U.S. digital registry uses MAX data-entry technology to authenticate users

Presented by FedTech FedTech's logo

Federal agencies need the new repository for third-party accounts to be secure, for both internal and external users.

A registry of authenticated federal government social media accounts is a smart idea — provided that people can trust that the accounts are actually authenticated. And so to boost customer confidence, the new U.S. Digital Registry is supported by a technology that is designed to validate the credentials of federal employees.

The Digital Registry, which the General Services Administration (GSA) launched late last month, is designed to give users outside the federal government a clear way to know which accounts on Facebook, Medium, Twitter and other platforms are the official ones of federal agencies. Through an application programming interface, or API, developers, organizations and other interested parties can use the registry to create new apps or services.

However, to be useful, the registry must be secure and those accessing it must believe that the data in it is secure. That’s where the MAX.gov information system comes in, according to Justin Herman, the GSA's SocialGov program lead.

Making the registry secure

In an interview with FedTech, Herman explains that the Digital Registry is built with the Ruby on Rails coding platform and that the API is built into the registry, which is available on the open-source code service GitHub.

MAX.gov is a government-wide information system that is used “to collect, validate, analyze, model, collaborate with agencies on, and publish information relating to its government-wide management and budgeting activities,” according to the Office of Management and Budget. The system enables collaboration, data entry, analytics, the creation of structured data collections, and more.

The MAX system also serves as a gatekeeper for the Digital Registry. “With obvious growing needs and concerns about cybersecurity and ensuring the validity of authenticity of the data that is coming out of the registry, we wanted to ensure at a baseline that secure entry into it,” Herman says.

That means that those outside the government can have faith in the validity of the registry’s information, because only authenticated federal employees can enter anything into the database, according to Herman.

“It’s a great accountability mechanism internally for an agency,” he says. “They have to assign an authenticated federal manager to an account.”

Herman notes that the MAX system is one of the few digital services in the U.S. government that can be accessed by all agencies. Federal employees who want to add or change an entry in the registry need to log in to the MAX system with authenticated credentials.

More important, though, the MAX system links federal accounts to specific federal IT managers. So if there is suspicious activity on an account in the registry or if a user is logged out, Herman says, the system makes it possible to contact the federal manager responsible for that account.

The registry itself is currently just a “simple repository,” he explains, with export and archiving functions. The export function allows users to put registry entries into a Microsoft Excel spreadsheet. The archiving function lets users shut down or turn off accounts that are no longer official or used, something that may happen if there is a change in agency policy or leadership; taking this action signals services like Twitter that an account is no longer official.
What comes next?

So what happens now with the Digital Registry? According to Herman, the GSA had an initial goal of getting 6,000 accounts into the registry by end of February 2016, but it now expects to hit that milestone this week.

Federal agencies are still inputting information into the registry and making entries richer and more detailed. The Digital Registry has data fields containing the name of an account and its appropriate agency, the platform used, the URL, a short description (including mission focus) and a long description (including links to comment policies, terms of service and other resources), and what is known as “collaborative tagging.”

The GSA plans to meet with Internet of Things application developers to discuss how they can use registry data to offer services for wearable devices and gadgets inside homes.

“That to me, personally, is exciting and something I want to see,” Herman says. “The level of positive contribution that we’ve immediately received from this has been very encouraging.”

Indeed, users inside the government and the private sector are already showing that the registry’s data can be used to create a new generation of digital services. “I encourage anybody to find us and reach out,” he says, “because these conversations on how we’re going to build that future are happening right now.”

Interested in finding out more information on how federal agencies secure their IT systems? Check out the ​latest security IT articles on FedTech Magazine. ​

This content is made possible by FedTech. The editorial staff of Nextgov was not involved in its preparation.