E-Authentication in Higher Education April 23, 2007.

Slides:



Advertisements
Similar presentations
The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.
Advertisements

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Presented by: Doug Falk National Student Clearinghouse Student Access to Federal Loan Data and Other Online Student Services.
Inter-Institutional Registration UNC Cause December 4, 2007.
Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.
5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill Electronic Data Exchange Standards.
Lecture 23 Internet Authentication Applications
Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Farm Business and Farm Household Survey Data Customized Data Summaries from ARMS for Statistical Analysis Philip Friend USDA ‘s Economic Research Service.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
EAuthentication in Higher Education Tim Bornholtz Session 58.
Extending Enterprise Authentication and Authorization in Higher Education: Building on the Success of Project Meteor.
April 2, 2013 Longitudinal Data system Governance: Status Report Alan Phillips Deputy Director, Fiscal Affairs, Budgeting and IT Illinois Board of Higher.
SWITCHaai Team Federated Identity Management.
Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.
Copyright 2006 Archistry Limited. All Rights Reserved. SOA Federated Identity Management How much do you really need? Andrew S. Townley Founder and Managing.
The InCommon Federation The U.S. Access and Identity Management Federation
1 Web Services and E-Authentication Adele Marsh, AES Charlie Miller, RIHEAA Session 35.
Session #43 METEOR Russ Judd, Great Lakes Adele Marsh, AES Tim Cameron, NCHELP Electronic Access Conference December 3-6, 2002.
1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.
1 Georgia Higher Education Conference, March 5, 2003 Presented by: Russell Judd, Great Lakes Educational Loan Services, Inc.
Meteor Implementation Presented by: Tim Cameron & Justin Greenough Technical Track Session.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
1 NCHELP Update Common Record for FFELP & Alternative Loans Meteor The High Performance Channel.
PESC Annual Conference May 7, What is Meteor? Web-based universal access channel for financial aid information Aggregated information to assist.
1 NCHELP Collaborations Tim Cameron NCHELP Adele Marsh American Education Services.
Helping you Help Students Avoid Default: Debt Management Tools for Schools and Students Russell Judd Great Lakes Higher Education Corp. Doug Falk National.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
RAILINC I ACACSO
Integrated Institutional Identity Infrastructure: Implications and Impacts RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005.
5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill A Discussion on Project Meteor.
Meteor & Mapping Your Future: Leveraging Technology to Provide Enhanced Services 3 rd Annual Conference on Technology & Standards May 2, 2006.
Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.
Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
State of e-Authentication in Higher Education August 20, 2004.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Interoperable Trust Networks Chris Rogers California Dept of Justice February 16, 2005.
1 E-Authentication and Web Services Charlie Miller, RIHEAA.
Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007.
E-Authentication & Authorization Presentation to the EA2 Task Force March 6, 2007.
Meteor General Information May 16, Types of Data Available Meteor –FFELP –Alternative/Private Loans –State Grants & Scholarships (Summer 2006)
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
1 Efficient- Flexible- Cost Effective. 2 The key is to ensure that your clients have a positive experience remotely irrespective of the process you wish.
Project Presentation to: The Electronic Access Partnership July 13, 2006 Presented by: Tim Cameron, Meteor Project Manager The.
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
Jan 2002 CSG Meteor Project Real-time access to financial aid information.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.
SEPARATE ACCOUNTS FOR PROSPECTS? WHAT A HEADACHE! Ann West Assistant Director, InCommon Assurance and Community Internet2 at Michigan Tech.
Authentication Presenter Meteor Advisory Team Member Version 1.1.
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Session 5 – Data safety / security
ESA Single Sign On (SSO) and Federated Identity Management
Technical Approach Chris Louden Enspier
Model Contract for Health
Appropriate Access InCommon Identity Assurance Profiles
“Real World” METEOR Implementation Issues
NCHELP Update Common Record for FFELP & Alternative Loans Meteor
Presentation transcript:

e-Authentication in Higher Education April 23, 2007

What is Meteor? Web-based universal access channel for real-time inquiry of financial aid information Aggregated information to assist Financial Aid Professionals, students and borrowers with debt counseling and the aid process in general Collaborative effort Freely available software and access to the network

The Meteor Process One Two Access Provider Data Providers Student/Borrower or Financial Aid Professional or Access Provider Representative or Lender Three Index Provider Users Authentication (by AP or AA)

E-Authentication The MAT worked with the Shibboleth project, a project of Internet2/Mace, in developing architectures, policy structures, practical technologies, and an open source implementation to support inter-agency sharing of web resources. Shibboleth project participants include Brown University, Ohio State, Penn State and many other colleges and universities.

Building Trust and Integrity The Meteor Advisory Team sought input and expertise regarding privacy and security from the sponsoring organizations and the NCHELP Legal Committee. Analysis was provided in relation to Gramm- Leach-Bliley Act (GLBA), and individual state privacy laws. The analysis revealed that Meteor complied with both GLB and known state privacy provisions.

Building Trust and Integrity Federated model of authentication –Meteor Participant Certification –Conditions of Use –Authentication protocol review –Use of Data Exception Policy

Provide a flexible, easy to implement authentication system that meets the needs of the provider organizations and their customers. Ensure compliance with the Gramm-Leach- Bliley Act (GLBA), federal guidelines, and applicable state privacy laws. Meteor’s Authentication Objectives

Assure data owners that only appropriately authenticated end users have access to data. Ensure compliance to participant organizations internal security and privacy guidelines. Meteor’s Authentication Objectives

The Meteor Authentication Model Each Access Provider uses their existing authentication model (single sign-on) Meteor levels of assurance are assigned at registration –Level 0 (Unique ID) –Level 1 (Unique ID & 1 piece of validated public data) –Level 2 (Unique ID & 2 pieces of validated public data) –Level 3 (Unique/User ID & shared secret) Meteor Level 3 complies with the NIST Level 2

User is required to provide an ID and a shared secret. Assignment and delivery of shared secret must be secure. Assignment of shared secret is based on validated information. Reasonable assurances that the storage of the IDs and shared secrets are secure. Meteor’s Authentication Requirements

Access provider must ensure appropriate authentication for each end user and provide traceability back to that user Access provider must provide authentication policy to central authority Access provider must provide central authority with 30 day advance notice of changes to authentication policy Access provider must agree to appropriate use of data E-Authentication Policies

End user authenticates at access provider site or through a Meteor approved third party Authentication Agent Access provider creates authentication assertion (SAML) Access provider signs authentication assertion with digital certificate Control is passed to Meteor software The Meteor Authentication Process

Index and data providers verify assertion using the access provider’s public key stored in the registry. End user is provided access to the aggregated data The Meteor Authentication Process

Each participant is required to register, sign a participation agreement, and submit policies and procedures surrounding their authentication process. The Meteor Team Leads review the policies and procedures and assign a Level of Assurance Meteor uses a centralized LDAP server to contain: Public keys of all participants Network status information (active, pending, suspended) Contact Information The Meteor Registry

Role of end user Social Security Number Authentication Process ID Level of Assurance Opaque ID School OPEID (Summer 2007) SAML Assertion Attributes

Current Status 1 Index Provider 20 Data Providers 15 Access Providers 1 Authentication Agent

What’s Next? Continue to monitor the development of XML, transport and authentication standards Review of multi-layer authentication Clock synchronization across the network for timing out of assertions for additional security Alignment with the NIST levels of assurance

Contact Information Adele Marsh (717)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.