The E-Authentication Federation is a group of federal agencies and commercial entities that have agreed to follow an extensive set of regulations that allow each of the federation partners to "trust" each other. General Services Administration (GSA) is the managing partner. They provide the oversight and management necessary for the federation to function. Each of the participating agencies or commercial entities can participate in various oversight bodies to assure their agencies interests are protected.

The E-Authentication Federation allows participating members to take advantage of work already accomplished by other federation members. As more and more agency applications are enabled to accept federation credentials, you as the end user will be able to utilize one credential to authenticate to multiple applications with various federal agencies you may have access to.  One of the main goals of the E-Authentication Federation is to simplify the process for you to do business with the federal government electronically.

The E-Authentication Federation is made up of the management body (GSA), the Credential Service Providers (CSPs), Relying Parties (RPs), and Agency Applications  (AAs).  The Department of Veterans Affairs is an RP and My Healthe Vet is an AA. We are utilizing the Operational Research Consulting, Inc. (ORC) as our first credential service provider. A listing of current members and participating applications is located on the E-Authentication Federation Home Page.

Commonly to access computerized applications you are asked to enter in a user id and a password. The user id generally symbolizes who you are or "identification", and the password provides "assurance" that it is really you typing in the credential. Once the system can validate the user id and the password you entered, you are "authenticated".  This is a very simplistic explanation for a fairly complex process, but it all happens behind the scenes and a general system user is unaware that they are occurring.

You have several ways to determine if an online application is participating in the E-Authentication Federation.
1) The GSA E-Authentication Portal http://asc.gsa.gov
2) Relying party websites like this VA E-Authentication Portal http://www.va.gov/eauth
3) Credential Service Providers web sites like http://www.orc.com

A CSP issues credentials, which typically are a combination of username and password. Depending on the level of assurance for the credential the CSP will also perform identity proofing. In the past, each website or application you visited wanted to provide you with a username and password for use on that system only. This forced you to keep up with many, often different, online credentials for different websites. In the E-Authentication Federation, a credential issued by a CSP will be usable at multiple websites participating in the E-Authentication Federation. As the federation grows so will the number of websites that will accept your credential.

Relying parties are the government agencies (and perhaps other entities) which trust or "rely" on CSPs to correctly and securely issue credentials to you the end users. They also provide the "service" that allows you to authenticate by either logging into their website directly or through links from participating Agency Applications.

Agency Applications are the web sites where you can use your E-Authentication Federation credential. They may include the online store where you order medical supplies, or a site where you can track your education benefits. Agency Applications use a Relying Party and a Credential Service Provider to make sure the person requesting your information is really you and the internet connection is secure the entire time you use the application.

One function of the E-Authentication Federation is to enable trust between all the federation members. They ensure that Credential Service Providers issue credentials according to documented and accepted security practices, and the Relying Parties and Agency Applications are using the credential appropriately. By having an oversight body the agencies are able to work together in a standardized fashion to utilize work and effort already performed by another agency.
After you authenticate to the CSP, a variety of internet security standards and technologies work to securely hand your internet session over to the Relying Party and then the Agency Application of your choice. There is actually a significant amount of technology and interoperability required to perform this function, and it all happens without the user generally being aware that it is occurring.

Traditionally each online government service, or "agency application," issued its own credential that could only be used at that application. Under this approach, people who use many different online government services tend to have many different credentials. One of the problems with having many user IDs and passwords is that people may not be able to remember them all and so they tend to write them down. This increases the risk that an unauthorized person will discover and use those credentials. By enabling end users to reuse credentials they already have rather than creating new credentials every time they try to access a new service, E-Authentication helps reduce the risks and hassles associated with having too many credentials.
E-Authentication is definitely a change from the way we are used to doing things. But we think it is a change for the better. No more struggling to remember obscure log-ins, passwords, and using sticky-notes to keep track of everything. With E-Authentication, you may be able to use one authentication credential to log into all the participating applications you have access to. As the E-Authentication Federation membership grows, so will the value of your E-Authentication credential.

An E-Authentication credential is a standard form of user identification that is issued by a Credential Service Provider. There are different levels of credentials that are issued based on the security requirements of the application you are accessing. The National Institute of Standards and Technology (NIST) has defined four assurance levels. Levels 1 and 2 are user IDs and passwords, while levels 3 and 4 require additional security measures.

User IDs and passwords are the most common form of credential. The end user enters both his user ID and his password. The system compares the information presented to the information it has on record, and if they match, the end user is allowed access to the system. Different types of credentials work in different ways but, the end user must demonstrate some knowledge that only the end user should have, such as being able to correctly enter the secret password in order to establish his electronic identity.

Yes, you can have multiple credentials.

That depends. Since the E-Authentication Federation is still growing, not all participating applications are established with all Credential Service Providers. It is a goal of the Federation that all applications work with all CSPs but that will take time to implement. Also, not all CSPs issue credentials at all four of the assurance levels. It might be possible that a credential you currently hold will not match the level of assurance required for a particular application. In general, if you have a higher level of credential than what the application requires the system should accept the credential. If your credential is lower than the application you are trying to access it will not be accepted.

1. Go to the ORC's website http://www.orc.com and complete the online portion of your registration.
2. Print out your registration form and personally  take it to a Notary Public. You will need to present identification (such as a Drivers License) to the Notary to allow them to verify or proof your identity.  Notaries operate in nearly every community in the U.S. They are often found in legal offices, banks, and real estate firms. Occasionally, they can be found in Government offices as well. They may or may not charge a fee.
3. Once your registration is notarized, you will need to send it to the address listed on the form, either by Certified U.S. Mail, Federal Express, or United Parcel Service.
4. Once the ORC has created your credential they will send you an email message informing you of how to activate your credential.

Yes. E-Authentication involves a very rigorous testing process and utilizes national standard encryption techniques to ensure security. Additionally, the use of a validated credential enhances the security of the systems involved.

If you forget your password, you may use the password reset feature available through the ORC Credential Service Provider site (https://csp.orc.com ). You can either enter your User ID or your email address and ORC will email a response.

The National Institute of Standards and Technology (NIST) has defined 4 separate levels of assurance.
Level 1 would be equivalent to a self registration. The web site or application does not really need to know who you are, just that that you are the same person that registered and is using the account.
Level 2 credential requires a certain amount of confide or "level of assurance" that you are who you say you are. This is why in person proofing is required for level 2 credentials.  This is the level of assurance needed to access most VA participating applications.
Levels 3 and Level 4 require additional technology besides a user id and password to provide the additional level of confidence that is required for highly secure application requirements. This level of security would be common in military or national security situations.

Identity proofing is the process that a CSP uses to verify you are who you say you are. Before issuing you a credential, the CSP must ensure that the person asking for the credential is that person. Because ORC does not have offices nationwide to perform identity proofing, they have instituted a process that involves a Notary Public. This allows you to have your identity proofed by any Notary nationwide. Generally most banks offer this service for their members at little or no cost. The Notary Public will verify your identity and provide a Notary seal on your application form that you will mail into the ORC. The verification of your identity by the Notary Public provides a level of assurance that you are the person you claim to be.