1. Modernizing Financial Aid Delivery Jim Farmer instructional media + magic, inc. As presented at the School and Lender Spring Workshop Education Assistance Corporation Tuesday, February 27, 2001 and Wednesday, February 28, 2001 Aberdeen, South Dakota and Bloomington, Minnesota

2. instructional media + magic Modernization is … A term used by federal and state government referring to information technology initiatives designed from a citizen (student) user’s perspective to provide improved service at lower cost.

3. instructional media + magic The unknowns Students’ response to e-commerce and e- government Schools’ capacity and preferences for modernization Implementation capacity of Office of Student Financial Assistance Guaranty agencies Lenders Servicers Software developers

4. instructional media + magic Implementation is limited by IT talent, especially those knowing both the application and the new technology IT budgets Ability of the industry to work together, especially on standards Capacity of the organizations to accept change

5. instructional media + magic Students, schools have a choice Paper forms and mail Web-based transactions School-based systems Specialized systems Enterprise systems Integrated systems Outsource financial aid services or any combination

6. instructional media + magic Challenges to financial aid delivery Improving service Lowering unit cost Retaining and replacing financial aid professionals ______________________ Increasing available funds for postsecondary education

7. instructional media + magic Today’s agenda Background of Modernization SFA Performance Current and planned SFA Initiatives The Meteor Project, an example of the technology Electronic ID Observations and Recommendations

8. Project EASI to the PBO

9. instructional media + magic Project EASI – 1997 - 2000 Recommendations from the Project  Provide the Customer a Single Point of Interface  Create a Student-, Prospective Student-, and Family-focused “System”  Reduce Costs, and Improve Program Integrity and Oversight  Support Life-long Learning at Multiple Schools Concept Document, June 23, 1997 Project EASI Provided a Concept, Requirements, and Transition Strategy for Modernization

10. instructional media + magic Student Financial Assistance The Government’s First Performance-Based Organization “A Performance-Based Organization (PBO) Shifts the Focus of Government From Red Tape to Results.” “The PBO Concept Was…Applied in a Solid, Bipartisan Way by the Department (of Education) and a Congress...It Is a New Way to Run the Government.” COO Greg Woods, Swearing In Ceremony, Dec 8, 1998

11. instructional media + magic SFA Performance Objectives, 2000  Increase Customer Satisfaction Index to the Range of America’s Best Financial Service Companies.  Reduce Unit Cost by Twenty Percent  Increase Employee Satisfaction Rating to the Level of Workers Who Reach for the Stars Interim Performance Objectives 1999

12. instructional media + magic Modernization Strategies  “Integrate the Information Systems... a Transition Strategy for Planning and Managing the [Simultaneous] Replacement of All of the Existing Title IV Systems With an Enterprise Data Base and Six Application Modules.” Implementing the Higher Education Amendments of 1998: Advisory Committee on Student Financial Assistance January 1999  “Buy a Little, Test a Little, Fix a Little” Modernization Blueprint, April 30, 1999

13. instructional media + magic Why ‘Buy a Little, Test a Little…’ 5 Harry Feely, Project EASI Has Graduated, Aug 28, 1999 5-year Timeframe Single Implementation Consolidated Data Focus on Enterprise Conceptual Framework 3-year Timeframe Modular Virtual Data Network Focus on Channel Planned Architecture Project EASIBlueprint

14. instructional media + magic Why ‘Buy a Little, Test a Little…’  High performance, reliable Middleware is now available – Lowers Risk of Failure  Immediate cost savings  Virtual Data Center now cost-effective  Customer Interaction Center improves satisfaction, reduces unit costs

15. instructional media + magic Key Technology Drivers  Building on the Internet  Shortening the Development Life-Cycle  Emphasizing Skills  Streaming Technology  Voice, data and video  Investing in Information Management Technology  Customer Resource Management  Data Warehouse  Data Mart Steve Hawald, Software Developers Conference, Mar 10, 2001

16. instructional media + magic Web-Enabled Applications  FAFSA on the Web  Schools Portal Release 2.0 with Single Sign-On  Financial Partners Portals – FY 2002  Student On-line Access to Direct Loan Servicing  API to SFA Systems  Specifications 09/30/01

17. instructional media + magic SFA Initiatives for 2001 1. Turbo FAFSA 2. Common Origination and Disbursement 3. Financial Management System with E- Business Center 4. NSLDS Mad Dog Changes 5. Schools Portal with Single Logon 6. E-Signature and Promissory-Note 7. Consistent Answers for Customers (Contact Centers, CRM, Customer Data) 8. Human Resources Support System 9. Product Support Analysis

18. instructional media + magic SFA Initiatives for 2001 1. Turbo FAFSA 2. Common Origination and Disbursement 3. Financial Management System with E- Business Center 4. NSLDS Mad Dog Changes 5. Schools Portal with Single Logon 6. E-Signature and Promissory-Note 7. Consistent Answers for Customers (Contact Centers, CRM, Customer Data) 8. Human Resources Support System 9. Product Support Analysis

19. SFA Performance

20. instructional media + magic Customer Satisfaction 19992000 Change Federal Government (Overall)68.668.6 0 Student Financial Assistance6370 +7 Internal Revenue Service7475 +1 (e-file only) Fed. Emergency Mgmt. Agency7373 0 U.S. Mint8684 -2 American Customer Satisfaction Index University of Michigan Business School

21. instructional media + magic Reducing Unit Costs Annual Cost per Recipient 18.72 19.08 18.06 22.30 $0 $5 $10 $15 $20 $25 199920002004 SFA Goal 2004 Projected Planned Reduction Each dollar reduction represents $14 million annual savings SFA FY2001 Performance Plan

22. instructional media + magic FAFSA Savings Reinvestment SFA $23 million Operating Costs Investment in Information Technology Electronic FAFSA

23. instructional media + magic [SFA] CIO Score Card - 2000  Rational Rose Tools  IBM MQ series - EAI/ Middleware  LDAP Compliance / BI Tools  RSA COTS tools  XML Compliance & Applications  Informatica - ETL tools  Digital Signatures  Published APIs  N-Tier Web Application  Coupled VDC Migration  Designed Data Warehouse  SLA’s in Place  Migrating to Seat Management  OPS Readiness Review  Designed Portal Apps  Internet/VPN  New Management Team  Training  IT Policy Guide Management Operations Technologies B+

24. instructional media + magic Software Development Life-Cycle Time (6 Months) Victims Exploiters New Forces Change New Players Killer Applications Death of Brands Steve Hawald, Software Developers Conference, Mar 10, 2001

25. Modernization of Financial Aid Delivery

26. instructional media + magic Financial aid delivery - Then and Now “Driving” Customer Principal objective Financial aid delivery system design SFA customer service Student Service at the lowest unit cost Information Technology Industry Leading School Service at any cost Regulations Industry Lagging THENNOW

27. instructional media + magic Students expect … Web-based services with current, complete information available 24 hours a day, 7 days a week from any location with a single sign-on Single sign-on will require either sharedauthentication or pin aggregation(automatic sign-on from stored usernames and pins) Note:

28. instructional media + magic Most Satisfied Customers Transaction TypeScore Electronic75 Paper 48 Internal Revenue Service, Percentage satisfaction, by type of filer Customers Using Electronic Services Are More Satisfied Than Those That Don’t. Steve Hawald, Software Developers Conference, Mar 10, 2001

29. instructional media + magic Web Application FAFSA on the Web - 1999/2000 Web Application FAFSA on the Web - 2001

30. instructional media + magic FAFSA On The Web FAFSA e-Filers 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.5 97-9898-9999-0000-01 Millions of students

31. instructional media + magic Common Origination and Disbursement Common Record based on CommonLine XML and IFX Forum’s LoanML Accommodates Pell, Direct Loan, FFELP, alternative loans, and potentially state grants Both real-time, single transactions and batch multiple transaction data exchanges planned School pilot in 2001, Phase in 2002-2005 Industry standards

32. Common Record From Richard Tombaugh’s presentation to the Common Origination and Disbursements Task Force February 22, 2001 Meeting and planned presentation at the March 10, 2001 Software Developers Conference

33. instructional media + magic Common Record Components Project has three component parts: Identification of data elements Determination of data edits Creation of business messages Richard Tombaugh, Common Record Status Report, February 22, 2001

34. instructional media + magic Identification of Data Elements Approach taken: Identify all data exchange activities in which schools currently engage Identify the data elements that are exchanged in each such activity Develop “crosswalks” of all programs having common or similar transactions Separate the crosswalks into logical XML “blocks” Richard Tombaugh, Common Record Status Report, February 22, 2001

35. instructional media + magic Approach Taken (continued) Review similar work being done elsewhere in the industry (PESC/ANS, IFX Forum, LoanML, CommonLine) Engage in dialogue with these other initiatives to reduce redundancy and maximize consistency Attach XML “tags” to each common element, using IFX Forum naming conventions (including the use of work already done by IFX Forum and expanded by CommonLine committee) Richard Tombaugh, Common Record Status Report, February 22, 2001

36. instructional media + magic Approach Taken (continued) Subject crosswalk drafts to scrutiny of program experts (SFA staff, industry committees, user groups, 3 rd party software developers, etal.) Incorporate input from reviewers Review work to ensure that all data elements have been included and that tags are unique Present recommended data element “dictionary” to SFA and industry for adoption Richard Tombaugh, Common Record Status Report, February 22, 2001

39. instructional media + magic Review similar work SFA’s Conceptual Enterprise Data Model NCHELP’s CommonLine (XML version) IFX Forum’s LoanML ED & AACRAO’s Postsecondary Student Data Handbook PESC XML Forum ANSI aid origination, loan guaranty, and enrollment verification standards Educause Eduperson initiative

40. instructional media + magic COD, an analysis Changes the paradigm of financial aid delivery Improves service, reduces costs Offers colleges and universities an integrated, simplified service on an aggressive schedule, but later than Meteor ---------------------------- Creates an incentive for the student loan industry NCHELP CEO Conference, Session on Software Development, Jan 11, 2001

41. instructional media + magic Schools portal Introduces portal concept to additional colleges and universities Design consistent with good Web designs; in other words, it is attractive and functional Personalization of portal display Single SFA signon for financial aid professionals (Fall 2001) Focuses consistent organization of federal materials and services Integrated with “customer interaction center”

42. instructional media + magic Web Portals - Schools Portal 03/01

43. instructional media + magic Why a portal? User and provider choices of content Authentication/aggregation Personalization and preferences Continuity of user experience Portals benefits user Convenience and efficiency Portals benefit provider Context for presentation Continuity of experience Knowledge of the customer user

44. instructional media + magic SFA portals, an analysis Set a minimum standard of design and function for portals Increases “market share” because of design, first contact Provides “single signon” Increases self-service transactions (lowering costs) Decreases and changes the form of customer interaction center contacts

45. instructional media + magic Customer Interaction Center Improves the Quality of All Services  Consolidates Call Centers  Customer Resource Management (CRM) Standards  Provides On-line Access to All SFA Systems  Supports Customer Self-service Via IVR, E-mail, Web-access

46. instructional media + magic School alternatives Methods of exchanging data with SFA Use paper forms, manual procedures, and mail Use the SFA school portal for manual entry, automated processing Use school-based financial aid systems Batch exchanges of data Real-time transactions

47. The Meteor Project A preview of SFA implementations

48. instructional media + magic Meteor wrote: The Meteor Project is developing… prototype open source software to permit a “partner” to display or use student-specific federal financial aid data in real-time, using Office of Student Financial Assistance API specifications.

49. instructional media + magic Diagram of Meteor Concept Web Services HTML Meteor XML Student Access Provider Data Provider Student Access Provider Data Provider

50. instructional media + magic Pilot implementation... Web Services HTML Meteor XML StudentNationalStudentClearinghouse Guaranty Agency, Lender, or School

51. instructional media + magic As implemented... Web Services Secure HTML Meteor Secure XML Standard Browser Standard Browser uPortal Meteor SOAP Meteor SOAP Meteor SOAP Meteor SOAP Database

52. instructional media + magic The development configuration uPortal Standard Browser Standard Browser uPortal Meteor SOAP JAVA Components Meteor SOAP JAVA Components Meteor SOAP JAVA Components Meteor SOAP JAVA Components Database JDBC Connection Database JDBC Connection Linux Apache Tomcat Linux Apache Tomcat

53. instructional media + magic The demonstration To show the operation of Meteor, the demonstration presentation included the uPortal with a Meteor Channel on the top half of the screen and a secure telnet session showing the flow of traffic--specifically the SOAP messages that included in the XML content- -to and from the Meteor server, on the bottom half. (A sample screen follows) The demonstration was a dial-in connection, to the Internet, accessing servers in the Washington, DC office. The dial-in connection was operating at 28.8 Kilobits per second (roughly 2,900 characters per second). The message turnaround was less than one second.

54. instructional media + magic Split screen demonstration

55. instructional media + magic Student Meteor Channel - Entry

56. instructional media + magic Meteor XML Request message >>(Tue Jan 09 11:50:58 EST 2001) Processing SOAP request... <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"> <ns1:getLoanHistory SOAP-ENV:encodingStyle="http://xml.apache.org/xml-soap/literalxml" xmlns:ns1="urn:ifx-loan-server"> gov.studentclearinghouse gov.ssa 448377707 1980-09-03

57. instructional media + magic Meteor XML Response message [1] Launching query... >>(Tue Jan 09 11:50:59 EST 2001) Sending SOAP response... <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"> <ns1:getLoanHistoryResponse SOAP-ENV:encodingStyle="http://xml.apache.org/xml-soap/literalxml" xmlns:ns1="urn:ifx-loan-server"> 0 Info Successfull Retrieval gov.studentclearinghouse gov.ssa 448377707 Sue B Smith continued

58. instructional media + magic Meteor XML Response message [2] 1980-09-03 Y OPEID 824607 Oklahoma Student Loan Authority OPEID 003152 00 University of Central Oklahoma OPEID 824607 Oklahoma Student Loan Authority 2000-09-30 continued

59. instructional media + magic Meteor XML Response message [3] OPEID 809063 Bank of Oklahoma OPEID 003152 00 University of Central Oklahoma OPEID 809063 Bank of Oklahoma 2000-11-12 OPEID 831163 First Oklahoma bank & Trust OPEID 003152 00 University of Central Oklahoma OPEID 831163 First Oklahoma Bank & Trust 2000-10-16

60. instructional media + magic uPortal Meteor Channel - Display

61. instructional media + magic Meteor branding The portal channel (or Website) is branded by the data provider Information is branded by source Logos are used for lender identification

62. instructional media + magic What Meteor learned... The XML/SOAP business message turnaround is < 1 second. Because of the scope of authorization for access, two separate channels were needed Student and parental access to the student’s information Financial aid professionals access to information about students

63. instructional media + magic Authorization

64. instructional media + magic Selection

65. instructional media + magic Display

66. instructional media + magic Versions of the Meteor channel 0.7 - Current version support loan lists National Student Clearinghouse pilot 0.9- Access to lenders, guaranty agencies NSC multiple guaranty agency, lender pilot 1.0 - Shared authentication, distributed data sources

67. instructional media + magic Meteor alternatives School Guarantee Agency Lender ServicerStudent Access Providers Data Provider Combined Data/Access Provider

68. instructional media + magic Pilot implementation Access Provider Website National Student Clearinghouse National Student Clearinghouse Loan Locator List Student Authentication Home Page Loan 3 Loan 2 Loan 1 PHEAA Great Lakes Sallie Mae

69. instructional media + magic On the way... Meteor initiated convergence to ensure all parties would use the same data exchange. SFA’s Common Record Student Loan Industry’s CommonLine XML. IFX Forums Business Message Specification and LoanML. SFA will use the SOAP protocol for “XML business message” data transport. CommonLine High Performance Channel recommended the use of SOAP.

70. instructional media + magic On the way... Meteor used open source Java SOAP components from the Apache Foundation. The Meteor software itself was written to the current Java 2 specification. Meteor demonstrated the software using the JA-SIG uPortal with Meteor supplied XSLT transformations.

71. instructional media + magic Meteor/NSC Pilot Mar - NSC Loan Locator Service Apr – Loan detail from Sallie Mae, Great Lakes, and PHEAA May – Adding detail data from others that want to implement. Dan Boehmer, Jan 9, 2000 Meteor Sponsors Meeting as subsequently amended

72. instructional media + magic Meteor implementation March 2001 May 2001 July 2001 Schedule based on Sponsor priorities and selected method of shared authentication 1.Sponsors 2.Sponsored pilots 3.Schools 4.JA-SIG, general Estimated DatePriority

73. instructional media + magic Standards and their implementation MeteorSFA Announced Under study Predicted UML XML Java SOAP XML-RPC UDDI AuthML S2ML Planned Proposed, with convergence [Feb 2000]

74. instructional media + magic Impact on Colleges and Universities  Change  From Batch to Real-time Transactions,  From Proprietary File Transfers to Internet XML Messaging Standards  From SFA-defined to Industry Message Content Standards  Integrate Student Experience With SFA Student-oriented Systems  Use Java J2EE Shared-components

75. Electronic IDs

76. instructional media + magic E-Signature and promissory note Students, parents will choose whose e- signature to use SFA has no business incentive to share e- signature authentication Registration is expensive ($5 to $50); authentication is cheap ($0.005 to $0.04) Different levels of authentication for different purposes Paul Tone, Town Hall Meeting on E-Signature, Dec 14, 2000 JA-SIG Portal, Meteor will support shared authentication using industry standards subject to Meteor Sponsor approval

77. instructional media + magic To make U2B work we need… From comments at the NIST Electronic Documents Conference, Mar 16, 2000 Resolution of [digital] signature requirements Beth Grossman, ACCORD Legal/ trust/ non- repudiation [of electronic ID]. PKI Betsy Fanning, AIIM [Defining] the relationship between PKI certificates and signed documents? Carol Jacobson

78. instructional media + magic Legislative compliance timeline GPEA E-SIGN Signed 10/21/98 Signed 06/30/00 Effective 10/01/00 Record retention requirements 6/01/01 Effective for FFEL, Perkins and Direct Loan 06/30/01 Effective 10/21/03

79. instructional media + magic E-Sign legislation To promote e-commerce in private sector Legal equivalence between paper and electronic documents for binding transactions Applies to private sector SFA transactions regulated by Federal and State government Government to specify standards to ensure accuracy, integrity, and accessibility of records Requires consent and protection of [student] consumer in electronic context Charles Coleman, “Town Hall on Electronic Identification,” Washington, DC, December 14, 2000

80. instructional media + magic Shared or “remote” authentication On December 14, 2000, SFA announced that they will support authentication of SFA-issued PINS and ACES electronic signatures. SFA PINs can be used--at a cost--for authenticating Title IV transactions. SFA plans to honor school, bank, and state agency electronic Ids offering comparable or higher levels of trust. “However, on January 29, 2001 SFA said they could notget agreement from the Social Security Administration topermit others using SFA’s PIN authentication system.” Justin E. Tilton, The Meteor Project Destin, Florida, Feb 5, 2001 Quote:

81. instructional media + magic Electronic Identification  Single Sign On for Students and Financial Aid Professionals  Remote Authentication of Students  SFA Pin Via Proprietary Protocol  ACES Digital Certificates Via GSA  2002-2004 Plans  Shared Authentication Using SFA PINs, ACES Certificates, School PINs, Bank PINs and Certificates Town Hall Meeting on Electronic Identification December 14, 2000

82. The Federal Digital Signature Initiative General Services Administration

83. instructional media + magic The federal ACES initiative ACES will facilitate public access to services offered by government agencies through use of information technologies, including on- line access to computers for purposes of reviewing, retrieving, providing, and exchanging information utilizing e- commerce in a secure transaction environment through the use of certificates. By law, access to some government computer systems can be granted only when the agency is provided with assurance that the individual attempting access has been properly identified and authenticated. From: /fedcac.gsa.gov/aces.stm, Feb 10, 2001

84. instructional media + magic ACES federal digital signatures Five categories of Government to Public communications have been identified by OMB that could require this strong authentication Stan Choffrey, GSA/FTS, Dallas,Texas, May 25, 2000 Application and Transfer of Benefits Application and Administration of Grants Submission of Reporting or Filing Requirements Exchange of Personal/Private/Proprietary Information Procurement Actions

85. instructional media + magic Who Can Use the ACES PKI? Any citizen, business entity or governmental entity may apply for and be issued ACES certificates as subscribers. Therefore, non-federal entities may participate in ACES in two ways: As a subscriber to do business with the Federal Government, or As an authorized Relying Party when duly authorized by a Federal Agency for legitimate program purposes. David Temoshok Access America for Students Program Office of Federal Electronic Commerce General Services Administration April 12, 2000

86. instructional media + magic Who will have ACES certificates? Veterans who receive educational benefits Members of the Armed Forces Citizens participating in Department of Labor employment and training programs Many college and university applicantsand students will have federally-issuedACES certificates Note:

87. instructional media + magic State initiatives Illinois has become the first state to launch a comprehensive electronic government initiative. Over the next 18 months, we hope to distribute over a million digital I.D.s to citizens and businesses, to enable them to do business with the State as an integrated, secure, web-driven government. “2001 State of the State,” Governor George H. Ryan January 31, 2001

88. instructional media + magic Digital signature services The State of Illinois Public Key Infrastructure project (PKI) provides an enterprise-wide infrastructure to facilitate electronic government services. PKI utilizes public key cryptography and digital signatures, along with software to manage those certificates. Building these services into software applications provides the means to authenticate users, ensure privacy and integrity of data, and establish the audit trails needed to give electronic transactions the same or better levels of assurance that we are able to provide when we do business in paper. IL Technology, Oct 2000

89. instructional media + magic The Illinois Act protects consumers takes into account … lack of sophistication and technical capabilities of consumers; provides criminal penalties for forgery of digital and electronic signatures a signature cannot be automatically attributed to a person unless it meets certain stringent qualifications a secure signature cannot be attributed to a consumer, even if he or she was negligent in compromising the means by which the signature was created, if the signature was not in fact made by the consumer. “Illinois Enacts Groundbreaking Electronic Commerce Legislation,” Mc Bridge, Baker and Coles, Chicago, Illinois, 1998

90. instructional media + magic SFA electronic identification Single Sign On for Students and Financial Aid Professionals Remote Authentication of Students SFA PIN via Proprietary Protocol ACES Digital Certificates via GSA 2002-2004 Plans Shared Authentication Using SFA PINs, ACES Certificates, School PINs, [State PINs], and Bank PINs and Certificates Town Hall Meeting on Electronic Identification December 14, 2000

91. instructional media + magic E-Signature and promissory note Students and parents will decide whose e- signature to use SFA has no business incentive to share e- signature authentication Registration is expensive ($5 to $50); authentication is cheap ($0.005 to $0.04) Different levels of authentication for different purposes Paul Tone Town Hall Meeting on Electronic Identification Dec 14, 2000 JA-SIG Portal, Meteor will support shared authentication using industry standards recommended to the Meteor Sponsors by Justin Tilton of The Meteor Project JA-SIG Conference, Feb 5, 2001

92. instructional media + magic Legal and policy standards Standards for E-Signature Digitized Signature Digital Certificate Digital Document Note Identifiers Personal Identification Number (PIN) Other Data Retention and Retrieval of Records Submission of Records to ED “E-Signature: Implications of the E-SIGN Legislation for Student Aid” Electronic Access Conference, Phoenix, AZ, Dec 11-12, 2000

93. instructional media + magic Questions and answers (lenders) Q. If a student refuses E- MPN, how will process work? A. E- Sign gives the student the option to choose. Students and lenders must mutually consent to go electronic. Paper options will be available. Q. Who has the legal responsibility to inform the student on rights and responsibilities? A. The lender, not the school. The same place as they reside today. Q. What can be done with SFA PIN vs. the school’s PIN? A. The responsibility of enforcement of the PINs certification would be the school’s if the school PIN is used. Questions and Answers from the Electronic Access Conferences Nov 2000, (documented after the conference)

94. instructional media + magic Questions and answers (schools) Q.Schools may want the ability to confirm the validity of a student’s SFA-PIN number. How can this be done by the school? A. Security issues would prevent the schools from getting the shared secret of the SFA- PIN. Authentication is best done by SFA. Q. Could a school’s PIN number be used for E- MPN signing? A. Yes, but all other standards must be adhered to (supporting documents,verification, security, etc.) Questions and Answers from the Electronic Access Conferences Nov 2000, (documented after the conference)

95. instructional media + magic Requirements for documentation 3B. A system should be in place to track password usage and changes. Recorded events and information should include: 1.user identifier 2.successful and unsuccessful log-ins 3.use of password changing procedures 4.user ID lock-out record 5.date 6.time 7.physical location Trustworthy Information Systems Handbook [Minnesota] State Archives Department Aug 2000, Sec 9, p. 12

96. instructional media + magic Requirements for documentation 3C A system should be in place to log and track users and their online actions. Audit information might include: 1.details of log-in (date, time, physical location, etc.) 2.creation of files/records 3.accessed file/record identifiers and accompanying activity (deletion, modification, change of sensitivity/security level) 4.accessed device identifiers 5.software use 6.production of printed output 7.overriding of human-readable output markings 8.output to storage devices Trustworthy Information Systems Handbook [Minnesota] State Archives Department Aug 2000, Sec 9, p. 12

97. instructional media + magic PKI is an economic issue Time Unit Cost Number of Users Today

98. instructional media + magic Colleges and universities should… Implement the infrastructure for electronic identification including digital signatures Provide for remote authentication Provide a school portal with aggregation Develop the procedures for documenting user registration and maintenance of electronic identifiers Provide for a complying electronic record of e-commerce activity In a standard format for exchange

99. Observations and Recommendations

100. instructional media + magic Working Together: The Tasks Ahead  Enabling Real-Time Transaction Processing  Exchanging Data in Real-Time  Authentication: Knowing Who Our Computers Are Doing Business With  Sharing “Lessons Learned” and “Best Practices” Steve Hawald, Software Developers Conference, Mar 10, 2001

101. instructional media + magic Working Together: SFA’s Role  Upgrading SFA Systems  Adopting Mutually Beneficial Data Transport Standards  Developing Technology  Implementing Policies for Authentication That Preserve Privacy and Validate Electronic Transactions Steve Hawald, Software Devlopers Conference, Mar 10, 2001

102. instructional media + magic Partnerships  “Open Book” Modernization  Continuing Dialog With the Community  Open Software Developers Conferences  SFA Extranet for Community Feedback  http://extranet.sfa.ed.gov

103. instructional media + magic Recommendations to the community Invest in the technologies XML as used for e-commerce Java and Java Server Pages Focus on customer behavior and preferences 1. Students and parents 2. Colleges and universities Partner with leaders

104. instructional media + magic Standards

105. The end www.immagic.com