1 / 34

Campus Based Authentication & The Project

Campus Based Authentication & The Project. Presented By: Tim Cameron National Council of Higher Education Loan Programs. The Meteor Story. What is Meteor?. Web-based network for aggregated real-time inquiry of financial aid information One stop, online web service

kiet
Download Presentation

Campus Based Authentication & The Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Campus Based Authentication &TheProject Presented By: Tim Cameron National Council of Higher Education Loan Programs

  2. The Meteor Story

  3. What is Meteor? • Web-based network for aggregated real-time inquiry of financial aid information • One stop, online web service • Collaborative effort of the FFELP community • Freely available software and access to the network • Customization options are available

  4. In the beginning…. • Pre-Meteor Environment (1980’s & 1990’s) • Lenders, Guarantors, Servicers, Schools and others all offered independent web services • Required multiple logins • Low level of security: • Many required only SSN and DOB to access financial aid award data!

  5. In the beginning…. • Department of Education Modernization Plans • Performance Based Organization approved with Higher Education Amendments in 1998 • Modernization Blueprint • Released September 30, 1999 • Second Edition - 2000 • Third Edition – 2001 • Fourth Edition – 2002

  6. In the beginning…. • FFELP Providers Solution • Spring 2000: CEO meeting sponsored by NCHELP • Critical decisions: • Create an information network to provide aggregated financial aid information. • Foundation Principles • Open Source • Open Collaboration • Freely Available • Controlled Participation Network

  7. Increasing Importance for Access to Distributed Databases

  8. Legislative Changes • Ensuring Continued Access to Student Loans Act (ECASLA) • Loan Participation Purchase Program • Loan Purchase Commitment Program

  9. Growth of Split Servicing • Student used multiple lender/guarantor combos to take advantage of benefits • Student consolidated while in-school • Student transferred to a new school • School switched from FDLP to FFELP or vice versa • Lender suspended student loan offerings

  10. Impact to Borrower • Payment schedule complications • Multiple payment due dates • Differing payment amounts • Multiple payment methods • Potential loss of extended repayment options • Deferment and forbearance complications • Inconsistent deferment documentation standards • Inconsistent forbearance period maximums

  11. Coping with the Impact Each of these inconveniences is easily overcome so long as the borrower knows who their lenders/servicers are and how to get in touch with them.

  12. Meteor Today • 14 Points of access to the Network • 20 Data providers • School Authentication Agents • Several custom implementations

  13. Meteor Participant Types Organizations that implement the Meteor software Access Providers (AP) Authentication Agents (AA) Data Providers (DP) Index Providers (IP)

  14. The Meteor Process Federated AuthenticationProcess Access Provider Data Providers Users One Student/Borrower or Financial Aid Professional orAccess Provider RepresentativeorLender Two Index Provider Three

  15. The Meteor Registry • Each participant is required to register, sign a participation agreement, and submit policies and procedures surrounding their authentication process. • The Meteor Team Leads review the policies and procedures and assign a Level of Assurance • Meteor uses a centralized LDAP server to contain: • Public keys of all participants • Network status information (active, pending, suspended) • Contact Information

  16. Meteor Authentication Objectives & Process

  17. Meteor’s Authentication Objectives • Provide a flexible, easy to implement authentication system. • Ensure compliance with the Gramm-Leach-Bliley Act (GLBA), federal guidelines, and applicable state privacy laws. • Assure data owners that only appropriately authenticated end users have access to data. • Ensure compliance to participant organizations internal security and privacy guidelines.

  18. The Meteor Authentication Model • Each Access Provider uses their existing authentication model (single sign-on) • Meteor levels of assurance are assigned at registration • Meteor Level 3 complies with the NIST Level 2

  19. Meteor’s Authentication Requirements • User is required to provide an ID and a shared secret. • Assignment and delivery of shared secret must be secure. • Assignment of shared secret is based on validated information. • Reasonable assurances that the storage of the IDs and shared secrets are secure.

  20. Meteor’s Authentication Requirements • Access provider must ensure appropriate authentication for each end user and provide traceability back to that user • Access provider must provide authentication policy to central authority • Access provider must provide central authority with 30 day advance notice of changes to authentication policy • Access provider must agree to appropriate use of data

  21. The Meteor Authentication Process • End user authenticates at access provider site or through a Meteor approved third party Authentication Agent • Access provider creates authentication assertion (SAML) • Access provider signs authentication assertion with digital certificate

  22. SAML Assertion Attributes • Role of end user • Social Security Number • Authentication Process ID • Level of Assurance • Opaque ID • Organization ID and Type

  23. Meteor and the National Student Clearinghouse: Campus Based Authentication

  24. Campus Based Authentication Schools that have entered into an electronic services agreement with the Clearinghouse will act as Authentication Agents. Students campus issued credentials will be utilized to access Meteor and other Clearinghouse services via Student Self-Service Web site

  25. The National Student Clearinghouse Student Self-Service Meteor is integrated into the Clearinghouse’s Student Self-Service Application For schools that wish to provide students with Meteor access, Meteor loan detail is incorporated into the LoanLocator display

  26. What’s Next?

  27. Online Award Letter Pilot Will serve as a debt management tool Borrowing history presented BEFORE a new award is accepted Ensures that borrower is aware of the potential impact of increasing his aggregate loan(s) amount Total current outstanding New total outstanding with the addition of the new loan Repayment scenarios based on aggregates

  28. For More Information…. Interactive Web Site Launched www.MeteorNetwork.org Audio presentation Interactive demonstration version of the software Link to the Meteor project site Project Documentationwww.NCHELP.org/Meteor.htm Implementation Information Current Provider List User Guide and other documentation

  29. Contact Information Tim CameronNCHELPMeteor Project Manager meteor@nchelp.org

More Related