As the General Services Administration’s 18F digital team builds out a proof-of-concept identity management portal called login.gov, it wants to share with the public the principles and questions it’s considering during development.
The team published a login.gov Identity Playbook Tuesday to help other agencies build “usable, secure, and privacy-connecting consumer identity management systems.”
“This playbook is to help interested parties understand how we’re building login.gov and to help them implement an identity management system of their own,” a GSA official told FedScoop.
The playbook focuses on five principles 18F says are common to successful ID management systems: Focus on user needs, be transparent about how it works, build a flexible product, use modern privacy practices and create responsive security systems.
The digital services team compiled the principles from the best practices and recommendations of “policy experts, system architects, and people focused on creating a great user experience,” as well as its own progress.
The playbook also offers a list of questions agencies or organizations should ask themselves to determine if a consumer identity management system is right for them, as well as additional resources, including 18F’s GitHub repo for login.gov development.
The platform could open to beta testing in the next few weeks, according to a privacy statement about the system’s collection of personally identifiable information published to the Federal Register late last month. That publication further details how the system intends to “identity proof” users “for the purpose of obtaining a credential or electronically authorizing access to an agency application or service.”
18F intends for other federal agencies to integrate login.gov as a central single sign-on into their existing services.
Login.gov follows a lineage of mostly failed government online sign-on and identity management platforms under the Obama administration — the latest being GSA’s development of a project called Connect.gov — spurred by the National Institute of Standards and Technology’s National Strategy for Trusted Identities in Cyberspace, which offers private sector companies and researchers grants for partnering with the government to develop such a system.