Presentation is loading. Please wait.

Presentation is loading. Please wait.

5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill www.PESC.org A Discussion on Project Meteor.

Published byAshlie Owen Modified over 8 years ago

Similar presentations

Presentation on theme: "5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill www.PESC.org A Discussion on Project Meteor."— Presentation transcript:

1 5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill www.PESC.org A Discussion on Project Meteor and Enterprise Authentication and Authorization (EA2) Tim Cameron, Project Meteor Charlie Leonhardt, Georgetown University

2 5 th Annual Conference on Technology & Standards The Meteor Project Components The Meteor Software The Meteor Network The Meteor Federation

3 5 th Annual Conference on Technology & Standards In the beginning…. Pre-Meteor Environment –Lenders, Guarantors, Servicers, Schools and others all offer independent web services –Access requires multiple logins FFELP Providers Solution –Spring 2000: In response to Federal Modernization Blueprint, NCHELP members move to create an information network to provide aggregated financial aid information.

4 5 th Annual Conference on Technology & Standards In the beginning…. Foundation Principles Open Source Open Collaboration Freely Available Controlled Participation Network Policy and Technology Decisions

5 5 th Annual Conference on Technology & Standards Access real-time, student-specific financial aid information from multiple sources with an intuitive user interface and navigation Currently provides information on FFELP and alternative loans (capability exists to include Direct Loans & Perkins Loans) Meteor Features

6 5 th Annual Conference on Technology & Standards Meteor Today 14 Points of access to the Network 20 Data providers Several customized implementations Leading the way for transitive trust in higher education financing

7 5 th Annual Conference on Technology & Standards Participant Types & Meteor Process Flow

8 5 th Annual Conference on Technology & Standards Meteor Participants Organizations that implement the Meteor software –Access Providers (AP) –Authentication Agents (AA) –Data Providers (DP) –Index Providers (IP)

9 5 th Annual Conference on Technology & Standards The Meteor Process One Two Access Provider Data Providers Student/Borrower or Financial Aid Professional or Access Provider Representative or Lender Three Index Provider Users Authentication (by AP or AA)

10 5 th Annual Conference on Technology & Standards AES www.aesSuccess.org www.aesSuccess.org Montana Guaranteed Student Loan Program www.mgslp.state.mt.us www.mgslp.state.mt.us CSLF www.cslf.org/enroute www.cslf.org/enroute National Student Clearinghouse www.nationalstuedntclearinghouse.org www.nationalstuedntclearinghouse.org Florida OSFA www.fldoe.org www.fldoe.org NELA www.educationassistance.net www.educationassistance.net Great Lakes www.mygreatlakes.com www.mygreatlakes.com New Hampshire www.nhheaf.org www.nhheaf.org Illinois Student Assistance www.collegezone.com www.collegezone.com Rhode Island www.riheaa.org www.riheaa.org Kentucky www.kheaa.org www.kheaa.org Sallie Mae www.salliemae.com/school/index.html www.salliemae.com/school/index.html Mapping Your Future www.mapping-your-future.org www.mapping-your-future.org United Student Aid Funds http://portal.usafunds.org http://portal.usafunds.org Meteor Access Providers

11 5 th Annual Conference on Technology & Standards AES/PHEAAMontana Guaranteed Student Loan Program Connecticut Student Loan FoundationNational Student Loan Program Education Assistance CorporationNELA Finance Authority of MaineNew Hampshire Higher Education Assistance Foundation Florida Office of Financial Assistance—OSFANew York State Higher Education Services Corporation Georgia Higher Education Assistance Corp.Oklahoma State Regents for Higher Education Great Lakes Educational Loan Services, IncRhode Island Higher Education Assistance Authority Kentucky Higher Education Assistance AuthoritySallie Mae Louisiana Office of Student Financial AssistanceStudent Loan Guarantee Foundation of Arkansas Michigan Higher Education Assistance AuthorityStudent Loans of North Dakota USA Funds Meteor Real Time Data Providers

12 5 th Annual Conference on Technology & Standards The NSC as the Meteor Index Provider 100% (over 25 million) of FFELP guarantee volume 100% (over 6.5 million) of Direct Loan Program accounts Over 19.2 million FFELP servicer accounts Over 2.9 million Perkins/Private/Alternative Loan servicer accounts

13 5 th Annual Conference on Technology & Standards Meteor Authentication Objectives & Process

14 5 th Annual Conference on Technology & Standards Provide a flexible, easy to implement authentication system that meets the needs of the provider organizations and their customers. Ensure compliance with the Gramm-Leach- Bliley Act (GLBA), federal guidelines, and applicable state privacy laws. Meteor’s Authentication Objectives

15 5 th Annual Conference on Technology & Standards Assure data owners that only appropriately authenticated end users have access to data. Ensure compliance to participant organizations internal security and privacy guidelines. Meteor’s Authentication Objectives

16 5 th Annual Conference on Technology & Standards The Meteor Authentication Model Each Access Provider uses their existing authentication model (single sign-on) Meteor levels of assurance are assigned at registration Meteor Level 3 complies with the NIST Level 2

17 5 th Annual Conference on Technology & Standards Each participant is required to register, sign a participation agreement, and submit policies and procedures surrounding their authentication process. The Meteor Team Leads review the policies and procedures and assign a Level of Assurance Meteor uses a centralized LDAP server to contain: Public keys of all participants Network status information (active, pending, suspended) Contact Information The Meteor Registry

18 5 th Annual Conference on Technology & Standards User is required to provide an ID and a shared secret. Assignment and delivery of shared secret must be secure. Assignment of shared secret is based on validated information. Reasonable assurances that the storage of the IDs and shared secrets are secure. Meteor’s Authentication Requirements

19 5 th Annual Conference on Technology & Standards Access provider must ensure appropriate authentication for each end user and provide traceability back to that user Access provider must provide authentication policy to central authority Access provider must provide central authority with 30 day advance notice of changes to authentication policy Access provider must agree to appropriate use of data Meteor’s Authentication Requirements

20 5 th Annual Conference on Technology & Standards End user authenticates at access provider site or through a Meteor approved third party Authentication Agent Access provider creates authentication assertion (SAML) Access provider signs authentication assertion with digital certificate The Meteor Authentication Process

21 5 th Annual Conference on Technology & Standards Role of end user Social Security Number Authentication Process ID Level of Assurance Date/Time Stamp Information Opaque ID Organization ID Organization Type SAML Assertion Attributes

22 5 th Annual Conference on Technology & Standards Campus Based Authentication

23 5 th Annual Conference on Technology & Standards National Student Clearinghouse School Based Authentication –Schools that have entered into an electronic services agreement with the NSC will act as Authentication Agents. –NSC will review the school’s authentication policies & procedures –Students campus issued credentials will be utilized to access Meteor and other NSC services

24 5 th Annual Conference on Technology & Standards Meteor v3.3 & Software Customization

25 5 th Annual Conference on Technology & Standards Highlights of Version 3.3 New security features Usability and other navigation improvements Restores NSC LoanLocator services for borrowers

26 5 th Annual Conference on Technology & Standards

27 5 th Annual Conference on Technology & Standards Meteor Customization

28 5 th Annual Conference on Technology & Standards Meteor Customization Style sheet changes Integration of data into other online services

29 5 th Annual Conference on Technology & Standards Meteor network data is presented in NELA branded style sheets

30 5 th Annual Conference on Technology & Standards Mapping Your Future’s Online Student Loan Counseling Integration of real-time data Advice on borrowing conservatively and maintaining debt Debt/salary wizard Optional budget calculator School customization options

31 5 th Annual Conference on Technology & Standards Mapping Your Future’s Custom View

32 5 th Annual Conference on Technology & Standards USA Funds Exit Counseling Using the XML data provided in a Meteor inquiry response, USA Funds populates their exit counseling loan screens with real-time data from the Meteor Network

33 5 th Annual Conference on Technology & Standards

34 5 th Annual Conference on Technology & Standards Other Customization Options How Could You Use Meteor Data? –Integration into Debt Management Solutions –Integration into CSR/Call Center Solutions What’s the Catch? –Need prior approval from M.A.T. –Need to implement Meteor Access Provider

35 5 th Annual Conference on Technology & Standards Online Award Letter Pilot Will serve as a debt management tool –Borrowing history presented BEFORE a new award is accepted Ensures that borrower is aware of the potential impact of increasing his aggregate loan(s) amount –Total current outstanding –New total outstanding with the addition of the new loan – Repayment scenarios based on aggregates

36 5 th Annual Conference on Technology & Standards For More Information…. www.MeteorNetwork.org –Audio presentation –Interactive demonstration version of the software –Link to the Meteor project site

37 5 th Annual Conference on Technology & Standards EA2 Task Force: History Electronic Authorization Partnership (EAP) was a multi-industry partnership working on the vital task of enabling interoperability among public and private electronic authentication systems. In December 2002, Johns Hopkins University convened a symposium of experts from both the public and private sectors to examine the best approach for governing identity management. The symposium issued a paper calling for creation of a "Stakeholder Council" to develop operating rules on identity management. In 2005, EAP was formally established as a 501(c)(3) non-profit membership-based association including: PESC, American Association of Motor Vehicle Administrators (AAMVA); BITS Financial Services Roundtable; the U.S. General Services Administration (GSA); Healthcare Information and Management Systems Society (HIMSS); Microsoft Corporation; Mortgage Bankers Association (MBA); the National Automated Clearinghouse Association (NACHA); the National Association of State Auditors, Comptrollers, and Treasurers (NASACT); and Wells Fargo, among many others.

38 5 th Annual Conference on Technology & Standards EA2 Task Force: History In 2007, Electronic Authorization Partnership technical activities and intellectual property were merged into the Liberty Alliance; the organization while still in existence will cease activities in the near future. EA2 was formed to continue “functional” instigation within the higher education community and service providers to higher education, to increase inter-organizational collaboration, to see single sign on become a reality in higher education, and to further the success of the InCommon and Meteor federations.

39 5 th Annual Conference on Technology & Standards EA2 Task Force: Defined Dramatically increase the number of users who have access to federated authentication and authorization in the United States and beyond (particularly in higher education) Dramatically increase the number of applications / service providers that are EA2 capable (with a special interest in the U.S. Department of Education services) Assist in the resolution of policy issues whenever possible Assist in the resolution of technology and implementation issues Enhance awareness of EA2 initiatives Assist current efforts of the Internet2 community wherever possible

40 5 th Annual Conference on Technology & Standards EA2: Membership Rob Abel, IMS Global Learning Consortium Ellen Blackmun, NASFAA Tim Cameron, NCHELP/Project Meteor Charlie Coleman, FSA, U.S. Department of Education Larry Fruth, SIFA Ken Klingenstein, Internet2/InCommon Federation Nancy Krogh, AACRAO Hans L’Orange, State Higher Education Executive Officers (SHEEO) Charlie Leonhardt, Georgetown Adele Marsh, AES/PESC Vacant, GSA/Federal E-Authentication Initiative Brett McDowell, Liberty Alliance / E-Authentication Partnership David Temoshok, GSA/E-Authentication Partnership Steve Worona, EDUCAUSE

41 5 th Annual Conference on Technology & Standards EA2 Task Force: Motivation Our customers (students, parents, faculty, staff, alumni, donors, visitors) want: –Everything –Anywhere –Anytime (i.e. “now”) They would like it delivered: –Inexpensively or “free” –Conveniently and painlessly (“don’t make me login 15 times to 15 different services) –With guarantees of information security and privacy

42 5 th Annual Conference on Technology & Standards EA2 Task Force: Federations There is an excellent case for a federated approach for authentication (“I am who I say I am”) and authorization (“I can do this based on my role / location / whatever”) Federated approach implies trust and agreement among “service providers” (hosted applications) sites and “consumer” (provider of credentials) sites SAML and Shibboleth (Internet2 middleware technology) allow service providers to refer to consumer sites for authentication Once authenticated, a second referral is made to a consumer site to obtain attribute data to be used in making application authorization decisions Excellent example: worldwide ATM network

43 5 th Annual Conference on Technology & Standards EA2 Task Force: Shibboleth Internet2 middleware initiative developed by a number of Universities and funded by NSF InCommon Federation formed – now has 50 higher education and 20 “service provider” members; info at http://incommonfederation.org http://incommonfederation.org Attempts to solve inter-institutional trust / authentication / authorization issues; has wide applicability among H.E. institutions and organizations that serve higher ed Standards-based, open source implementation Policy based, trusted federations Common goal: use non-native, non-centralized, trusted “third party” authentication/authorization

44 5 th Annual Conference on Technology & Standards EA2: Key Problems Trust has not yet been established between InCommon and other federations (e.g. Federal E-Auth, Meteor, the UK and Canadian Federations) Policy and Procedural Issues (particularly around identity management (IdM) and “levels of assurance”) are unresolved Variability in the deployment of IdM systems Easy-to-use toolkits to connect identity management systems to federated environments are generally “NA” Challenges in the deployment of open source environments for EA2 Variability in implementation of Credential Management Policies and Procedures

45 5 th Annual Conference on Technology & Standards EA2: Towards a Solution Shibboleth 2.0 (including SAML 2.0) released last month NIST published revisions to Credential Assessment Framework and associated LOAs. FSA/US Dept of Education announced a willingness to EA2 enable their applications (limited in scope) in March 2007 Higher Education needs to work with the vendor and open source communities to embed EA2 services in Applications (Google, Apple, VLEs, Publishers, Community Source Student Services, many business applications) `

46 5 th Annual Conference on Technology & Standards EA2: Towards a Solution U.S. Dept. of Education / FSA will E-Auth enable campus-based programs (FWS, Perkins) to allow students to access data (if their schools are Federal E-Auth Compliant) Liberty Alliance working hard on an Identity Assurance Framework and the design of a credential assessment accreditation process Liberty will have a document for public comment available in November There is a big push to get InCommon LOAs “in synch” with Federal E-Auth LOAs to establish inter-federation trust

47 5 th Annual Conference on Technology & Standards EA2 Task Force: Future Policy Development Work Pilot Projects Convincing Government Agencies, Commercial application providers, Open Source Initiatives, and K-20 computing environments to embed EA2 frameworks within as many applications as possible Work on deploying tools and methods to expand EA2 initiatives Increasing awareness of the importance of EA2 frameworks to achieve the level of customer service and security that we all envision

48 5 th Annual Conference on Technology & Standards Tim Cameron Meteor Project Manager (954) 565-7229 meteor@nchelp.org meteor@nchelp.org Charlie Leonhardt Principal Technologist, Georgetown (202) 687-4011 leonhardt@georgetown.edu Contact Information

Download ppt "5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill www.PESC.org A Discussion on Project Meteor."

Similar presentations

Where Did My Loan Go? Presenters: Amy Kerwin Great Lakes Higher Education Guaranty Corporation Tim Cameron National Council of Higher Education Loan Programs.

Where Did My Loan Go? Presenters: Amy Kerwin Great Lakes Higher Education Guaranty Corporation Tim Cameron National Council of Higher Education Loan Programs.
Presented by: Doug Falk National Student Clearinghouse Student Access to Federal Loan Data and Other Online Student Services.

Presented by: Doug Falk National Student Clearinghouse Student Access to Federal Loan Data and Other Online Student Services.
Split Servicing: Tools and Strategies to Help Track and Manage Debt Presented by: Tim Cameron The Meteor Project Manager National Council of Higher Education.

Split Servicing: Tools and Strategies to Help Track and Manage Debt Presented by: Tim Cameron The Meteor Project Manager National Council of Higher Education.
Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.

Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.
Helena Sims NACHA – The Electronic Payments Association Overview of The Electronic Authentication Partnership Tenth Federal & Higher Education PKI Coordination.

Helena Sims NACHA – The Electronic Payments Association Overview of The Electronic Authentication Partnership Tenth Federal & Higher Education PKI Coordination.
5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill www.PESC.org Electronic Data Exchange Standards.

5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill Electronic Data Exchange Standards.
U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.

U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.
5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill www.PESC.org Standards Initiatives in Development.

5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill Standards Initiatives in Development.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
EAuthentication in Higher Education Tim Bornholtz Session 58.

EAuthentication in Higher Education Tim Bornholtz Session 58.
Extending Enterprise Authentication and Authorization in Higher Education: Building on the Success of Project Meteor.

Extending Enterprise Authentication and Authorization in Higher Education: Building on the Success of Project Meteor.
Session 41-2 Session 41 Services on the Web for Schools.

Session 41-2 Session 41 Services on the Web for Schools.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.

Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.
The InCommon Federation The U.S. Access and Identity Management Federation www.incommon.org.

The InCommon Federation The U.S. Access and Identity Management Federation
1 Web Services and E-Authentication Adele Marsh, AES Charlie Miller, RIHEAA Session 35.

1 Web Services and E-Authentication Adele Marsh, AES Charlie Miller, RIHEAA Session 35.
Robert M. Worley II Director, Education Service VETERANS BENEFITS ADMINISTRATION Department of Veterans Affairs 2013 CCME Annual Symposium February 26,

Robert M. Worley II Director, Education Service VETERANS BENEFITS ADMINISTRATION Department of Veterans Affairs 2013 CCME Annual Symposium February 26,
Session #43 METEOR Russ Judd, Great Lakes Adele Marsh, AES Tim Cameron, NCHELP Electronic Access Conference December 3-6, 2002.

Session #43 METEOR Russ Judd, Great Lakes Adele Marsh, AES Tim Cameron, NCHELP Electronic Access Conference December 3-6, 2002.

Similar presentations

Ads by Google