Defense still working out identity management issues

The Defense Department is seeking industry's help in crafting a vision for identity management that balances security with a user's right to privacy.

Dave Wennergren, Navy CIO and chairman of the DOD Identity Protection and Management Senior Coordinating Group, said the group has made progress in whittling down dozens of public-key infrastructures that didn't work together to a single Defense Department-wide PKI.

Wennergren spoke Wednesday at GCN's 2004 Enterprise Architecture Conference in Washington. He said the department is aiming to use PKI not just to authenticate people on the Internet but to protect transactions.

"What happens with Visa? You can have a Visa transaction approved simultaneously whether you are in Thailand or the United States," Wennergren said, adding the identity management group wants the same flexibility with its PKI.

"Transactions need to have identity. I'm looking for help as I create the vision for the future," Wennergren added, encouraging military officials and vendors to email him with ideas.

In January, the Defense Department CIO created the DOD Identity Protection and Management Senior Coordinating Group. It serves as the senior oversight body for the management of the smart card, PKI and biometrics programs. Previously, three separate senior bodies were responsible for the programs. The organization consists of general officers and senior civilian representatives from each of the armed forces, joint staff, the Office of the Secretary of Defense, and DOD organizations.

Wearing his Navy hat, Wennergren told the audience there are two paths to enterprise architectures: building them from the ground up, or buying them.

The Navy chose to buy one when it outsourced the integration and management of its IT systems to EDS Corp. to build the $8.82 billion Navy-Marine Corps Intranet.

Wennergren said the Navy wanted one common language and has found it in NMCI?a program that combines voice, video and data on a single portal for more than 360,000 users. Web services, not mainframes, are the Navy's future, he said.

With NMCI, there is better interoperability, enhanced security, a reduction of legacy systems, PKI to every desktop and technology refreshes built into the contract, Wennergren explained.

Users also determine how much EDS will earn in incentive payments by their results using the portal.