Scribd Logo
Upload

Welcome to Scribd!

  • Technical Track Session: Meteor Implementation

    Uploaded by

    Ceh
    6 views42 pages
    The document provides an overview of the Meteor technical track session presented by Tim Cameron and Justin Greenough. Meteor is a web-based universal access channel that aggregates financial aid information from multiple sources to assist financial aid professionals and borrowers. The presentation covers Meteor services, implementation process, authentication methods, and steps for organizations to participate as an access provider, index provider, or data provider.

    Original Description:

    05EACTechTrack

    Original Title

    MeteorImplementation

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides an overview of the Meteor technical track session presented by Tim Cameron and Justin Greenough. Meteor is a web-based universal access channel that aggregates financial aid information from multiple sources to assist financial aid professionals and borrowers. The presentation covers Meteor services, implementation process, authentication methods, and steps for organizations to participate as an access provider, index provider, or data provider.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views42 pages

    Technical Track Session: Meteor Implementation

    Uploaded by

    Ceh
    The document provides an overview of the Meteor technical track session presented by Tim Cameron and Justin Greenough. Meteor is a web-based universal access channel that aggregates financial aid information from multiple sources to assist financial aid professionals and borrowers. The presentation covers Meteor services, implementation process, authentication methods, and steps for organizations to participate as an access provider, index provider, or data provider.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 42

    TechnicalTrackSession

    MeteorImplementation
    Presentedby:
    TimCameron&
    JustinGreenough

    PartI
    MeteorOverview&
    StepstoImplementation

    Meteor
    Meteorisawebbaseduniversalaccess
    channelforfinancialaidinformation.
    Informationfrommultipledataproviders
    isaggregatedtoassistthefinancialaid
    professionalandtheborrowerwiththe
    financialaidprocess,repayment,and
    defaultaversion.Meteorisacollaborative
    effortandaccessisprovidedatnocharge.

    MeteorServices
    Accesstimely,studentspecificfinancialaid
    informationfrommultiplesources
    Onestop,common,onlinecustomerservice
    resource
    CurrentlyprovidesinformationonFFELP
    andalternativeloans(visiontoincludeDirect
    Loans,PerkinsLoans,PellGrants,andstate
    aid)

    MeteorVolume

    Intwoshortyears,Meteorhasattained
    (inproductionorcurrentlyplanned
    forimplementation):
    81%ofFFELPLoanGuaranteeData
    60%ofFFELPLoanServicingData
    64%ofAlternativeLoanData
    5

    MeteorinRelationshiptoOther
    IndustryInitiatives
    Meteor

    ELMNet

    NSLDS

    Useofindustry
    In
    In
    In
    messaging
    standardsforData Development Development Development
    Inquiry
    LoanOrigination&
    Transactions
    N/A
    Yes
    Transaction
    only
    Processing
    6

    MeteorinRelationshiptoOther
    IndustryInitiatives
    Meteor

    ELMNet NSLDS

    RealTime

    Yes

    Yes

    No

    AccessPoints

    Multiple

    Single

    Single

    Authentication
    Multiple
    Methods

    Single

    Single
    7

    TheMeteorProcess
    Access
    Providers
    Data Providers

    One

    Financial Aid
    Professional or Student

    Two
    Index Providers
    Three

    HowDoesMeteorWork
    AccessProviders

    AMeteorAccessProviderallowsinquirers
    toobtaininformationthroughitswebsite
    byhostingacopyoftheMeteorsoftware,
    whichgeneratestherequesttotheData
    Providersfortheborrowersinformation.
    AccessproviderscanbeSchools,
    Guarantors,Lenders,Servicers,or
    SecondaryMarkets.

    HowDoesMeteorWork
    AccessProviders

    MeteorprovidestheAccessProviders
    withsoftwarethatverifiesthestatusof
    theproviders,generatesrequestsfor
    information,receivestheresponse
    messages,performstheduplicateand
    bestsourcelogic,anddisplaysthe
    defaultscreens.
    10

    HowDoesMeteorWork
    IndexProviders

    AMeteorIndexProviderisusedto
    identifythelocation(s)ofthe
    requestedstudent/borrower
    information.
    ThecurrentMeteorIndexProvider
    istheNationalStudent
    Clearinghouse

    11

    HowDoesMeteorWork
    IndexProviders

    Inthefuture,otherindiceswillbe
    addedbasedonthetypeofdatato
    beincorporatedintothenetwork.
    Thisisonlyanindex(pointer)to
    theactualdataproviders.The
    indexdoesnotprovidedatato
    Meteor.

    12

    ClearinghouseasMeteorIndex
    100%ofFFELPguaranteevolume
    Over5.6millionDirectLoanProgram
    accounts
    Over13.2millionFFELPserviceraccounts
    Over1.6millionPerkins/Private/Alternative
    Loanserviceraccounts(includingsome
    managedbyschoolsthemselves)

    13

    HowDoesMeteorWorkData
    Providers
    AMeteorDataProviderhostsacopyof
    theMeteorsoftwarethatenablesthe
    softwaretorespondtotheAccess
    Providersrequestforinformation,
    supplyingdatafromtheirsystem.
    DataProvidersaretypicallyLenders,
    Servicers,Guarantors,andSecondary
    Markets.

    14

    HowDoesMeteorWorkData
    Providers
    Inthefuture,theDept.of
    Education,StateGrantauthorities,
    Schools,andotherscouldbecome
    DataProviders.

    15

    HowDoesMeteorWorkData
    Providers
    Meteorprovidesthedataproviders
    withsoftwarethatverifiesthe
    authenticityoftheinformation
    request,formatstheresponse
    message,andfiltersdatabasedon
    theroleoftheenduser.

    16

    ReliabilityandSecurity
    Dataissentdirectlyfromthedata
    providerssystemandisnotalteredin
    anywaywithinMeteor.
    Alldataiselectronicallytransmitted
    securelyusingSSLencryption.
    IndependentAuditshowednoserious
    vulnerabilities.
    17

    Authentication
    Nocentralauthenticationprocess
    Utilizestransitivetrustmodel
    EachAccessProviderusesitsexisting
    authenticationmodel(singlesignon)
    Leveloftrustassignedatregistration
    18

    Authentication
    WorkedwithShibbolethShibboleth,aprojectof
    Internet2/Mace,isdevelopingarchitectures,policy
    structures,practicaltechnologies,andanopensource
    implementationtosupportinterinstitutionalsharingof
    webresourcessubjecttoaccesscontrols.Inaddition,
    Shibbolethwilldevelopapolicyframeworkthatwill
    allowinteroperationwithinthehighereducation
    community.
    ProjectparticipantsincludeBrownUniversity,Ohio
    State,PennStateandmanyothercollegesand
    universities.

    19

    BuildingTrustandIntegrity
    TheMeteorAdvisoryTeamsoughtinputand
    expertiseregardingprivacyandsecurityfromthe
    sponsoringorganizationsandtheNCHELP
    LegalCommittee.
    AnalysiswasprovidedinrelationtoGLBand
    individualstateprivacylaws.
    TheanalysisrevealedthatMeteorcompliedwith
    GLB,FERPA,andknownstateprivacy
    provisions.

    20

    StepstoParticipation
    Providerdownloadsandcompletesthe
    followingformsfromtheNCHELP
    website:
    MeteorParticipantCertification
    RegistrationProfile
    AuthenticationProfile(s)
    TechnicalProfile

    21

    StepstoParticipation
    Authenticationprotocolreview
    Providerissetupinthetest
    registry
    Installationofsoftware
    Testing
    22

    StepstoParticipation
    Providerissetupintheproduction
    registry
    Movetoproduction
    Finalconnectivitytesting
    GOLIVE!
    23

    PartII
    BasicMeteorSetup

    WhichTypeofProviderAre
    You?

    AuthenticationOnlyLogusersin
    andpassofftoanotherAccess
    Provider
    Access/AuthenticationLogusersin
    andprovideMeteorlookups
    DataProviderProvideaccessto
    loandataontheMeteornetwork
    25

    ThreeMajorSteps
    Install

    Configure

    Customize

    AppServer

    Keys/Certificate

    MeteorSoftware

    PropertiesFiles

    Authentication
    Method

    DataConnectors

    SSLConnectivity

    DataAccess

    orDrivers
    26

    Step1Install
    JavaApplicationServer
    AnAppServerisawebserverthatservesJava
    ServletsandJSPpages(similartoASP,PHP,
    CGI,etc.).
    Meteorisknowntoworkonseveralapp
    servers.Greatestsupportisavailablefor
    ApacheTomcat,whichisfree.

    27

    Step1Install
    MeteorApplication(s)
    Meteorapplicationswilldeployoutofthebox
    onmostappservers.

    InstallCustomDrivers/Connectors
    Installanydrivers/connectorsnecessarytoaccess
    yourlegacydatausingJava(SQL,Mainframe
    bridge,etc.).
    28

    Step2Configure
    CreateKeyPairandConfigureSSL
    CreateaJKS(Java)keypair.
    HavecertificatesignedbyaknownCA
    (Verisign,Thawte,etc.).
    PrivatekeyresidesonMeteorserver.
    PublickeyisplacedintheMeteorRegistry.
    ConfigureAppServertouseSSLCommunicationOnly.
    Note:YougenerallycannotuseanexistingIISorApacheSSL
    certificate.Theyrenotstoredinthesameformat.

    29

    Step2Configure
    WhyUseaKeyPair?
    Eachkeycanunlockdatathatwas
    lockedbytheother
    keybutcannotunlockinfoitlockeditself.
    Ifadocumentismodifiedintransit,
    unlockingitwillfail.
    Assuresavalidmeteorparticipantis
    requestingthedata.
    30

    Step2Configure
    WhyUseaKeyPair?
    Assuresthatarequesthasntbeen
    modifiedbysomethirdparty.
    StandardSSLencryptstherequestand
    response.
    Thirdpartysignature(Verisign,Thawte,
    etc.)verifiesthateachorganizationis
    valid/reputable.
    31

    Step3Customize

    EndUserAuthentication
    Meteordoesnotshipwithitsownauthentication
    system.
    Mustchooseoneoftwomethods:
    1. ImplementJavacodeIUserAuthenticationtotalk
    toyourexistingauthenticationsystem.
    2. Implementcodeinyourexistingsystemtocreatea
    SAMLAssertionthatcanbepassedtoMeteorto
    verifythattheuserhasbeenloggedin.
    (Recommended)

    32

    Step3Customize
    EndUserAuthentication
    Meteorteamcanprovidesample
    Javacodeformethod#2.
    Method#2cantheoreticallybe
    performedinanylanguage.Some
    proofsofconceptexist.
    33

    Step3Customize
    WhatisaSAMLAssertion?
    SAML=SecurityAuthenticationMarkup
    Language.
    SAMLassertionsareXMLdocuments.
    ASAMLAssertionsays:
    Iloggedthisuserin.
    ImLevelNsureofthepersonsidentity(N=1to3).
    Thisuserhasacertainaccessrole(FAO,Borrower,
    etc.).
    34

    Step3Customize
    WhatisaSAMLAssertion?
    SAMLassertionsdigitallysignedwithan
    entitysprivatekey.
    SAMLassertionscanbeusedforsingle
    signonapplications.

    35

    Step3Customize
    AuthenticationUsingSAML(Recommended)
    Organizationsexistingenterprisesignonsystemis
    modifiedtocreateaSAMLAssertionafterauthenticating
    theuser.
    Userclicksformsubmitbuttonandassertionispassedto
    MeteorviaHTTPPost.
    MeteorvalidatesSAMLAssertionagainstthepublickeyin
    theMeteorRegistryandgrantsordeniesaccessas
    appropriate.
    Note:Javaclassesandsamplecodeexisttocreatethe
    SAMLAssertion.

    36

    Step3Customize
    DataProviderCustomization
    HowdoIlinkMeteortomydata?
    ImplementDataServerAbstraction
    Interface
    RetrievingData
    CreatingtheResponse

    WherecanIfindhelp?
    37

    Step3Customize
    ImplementingDataServerAbstraction
    Interface
    publicMeteorDataResponse
    getData(MeteorContextcontext,Stringssn)
    SecurityToken
    ContainedwithintheMeteorContext
    RequestorRole(Borrower,FAO,CSR)
    OpaqueUserId

    38

    Step3Customize
    RetrievingData
    UseexistingMeteorsamplecode
    Predefineddatabaseschema
    Datamustbeloadedintodatabase

    Directaccesstoproductiondata
    SQLembedded
    Realtimeaccesstodata

    TransactionCalls
    RPC,MQ,SOAP,CICSGateway
    39

    Step3Customize
    CreatingtheResponse
    MeteorDataResponseObject
    MappingData
    Dataismappedtocontainerclasses.
    Startearlyintheprocess.
    Seekhelpfrombusinessexperts.

    Meteorsoftwarehandlesformattingthe
    response.

    40

    Step3Customize
    HelpResources

    MeteorTechTeamListServer
    SampleCode
    http://www.meteorcentral.com
    SourceCode
    ProductionReleases

    http://www.nchelp.org/meteor.htm
    Documentation
    MeteorSetupGuide

    41

    ContactInformation
    Weappreciateyourfeedbackandcomments.
    Wecanbereachedat:
    TimCameron:MeteorProjectManager
    meteor@nchelp.org
    JustinGreenough:Member,MeteorTechnicalTeam

    jgreenough@riheaa.org
    42

    You might also like