260 likes | 267 Views
The. Project Presentation to: The Electronic Access Partnership July 13, 2006 Presented by: Tim Cameron, Meteor Project Manager. What is the Meteor Project?. The Meteor Project. The Meteor Software The Meteor Network The Meteor Federation. The Meteor Software. Meteor Software Features.
E N D
The Project Presentation to: The Electronic Access PartnershipJuly 13, 2006 Presented by: Tim Cameron, Meteor Project Manager
The Meteor Project • The Meteor Software • The Meteor Network • The Meteor Federation
Meteor Software Features • Information from multiple data providers is aggregated in real-time to assist the end user with the financial aid process, repayment and default aversion. • A one-stop, common, online customer service resource • Meteor is a collaborative effort utilizing leading-edge technology and access is provided at no charge.
Types of Data Available • FFELP • Alternative/Private Loans • State Grants & Scholarships (Summer 2006) • Perkins (In development) • Direct Loans (Planned) • Pell Grants (Planned)
Who Can Access the Meteor Network? • Meteor • Federated Model: Transitive Trust • Multiple points of access • User Roles • School • Student/Borrower • Customer Service Representatives • Lenders
Reliability and Security • Data is sent directly from the data provider’s system and is not altered in any way within the Meteor software • All data is electronically transmitted securely using SSL encryption • Independent audit showed no serious vulnerabilities with the software
Building Trust and Integrity • The Meteor Advisory Team sought input and expertise regarding privacy and security from the sponsoring organizations and the NCHELP Legal Committee. • Analysis was provided in relation to GLB and individual state privacy laws. • The analysis revealed that Meteor complied with GLB, FERPA, and known state privacy provisions.
The Meteor Process Access Providers Data Providers Users One Financial Aid Professional orStudent/BorrowerorAccess Provider RepresentativeorLender Two Index Providers Three
Clearinghouse as Meteor Index • 100% of FFELP guarantee volume • Over 5.6 million Direct Loan Program accounts • Over 13.2 million FFELP servicer accounts • Over 1.6 million Perkins/Private/Alternative Loan servicer accounts (including some managed by schools themselves)
Meteor Customization • Meteor screens can be customized to blend with the service providers current web services • Meteor allows a service provider to customize the use of the data provided in the Meteor Network • i.e. MYF Exit Counseling application • Not a standard Meteor implementation • Customized screens • Further integration is possible! • Meteor software can be used in other internal applications with approval from the MAT
Meteor Usage • Meteor Usage • FAA Statistics • Usage has been increasing since FSA announcement about use of real time data • Borrower Statistics • Meteor…not just an inquiry network • In addition to providing access to and aggregation of financial aid award information, the Meteor software can also be used by organizations to enhance their current services. • MYF integration • Internal usage of the software at member organizations
Meteor Authentication Model • Utilizes transitive trust model • No central authentication process • Each Access Provider uses their existing authentication model (single sign-on) • Level of trust assigned at registration • Authentication vs. Authorization • Authentication is the process of determining the identity of a user that is attempting to access a system. • Authorization is the process of determining what types of activities are permitted.
Authentication and Authorization • Once you have authenticated a user, they may be authorized different types of access or activity. • Meteor Roles • Financial Aid Professional • Student/Borrower • Customer Service • Lender
Creating the Federation – Challenges and Opportunities • Policy • Provider eligibility • Security and privacy • Removal from the network • Consensus Building • Over 40 providers (challenge!) • Collaboration • Over 40 providers (opportunity!)
Meteor Authentication • Meteor model developed in conjunction with Shibboleth • a project of Internet2/Mace, • developing architectures, policy structures, practical technologies, and an open source implementation • supports inter-institutional sharing of web resources subject to access controls by developing a policy framework that allows inter-operation within the higher education community. • Project participants include Brown University, Ohio State, Penn State and many other colleges and universities.
Levels of Authentication • Meteor Levels of Assurance • Level 0: Single piece of public information • Level 1: ID and one piece of public information • Level 2: ID and two pieces of public information • Level 3: User ID and Password • All providers are supporting Level 3 Authentication • National Institute of Standards and Technology (NIST) • Meteor Level 3 = NIST Level 2
Authentication Process: • Student logs into Access Provider site (i.e. school, lender, servicer or guarantor) • Access Provider follows their local authentication procedures, assigns a role and retrieves the appropriate assurance level from the Meteor Registry • Access Provider builds the security assertion • AP Unique ID • User Role • End User Identifier • Authentication Process ID • Assurance Level
Authentication Process: • Access Provider digitally signs the request and queries the Index Provider • Index Provider validates the provider (digital certificate) against the Registry; • Index Provider builds a response message and digitally signs and sends the request to the Access Provider • Access Provider receives the response and validates the provider against the Registry; validates the digital signature; validates assurance levels for Data Provider requirements; builds, signs, and sends the request message
Authentication Process: • The same validation process continues for the Data Provider’s receipt and response and the Access Provider’s receipt and display of the Meteor messages.
Next Steps • Inter-Federation Authentication • Multi Factor Authentication • State Security Breach Reporting Legislation
Contacts Tim Cameron Meteor Project Manager NCHELP 703-969-8565 meteor@nchelp.org or tcameron7185@bellsouth.net