During the 60 Minutes episode titled "Cleaning up the VA" that aired on November 9, 2014, Secretary Robert McDonald highlighted many of the problems that our veterans face obtaining their benefits. If you didn't have the opportunity to watch the episode I encourage you to do so as it is both moving and troublesome. It's obvious that Bob - as he likes to be called - has a huge challenge in front of him. A challenge that he said "my whole life has been designed to lead to". During the interview Secretary McDonald was outlining some of the significant problems he, and his team, needed to solve for the veterans. The second problem he highlighted - at approximately 9:08 in the interview - that was "not acceptable" was the fact that that veterans had to deal with "multiple websites that require multiple usernames and multiple passwords". I think many of us in the identity & access management community have both encountered, and helped customers overcome, this type of problem and problems similar to it. Fortunately, standards like SAML, federation and OAuth exist to solve exactly the types of problems that Secretary McDonald highlighted:
- SAML: The Security Assertion Markup Language (SAML) is a standard for exchanging authentication and authorization data. Or, put in a different way: SAML helps to solve the problem of web single sign-on.
- Federation: Is a means of linking a person's username, password and and associated attributes, across multiple distinct systems (or websites). Of obvious importance to the VA is single sign-on where a user's authentication token (username & password) is trusted across multiple IT systems (websites) or organizations.
- OAuth: Is commonly used as a way for web users to log on to third party web sites - like the VA's - using their Google, Facebook or Twitter accounts (tokens). OAuth is the open standard for authorization.
I do not want to presume to know or even understand the depth of the problem that Secretary McDonald and his team at the VA have to clean up. I can say, with conviction, that this problem is not insurmountable and it is why I have been so passionate about single sign-on for many years. It's one of the reasons why we designed and built Quest One Identity Cloud Access Manager to not only solve these types of problems but to also be easy-to-use, install and operate. I'm sure Secretary McDonald has many people available to advise him on this topic but if he doesn't or needs an extra opinion all he has to do is give me a call - my advice is free. Good luck sir!