250 likes | 259 Vues
“Real World” METEOR Implementation Issues. Jim Kuhlen Connecticut Student Loan Foundation. What is Meteor?. Meteor is a collaborative effort within the student aid industry to simplify and consolidate access to student financial aid information.
E N D
“Real World” METEOR Implementation Issues Jim Kuhlen Connecticut Student Loan Foundation
What is Meteor? • Meteor is a collaborative effort within the student aid industry to simplify and consolidate access to student financial aid information. • Meteor software provides open, non-proprietary, real time access to all available aid information for a student from all participating organizations, and consolidates it for display to students and Financial Aid Professionals.
“Who” is Meteor? • The Meteor Project was initiated by NCHELP • Over 40 Student Aid Industry organizations support Meteor • Representatives of these organizations make up the Meteor Advisory Team, which manages ongoing Meteor issues related to business requirements, software design and development, participant registration, etc.
Meteor Roles • Access Provider • Provides inquirers with a connection to the Meteor Network through the Meteor Access Provider software. • Data Provider • Returns student aid data in response to inquiries from Access Providers.
Meteor Roles • Index Provider • Streamlines network performance by supplying a list of participants holding data for a student • Currently the National Student Clearinghouse is the Meteor Index Provider. • Design will accommodate additional Index Providers
Meteor Roles • Authentication Provider • Designed to be used by schools • Allows school’s authentication of an FAP or student to be passed to a Meteor Access Provider to gain access to Meteor data
Business Issues • Security and Privacy Concerns • GLBA Compliance • Authentication of Inquirers • Security of Data • Potential Misuse of Data
Privacy • The Meteor Advisory Team received input and expertise regarding privacy from sponsoring organizations and the NCHELP Legal Committee. • Analysis was provided in relation to GLBA and individual state privacy laws. • Meteor complies with both GLBA and state privacy provisions.
Inquirer Authentication • No central authentication process • Utilizes transitive trust model • Each Authentication or Access Provider uses their existing authentication model (single sign-on) • Each participant’s authentication techniques are reviewed as a part of Meteor Registration • Encrypted authentication information is passed with all Meteor messages using SAML in compliance with Shibboleth
Data Security • Trusted network • Participants certify that Meteor data is protected at least as well as their own • Meteor Technical Team verifies that new participants have adequate security in place (firewalls, etc.) • SSL & Encryption • All Meteor messages are encrypted and verified for authenticity
Meteor Participant Certification • Applies to all Meteor Participants • Major points: • Protection and use of data • Authentication • Technical and Security requirements • Terms of participation • Conditions of Use • Participation currently limited to FFELP community (ED issued Ids)
Technical Issues Technical Infrastructure Technical Staff Skills Installation & Testing New Releases
Technical Infrastructure • Web Application Server • WebSphere, Tomcat, others • Real time access to loan data • CICS Gateway, JDBC, others • Java Development Environment • VisualAge for Java, other JDK • Support for HTTPS/SSL
Technical Staff Skills • Web application server installation and configuration • Familiarity with Java • Working knowledge of XML • Installation and configuration of Firewalls • Knowledge of HTTPS/SSL and Certificate Authorities • Programming to provide necessary data via Database/Gateway
Installation and Testing • Customize software if desired • Compile and deploy on Web Application Server(s) • Program to supply required data • Supply information to populate Meteor Registry • Test across Meteor Network via Meteor Test Bench • Final testing with Clearinghouse
Installation and Testing • Meteor Technical Team will assist participants with problem resolution at any stage of the process.
New Releases • Participation in pre-release testing of new releases is encouraged. • Releases are backward compatible • Program to new requirements if necessary • Compile and deploy new release on test server • Test across Meteor Network via Meteor Test Bench • Deploy on production server
Steps to Meteor Participation • Contact the Meteor Registration Coordinator, Tim Cameron, at 202-822-2106 or by e-mail at tcameron@nchelp.org. • The Meteor Registration Coordinator will send you the following forms for you to complete: • Meteor Participant Certification • Registration Profile • Authentication Profile(s) • Technical Profile
Steps to Meteor Participation • Download the Meteor Implementation Guide and Meteor Setup Guide at www.nchelp.org/meteor.htm • Return completed forms to: Meteor Registration Coordinator c/o NCHELP 1100 Connecticut Avenue, NW, 12th Floor Washington, DC, 20036-4110
Steps to Meteor Participation • The Meteor Registration Coordinator will provide your designated primary contact with instructions for downloading the Meteor software. • A Meteor Technical Team representative will contact your designated Technical Contact to establish a dialog on a technical level, coordinate testing, and provide assistance and guidance.
Steps to Meteor Participation • When successful testing has been accomplished in the Meteor test environment, the National Student Clearinghouse will conduct final testing with your organization. • Upon successful completion of final testing, you will be ready to go live.