Meteor Implementation in PPT Format - IFAP

judgedrunkshipΔιακομιστές

17 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

94 εμφανίσεις

Meteor Implementation

Presented by:

Tim Cameron &

Justin Greenough

Technical Track Session

Part I

Meteor Overview &

Steps to Implementation


3

Meteor


Meteor is a web
-
based universal access
channel for financial aid information.
Information from multiple data providers
is aggregated to assist the financial aid
professional and the borrower with the
financial aid process, repayment, and
default aversion. Meteor is a collaborative
effort and access is provided at no charge.

4

Meteor Services


Access timely, student
-
specific financial
aid information from multiple sources


One
-
stop, common, online customer
service resource


Currently provides information on FFELP
and alternative loans (vision to include
Direct Loans, Perkins Loans, Pell Grants,
and state aid)

5

Meteor Volume


In two short years, Meteor has attained
(in production or currently planned
for implementation):


81% of FFELP Loan Guarantee Data


60 % of FFELP Loan Servicing Data


64 % of Alternative Loan Data

6

Meteor in Relationship to Other

Industry Initiatives

Meteor

ELMNet

NSLDS

Use of industry
messaging
standards for Data
Inquiry

In
Development

In
Development

In
Development

Loan Origination &
Transaction
Processing

N/A

Yes

Transactions
only

7

Meteor in Relationship to Other

Industry Initiatives

Meteor

ELMNet

NSLDS

Real Time

Yes

Yes

No

Access Points

Multiple

Single

Single

Authentication
Methods

Multiple

Single

Single

8

The Meteor Process

One

Two

Access
Providers

Data Providers

Financial Aid

Professional or Student

Three

Index Providers

9

How Does Meteor Work


Access Providers


A Meteor Access Provider allows inquirers
to obtain information through its web site
by hosting a copy of the Meteor software,
which generates the request to the Data
Providers for the borrower’s information.


Access providers can be Schools,
Guarantors, Lenders, Servicers, or
Secondary Markets.

10

How Does Meteor Work


Access Providers


Meteor provides the Access Providers
with software that verifies the status of
the providers, generates requests for
information, receives the response
messages, performs the duplicate and
best source logic, and displays the
default screens.


11

How Does Meteor Work


Index Providers


A Meteor Index Provider is used to
identify the location(s) of the
requested student/borrower
information.


The current Meteor Index Provider
is the National Student
Clearinghouse

12

How Does Meteor Work


Index Providers


In the future, other indices will be
added based on the type of data to
be incorporated into the network.


This is only an index (pointer) to
the actual data providers. The
index does not provide “data” to
Meteor.

13

Clearinghouse as Meteor Index


100% of FFELP guarantee volume


Over 5.6 million Direct Loan Program
accounts


Over 13.2 million FFELP servicer accounts


Over 1.6 million Perkins/Private/Alternative
Loan servicer accounts (including some
managed by schools themselves)

14

How Does Meteor Work


Data
Providers


A Meteor Data Provider hosts a copy
of the Meteor software that enables the
software to respond to the Access
Provider’s request for information,
supplying data from their system.


Data Providers are typically Lenders,
Servicers, Guarantors, and Secondary
Markets.

15

How Does Meteor Work


Data
Providers


In the future, the Dept. of
Education, State Grant authorities,
Schools, and others could become
Data Providers.

16

How Does Meteor Work


Data
Providers


Meteor provides the data providers
with software that verifies the
authenticity of the information
request, formats the response
message, and filters data based on
the role of the end user.

17

Reliability and Security


Data is sent directly from the data
provider’s system and is not altered in
any way within Meteor.


All data is electronically transmitted
securely using SSL encryption.


Independent Audit showed no serious
vulnerabilities.

18

Authentication


No central authentication process


Utilizes transitive trust model


Each Access Provider uses its existing
authentication model (single sign
-
on)


Level of trust assigned at registration

19

Authentication


Worked with Shibboleth
-

Shibboleth, a project of
Internet2/Mace, is developing architectures, policy
structures, practical technologies, and an open
source implementation to support inter
-
institutional
sharing of web resources subject to access controls.
In addition, Shibboleth will develop a policy
framework that will allow inter
-
operation within the
higher education community.


Project participants include Brown University, Ohio
State, Penn State and many other colleges and
universities.

20

Building Trust and Integrity


The Meteor Advisory Team sought input and
expertise regarding privacy and security from
the sponsoring organizations and the NCHELP
Legal Committee.


Analysis was provided in relation to GLB and
individual state privacy laws.


The analysis revealed that Meteor complied
with GLB, FERPA, and known state privacy
provisions.

21

Steps to Participation


Provider downloads and completes the
following forms from the NCHELP
web site:


Meteor Participant Certification


Registration Profile


Authentication Profile(s)


Technical Profile

22

Steps to Participation



Authentication protocol review


Provider is set
-
up in the test
registry


Installation of software


Testing

23

Steps to Participation


Provider is set
-
up in the production
registry


Move to production


Final connectivity testing


GO LIVE!

Part II

Basic Meteor Setup


25

Which Type of Provider Are
You?


Authentication Only



Log users in
and pass off to another Access
Provider


Access/Authentication



Log users in
and provide Meteor lookups


Data Provider



Provide access to
loan data on the Meteor network

26

Install



App Server



Meteor Software



Data Connectors


or Drivers

Configure



Keys/Certificate



Properties Files



SSL Connectivity


Customize



Authentication


Method



Data Access


Three Major Steps

27

Step 1
-

Install


Java Application Server


An App Server is a web server that serves “Java
Servlets” and JSP pages (similar to ASP, PHP,
CGI, etc.).



Meteor is known to work on several app
servers. Greatest support is available for
Apache Tomcat, which is free.

28

Step 1
-

Install


Meteor Application(s)


Meteor applications will “deploy” out of the box
on most app servers.


Install Custom Drivers/Connectors


Install any drivers/connectors necessary to access
your legacy data using Java (SQL, Mainframe
bridge, etc.).

29

Step 2
-

Configure


Create Key Pair and Configure SSL


Create a JKS (Java) key pair.


Have certificate signed by a known CA

(Verisign, Thawte, etc.).


Private key resides on Meteor server.


Public key is placed in the Meteor Registry.


Configure App Server to use SSL Communication
Only.


Note: You generally cannot use an existing IIS or Apache SSL
certificate. They’re not stored in the same format.

30

Step 2
-

Configure


Why Use a Key Pair?


Each key can “unlock” data that was
“locked” by the other


key but cannot unlock info it locked itself.


If a document is modified in transit,
“unlocking” it will fail.


Assures a valid meteor participant is
requesting the data.

31

Step 2
-

Configure


Why Use a Key Pair?


Assures that a request hasn’t been
modified by some third
-
party.


Standard SSL encrypts the request and
response.


Third
-
party signature (Verisign, Thawte,
etc.) verifies that each organization is
valid/reputable.

32

Step 3


Customize


End
-
User Authentication


Meteor does not ship with its own
authentication system.


Must choose one of two methods:

1.
Implement Java code “IUserAuthentication” to
“talk to” your existing authentication system.

2.
Implement code in your existing system to create
a “SAML Assertion” that can be passed to Meteor
to verify that the user has been logged
-
in.
(Recommended)

33

Step 3


Customize


End
-
User Authentication


Meteor team can provide sample
Java code for method #2.


Method #2 can theoretically be
performed in any language. Some
proofs of concept exist.


34

Step 3


Customize


What is a SAML Assertion?


SAML = “Security Authentication Markup
Language.”


SAML assertions are XML documents.


A SAML Assertion says:


I logged this user in.


I’m “Level N” sure of the person’s identity (N=1
to 3).


This user has a certain access role (FAO,
Borrower, etc.).

35

Step 3


Customize


What is a SAML Assertion?


SAML assertions digitally signed with an
entity’s private key.


SAML assertions can be used for single
sign
-
on applications.

36

Step 3


Customize


Authentication Using SAML
(Recommended)


Organization’s existing enterprise sign
-
on system is
modified to create a SAML Assertion after
authenticating the user.


User clicks form submit button and assertion is passed
to Meteor via HTTP Post.


Meteor validates SAML Assertion against the public
key in the Meteor Registry and grants or denies access
as appropriate.


Note: Java classes and sample code exist to create the
SAML Assertion.

37

Step 3


Customize


Data Provider Customization


How do I link Meteor to my data?


Implement DataServerAbstraction
Interface


Retrieving Data


Creating the Response


Where can I find help?

38

Step 3


Customize


Implementing DataServerAbstraction
Interface


public MeteorDataResponse


getData(MeteorContext context, String ssn)


Security Token


Contained within the MeteorContext


Requestor Role (Borrower, FAO, CSR)


Opaque User Id


39

Step 3


Customize


Retrieving Data


Use existing Meteor sample code


Predefined database schema


Data must be loaded into database


Direct access to production data


SQL embedded


Real time access to data


Transaction Calls


RPC, MQ, SOAP, CICS Gateway

40

Step 3


Customize


Creating the Response


MeteorDataResponse Object


Mapping Data


Data is mapped to container classes.


Start early in the process.


Seek help from business experts.


Meteor software handles formatting the
response.


41

Step 3


Customize


Help Resources


Meteor Tech Team List Server


Sample Code


http://www.meteorcentral.com


Source Code


Production Releases


http://www.nchelp.org/meteor.htm


Documentation


Meteor Setup Guide

42

We appreciate your feedback and comments.
We can be reached at:


Tim Cameron: Meteor Project Manager

meteor@nchelp.org



Justin Greenough: Member, Meteor Technical Team



jgreenough@riheaa.org


Contact Information