This site is here as a historic archive only. In July 2007, the work of the EAP merged into Liberty Alliance as part of the Electronic Identity Assurance Expert Group. Updates of this work are available at:

http://www.projectliberty.org/index.php/liberty/strategic_initiatives/electronic_id_assurance

EAP Frequently Asked Questions (FAQ’s)

What Does “Interoperability” Mean?
What Does “Authentication” Mean?
Where Does the EAP Fit Into Electronic Authentication Interoperability?
What are the Benefits of Participating in the EAP?
How Does the EAP Intend to Enable Interoperability?
Who is Running the EAP?
Who is Participating in the EAP?
What Spurred the Development of the EAP?
Where Can I Find More Information about the EAP?
Where Can I Learn More About Membership?

What Does “Interoperability” Mean?

In an e-authentication environment, interoperability means that if one organization has authenticated an individual using electronic means – a customer, say, or an employee, user, participant, member, taxpayer, etc. – other organizations that require authentication can rely on the authentication process of the first organization. The benefit: Other organizations don’t have to bear the cost and time of re-authenticating the individual.

What Does “Authentication” Mean?

Authentication refers to simply establishing someone’s identity. That is, it assures that a person is who he/she says he/she is. This differs from authorization, which describes what that person is allowed or entitled to do. A familiar example is entering a password to access a computer system – that’s authentication – and then being able to access certain files – that is authorization.

Authentication does not address what the authenticated individual has the right to do.

Where Does the EAP Fit Into Electronic Authentication Interoperability?

The EAP goal is to provide organizations a straightforward means of relying on digital credentials issued by a variety of e-authentication systems. The EAP is not going to duplicate the work of other organizations in the e-authentication world nor does it seek to replace individual industry-wide authentication protocols.

Instead, the EAP will build on the groundbreaking work of others by:

  • Creating a voluntary partnership for governance of digital authentication among stakeholders from all levels of government, the private sector and public interest groups.
  • Eliminating the need for individual parties to have bilateral agreements with each other party upon whose authentication processes they wish to rely. Instead, any party operating under EAP rules agrees to follow those rules, resulting in multilateral trust among all participants.
  • Establishing and maintaining common policies and practices for credentials, credential providers and credential processors that will facilitate trust, interoperability and the easy evaluation and acceptance of credentials issued by other parties.
  • Developing an evaluation process for credentials, and setting standard approaches and minimum requirements for identity management.
  • Building on and complementing existing credential mechanisms for operating rules and associated processes.
  • Working cooperatively with other nations’ identity systems.

What are the Benefits of Participating in the EAP?

The EAP is now entering a critical phase—moving from theory to reality. The EAP has developed a trust framework, which includes policies and rules, to promote interoperability and is now ready to put their framework to the test. Members will play a pivotal role in identifying projects suitable to test the framework and determining which policies and practices promote the interoperability of electronic identity credentials issued by different federations.

Members have the opportunity to:

  • Help shape identity assurance policy for both the public and private sectors.
  • Expand markets by promoting wider use of identity credentials.
  • Stay abreast of government policy that will have an impact on identity assurance.
  • Learn about the latest technology, standards, and solutions in the e-authentication and identity assurance industry.
  • Get to know public and private sector leaders in e-authentication.
  • Identify opportunities to save time and resources in implementing identity assurance programs.
  • Vote on key aspects of the EAP’s Trust Framework as it is modified in response to pilot tests and other developments.
  • Position their organization to participate in pilot programs that will influence the evolution if identity assurance.
  • Participate in all EAP membership activities, such as meetings, conference calls, issue resolution, and rules updates.
  • Have access to the “Members Only” section of the EAP website, documents, and materials.
  • Avoid “re-inventing the wheel” by identifying best practices in the industry.

How Does the EAP Intend to Enable Interoperability?

The EAP will foster interoperability among e-authentication systems by:

  • Drafting rules for credentials and authentication systems for different and hierarchical assurance levels. These rules will provide a standard set of criteria for evaluating credentials at each assurance level.
  • Developing the means to (a) assess credentials and systems against the standard set of criteria and (b) convey that assessment to relying parties.
  • Drafting “rules of engagement” for relying parties that will allow them to use third party credentials. These rules would take the place of bilateral agreements.
  • Creating operating rules for validating credentials and defining how validation of credentials will be conducted.

Who is Running the EAP?

Initially, NACHA – The Electronic Payments Association is providing secretariat services for the EAP under a contract with the Federal Government’s General Services Administration. NACHA is assisting the EAP in developing a governance structure and in filing for incorporation. 

Once bylaws have been adopted, the organization will levy dues and will become a self-sustaining entity.

Currently, these individuals play key roles in managing EAP functions:

  • EAP Officers:
    • Chair, Michael Sessa, Executive Director, Postsecondary Electronic Standards Council (PESC)
    • Vice Chair, David Temoshok, Director, Identity Policy/Management, U.S. General Services Administration
    • Secretary, Gabe Minton, Vice President Industry Technology, Mortgage Bankers Association
    • Treasurer, Glen Gainer, State Auditor, West Virginia, Representing the National Association of State Auditors, Comptrollers and Treasurers (NASACT)
  • Executive Secretariat:
    • Helena Sims, Managing Director, Public/Private Partnerships, NACHA – The Electronic Payments Association
    • Jaime Hill, Assistant Director, Public/Private Partnerships, NACHA – The Electronic Payments Association

Who is Participating in the EAP?

The EAP is comprised of a wide range of stakeholders, including Federal government agencies, state governments, private sector companies and organizations, public interest groups and trade groups.

The EAP welcomes any public or private sector organization.

Click here to see the list of members:

What Spurred the Development of the EAP?

The need to authenticate individuals is increasing. A given individual may be authenticated by many organizations playing many roles. For example, one individual might need authentication to, say, access an airline’s web-based tickets and boarding passes; to review account information at a financial institution; to update beneficiaries for an insurance policy; to access an employer’s internal website; etc.

But in today’s environment, authentication of a given individual is almost always carried out by each individual organization for the same person. If two organizations wish to trust each other’s authentication processes, they must negotiate a bilateral agreement. As the number of authenticating organizations grows, the number of agreements grows exponentially.

To tackle the issues and problems raised by attempts at interoperability, the EAP believes that it is most effective for government agencies, commercial entities and non-government organizations to work together.

The EAP grew out of two initiatives by prestigious Washington, DC organizations. Johns Hopkins University and the Center for Strategic and International Studies (CSIS) convened groups of public and private sector participants to analyze how interoperability for e-authentication could be achieved. The CSIS subsequently hosted four meetings to begin outlining the missing and structure of a governing group. The goal of the meetings was to create a shared effort for developing rules for credentialing across networks. The CSIS Work Group believed that citizens and consumers should benefit from reliable identity management processes that let them conveniently access information and services when authentication is needed.

The EAP was announced on December 9, 2003, by Karen Evans, Administrator of the Office of Electronic Government and IT, Office of Management and Budget (Federal Government).

Where Can I Find More Information about the EAP?

Contact:

  • Helena Sims, Senior Director, Public/Private Partnerships, NACHA – The Electronic Payments Association; 703-561-3930; hsims@nacha.org
  • Jaime Hill, Assistant Director, Public/Private Partnerships, NACHA – The Electronic Payments Association; 703-561-3945; jhill@nacha.org

Where Can I Learn More About Membership?

To learn more about membership or to review our bylaws, dues structure, or trust framework, visit out Membership page.

 
EAP Membership

Copyright © 2003 NACHA-The Electronic Payments Association
Please direct all  inquiries into NACHA to info@nacha.org