribe to single-sign-on through their e-authentication system. These systems are distributed among the 29 line agencies within USDA. The e-authentication system has over 300,000 users, of which approximately 200,000 are citizens, and 100,000 are USDA employees. The level 1 and level 2 credentials provide single-sign-on, business level authorization through role-based access control, and e-signature. Owen reported that in the previous month there had been 1.7 million logins and 77 million authorizations. He further noted that customers responded positively to the single signon and e-signature capabilities. They do get some complaints that help desk service is not fast enough, particularly for password recovery assistance.

...