Download presentation
Presentation is loading. Please wait.
Published byLilliana Meylor Modified over 9 years ago
1
Inter-Institutional Registration UNC Cause December 4, 2007
2
Background 500-600 students each year Various campus agreements –No consistency Paper-based process –Difficult for students –Difficult for administrators Registrars Financial aid University of North Carolina Online –Doesn’t scale
3
Goal Policy –System-wide consortia agreement –Registrars & Financial Aid Clearinghouse –Management –Tracking –Convenience Students Administrators
4
Inter-Institutional Registration Home InstitutionInter-institutional SystemVisited Institution 1. Search for Courses 2. Add to Bookbag Select Home Campus 3. Request Registration Sign In 4. Redirect Confirm & Process 5. Redirect if Successful Acknowledge NOTIFY 6. Authenticate Evaluate Request 7. Download Request Process 8. Approve & Enter Data NOTIFY Acknowledge 9. Authenticate Evaluate Request 10. Download Request Process 11. Approve & Enter Data NOTIFY View Status 12. Authenticate Fully Process credit hours financial aid cashier 13. Get Tuition Costs Done 14. Mark as Completed Student Registrar
5
Phased Approach Phase I - Manual Students –Find courses –Request registration Registrar –Approve/Deny via dashboard –Manually enter information Distributed Authentication Phase II - Web Services Eliminate Data Entry –Campus to Clearinghouse –Clearinghouse to Campus –ERP Streamline campus operation using Banner APIs
6
What is Shibboleth? Higher education standard –From Internet2 –Open standard –Open source implementation Federated approach –Single sign on –Signed attribute assertions Distributed authentication –Clearinghouse never sees credentials!
7
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) Campus A Identity Provider (tomcat) Enterprise Directory (LDAP, etc) Apache Service Provider - The entity willing to accept identity credentials and attributes in order to provide a service to the user. Identity Provider - The entity that knows information about the user and is willing to share that information with another party. Enterprise Directory - The local campus directory that contains the information to be shared.
8
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) Campus A User (via web browser) Identity Provider (tomcat) Enterprise Directory (LDAP, etc) Apache 1. Request Secured Content
9
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) Campus A User (via web browser) Identity Provider (tomcat) Enterprise Directory (LDAP, etc) Apache 1. Request Secured Content 2. Send Redirection Redirect 3. Request Auth. Form
10
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) Campus A User (via web browser) Identity Provider (tomcat) Enterprise Directory (LDAP, etc) Apache 1. Request Secured Content 2. Send Redirection Redirect 3. Request Auth. Form 4. Send HTML Form
11
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) Campus A User (via web browser) Identity Provider (tomcat) Enterprise Directory (LDAP, etc) Apache 1. Request Secured Content 2. Send Redirection Redirect 3. Request Auth. Form 4. Send HTML Form 5. Provide Credentials
12
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) Campus A User (via web browser) Identity Provider (tomcat) Enterprise Directory (LDAP, etc) Apache 1. Request Secured Content 2. Send Redirection Redirect 3. Request Auth. Form 4. Send HTML Form 5. Provide Credentials 5a. Authenticate
13
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) Campus A User (via web browser) Identity Provider (tomcat) Enterprise Directory (LDAP, etc) Apache 1. Request Secured Content 2. Send Redirection Redirect 3. Request Auth. Form 4. Send HTML Form 5. Provide Credentials 5a. Authenticate 6. Embed Assertion 7. Send Assertion
14
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) Campus A User (via web browser) Identity Provider (tomcat) Enterprise Directory (LDAP, etc) Apache 1. Request Secured Content 2. Send Redirection Redirect 3. Request Auth. Form 4. Send HTML Form 5. Provide Credentials 5a. Authenticate 6. Embed Assertion 7. Send Assertion 7a. Exchange Attributes
15
Shibboleth Architecture Service Provider (Inter-Institutional Clearinghouse) Campus A User (via web browser) Identity Provider (tomcat) Enterprise Directory (LDAP, etc) Apache 1. Request Secured Content 2. Send Redirection Redirect 3. Request Auth. Form 4. Send HTML Form 5. Provide Credentials 5a. Authenticate 6. Embed Assertion 7. Send Assertion 7a. Exchange Attributes 8. Send Secured Content
16
UNC Federation General Admin ASUECUECSUFSU NCA&T NCCUNCSANCSUUNCAUNCCHUNCCUNCG UNCP UNCWWCUWSSU Service Provider Demo
17
Security - Ideal Internet Firewall Private Network ASUUNC-GAWSSU … …
18
Security - Actual Internet Firewall ASU Firewall UNC-GA Firewall WSSU ……
19
Shibboleth Security Solution = Public Key Cryptography –x509 open standard Service ProviderCampus A User (via web browser) Identity Provider Enterprise Directory Apache SSL Encryption Server Certificate signed by well known Certificate Authority (CA) SSL Signed & Encrypted
20
Web Services Machine-to-machine communication over a network: –Standard protocols/formats –Simplifies exchange of data –Using standard web technologies HTTP XML Platform agnostic Vendor agnostic
21
Why Web Services? Cost effective –Open standards architecture –Acts as middleware between heterogeneous systems Automate –Entry of bio-demo information –Enrollment & registration in campus student system –Fee assessment –Fee posting
22
Standard Architecture Service Provider –Owner of the process –Platform that hosts access to the service Service Requestor –Client to request and consume a service –Manual or automated initiation Service Registry –Searchable directory of published service descriptions Service Provider Service Requestor Service Registry
23
Standard Architecture Service –Software module deployed on a network accessible platform Service Description –Details of the implementation –Data types –Operations –Binding information –Network location Service Provider Service Requestor Service Registry Service Description
24
Standard Architecture WSDL (Web Services Definition Language) defines –message formats –data types –transport protocols –transport serialization formats Service Provider Service Requestor Service Registry Service Description Publish WSDL Service Description Find
25
Standard Architecture SOAP - Service Oriented Architecture Protocol –Framework for packaging and exchanging XML messages –Typically sent using HTTP –Language and platform independent –Lightweight protocol Service Provider Service Requestor Service Registry Service Description Publish WSDL Service Description Find Bind SOAP, WSDL
26
Inter-Institutional Web Services (Phase II) 3 distinct web services –Each university implements –Implementation can differ depending on internal processes –Implementation should make use of APIs provided by Banner & PeopleSoft Clearinghouse consumes these services Services are invoked via human intervention within the clearinghouse Service Provider Service Description Bind SOAP, WSDL Service Requestor
27
Web Service #1 (GET_BIODEMO_INFO) Home InstitutionInter-institutional SystemVisited Institution 1. Search for Courses 2. Add to Bookbag Select Home Campus 3. Request Registration Sign In 4. Redirect Confirm & Process 5. Redirect if Successful Acknowledge NOTIFY 6. Authenticate Evaluate Request 7. Download Request Process 8. Approve & Enter Data NOTIFY Acknowledge 9. Authenticate Evaluate Request 10. Download Request Process 11. Approve & Enter Data NOTIFY View Status 12. Authenticate Fully Process credit hours financial aid cashier 13. Get Tuition Costs Done 14. Mark as Completed Student Registrar #1
28
Web Service #1 (GET_BIODEMO_INFO) Home Campus Registrar initiates –From within clearinghouse Clearinghouse consumes service –Passes unique student identifier –Service uses identifier to obtain bio/demo data –Returns data to clearinghouse Home Campus Registrar proceeds with work flow
29
Web Service #2 (REGISTER_STUDENT) Home InstitutionInter-institutional SystemVisited Institution 1. Search for Courses 2. Add to Bookbag Select Home Campus 3. Request Registration Sign In 4. Redirect Confirm & Process 5. Redirect if Successful Acknowledge NOTIFY 6. Authenticate Evaluate Request 7. Download Request Process 8. Approve & Enter Data NOTIFY Acknowledge 9. Authenticate Evaluate Request 10. Download Request Process 11. Approve & Enter Data NOTIFY View Status 12. Authenticate Fully Process credit hours financial aid cashier 13. Get Tuition Costs Done 14. Mark as Completed Student Registrar #1 #2
30
Web Service #2 (REGISTER_STUDENT) Visited Campus Registrar initiates –From within the clearinghouse –Provides student ID number if this student has attended before Clearinghouse consumes service –Passes all Bio/Demo and course information –Register the student 1.Create/update the student in Banner/PeopleSoft 2.Admit the student 3.Register student into approved course –Return information –Student’s unique identifier –Course fees (if automatically assessed at time of registration)
31
Web Service #3 (FINALIZE_REGISTRATION) Home InstitutionInter-institutional SystemVisited Institution 1. Search for Courses 2. Add to Bookbag Select Home Campus 3. Request Registration Sign In 4. Redirect Confirm & Process 5. Redirect if Successful Acknowledge NOTIFY 6. Authenticate Evaluate Request 7. Download Request Process 8. Approve & Enter Data NOTIFY Acknowledge 9. Authenticate Evaluate Request 10. Download Request Process 11. Approve & Enter Data NOTIFY View Status 12. Authenticate Fully Process credit hours financial aid cashier 13. Get Tuition Costs Done 14. Mark as Completed Student Registrar #1 #2#3
32
Web Service #3 (FINALIZE_REGISTRATION) Home Campus Registrar initiates –From within clearinghouse Clearinghouse consumes service –Passes tuition/fee and course data –Cache data in new tables (specifically for this purpose) Processed in batch mode Applied to student’s account –No automated processing of student data
33
Conclusion Lookup & tracking service –Students –Registrars Phase I = Fall 2008 –Shibboleth (required for participation) Phase II = At campus’ discretion –Web Services –UNCG pilot for Banner schools –Suggest PeopleSoft campuses collaborate as well
34
Questions & Discussion
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.