Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

5 th Annual Conference on Technology & Standards

advertisement 
5th Annual Conference
on Technology &
Standards
April 28 – 30, 2008
Hyatt Regency Washington
on Capitol Hill
www.PESC.org
A Discussion on Project Meteor and
Enterprise Authentication and Authorization
(EA2)
Tim Cameron, Project Meteor
5th Annual Conference
on Technology &
Standards
The Meteor Project
Components
• The Meteor Software
• The Meteor Network
• The Meteor Federation
5th Annual Conference
on Technology &
Standards
In the beginning….
• Pre-Meteor Environment
– Lenders, Guarantors, Servicers, Schools and
others all offer independent web services
– Access requires multiple logins
• FFELP Providers Solution
– Spring 2000: In response to Federal
Modernization Blueprint, NCHELP members move
to create an information network to provide
aggregated financial aid information.
5th Annual Conference
on Technology &
Standards
In the beginning….
• Foundation Principles
•
•
•
•
Open Source
Open Collaboration
Freely Available
Controlled Participation Network
• Policy and Technology Decisions
5th Annual Conference
on Technology &
Standards
Meteor Features
• Access real-time, student-specific
financial aid information from multiple
sources with an intuitive user
interface and navigation
• Currently provides information on
FFELP and alternative loans
(capability exists to include Direct
Loans & Perkins Loans)
5th Annual Conference
on Technology &
Standards
Meteor Today
•
•
•
•
14 Points of access to the Network
20 Data providers
Several customized implementations
Leading the way for transitive trust in
higher education financing
5th Annual Conference
on Technology &
Standards
Participant Types & Meteor
Process Flow
5th Annual Conference
on Technology &
Standards
Meteor Participants
• Organizations that implement the
Meteor software
– Access Providers (AP)
– Authentication Agents (AA)
– Data Providers (DP)
– Index Providers (IP)
5th Annual Conference
on Technology &
Standards
The Meteor Process
Users
Authentication
(by AP or AA)
Access
Provider
One
Student/Borrower
or
Financial Aid
Professional
or
Access Provider
Representative
or
Lender
Data Providers
Two
Index
Provider
Three
5th Annual Conference
on Technology &
Standards
Meteor Access Providers
AES
www.aesSuccess.org
Montana Guaranteed Student Loan Program
www.mgslp.state.mt.us
CSLF
www.cslf.org/enroute
National Student Clearinghouse
www.nationalstuedntclearinghouse.org
Florida OSFA
www.fldoe.org
NELA
www.educationassistance.net
Great Lakes
www.mygreatlakes.com
New Hampshire
www.nhheaf.org
Illinois Student Assistance
www.collegezone.com
Rhode Island
www.riheaa.org
Kentucky
www.kheaa.org
Sallie Mae
www.salliemae.com/school/index.html
Mapping Your Future
www.mapping-your-future.org
United Student Aid Funds
http://portal.usafunds.org
5th Annual Conference
on Technology &
Standards
Meteor Real Time
Data Providers
AES/PHEAA
Montana Guaranteed Student Loan Program
Connecticut Student Loan Foundation
National Student Loan Program
Education Assistance Corporation
NELA
Finance Authority of Maine
New Hampshire Higher Education Assistance
Foundation
Florida Office of Financial Assistance—OSFA
New York State Higher Education Services
Corporation
Georgia Higher Education Assistance Corp.
Oklahoma State Regents for Higher Education
Great Lakes Educational Loan Services, Inc
Rhode Island Higher Education Assistance Authority
Kentucky Higher Education Assistance Authority
Sallie Mae
Louisiana Office of Student Financial Assistance
Student Loan Guarantee Foundation of Arkansas
Michigan Higher Education Assistance Authority
Student Loans of North Dakota
USA Funds
5th Annual Conference
on Technology &
Standards
The NSC as the Meteor Index
Provider
• 100% (over 25 million) of FFELP
guarantee volume
• 100% (over 6.5 million) of Direct Loan
Program accounts
• Over 19.2 million FFELP servicer accounts
• Over 2.9 million Perkins/Private/Alternative
Loan servicer accounts
5th Annual Conference
on Technology &
Standards
Meteor Authentication
Objectives & Process
5th Annual Conference
on Technology &
Standards
Meteor’s Authentication
Objectives
• Provide a flexible, easy to implement
authentication system that meets the needs of
the provider organizations and their customers.
• Ensure compliance with the Gramm-LeachBliley Act (GLBA), federal guidelines, and
applicable state privacy laws.
5th Annual Conference
on Technology &
Standards
Meteor’s Authentication
Objectives
• Assure data owners that only appropriately
authenticated end users have access to data.
• Ensure compliance to participant organizations
internal security and privacy guidelines.
5th Annual Conference
on Technology &
Standards
The Meteor Authentication Model
• Each Access Provider uses their existing
authentication model (single sign-on)
• Meteor levels of assurance are assigned at
registration
• Meteor Level 3 complies with the NIST
Level 2
5th Annual Conference
on Technology &
Standards
The Meteor Registry
• Each participant is required to register, sign a participation agreement,
and submit policies and procedures surrounding their authentication
process.
• The Meteor Team Leads review the policies and procedures and assign
a Level of Assurance
• Meteor uses a centralized LDAP server to contain:
• Public keys of all participants
• Network status information (active, pending, suspended)
• Contact Information
5th Annual Conference
on Technology &
Standards
Meteor’s Authentication Requirements
• User is required to provide an ID and a shared
secret.
• Assignment and delivery of shared secret must be
secure.
• Assignment of shared secret is based on validated
information.
• Reasonable assurances that the storage of the IDs
and shared secrets are secure.
5th Annual Conference
on Technology &
Standards
Meteor’s Authentication Requirements
• Access provider must ensure appropriate authentication for
each end user and provide traceability back to that user
• Access provider must provide authentication policy to
central authority
• Access provider must provide central authority with 30 day
advance notice of changes to authentication policy
• Access provider must agree to appropriate use of data
5th Annual Conference
on Technology &
Standards
The Meteor Authentication Process
• End user authenticates at access provider
site or through a Meteor approved third
party Authentication Agent
• Access provider creates authentication
assertion (SAML)
• Access provider signs authentication
assertion with digital certificate
5th Annual Conference
on Technology &
Standards
SAML Assertion Attributes
• Role of end user
• Social Security Number
• Authentication Process ID
• Level of Assurance
• Date/Time Stamp Information
• Opaque ID
• Organization ID
• Organization Type
5th Annual Conference
on Technology &
Standards
Campus Based Authentication
5th Annual Conference
on Technology &
Standards
National Student Clearinghouse
School Based Authentication
– Schools that have entered into an
electronic services agreement with the
NSC will act as Authentication Agents.
– NSC will review the school’s
authentication policies & procedures
– Students campus issued credentials will
be utilized to access Meteor and other
NSC services
5th Annual Conference
on Technology &
Standards
Meteor v3.3 &
Software Customization
5th Annual Conference
on Technology &
Standards
Highlights of Version 3.3
• New security features
• Usability and other navigation
improvements
• Restores NSC LoanLocator services for
borrowers
5th Annual Conference
on Technology &
Standards
5th Annual Conference
on Technology &
Standards
Meteor Customization
5th Annual Conference
on Technology &
Standards
Meteor Customization
• Style sheet changes
• Integration of data into other online
services
5th Annual Conference
on Technology &
Standards
Meteor
network data
is presented
in NELA
branded style
sheets
5th Annual Conference
on Technology &
Standards
Mapping Your Future’s
Online Student Loan Counseling
• Integration of real-time data
• Advice on borrowing conservatively and
maintaining debt
• Debt/salary wizard
• Optional budget calculator
• School customization options
5th Annual Conference
Mapping Your Future’s Custom View
on Technology &
Standards
5th Annual Conference
on Technology &
Standards
USA Funds Exit Counseling
• Using the XML data provided in a
Meteor inquiry response, USA Funds
populates their exit counseling loan
screens with real-time data from the
Meteor Network
5th Annual Conference
on Technology &
Standards
5th Annual Conference
on Technology &
Standards
Other Customization Options
• How Could You Use Meteor Data?
– Integration into Debt Management
Solutions
– Integration into CSR/Call Center
Solutions
• What’s the Catch?
– Need prior approval from M.A.T.
– Need to implement Meteor Access
Provider
5th Annual Conference
on Technology &
Standards
Online Award Letter Pilot
• Will serve as a debt management tool
– Borrowing history presented BEFORE a new award is
accepted
• Ensures that borrower is aware of the potential
impact of increasing his aggregate loan(s)
amount
– Total current outstanding
– New total outstanding with the addition of the new loan
– Repayment scenarios based on aggregates
5th Annual Conference
on Technology &
Standards
For More Information….
• www.MeteorNetwork.org
– Audio presentation
– Interactive demonstration version of the
software
– Link to the Meteor project site
5th Annual Conference
on Technology &
Standards
EA2 Task Force: History
•
•
•
Electronic Authorization Partnership (EAP) was a multi-industry partnership working on
the vital task of enabling interoperability among public and private electronic
authentication systems.
In December 2002, Johns Hopkins University convened a symposium of experts from
both the public and private sectors to examine the best approach for governing identity
management. The symposium issued a paper calling for creation of a "Stakeholder
Council" to develop operating rules on identity management.
In 2005, EAP was formally established as a 501(c)(3) non-profit membership-based
association including: PESC, American Association of Motor Vehicle Administrators
(AAMVA); BITS Financial Services Roundtable; the U.S. General Services
Administration (GSA); Healthcare Information and Management Systems Society
(HIMSS); Microsoft Corporation; Mortgage Bankers Association (MBA); the National
Automated Clearinghouse Association (NACHA); the National Association of State
Auditors, Comptrollers, and Treasurers (NASACT); and Wells Fargo, among many
others.
5th Annual Conference
on Technology &
Standards
EA2 Task Force: History
• In 2007, Electronic Authorization Partnership technical activities and
intellectual property were merged into the Liberty Alliance; the
organization while still in existence will cease activities in the near
future .
• EA2 was formed to continue “functional” instigation within the higher
education community and service providers to higher education, to
increase inter-organizational collaboration, to see single sign on
become a reality in higher education, and to further the success of the
InCommon and Meteor federations.
5th Annual Conference
on Technology &
Standards
EA2 Task Force: Defined
• Dramatically increase the number of users who have access to
federated authentication and authorization in the United States and
beyond (particularly in higher education)
• Dramatically increase the number of applications / service providers
that are EA2 capable (with a special interest in the U.S. Department
of Education services)
• Assist in the resolution of policy issues whenever possible
• Assist in the resolution of technology and implementation issues
• Enhance awareness of EA2 initiatives
• Assist current efforts of the Internet2 community wherever possible
5th Annual Conference
on Technology &
Standards
EA2: Membership
•
Rob Abel, IMS Global Learning Consortium
•
Ellen Blackmun, NASFAA
•
Tim Cameron, NCHELP/Project Meteor
•
Charlie Coleman, FSA, U.S. Department of Education
•
Larry Fruth, SIFA
•
Ken Klingenstein, Internet2/InCommon Federation
•
Nancy Krogh, AACRAO
•
Hans L’Orange, State Higher Education Executive Officers (SHEEO)
•
Charlie Leonhardt, Georgetown
•
Adele Marsh, AES/PESC
•
Vacant, GSA/Federal E-Authentication Initiative
•
Brett McDowell, Liberty Alliance / E-Authentication Partnership
•
David Temoshok, GSA/E-Authentication Partnership
•
Steve Worona, EDUCAUSE
5th Annual Conference
on Technology &
Standards
EA2 Task Force: Motivation
• Our customers (students, parents, faculty, staff,
alumni, donors, visitors) want:
– Everything
– Anywhere
– Anytime (i.e. “now”)
• They would like it delivered:
– Inexpensively or “free”
– Conveniently and painlessly (“don’t make me login
15 times to 15 different services)
– With guarantees of information security and privacy
5th Annual Conference
on Technology &
Standards
EA2 Task Force: Federations
• There is an excellent case for a federated approach for
authentication (“I am who I say I am”) and authorization (“I can do
this based on my role / location / whatever”)
• Federated approach implies trust and agreement among “service
providers” (hosted applications) sites and “consumer” (provider of
credentials) sites
• SAML and Shibboleth (Internet2 middleware technology) allow
service providers to refer to consumer sites for authentication
• Once authenticated, a second referral is made to a consumer site to
obtain attribute data to be used in making application authorization
decisions
• Excellent example: worldwide ATM network
5th Annual Conference
on Technology &
Standards
EA2 Task Force: Shibboleth
• Internet2 middleware initiative developed by a number of
Universities and funded by NSF
• InCommon Federation formed – now has 50 higher education
and 20 “service provider” members; info at
http://incommonfederation.org
• Attempts to solve inter-institutional trust / authentication /
authorization issues; has wide applicability among H.E.
institutions and organizations that serve higher ed
• Standards-based, open source implementation
• Policy based, trusted federations
• Common goal: use non-native, non-centralized, trusted “third
party” authentication/authorization
5th Annual Conference
on Technology &
Standards
EA2: Key Problems
• Trust has not yet been established between InCommon
and other federations (e.g. Federal E-Auth, Meteor, the UK and
Canadian Federations)
• Policy and Procedural Issues (particularly around identity
management (IdM) and “levels of assurance”) are unresolved
• Variability in the deployment of IdM systems
• Easy-to-use toolkits to connect identity management systems to
federated environments are generally “NA”
• Challenges in the deployment of open source environments for
EA2
• Variability in implementation of Credential Management Policies
and Procedures
5th Annual Conference
on Technology &
Standards
EA2: Towards a Solution
• Shibboleth 2.0 (including SAML 2.0) released
last month
• NIST published revisions to Credential
Assessment Framework and associated LOAs.
• FSA/US Dept of Education announced a
willingness to EA2 enable their applications
(limited in scope) in March 2007
• Higher Education needs to work with the vendor
and open source communities to embed EA2
services in Applications (Google, Apple, VLEs,
Publishers, Community Source Student
Services, many business applications)
5th Annual Conference
on Technology &
Standards
EA2: Towards a Solution
• U.S. Dept. of Education / FSA will E-Auth enable
campus-based programs (FWS, Perkins) to
allow students to access data (if their schools
are Federal E-Auth Compliant)
• Liberty Alliance working hard on an Identity
Assurance Framework and the design of a
credential assessment accreditation process
• Liberty will have a document for public comment
available in November
• There is a big push to get InCommon LOAs “in
synch” with Federal E-Auth LOAs to establish
inter-federation trust
5th Annual Conference
on Technology &
Standards
EA2 Task Force: Future
• Policy Development Work
• Pilot Projects
• Convincing Government Agencies, Commercial application
providers, Open Source Initiatives, and K-20 computing
environments to embed EA2 frameworks within as many
applications as possible
• Work on deploying tools and methods to expand EA2 initiatives
• Increasing awareness of the importance of EA2 frameworks to
achieve the level of customer service and security that we all
envision
5th Annual Conference
on Technology &
Standards
Contact Information
• Tim Cameron
Meteor Project Manager
(954) 565-7229
meteor@nchelp.org
• Charlie Leonhardt
Principal Technologist, Georgetown
(202) 687-4011
leonhardt@georgetown.edu
Related documents
5th Grade Team Meeting Notes: November 27th
5th Grade Team Meeting Notes: November 27th
Example of Winning Speeches - UF/IFAS Leon County Extension
Example of Winning Speeches - UF/IFAS Leon County Extension
April 7 – 10
April 7 – 10
Dr Jen Williams- So You Want to Be an Intern
Dr Jen Williams- So You Want to Be an Intern
Are you smarter than a High Schooler
Are you smarter than a High Schooler
Average Word Problems
Average Word Problems
5th Grade Important Dates
5th Grade Important Dates
Are You Smarter Than a 5th Grader?
Are You Smarter Than a 5th Grader?
5th-Grade-Newsletter-9.11
5th-Grade-Newsletter-9.11
There are three things in particular that I want to emphasize this year
There are three things in particular that I want to emphasize this year
Download
advertisement