Presentation is loading. Please wait.

Presentation is loading. Please wait.

“Real World” METEOR Implementation Issues

Published byMargarida Canejo Modified over 5 years ago

Similar presentations

Presentation on theme: "“Real World” METEOR Implementation Issues"— Presentation transcript:

1 “Real World” METEOR Implementation Issues
Jim Kuhlen Connecticut Student Loan Foundation

2 What is Meteor? Meteor is a collaborative effort within the student aid industry to simplify and consolidate access to student financial aid information. Meteor software provides open, non-proprietary, real time access to all available aid information for a student from all participating organizations, and consolidates it for display to students and Financial Aid Professionals.

3 “Who” is Meteor? The Meteor Project was initiated by NCHELP
Over 40 Student Aid Industry organizations support Meteor Representatives of these organizations make up the Meteor Advisory Team, which manages ongoing Meteor issues related to business requirements, software design and development, participant registration, etc.

4

5 Meteor Roles Access Provider Data Provider
Provides inquirers with a connection to the Meteor Network through the Meteor Access Provider software. Data Provider Returns student aid data in response to inquiries from Access Providers.

6 Meteor Roles Index Provider
Streamlines network performance by supplying a list of participants holding data for a student Currently the National Student Clearinghouse is the Meteor Index Provider. Design will accommodate additional Index Providers

7 Meteor Roles Authentication Provider Designed to be used by schools
Allows school’s authentication of an FAP or student to be passed to a Meteor Access Provider to gain access to Meteor data

8 Implementation Issues

9 Business Issues Security and Privacy Concerns GLBA Compliance
Authentication of Inquirers Security of Data Potential Misuse of Data

10 Privacy The Meteor Advisory Team received input and expertise regarding privacy from sponsoring organizations and the NCHELP Legal Committee. Analysis was provided in relation to GLBA and individual state privacy laws. Meteor complies with both GLBA and state privacy provisions.

11 Inquirer Authentication
No central authentication process Utilizes transitive trust model Each Authentication or Access Provider uses their existing authentication model (single sign-on) Each participant’s authentication techniques are reviewed as a part of Meteor Registration Encrypted authentication information is passed with all Meteor messages using SAML in compliance with Shibboleth

12 Data Security Trusted network SSL & Encryption
Participants certify that Meteor data is protected at least as well as their own Meteor Technical Team verifies that new participants have adequate security in place (firewalls, etc.) SSL & Encryption All Meteor messages are encrypted and verified for authenticity Meteor uses a series of methodologies (Listed above). Meteor uses a trusted network to exchange data between the access and data providers. Uses SSL for the encryption tunneling. Uses Security assertions to make sure the you have a valid transaction. Uses industry standard encryption. In addition, Meteor can use a 3-party authenication provider.

13 Meteor Participant Certification
Applies to all Meteor Participants Major points: Protection and use of data Authentication Technical and Security requirements Terms of participation Conditions of Use Participation currently limited to FFELP community (ED issued Ids)

14 Technical Issues Technical Infrastructure Technical Staff Skills
Installation & Testing New Releases

15 Technical Infrastructure
Web Application Server WebSphere, Tomcat, others Real time access to loan data CICS Gateway, JDBC, others Java Development Environment VisualAge for Java, other JDK Support for HTTPS/SSL Meteor uses web services and protocols already in place for its security. The Https will negotiate with meteor and then secure the transmission. Meteor uses certificates from your web server or you application server.

16 Technical Staff Skills
Web application server installation and configuration Familiarity with Java Working knowledge of XML Installation and configuration of Firewalls Knowledge of HTTPS/SSL and Certificate Authorities Programming to provide necessary data via Database/Gateway Meteor uses web services and protocols already in place for its security. The Https will negotiate with meteor and then secure the transmission. Meteor uses certificates from your web server or you application server.

17 Installation and Testing
Customize software if desired Compile and deploy on Web Application Server(s) Program to supply required data Supply information to populate Meteor Registry Test across Meteor Network via Meteor Test Bench Final testing with Clearinghouse Meteor uses web services and protocols already in place for its security. The Https will negotiate with meteor and then secure the transmission. Meteor uses certificates from your web server or you application server.

18 Installation and Testing
Meteor Technical Team will assist participants with problem resolution at any stage of the process. Meteor uses web services and protocols already in place for its security. The Https will negotiate with meteor and then secure the transmission. Meteor uses certificates from your web server or you application server.

19 New Releases Participation in pre-release testing of new releases is encouraged. Releases are backward compatible Program to new requirements if necessary Compile and deploy new release on test server Test across Meteor Network via Meteor Test Bench Deploy on production server Meteor uses web services and protocols already in place for its security. The Https will negotiate with meteor and then secure the transmission. Meteor uses certificates from your web server or you application server.

20 Steps to Meteor Participation

21 Steps to Meteor Participation
Contact the Meteor Registration Coordinator, Tim Cameron, at or by at The Meteor Registration Coordinator will send you the following forms for you to complete: Meteor Participant Certification Registration Profile Authentication Profile(s) Technical Profile

22 Steps to Meteor Participation
Download the Meteor Implementation Guide and Meteor Setup Guide at Return completed forms to: Meteor Registration Coordinator c/o NCHELP 1100 Connecticut Avenue, NW, 12th Floor Washington, DC,

23 Steps to Meteor Participation
The Meteor Registration Coordinator will provide your designated primary contact with instructions for downloading the Meteor software. A Meteor Technical Team representative will contact your designated Technical Contact to establish a dialog on a technical level, coordinate testing, and provide assistance and guidance.

24 Steps to Meteor Participation
When successful testing has been accomplished in the Meteor test environment, the National Student Clearinghouse will conduct final testing with your organization. Upon successful completion of final testing, you will be ready to go live.

25 Questions?

Download ppt "“Real World” METEOR Implementation Issues"

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Illinois Justice Network Portal Implementation Board Meeting February 11, 2004.

Illinois Justice Network Portal Implementation Board Meeting February 11, 2004.
Presented by: Doug Falk National Student Clearinghouse Student Access to Federal Loan Data and Other Online Student Services.

Presented by: Doug Falk National Student Clearinghouse Student Access to Federal Loan Data and Other Online Student Services.
Inter-Institutional Registration UNC Cause December 4, 2007.

Inter-Institutional Registration UNC Cause December 4, 2007.
Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.

Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
EAuthentication in Higher Education Tim Bornholtz Session 58.

EAuthentication in Higher Education Tim Bornholtz Session 58.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Exchange Network Node Help Desk NOLA Conference Feb 9-10, 2004.

Exchange Network Node Help Desk NOLA Conference Feb 9-10, 2004.
1 Web Services and E-Authentication Adele Marsh, AES Charlie Miller, RIHEAA Session 35.

1 Web Services and E-Authentication Adele Marsh, AES Charlie Miller, RIHEAA Session 35.
Session #43 METEOR Russ Judd, Great Lakes Adele Marsh, AES Tim Cameron, NCHELP Electronic Access Conference December 3-6, 2002.

Session #43 METEOR Russ Judd, Great Lakes Adele Marsh, AES Tim Cameron, NCHELP Electronic Access Conference December 3-6, 2002.
1 Georgia Higher Education Conference, March 5, 2003 Presented by: Russell Judd, Great Lakes Educational Loan Services, Inc.

1 Georgia Higher Education Conference, March 5, 2003 Presented by: Russell Judd, Great Lakes Educational Loan Services, Inc.
Meteor Implementation Presented by: Tim Cameron & Justin Greenough Technical Track Session.

Meteor Implementation Presented by: Tim Cameron & Justin Greenough Technical Track Session.
September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.

September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Similar presentations

Ads by Google