MeteorImplementation

8/9/2019 MeteorImplementation

http://slidepdf.com/reader/full/meteorimplementation 1/42



3

Meteor

• Meteor is a web-based universal accesschannel for financial aid information.Information from multiple data providersis aggregated to assist the financial aidprofessional and the borrower with thefinancial aid process, repayment, anddefault aversion. Meteor is a collaborativeeffort and access is provided at no charge.



4

Meteor Services

• Access timely, student-specific financial aidinformation from multiple sources

• One-stop, common, online customer serviceresource

• Currently provides information on FFELPand alternative loans (vision to include DirectLoans, Perkins Loans, Pell Grants, and stateaid)



5

Meteor Volume

• In two short years, Meteor has attained

(in production or currently plannedfor implementation):– 81% of FFELP Loan Guarantee Data

– 60 % of FFELP Loan Servicing Data– 64 % of Alternative Loan Data



6

Meteor in Relationship to OtherIndustry Initiatives

Meteor ELMNet NSLDS

Use of industrymessagingstandards for Data

Inquiry

InDevelopment

InDevelopment

InDevelopment

Loan Origination &TransactionProcessing

N/A Yes Transactionsonly



7

Meteor in Relationship to OtherIndustry Initiatives

Meteor ELMNet NSLDS

Real Time Yes Yes No

Access Points Multiple Single Single

AuthenticationMethods

Multiple Single Single



8

The Meteor Process

One

Two

AccessProviders

Data Providers

Financial AidProfessional or Student

Three

Index Providers



9

How Does Meteor Work –Access Providers• A Meteor Access Provider allows inquirers

to obtain information through its web siteby hosting a copy of the Meteor software,which generates the request to the DataProviders for the borrower’s information.

• Access providers can be Schools,Guarantors, Lenders, Servicers, orSecondary Markets.



10

How Does Meteor Work –Access Providers• Meteor provides the Access Providers

with software that verifies the status ofthe providers, generates requests forinformation, receives the responsemessages, performs the duplicate andbest source logic, and displays thedefault screens.



11

How Does Meteor Work –Index Providers• A Meteor Index Provider is used to

identify the location(s) of therequested student/borrowerinformation.

• The current Meteor Index Provideris the National StudentClearinghouse



12

How Does Meteor Work –Index Providers• In the future, other indices will be

added based on the type of data tobe incorporated into the network.

• This is only an index (pointer) to

the actual data providers. Theindex does not provide “data” toMeteor.



13

Clearinghouse as Meteor Index

• 100% of FFELP guarantee volume• Over 5.6 million Direct Loan Program

accounts• Over 13.2 million FFELP servicer accounts

• Over 1.6 million Perkins/Private/AlternativeLoan servicer accounts (including somemanaged by schools themselves)



14

How Does Meteor Work – DataProviders• A Meteor Data Provider hosts a copy of

the Meteor software that enables thesoftware to respond to the AccessProvider’s request for information,supplying data from their system.

• Data Providers are typically Lenders,Servicers, Guarantors, and SecondaryMarkets.



15

How Does Meteor Work – DataProviders• In the future, the Dept. of

Education, State Grant authorities,Schools, and others could becomeData Providers.



16

How Does Meteor Work – DataProviders• Meteor provides the data providers

with software that verifies theauthenticity of the informationrequest, formats the response

message, and filters data based onthe role of the end user.



17

Reliability and Security

• Data is sent directly from the dataprovider’s system and is not altered inany way within Meteor.

• All data is electronically transmittedsecurely using SSL encryption.

• Independent Audit showed no seriousvulnerabilities.



18

Authentication

• No central authentication process•

Utilizes transitive trust model• Each Access Provider uses its existingauthentication model (single sign-on)

• Level of trust assigned at registration



19

Authentication• Worked with Shibboleth - Shibboleth, a project of

Internet2/Mace, is developing architectures, policystructures, practical technologies, and an open source

implementation to support inter-institutional sharing ofweb resources subject to access controls. In addition,Shibboleth will develop a policy framework that willallow inter-operation within the higher educationcommunity.

• Project participants include Brown University, OhioState, Penn State and many other colleges anduniversities.



20

Building Trust and Integrity

• The Meteor Advisory Team sought input andexpertise regarding privacy and security from the

sponsoring organizations and the NCHELPLegal Committee.• Analysis was provided in relation to GLB and

individual state privacy laws.• The analysis revealed that Meteor complied with

GLB, FERPA, and known state privacyprovisions.



21

Steps to Participation

• Provider downloads and completes thefollowing forms from the NCHELPweb site:– Meteor Participant Certification–

Registration Profile– Authentication Profile(s)– Technical Profile



23

Steps to Participation

• Provider is set-up in the production

registry• Move to production• Final connectivity testing• GO LIVE!



Part II

Basic Meteor Setup



25

Which Type of Provider Are

You?• Authentication Only – Log users in

and pass off to another AccessProvider

• Access/Authentication – Log users inand provide Meteor lookups

• Data Provider – Provide access toloan data on the Meteor network



26

Install• App Server

• Meteor Software

• Data Connectors

or Drivers

Configure• Keys/Certificate

• Properties Files

• SSL Connectivity

Customize• Authentication Method

• Data Access

Three Major Steps



27

Step 1 - Install

• Java Application Server– An App Server is a web server that serves “Java

Servlets” and JSP pages (similar to ASP, PHP,CGI, etc.).– Meteor is known to work on several app

servers. Greatest support is available for

Apache Tomcat, which is free.



28

Step 1 - Install

• Meteor Application(s)– Meteor applications will “deploy” out of the box

on most app servers.• Install Custom Drivers/Connectors

– Install any drivers/connectors necessary to access

your legacy data using Java (SQL, Mainframebridge, etc.).



29

Step 2 - Configure• Create Key Pair and Configure SSL

– Create a JKS (Java) key pair.– Have certificate signed by a known CA

(Verisign, Thawte, etc.).– Private key resides on Meteor server.– Public key is placed in the Meteor Registry.–

Configure App Server to use SSL Communication Only.Note: You generally cannot use an existing IIS or Apache SSLcertificate. They’re not stored in the same format.



30

Step 2 - Configure

• Why Use a Key Pair?– Each key can “unlock” data that was

“locked” by the otherkey but cannot unlock info it locked itself.

– If a document is modified in transit,

“unlocking” it will fail.– Assures a valid meteor participant is

requesting the data.



31

Step 2 - Configure

• Why Use a Key Pair?– Assures that a request hasn’t been

modified by some third-party.– Standard SSL encrypts the request and

response.

– Third-party signature (Verisign, Thawte,etc.) verifies that each organization isvalid/reputable.



32

Step 3 – Customize• End-User Authentication

– Meteor does not ship with its own authenticationsystem.

– Must choose one of two methods:1. Implement Java code “IUserAuthentication” to “talk

to” your existing authentication system.

2. Implement code in your existing system to create a“SAML Assertion” that can be passed to Meteor toverify that the user has been logged-in.(Recommended)



33

Step 3 – Customize

• End-User Authentication

– Meteor team can provide sampleJava code for method #2.– Method #2 can theoretically be

performed in any language. Someproofs of concept exist.



34

Step 3 – Customize• What is a SAML Assertion?

– SAML = “Security Authentication MarkupLanguage.”

– SAML assertions are XML documents.– A SAML Assertion says:

• I logged this user in.•

I’m “Level N” sure of the person’s identity (N=1 to 3).• This user has a certain access role (FAO, Borrower,etc.).



35

Step 3 – Customize• What is a SAML Assertion?

– SAML assertions digitally signed with an

entity’s private key.– SAML assertions can be used for single

sign-on applications.



36

Step 3 – Customize• Authentication Using SAML (Recommended)

– Organization’s existing enterprise sign-on system ismodified to create a SAML Assertion after authenticatingthe user.

– User clicks form submit button and assertion is passed toMeteor via HTTP Post.

– Meteor validates SAML Assertion against the public key inthe Meteor Registry and grants or denies access asappropriate.Note: Java classes and sample code exist to create theSAML Assertion.



37


• Data Provider Customization– How do I link Meteor to my data?

• Implement DataServerAbstractionInterface

• Retrieving Data• Creating the Response

– Where can I find help?



40


• Creating the Response– MeteorDataResponse Object– Mapping Data

• Data is mapped to container classes.• Start early in the process.

• Seek help from business experts.– Meteor software handles formatting the

response.



41

Step 3 – Customize• Help Resources

– Meteor Tech Team List Server– Sample Code– http://www.meteorcentral.com

• Source Code• Production Releases

– http://www.nchelp.org/meteor.htm• Documentation• Meteor Setup Guide

http://www.meteorcentral.com/

http://www.nchelp.org/meteor.htm





MeteorImplementation

Documents

Transcript of MeteorImplementation