The department of Defense faced numerous challenges around the issue of strong identity management when it implemented a credentialing and identity management program beginning in 2001.
This program produced a new identification card called the Common Access Card that would contain both identity information and PKI sets and certificates on a 32K smart card.
Learning from the DOD program's success, federal agencies are beginning to issue secure credentials this month, with the goal of having a standards-based, interoperable, multiapplication smart-card-based ID card issued throughout the federal government.
From the beginning, several principles that guided the CAC program also make sense for current or future secure identity programs in both the private and public sectors.
These principles include the idea that the components of the system should be commercial and off-the-shelf wherever possible and that they should be modular to allow for vendor competition in the program.