A Web portal is like a theme park - a single entryway leading to a broad array of services and activities. But imagine if, once you paid admission, you had to cross an inner fence through a different gate, and then pass out again each time you wanted to board a ride or buy a snack.
That's what many visitors encounter when they do business with government online. Often, a constituent who enters a government portal to conduct secure transactions with multiple agencies must use a different user ID and password - or sometimes a digital certificate - to access each agency's actual Web site.
"We want to get away from the concept of the citizen having to maintain multiple IDs and passwords," said Gene Martel, digital government services manager at Arizona's Government Information Technology Agency (GITA). "You want to make your services available, but you also want to make them convenient."
Creating electronic inconveniences for constituents could drive them back to sending forms through the mail or visiting bricks-and-mortar offices.
Washington is one of the first states to experiment with the single sign-on concept. Through the state's Transact Washington certification system, a citizen obtains one digital certificate (through the state's public key infrastructure system) and uses it to access multiple secure applications.
"If you're granted access to those applications, you can, with the same certificate, get into Transact Washington once and then move seamlessly between those applications without being challenged," said Scott Bream, public key infrastructure manager at the Washington Department of Information Services (DIS).
When Washington began exploring the idea of a single sign-on mechanism, state officials soon decided to outsource the project, and, ultimately, used a system from IBM to create Transact Washington. The rationale behind outsourcing was that a proprietary gateway like Transact Washington is difficult and expensive to put in place.
Other governments - including Arizona's - want to adopt the single sign-on concept, whether for use with digital certificates, with ID/password combinations or with multiple levels of authentication.
Washington's DIS talked with other states about sharing the Transact technology, perhaps by allowing other states to run applications behind Washington's firewall.
"But a lot of other states didn't want to do that," said Lance Calish, senior project manager at the DIS. "It's just sort of an ownership thing."
States could run their applications on their own sites and still have users go through the Transact gateway to reach them.
"But now you're talking about the network typologies, and the performance would just not be worthwhile," Calish said.
Also, maintaining a proprietary gateway over the long term presents unique problems and challenges.
"We realized that every time there was a system upgrade, or some new functionality requested by the end user, they had to come back to us for an upgrade, and it was very expensive," said Adam Westphal, e-portal architect at IBM Global Services and lead architect for the company's Secure Gateway product.
The product is based on the company's work on Transact Washington and Fortress, another system used by Washington to manage public anonymous applications.
But, the company developed the new product as an "e-utility" - an ongoing, subscription-based service that governments can subscribe to, rather than shelling out money for large up-front costs.
Just Like Cable TV
"People who enjoy cable pay an installation fee, somebody sets them up and then they decide how many channels they want," Westphal said. "We're going to have a low cost of entry, much lower than if they tried to build it themselves, and then a monthly e-utility fee to support a team that would be behind the scenes providing ongoing support, maintenance and upgrades."