This Network Update was distributed via the Exchange Network email alerts list on September 15, 2006.

EPA is planning to upgrade the Network Authentication and Authorization Services (NAAS) in the TEST environment this weekend. The test NAAS at https://naas.epacdxnode.net/xml/auth.wsdl will be temporarily unavailable on Sunday, September 17, 2006. The new NAAS 2.0 upgrade will make it even stronger by including the following features:

1. Use configurable FIPS 142-2 compliant cryptographic module with enhanced security levels.
2. Added support for Federal e-Authentication initiative with the new CAM (Certificate Arbitration Module) as web services. The CAM module allows us to validate certificates issued by third party Certificate Authority (CA).
3. Integrate XML Key Management Service (XKMS) version 2.0 services into NAAS services.
4. Support for direct authentication using WS-Security, a W3C security standard.
5. Enhanced SAK (Secure Authentication Key) interface for better management of SAK.
6. Enable DoS (Denial of Service) attack protection rules and mechanisms.
7. Upgrade from Visual C++ 6.0 to Visual C++ 8.0 with added protection for buffer overrun, stack overflow and other software exceptions.
8. Improved XML signature and encryption handling for user and machine authentication.
9. Fixes to reported issues of the previous version.
10. Performance improvements across the board from the new build
11. Additional support for role based authorization for NAAS users.