GSA plots single sign-in

What: Expanding Connect.Gov

Why: Navigating the Internet using a tangle of username-password combinations can tax even the sharpest memory. One solution is to use a single trusted identification credential, like a Google or Facebook account, to access a variety of sites. The federal government is taking that approach in its Connect.Gov service, run by the General Services Administration. Formerly known as the Federal Cloud Credential Exchange, Connect.Gov is working toward creating a system in which users can access government websites and services using an existing credential.

If it works, ordinary users of government services will be able to access federal websites using a single login, one that is more secure than a simple username-password because credential owners can lock down access in a variety of ways, such as two-factor authentication using a mobile phone, or a set of encryption keys known only to the user.

The effort is in an early phase. A pilot program called USPS Connect run by the U.S. Postal Services uses credentials from Yahoo, Google, Verizon, ID.me and PayPal to clear users for single-login access to a variety of government services. The single-login idea is at the forefront of the work of the National Strategy for Trusted Identities in Cyberspace, which is run by the National Institute of Standards and Technology.

GSA is looking to go wide with the single-login approach. In an April 16 request for information, GSA is seeking vendors to develop a full operational model for Connect.gov. "The next generation of data-centric digital applications will largely be driven by the government’s ability to inspire trust among its users. This may require agencies to leverage multi-factor authentication, effective identity proofing, and provide a good user experience," per the RFI.

GSA is seeking proposals that conform to one of two operational models. The first imagines Connect.gov run on the basis of two contracts, one for a business broker to approve participating credential service providers and manage relationships with those firms, and a second contract for a technical broker to operate the gateway between the government agency systems and the Connect.gov platform. Under a second model, GSA would manage a blanket purchase agreement or other contract vehicle to cover the business broker and technical broker operations. Under either model, a contractor would be responsible for operating the intermediate layer between the credential provider (Google, PayPal, etc.) and the participating government agencies. The agencies would pay GSA directly to use Connect.Gov.

Responses are due by June 19.