Interesting People mailing list archives
login.gov
From: "Dave Farber" <farber () gmail com>
Date: Mon, 23 Oct 2017 12:57:48 -0400
Begin forwarded message:
From: Ross Stapleton-Gray <ross.stapletongray () gmail com> Date: October 23, 2017 at 12:29:53 PM EDT To: DAVID FARBER <dave () farber net> Subject: login.gov I'd not been aware that this was a thing, prior to seeing this request for Document Authentication Services: https://www.fbo.gov/notices/d8b8b3b0dd8f5606e01313d7dbc8874b Here's their intro:General Services Administration (GSA) Technology Transformation Service (TTS) is designing and developing a Shared Authentication Platform to answer and meet recent federal directives and action plans released by the Executive Office of the President to provide citizens with secure singular digital accounts that can be used government-wide to access participating federal agencies. Congress saw the need for citizens to securely access federal agencies and passed the Cybersecurity Act (CISA) in October 2015 to strengthen the Nation’s Cybersecurity. The Executive Office of the President defined actions federal agencies can follow to meet CISA in the Cybersecurity National Action Plan in February 2016. Armed with knowledge gained from an initial operational capability utilizing third-party credentials and with valuable Government, industry, and customer input, GSA TTS will operationalize a shared authentication platform titled login.gov that provides the public with government-provided digital identities with remote proofing, in a simple, elegant manner from a technical environment that is built on experiences, processes, and infrastructure that will use the latest available technology to safeguard all user data.... From the solicitation:The vendor will collect documentary evidence of identity data via the login.gov platform. The login.gov application will electronically transfer these data elements to the contractor. The contractor will return a real-time verification from the data received via the login.gov platform and the results of the comparison. Based on the response, GSA will determine whether documentary evidence meets our requirements as evidence of the individual’s identity.Does anyone else think that's unlikely to be workable as described? A quick scan of the login.gov site suggests that all one needs to create an account is an e-mail address and a phone at which to receive two-factor tokens. The above seems to then describe how one could bind identity to that account. The skeptic in me is thinking that the leap from "Here are a bunch of things I've scanned and submitted" to "okey doke, you must be John Q. Public, then!" is a little under thought, including that any one contractor could provide such a service (or construct a rich network of all of the various parties that would actually be required). Is this (login.gov) an initiative begun under the Obama administration, and now moving toward implementation under the current one? I'd love to see pointers to any other discussions on login.gov, as it seems both rather ambitious, and a fine way to build in a single point of failure. Ross Stapleton-Gray & Associates, Inc. Albany, CA
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580 Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20171023125755:4EB81FAC-B813-11E7-8132-F4B943A85E32 Powered by Listbox: http://www.listbox.com
Current thread:
- login.gov Dave Farber (Oct 23)