E-Authentication and Reusable Services

From EITLC Wiki

Contents 1 Rating of this issue is closed 2 Issue Overview 3 Reusable Services Opportunities 4 Issue Components 5 Examples Rating of this issue is closed Thank you for providing your ratings on this issue as a potential focus for an EITLC Priority Action Team. Results of voting and top issues will be announced shortly.

Issue Overview

A reusable service as described by the Oracle Corp, is an autonomous, reusable, discoverable, stateless functionality that has the necessary granularity, and can be part of a composite application or a composite service. E-authentication is a primary example of a reusable service. “E-Authentication is the process of confirming the identity of individuals who use credentials to sign-on to computer systems or create electronic signatures. Credentials include personal identification numbers (PINS), passwords, and public key infrastructure (PKI) certificates.” (http://www.epa.gov/Networkg/eauth/index.html)

Reusable Services Opportunities

The re-use of credentials across computer systems can help to minimize or eliminate the need to register for and use multiple credentials, reducing the burden on users who access a specified system. If credentials can be re-used, then individuals need not acquire and keep track of separate credentials for each computer system they access. In principle, a single credential could be used across all systems. (EPA/OIC White Paper - The Exchange Network E-Authentication Pilot). The EITLC should consider which opportunities or tools exist for information technology and information management departments to integrate services (i.e. e-authentication) into new and existing environmental data flows.

Issue Components

• CROMERR: The Cross-Media Electronic Reporting Regulation (CROMERR) provides the legal framework for electronic reporting (ER) under all of the Environmental Protection Agency's (EPA) environmental regulations.

• CDX: The Central Data Exchange (CDX) enables fast, efficient and more accurate environmental data submissions from state and local governments, industry and tribes to the Environmental Protection Agency (EPA) and participating program offices.

Examples

EPA developed a production version of the PKI component of the EN e-Authentication pilot, with the objective of using the CDX EN Network Node (CDX-0Node) to provide the PKI certificate validation services to Indiana’s Emission Inventory Tracking System, which receives air emissions reports from facilities regulated under Indiana’s air program. The project is a partnership between EPA, GSA, and Indiana. The project fulfilled EPA’s commitment to OMB: to implement e-Authentication for CDX-Node by the end of the second quarter 2007.