the meteor project and financial aid delivery justin tilton instructional media + magic, inc....
TRANSCRIPT
The Meteor Project and Financial Aid Delivery
Justin Tiltoninstructional media + magic, inc.
Presented to: The National Association of
Student Financial Aid Administrators
October 11, 2001
Th
e M
ete
or
Pro
ject
2
Financial aid services
• In the past, regulations drove practicesand determined services
• Now, information technology drives practices and has the potential to increase service
________________
Using information technology, the U.S. Department of Education is improving its services, and setting higher expectations. The challenge for schools and others in the Higher Education loan community is to meet the current expectations and collaborate on standards for the future.
Th
e M
ete
or
Pro
ject
3
Some key initiatives• Student loan industry
• CommonLine• Common Account Maintenance (CAM)• The High Performance Channel (HPC)• The Meteor Project • ELMnet
• Department of Education OSFA• Web enabled applications• Common Origination and Disbursements
• College and university collaboratives• JA-SIG (Java in Administration Special Interest Group)
• Internet 2 and Shibboleth• MIT’s Open Knowledge Initiative
• Florida State University, University of Hawaii• “30 minute application to funds”
Th
e M
ete
or
Pro
ject
4
SFA Web-enabled applications
• FAFSA on the web
• Schools portal release 2.0with single sign-on
• Financial partners portals – FY 2002
• Student on-line access todirect loan servicing
• API to SFA systems
Th
e M
ete
or
Pro
ject
5
Impact on colleges and universities
Changes:
• From Batch to Real-time Transactions,
• From Proprietary File Transfers to Internet XML Messaging Standards
• From SFA-defined to Industry Standard Message Content
• An integrated Student Experience
• Use of SFA-provided Java (J2EE)shared-components
Th
e M
ete
or
Pro
ject
6
The Meteor Project
• An initiative of the student loan industry
• Collaborative effort of 37 guaranty agencies, lenders, secondary markets, and servicers
• On-line, real-time information services
• Separate channels for students and financial aid professionals
• Aligned with industry, SFA standards
______________________
“Building the IT infrastructure for the next decade”
Th
e M
ete
or
Pro
ject
7
Students expectations shaped by...
• Their experience applyingfor federal financial aid
• Their use of financial services portals
• Their use of the Internet
• Their life in a “real-time, information rich” environment
Th
e M
ete
or
Pro
ject
8
Students now expect...
• Customer service 24 hours a day, 7 days a week
• Complete information froma single source
• Delivery by Web, e-mail, telephone, facsimile, and wireless devices
• response time of 15 seconds for telephone, 10 seconds for Web, and 2 hours for e-mail and facsimile
• access to a complete customer history
Th
e M
ete
or
Pro
ject
9
Is technology important?
• Technology choices determine the quality of electronic services offered to Web-savvy prospective students, current students, alumni, faculty, staff and the public.
• Technology choices will determine with whom you do e-business and how it is done.
Th
e M
ete
or
Pro
ject
10
SFA technology choices
• XML - B2B Standard
• Business Messages
• XML Schema (data validation)
• Java - Transportable Programs
• Shared Java Components
• Web Implementations – FAFSA
• UML - Unified Modeling Language
Th
e M
ete
or
Pro
ject
11
eBusiness Web services architecture
• XML “tagged” data contenteXtensible Markup Language
• SOAP data transportSimple Object Access Protocol
• XSL transformations for presentationeXtensible stylesheet language
• XML Digital Signature
for Server Authentication
• UDDI/WSDL directory servicesUniversal Description, Discovery, and Integration,and Web Services Description Language
Th
e M
ete
or
Pro
ject
12
Technology standards
M - from Meteor installationO - optional
Industry
OSFA
Mete
or
JA-S
IGuPort
al
IBM
Web S
erv
ices
Mic
roso
ft.N
et
Sun O
ne
Java Programming Language XML Markup Language SOAP Data Transport M UDDI Directory M WSDL Service Description M
Where does The Meteor Project fit into all of this?
Th
e M
ete
or
Pro
ject
14
Relationship of Meteor and JA-SIG
JA-SIG
uPortal
Meteor Channel
The Meteor Project
Th
e M
ete
or
Pro
ject
15
The Meteor Project
Meteor is the software and service to obtain a student’s own financial aid information from a number of different sources.
• The software can be installed on any Website--a school, lender, guaranty agency, secondary market, servicer, or collection agency.
• The software is Open Source--a “gift” from the Meteor sponsors to the financial aid community.
Th
e M
ete
or
Pro
ject
16
Data from multiple sources, locations
The Pilot Implementation
Th
e M
ete
or
Pro
ject
17
Reference implementation
The reference implementation includes:
• Authentication of the user
• A list of loans
• Details on any specific loan
• Error, warning, and information messages for the user
Th
e M
ete
or
Pro
ject
18
Meteor authentication
Th
e M
ete
or
Pro
ject
19
Meteor list of loans
Th
e M
ete
or
Pro
ject
20
Sample Meteor loan detail
Th
e M
ete
or
Pro
ject
21
User message, no Meteor service
Th
e M
ete
or
Pro
ject
22
User message, please call
How does Meteor work?
Th
e M
ete
or
Pro
ject
24
Meteor in a nutshell…
Lender
XML
UDDI
Th
e M
ete
or
Pro
ject
25
The first step…
The student chooses a portal to their Financial Aid information
Th
e M
ete
or
Pro
ject
26
Next, a secure connection
Th
e M
ete
or
Pro
ject
27
Requests sent...
XML
<LoanHistoryRq> <CustPermId>448377707</CustPermId> <DateOfBirth>1980-09-03</DateOfBirth></LoanHistoryRq>
Guaranty Agencies
NSC
SFA
Th
e M
ete
or
Pro
ject
28
Responses returned
XML
SFA
GA
NSC
<LoanInformation><LenderIdType>OPEID</LenderIdType><LenderId>809063</LenderId><LenderName>Bank of Oklahoma</LenderName><SchoolIdType>OPEID</SchoolIdType><SchoolId>003152</SchoolId><SchoolBranch>00</SchoolBranch><SchoolName>University of Central Oklahoma</SchoolName><InformationSourceIdType>OPEID</InformationSourceIdType><InformationSourceId>809063</InformationSourceId><InformationSourceName>Bank of Oklahoma</InformationSourceName><InformationSourceDate>2000-11-12</InformationSourceDate></LoanInformation>
XML
XML
Th
e M
ete
or
Pro
ject
29
Aggregated data in portal
Th
e M
ete
or
Pro
ject
30
Student wants details
Th
e M
ete
or
Pro
ject
31
Request for detail sent to Lender
Lender
XML
Th
e M
ete
or
Pro
ject
32
Detail screen displayed
Lender
XML
Th
e M
ete
or
Pro
ject
33
Diagram of Meteor Concept
Web ServicesHTML
MeteorXML
StudentStudent Access Provider Access Provider Data Provider Data Provider
Th
e M
ete
or
Pro
ject
34
As implemented ...
Web ServicesSecure HTML
MeteorSecure XML
StandardBrowserStandardBrowser uPortaluPortal
MeteorSOAP
MeteorSOAP
MeteorSOAP
MeteorSOAP
DatabaseDatabase
Th
e M
ete
or
Pro
ject
35
The development configuration
uPortalStandardBrowserStandardBrowser uPortaluPortal
Meteor SOAPJAVA ComponentsMeteor SOAPJAVA Components
Meteor SOAPJAVA ComponentsMeteor SOAPJAVA Components
DatabaseJDBC ConnectionDatabase
JDBC Connection
LinuxApacheTomcat
LinuxApacheTomcat
Th
e M
ete
or
Pro
ject
36
What we learned...
• The XML/SOAP business message turnaround is less than 1 second
• Because of the scope of authorization for access and different uses, Meteor needed two separate channels
• Student and parental access to the student’s information
• Financial aid professionals access to information about students
Th
e M
ete
or
Pro
ject
37
Professional - Authorization
Th
e M
ete
or
Pro
ject
38
Selection
Th
e M
ete
or
Pro
ject
39
Display
Why is Meteor important?
Th
e M
ete
or
Pro
ject
41
The Meteor software
• Provides an information servicefor students and alumni
• Provides an information resource for financial aid professionals
• Becomes a first step toward implementation of the Department of Education’s real-time “Common Origination and Disbursement” -due in 2003
Th
e M
ete
or
Pro
ject
42
Meteor software will be available as:
• A channel in JA-SIG’s uPortal 2.0 or later
• A Java servlet that can in incorporated into any Website that supports servlets
• Possibly a channel in Apache Foundation’s JetSpeed portal (also IBM’s general portal)
The school experienceAuthentication, a barrier to
implementation
Th
e M
ete
or
Pro
ject
44
Some definitions
• Proxy (a) An entity authorized to act for another; (b) authority or power to act for another ; (c) a document giving such authority.
OASIS Security Services TC Glossary, July 2001
• Financial aggregation is the process of gathering content from multiple sources and consolidating that information at a single web location for review and, potentially, financial transactions by the customer.
BITS Voluntary Guidelines forAggregation Services, April 2001
Th
e M
ete
or
Pro
ject
45
Some definitions
• Credential - Data that is transferred to establish a claimed principal identity.
• Assertion - A piece of data, produced by a SAML authority, constituting a declaration of identity, or attribute information, or authorizations.
• Login, Logon, Signon - The process of presenting credentials to an authentication authority, establishing a simple session, and optionally establishing a rich session.
OASIS Security Services TC Glossary, July 2001
Th
e M
ete
or
Pro
ject
46
IFX Business Message
• SOAP Header
• Routing information
• Business Message
• SecurityPassword
[Digital] Certificate
Magnetic Stripe and PIN
Request/Response of Secret
• Business services content
Th
e M
ete
or
Pro
ject
47
Authentication and authorization
• Defining “Level of identification”
• Incomplete standard protocols for authentication or authorization
• Web Single Signon • Internet2/Shibboleth
Originally Jan 2001 now Dec 2001
• SAML Security Assertion Markup LanguageIndefinite Delay (from June 2001) likely 2002
• Indeterminate policies and procedures
• Legal - new laws and lack of precedents• Lack of e-business experience
Th
e M
ete
or
Pro
ject
48
e-Business users
• Hierarchy of trust
• Government
• Banks
• “Brand name” companies
• Pattern of e-Business Use (typically six to twelve months)
• Data only
• Small transactions - $10 to $25
• Larger transactions
Th
e M
ete
or
Pro
ject
49
Boston College expectation
• Only ”regular” students and employees in the financial aid office will access Meteor through the College’s secure portal.
• The National Student Clearinghouse, and subsequently others, will “trust” the Boston College authentication.
Th
e M
ete
or
Pro
ject
50
The “trusted” college
Secure Collegeenvironment
Secure Internetconnection
Employee uses school logonand password
College sends institutional logon
and password
Loan list message
ScenarioUser: EmployeeAccess Provider: Boston CollegeData Provider: Clearinghouse
Th
e M
ete
or
Pro
ject
51
As a proxy service
Secure Collegeenvironment
Secure Internetconnection
Student useslogon and passwordfrom Data Provider
College forwardsthis logon
and password
Loan list message
ScenarioUser: StudentAccess Provider: College or UniversityData Provider: Guarantee Agency
Th
e M
ete
or
Pro
ject
52
As a security aggregation service
Student useslogon and passwordfrom Access Provider
College forwardsthis logon
and password
Loan list message
ScenarioUser: StudentAccess Provider: College or UniversityData Provider: Guarantee Agency
CitiBank
SallieMae
1
6
4
32
Secure Internetconnection
5
Th
e M
ete
or
Pro
ject
53
Third party authentication
Student useslogon and password
from third party College forwardsthe assertions
Loan listmessage
ScenarioUser: StudentAccess Provider: College or UniversityData Provider: Guarantee Agency
1
6
4
3
2
5
SAML Request
Assertionsreturned
Secure Collegeenvironment
Secure Internetconnection
Th
e M
ete
or
Pro
ject
54
Meteor sponsors
American Education ServicesAmerican Student AssistanceBank OneCollege Foundation, Inc. [NC]The College Board/CollegeCredit Education Loan ProgramConnecticut Student Loan FoundationEducation Assistance CorporationEducation Funding AssociationFlorida Department of Education, OSFAGeorgia Higher Education Assistance CorporationGreat Lakes Higher Education Guaranty CorporationGuaranTec, LLPHigher Education Student Assistance AuthorityIllinois Student Assistance CommissionIowa Student Loan Liquidity CorporationKentucky Higher Education Assistance AuthorityKey Education ResourcesLoanStar Systems, Inc.
Th
e M
ete
or
Pro
ject
55
Meteor sponsors
Michigan Higher Education Assistance AuthorityMontana Guaranteed Student Loan ProgramNational Student Loan Program, Inc.New Hampshire Higher Education Assistance Foundation New York State Higher Education Services Corporation North Carolina State Education Assistance Authority Northwest Education Loan Association (NELA)Oklahoma Guaranteed Student Loan ProgramOregon Student Assistance Commission Panhandle-Plains Student Loan CenterRhode Island Higher Education Assistance AuthoritySallie Mae, Inc.Southwest Student Services CorporationStudent Loan Finance AssociationStudent Loan Guarantee Foundation of ArkansasStudent Loans of North DakotaTexas Guaranteed Student Loan CorporationUnited Student Aid FundsVermont Student Assistance Corporation
Th
e M
ete
or
Pro
ject
56
And we had help...
• The National Student Clearinghouse’s Roberta Hyland and Joy Wang provided data access and programming assistance to make their database available to Meteor users.
• Interactive Business Solutions Software Engineer (and Harvard University graduate student) Peter Karchenko joined the Meteor team working on the project.
• Priority Technologies, Inc. extended the Meteor software and contributed the UDDI/WDSL implementation.
• Credit Online’s Dennis Warnke and Glenn Leyba shared LoanML drafts and their experience implementing IFX SOAP messaging.
• Great Lakes’ Steve Marganeau provided CommonLine XML as it was being produced in December 2000.
• Sigma Systems Inc.’s Andy Sprague provided test data and design guidance and Randy Timmons gave Meteor briefings and demonstrations.
The end