340 likes | 432 Views
Inter-Institutional Registration. UNC Cause December 4, 2007. Background. 500-600 students each year Various campus agreements No consistency Paper-based process Difficult for students Difficult for administrators Registrars Financial aid University of North Carolina Online
E N D
Inter-Institutional Registration UNC Cause December 4, 2007
Background • 500-600 students each year • Various campus agreements • No consistency • Paper-based process • Difficult for students • Difficult for administrators • Registrars • Financial aid • University of North Carolina Online • Doesn’t scale
Goal • Policy • System-wide consortia agreement • Registrars & Financial Aid • Clearinghouse • Management • Tracking • Convenience • Students • Administrators
Inter-Institutional Registration Home Institution Inter-institutional System Visited Institution 1. Search for Courses Student 2. Add to Bookbag Select Home Campus 3. Request Registration Sign In 4. Redirect 5. Redirect if Successful Confirm & Process NOTIFY Acknowledge Registrar 6. Authenticate 7. Download Request Evaluate Request Process NOTIFY 8. Approve & Enter Data Registrar 9. Authenticate Acknowledge Evaluate Request 10. Download Request Process 11. Approve & Enter Data NOTIFY Registrar 12. Authenticate View Status Fully Process credit hours financial aid cashier 13. Get Tuition Costs 14. Mark as Completed Done
Phased Approach Phase I - Manual Students Find courses Request registration Registrar Approve/Deny via dashboard Manually enter information Distributed Authentication Phase II - Web Services Eliminate Data Entry Campus to Clearinghouse Clearinghouse to Campus ERP Streamline campus operation using Banner APIs Web Services Architecture Shibboleth
What is Shibboleth? • Higher education standard • From Internet2 • Open standard • Open source implementation • Federated approach • Single sign on • Signed attribute assertions • Distributed authentication • Clearinghouse never sees credentials!
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) • Service Provider - The entity willing to accept identity credentials and attributes in order to provide a service to the user. • Identity Provider - The entity that knows information about the user and is willing to share that information with another party. • Enterprise Directory - The local campus directory that contains the information to be shared. Campus A Identity Provider (tomcat) Enterprise Directory (LDAP, etc) Apache
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) Campus A Identity Provider (tomcat) Enterprise Directory (LDAP, etc) Apache 1. Request Secured Content User (via web browser)
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) Campus A Identity Provider (tomcat) Enterprise Directory (LDAP, etc) Apache 2. Send Redirection 1. Request Secured Content 3. Request Auth. Form User (via web browser) Redirect
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) Campus A Identity Provider (tomcat) Enterprise Directory (LDAP, etc) Apache 2. Send Redirection 1. Request Secured Content 3. Request Auth. Form 4. Send HTML Form User (via web browser) Redirect
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) Campus A Identity Provider (tomcat) Enterprise Directory (LDAP, etc) Apache 2. Send Redirection 1. Request Secured Content 3. Request Auth. Form 5. Provide Credentials 4. Send HTML Form User (via web browser) Redirect
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) Campus A Identity Provider (tomcat) Enterprise Directory (LDAP, etc) 5a. Authenticate Apache 2. Send Redirection 1. Request Secured Content 3. Request Auth. Form 5. Provide Credentials 4. Send HTML Form User (via web browser) Redirect
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) Campus A Identity Provider (tomcat) Enterprise Directory (LDAP, etc) 5a. Authenticate Apache 7. Send Assertion 2. Send Redirection 1. Request Secured Content 3. Request Auth. Form 5. Provide Credentials 4. Send HTML Form 6. Embed Assertion User (via web browser) Redirect
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) Campus A 7a. Exchange Attributes Identity Provider (tomcat) Enterprise Directory (LDAP, etc) 5a. Authenticate Apache 7. Send Assertion 2. Send Redirection 1. Request Secured Content 3. Request Auth. Form 5. Provide Credentials 4. Send HTML Form 6. Embed Assertion User (via web browser) Redirect
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) Campus A 7a. Exchange Attributes Identity Provider (tomcat) Enterprise Directory (LDAP, etc) 5a. Authenticate Apache 7. Send Assertion 2. Send Redirection 8. Send Secured Content 1. Request Secured Content 3. Request Auth. Form 5. Provide Credentials 4. Send HTML Form 6. Embed Assertion User (via web browser) Redirect
UNC Federation Service Provider Demo
Security - Ideal Internet Firewall Private Network ASU UNC-GA WSSU … …
Security - Actual Internet No Private Network Firewall Firewall Firewall ASU UNC-GA WSSU … …
Shibboleth Security • Solution = Public Key Cryptography • x509 open standard Service Provider Campus A SSL Signed & Encrypted Identity Provider Enterprise Directory Apache SSL Encryption Server Certificate signed by well known Certificate Authority (CA) User (via web browser)
Web Services Machine-to-machine communication over a network: Standard protocols/formats Simplifies exchange of data Using standard web technologies HTTP XML Platform agnostic Vendor agnostic
Why Web Services? Cost effective Open standards architecture Acts as middleware between heterogeneous systems Automate Entry of bio-demo information Enrollment & registration in campus student system Fee assessment Fee posting
Standard Architecture • Service Provider • Owner of the process • Platform that hosts access to the service • Service Requestor • Client to request and consume a service • Manual or automated initiation • Service Registry • Searchable directory of published service descriptions Service Registry Service Requestor Service Provider
Standard Architecture • Service • Software module deployed on a network accessible platform • Service Description • Details of the implementation • Data types • Operations • Binding information • Network location Service Registry Service Requestor Service Provider Service Service Description
Standard Architecture • WSDL (Web Services Definition Language) defines • message formats • data types • transport protocols • transport serialization formats Service Description Service Registry WSDL Publish Find Service Requestor Service Provider Service Service Description
Standard Architecture • SOAP - Service Oriented Architecture Protocol • Framework for packaging and exchanging XML messages • Typically sent using HTTP • Language and platform independent • Lightweight protocol Service Description Service Registry WSDL Publish Find Service Requestor Service Provider Bind Service Service Description SOAP, WSDL
Inter-Institutional Web Services(Phase II) • 3 distinct web services • Each university implements • Implementation can differ depending on internal processes • Implementation should make use of APIs provided by Banner & PeopleSoft • Clearinghouse consumes these services • Services are invoked via human intervention within the clearinghouse Service Requestor Service Provider Bind Service Service Description SOAP, WSDL
Web Service #1(GET_BIODEMO_INFO) Home Institution Inter-institutional System Visited Institution 1. Search for Courses Student 2. Add to Bookbag Select Home Campus 3. Request Registration Sign In 4. Redirect 5. Redirect if Successful Confirm & Process NOTIFY Acknowledge Registrar 6. Authenticate 7. Download Request Evaluate Request Process NOTIFY 8. Approve & Enter Data Registrar #1 9. Authenticate Acknowledge Evaluate Request 10. Download Request Process 11. Approve & Enter Data NOTIFY Registrar 12. Authenticate View Status Fully Process credit hours financial aid cashier 13. Get Tuition Costs 14. Mark as Completed Done
Web Service #1(GET_BIODEMO_INFO) • Home Campus Registrar initiates • From within clearinghouse • Clearinghouse consumes service • Passes unique student identifier • Service uses identifier to obtain bio/demo data • Returns data to clearinghouse • Home Campus Registrar proceeds with work flow Simulates Manual Data Entry
Web Service #2(REGISTER_STUDENT) Home Institution Inter-institutional System Visited Institution 1. Search for Courses Student 2. Add to Bookbag Select Home Campus 3. Request Registration Sign In 4. Redirect 5. Redirect if Successful Confirm & Process NOTIFY Acknowledge Registrar 6. Authenticate 7. Download Request Evaluate Request Process NOTIFY 8. Approve & Enter Data Registrar #1 9. Authenticate Acknowledge Evaluate Request 10. Download Request Process 11. Approve & Enter Data NOTIFY Registrar #2 12. Authenticate View Status Fully Process credit hours financial aid cashier 13. Get Tuition Costs 14. Mark as Completed Done
Web Service #2(REGISTER_STUDENT) • Visited Campus Registrar initiates • From within the clearinghouse • Provides student ID number if this student has attended before • Clearinghouse consumes service • Passes all Bio/Demo and course information • Register the student • Create/update the student in Banner/PeopleSoft • Admit the student • Register student into approved course • Return information • Student’s unique identifier • Course fees (if automatically assessed at time of registration) Simulates Manual Data Entry into ERP
Web Service #3(FINALIZE_REGISTRATION) Home Institution Inter-institutional System Visited Institution 1. Search for Courses Student 2. Add to Bookbag Select Home Campus 3. Request Registration Sign In 4. Redirect 5. Redirect if Successful Confirm & Process NOTIFY Acknowledge Registrar 6. Authenticate 7. Download Request Evaluate Request Process NOTIFY 8. Approve & Enter Data Registrar #1 9. Authenticate Acknowledge Evaluate Request 10. Download Request Process 11. Approve & Enter Data NOTIFY Registrar #3 #2 12. Authenticate View Status Fully Process credit hours financial aid cashier 13. Get Tuition Costs 14. Mark as Completed Done
Web Service #3(FINALIZE_REGISTRATION) • Home Campus Registrar initiates • From within clearinghouse • Clearinghouse consumes service • Passes tuition/fee and course data • Cache data in new tables (specifically for this purpose) • Processed in batch mode • Applied to student’s account • No automated processing of student data Simulates Manual Entry of Tuition & Fees
Conclusion • Lookup & tracking service • Students • Registrars • Phase I = Fall 2008 • Shibboleth (required for participation) • Phase II = At campus’ discretion • Web Services • UNCG pilot for Banner schools • Suggest PeopleSoft campuses collaborate as well