“Real World” METEOR Implementation Issues Jim Kuhlen Connecticut Student Loan Foundation
What is Meteor? Meteor is a collaborative effort within the student aid industry to simplify and consolidate access to student financial aid information. Meteor software provides open, non-proprietary, real time access to all available aid information for a student from all participating organizations, and consolidates it for display to students and Financial Aid Professionals.
“Who” is Meteor? The Meteor Project was initiated by NCHELP Over 40 Student Aid Industry organizations support Meteor Representatives of these organizations make up the Meteor Advisory Team, which manages ongoing Meteor issues related to business requirements, software design and development, participant registration, etc.
Meteor Roles Access Provider Data Provider Provides inquirers with a connection to the Meteor Network through the Meteor Access Provider software. Data Provider Returns student aid data in response to inquiries from Access Providers.
Meteor Roles Index Provider Streamlines network performance by supplying a list of participants holding data for a student Currently the National Student Clearinghouse is the Meteor Index Provider. Design will accommodate additional Index Providers
Meteor Roles Authentication Provider Designed to be used by schools Allows school’s authentication of an FAP or student to be passed to a Meteor Access Provider to gain access to Meteor data
Implementation Issues
Business Issues Security and Privacy Concerns GLBA Compliance Authentication of Inquirers Security of Data Potential Misuse of Data
Privacy The Meteor Advisory Team received input and expertise regarding privacy from sponsoring organizations and the NCHELP Legal Committee. Analysis was provided in relation to GLBA and individual state privacy laws. Meteor complies with both GLBA and state privacy provisions.
Inquirer Authentication No central authentication process Utilizes transitive trust model Each Authentication or Access Provider uses their existing authentication model (single sign-on) Each participant’s authentication techniques are reviewed as a part of Meteor Registration Encrypted authentication information is passed with all Meteor messages using SAML in compliance with Shibboleth
Data Security Trusted network SSL & Encryption Participants certify that Meteor data is protected at least as well as their own Meteor Technical Team verifies that new participants have adequate security in place (firewalls, etc.) SSL & Encryption All Meteor messages are encrypted and verified for authenticity Meteor uses a series of methodologies (Listed above). Meteor uses a trusted network to exchange data between the access and data providers. Uses SSL for the encryption tunneling. Uses Security assertions to make sure the you have a valid transaction. Uses industry standard encryption. In addition, Meteor can use a 3-party authenication provider.
Meteor Participant Certification Applies to all Meteor Participants Major points: Protection and use of data Authentication Technical and Security requirements Terms of participation Conditions of Use Participation currently limited to FFELP community (ED issued Ids)
Technical Issues Technical Infrastructure Technical Staff Skills Installation & Testing New Releases
Technical Infrastructure Web Application Server WebSphere, Tomcat, others Real time access to loan data CICS Gateway, JDBC, others Java Development Environment VisualAge for Java, other JDK Support for HTTPS/SSL Meteor uses web services and protocols already in place for its security. The Https will negotiate with meteor and then secure the transmission. Meteor uses certificates from your web server or you application server.
Technical Staff Skills Web application server installation and configuration Familiarity with Java Working knowledge of XML Installation and configuration of Firewalls Knowledge of HTTPS/SSL and Certificate Authorities Programming to provide necessary data via Database/Gateway Meteor uses web services and protocols already in place for its security. The Https will negotiate with meteor and then secure the transmission. Meteor uses certificates from your web server or you application server.
Installation and Testing Customize software if desired Compile and deploy on Web Application Server(s) Program to supply required data Supply information to populate Meteor Registry Test across Meteor Network via Meteor Test Bench Final testing with Clearinghouse Meteor uses web services and protocols already in place for its security. The Https will negotiate with meteor and then secure the transmission. Meteor uses certificates from your web server or you application server.
Installation and Testing Meteor Technical Team will assist participants with problem resolution at any stage of the process. Meteor uses web services and protocols already in place for its security. The Https will negotiate with meteor and then secure the transmission. Meteor uses certificates from your web server or you application server.
New Releases Participation in pre-release testing of new releases is encouraged. Releases are backward compatible Program to new requirements if necessary Compile and deploy new release on test server Test across Meteor Network via Meteor Test Bench Deploy on production server Meteor uses web services and protocols already in place for its security. The Https will negotiate with meteor and then secure the transmission. Meteor uses certificates from your web server or you application server.
Steps to Meteor Participation
Steps to Meteor Participation Contact the Meteor Registration Coordinator, Tim Cameron, at 202-822-2106 or by e-mail at tcameron@nchelp.org. The Meteor Registration Coordinator will send you the following forms for you to complete: Meteor Participant Certification Registration Profile Authentication Profile(s) Technical Profile
Steps to Meteor Participation Download the Meteor Implementation Guide and Meteor Setup Guide at www.nchelp.org/meteor.htm Return completed forms to: Meteor Registration Coordinator c/o NCHELP 1100 Connecticut Avenue, NW, 12th Floor Washington, DC, 20036-4110
Steps to Meteor Participation The Meteor Registration Coordinator will provide your designated primary contact with instructions for downloading the Meteor software. A Meteor Technical Team representative will contact your designated Technical Contact to establish a dialog on a technical level, coordinate testing, and provide assistance and guidance.
Steps to Meteor Participation When successful testing has been accomplished in the Meteor test environment, the National Student Clearinghouse will conduct final testing with your organization. Upon successful completion of final testing, you will be ready to go live.
Questions?