Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

login.gov

From: "Dave Farber" <farber () gmail com>
Date: Mon, 23 Oct 2017 12:57:48 -0400



Begin forwarded message:


From: Ross Stapleton-Gray <ross.stapletongray () gmail com>
Date: October 23, 2017 at 12:29:53 PM EDT
To: DAVID FARBER <dave () farber net>
Subject: login.gov

I'd not been aware that this was a thing, prior to seeing this request for Document Authentication Services:
https://www.fbo.gov/notices/d8b8b3b0dd8f5606e01313d7dbc8874b

Here's their intro:


General Services Administration (GSA) Technology Transformation Service (TTS) is designing and developing a Shared 
Authentication Platform to answer and meet recent federal directives and action plans released by the Executive 
Office of the President to provide citizens with secure singular digital accounts that can be used government-wide 
to access participating federal agencies.  Congress saw the need for citizens to securely access federal agencies 
and passed the Cybersecurity Act (CISA) in October 2015 to strengthen the Nation’s Cybersecurity.  The Executive 
Office of the President defined actions federal agencies can follow to meet CISA in the Cybersecurity National 
Action Plan in February 2016.
 
Armed with knowledge gained from an initial operational capability utilizing third-party credentials and with 
valuable Government, industry, and customer input, GSA TTS will operationalize a shared authentication platform 
titled login.gov that provides the public with government-provided digital identities with remote proofing, in a 
simple, elegant manner from a technical environment that is built on experiences, processes, and infrastructure that 
will use the latest available technology to safeguard all user data.

...

From the solicitation:


The vendor will collect documentary evidence of identity data via the login.gov platform.  The login.gov application 
will electronically transfer these data elements to the contractor.  The contractor will return a real-time 
verification from the data received via the login.gov platform and the results of the comparison.  Based on the 
response, GSA will determine whether documentary evidence meets our requirements as evidence of the individual’s 
identity.  


Does anyone else think that's unlikely to be workable as described? A quick scan of the login.gov site suggests that 
all one needs to create an account is an e-mail address and a phone at which to receive two-factor tokens. The above 
seems to then describe how one could bind identity to that account. The skeptic in me is thinking that the leap from 
"Here are a bunch of things I've scanned and submitted" to "okey doke, you must be John Q. Public, then!" is a little 
under thought, including that any one contractor could provide such a service (or construct a rich network of all of 
the various parties that would actually be required).

Is this (login.gov) an initiative begun under the Obama administration, and now moving toward implementation under 
the current one?

I'd love to see pointers to any other discussions on login.gov, as it seems both rather ambitious, and a fine way to 
build in a single point of failure.

Ross

Stapleton-Gray & Associates, Inc.
Albany, CA











-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20171023125755:4EB81FAC-B813-11E7-8132-F4B943A85E32
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: