United States Department of Veterans Affairs
United States Department of Veterans Affairs

VA E-Authentication

VA E-Authentication Frequently Asked Questions

  1. What is the E-Authentication Federation?

  2. What does the E-Authentication Federation do?

  3. Who makes up the E-Authentication Federation?

  4. What is authentication?

  5. How do I find an Agency Application (AA)?

  6. What is the role of a Credential Service Provider?

  7. What is the role of a Relying Party?

  8. What is an Agency Application?

  9. How can an application from one agency use my credential issued by someone else?

  10. I already have accounts for the systems I access online, why should I use E-Authentication?

  11. What is an E-Authentication Credential?

  12. How do credentials work?

  13. Can I have more than one E-Authentication credential?

  14. Do I need more than one E-Authentication credential?

  15. How do I receive an E-Authentication Credential from the ORC?

  16. Is E-Authentication secure?

  17. What if I lose or forget my password for an ORC-issued credential?

  18. What is a Level of Assurance?

  19. What is Identity Proofing?

1.  What is the E-Authentication Federation?

The E-Authentication Federation is a group of federal agencies and commercial entities that have agreed to follow an extensive set of regulations that allow each of the federation partners to "trust" each other. General Services Administration (GSA) is the managing partner. They provide the oversight and management necessary for the federation to function. Each of the participating agencies or commercial entities can participate in various oversight bodies to assure their agencies interests are protected.

Return to Top

2.  What does the E-Authentication Federation do?

The E-Authentication Federation allows participating members to take advantage of work already accomplished by other federation members. As more and more agency applications are enabled to accept federation credentials, you as the end user will be able to utilize one credential to authenticate to multiple applications with various federal agencies you may have access to.  One of the main goals of the E-Authentication Federation is to simplify the process for you to do business with the federal government electronically.

Return to Top

3.  Who makes up the E-Authentication Federation?

The E-Authentication Federation is made up of the management body (GSA), the Credential Service Providers (CSPs), Relying Parties (RPs), and Agency Applications  (AAs).  The Department of Veterans Affairs is an RP and My Healthe Vet is an AA. We are utilizing the Operational Research Consulting, Inc. (ORC) as our first credential service provider. A listing of current members and participating applications is located on the E-Authentication Federation Home Page.

Return to Top

4.  What is authentication?

Commonly to access computerized applications you are asked to enter in a user id and a password. The user id generally symbolizes who you are or "identification", and the password provides "assurance" that it is really you typing in the credential. Once the system can validate the user id and the password you entered, you are "authenticated".  This is a very simplistic explanation for a fairly complex process, but it all happens behind the scenes and a general system user is unaware that they are occurring.

Return to Top

5.  How do I find an Agency Application (AA)?

You have several ways to determine if an online application is participating in the E-Authentication Federation.
1) The GSA E-Authentication Portal http://asc.gsa.gov
2) Relying party websites like this VA E-Authentication Portal http://www.va.gov/eauth
3) Credential Service Providers web sites like http://www.orc.com

Return to Top

6.  What is the role of a Credential Service Provider?

A CSP issues credentials, which typically are a combination of username and password. Depending on the level of assurance for the credential the CSP will also perform identity proofing. In the past, each website or application you visited wanted to provide you with a username and password for use on that system only. This forced you to keep up with many, often different, online credentials for different websites. In the E-Authentication Federation, a credential issued by a CSP will be usable at multiple websites participating in the E-Authentication Federation. As the federation grows so will the number of websites that will accept your credential.

Return to Top

7.  What is the role of a Relying Party?

Relying parties are the government agencies (and perhaps other entities) which trust or "rely" on CSPs to correctly and securely issue credentials to you the end users. They also provide the "service" that allows you to authenticate by either logging into their website directly or through links from participating Agency Applications.

Return to Top

8.  What is an Agency Application?

Agency Applications are the web sites where you can use your E-Authentication Federation credential. They may include the online store where you order medical supplies, or a site where you can track your education benefits. Agency Applications use a Relying Party and a Credential Service Provider to make sure the person requesting your information is really you and the internet connection is secure the entire time you use the application.

Return to Top

9.  How can an application from one agency use my credential issued by someone else?

One function of the E-Authentication Federation is to enable trust between all the federation members. They ensure that Credential Service Providers issue credentials according to documented and accepted security practices, and the Relying Parties and Agency Applications are using the credential appropriately. By having an oversight body the agencies are able to work together in a standardized fashion to utilize work and effort already performed by another agency.
After you authenticate to the CSP, a variety of internet security standards and technologies work to securely hand your internet session over to the Relying Party and then the Agency Application of your choice. There is actually a significant amount of technology and interoperability required to perform this function, and it all happens without the user generally being aware that it is occurring.

Return to Top

10.  I already have accounts for the systems I access online, why should I use E-Authentication?

Traditionally each online government service, or "agency application," issued its own credential that could only be used at that application. Under this approach, people who use many different online government services tend to have many different credentials. One of the problems with having many user IDs and passwords is that people may not be able to remember them all and so they tend to write them down. This increases the risk that an unauthorized person will discover and use those credentials. By enabling end users to reuse credentials they already have rather than creating new credentials every time they try to access a new service, E-Authentication helps reduce the risks and hassles associated with having too many credentials.
E-Authentication is definitely a change from the way we are used to doing things. But we think it is a change for the better. No more struggling to remember obscure log-ins, passwords, and using sticky-notes to keep track of everything. With E-Authentication, you may be able to use one authentication credential to log into all the participating applications you have access to. As the E-Authentication Federation membership grows, so will the value of your E-Authentication credential.

Return to Top

11.  What is an E-Authentication Credential?

An E-Authentication credential is a standard form of user identification that is issued by a Credential Service Provider. There are different levels of credentials that are issued based on the security requirements of the application you are accessing. The National Institute of Standards and Technology (NIST) has defined four assurance levels. Levels 1 and 2 are user IDs and passwords, while levels 3 and 4 require additional security measures.

Return to Top

12.  How do credentials work?

User IDs and passwords are the most common form of credential. The end user enters both his user ID and his password. The system compares the information presented to the information it has on record, and if they match, the end user is allowed access to the system. Different types of credentials work in different ways but, the end user must demonstrate some knowledge that only the end user should have, such as being able to correctly enter the secret password in order to establish his electronic identity.

Return to Top

13.  Can I have more than one E-Authentication credential?

Yes, you can have multiple credentials.

Return to Top

14.  Do I need more than one E-Authentication credential?

That depends. Since the E-Authentication Federation is still growing, not all participating applications are established with all Credential Service Providers. It is a goal of the Federation that all applications work with all CSPs but that will take time to implement. Also, not all CSPs issue credentials at all four of the assurance levels. It might be possible that a credential you currently hold will not match the level of assurance required for a particular application. In general, if you have a higher level of credential than what the application requires the system should accept the credential. If your credential is lower than the application you are trying to access it will not be accepted.

Return to Top

15.  How do I receive an E-Authentication Credential from the ORC?

1. Go to the ORC's website http://www.orc.com and complete the online portion of your registration.
2. Print out your registration form and personally  take it to a Notary Public. You will need to present identification (such as a Drivers License) to the Notary to allow them to verify or proof your identity.  Notaries operate in nearly every community in the U.S. They are often found in legal offices, banks, and real estate firms. Occasionally, they can be found in Government offices as well. They may or may not charge a fee.
3. Once your registration is notarized, you will need to send it to the address listed on the form, either by Certified U.S. Mail, Federal Express, or United Parcel Service.
4. Once the ORC has created your credential they will send you an email message informing you of how to activate your credential.

Return to Top

16.  Is E-Authentication secure?

Yes. E-Authentication involves a very rigorous testing process and utilizes national standard encryption techniques to ensure security. Additionally, the use of a validated credential enhances the security of the systems involved.

Return to Top

17.  What if I lose or forget my password for an ORC-issued credential?

If you forget your password, you may use the password reset feature available through the ORC Credential Service Provider site (https://csp.orc.com ). You can either enter your User ID or your email address and ORC will email a response.

Return to Top

18.  What is a Level of Assurance?

The National Institute of Standards and Technology (NIST) has defined 4 separate levels of assurance.
Level 1 would be equivalent to a self registration. The web site or application does not really need to know who you are, just that that you are the same person that registered and is using the account.
Level 2 credential requires a certain amount of confide or "level of assurance" that you are who you say you are. This is why in person proofing is required for level 2 credentials.  This is the level of assurance needed to access most VA participating applications.
Levels 3 and Level 4 require additional technology besides a user id and password to provide the additional level of confidence that is required for highly secure application requirements. This level of security would be common in military or national security situations.

Return to Top

19.  What is Identity Proofing?

Identity proofing is the process that a CSP uses to verify you are who you say you are. Before issuing you a credential, the CSP must ensure that the person asking for the credential is that person. Because ORC does not have offices nationwide to perform identity proofing, they have instituted a process that involves a Notary Public. This allows you to have your identity proofed by any Notary nationwide. Generally most banks offer this service for their members at little or no cost. The Notary Public will verify your identity and provide a Notary seal on your application form that you will mail into the ORC. The verification of your identity by the Notary Public provides a level of assurance that you are the person you claim to be.

Return to Top