Where Did My Loan Go?
Download
Report
Transcript Where Did My Loan Go?
Campus Based Authentication &
The
Project
Presented By:
Tim Cameron
National Council of Higher Education Loan Programs
The Meteor Story
What is Meteor?
Web-based network for aggregated real-time
inquiry of financial aid information
One stop, online web service
Collaborative effort of the FFELP community
Freely available software and access to the
network
Customization options are available
In the beginning….
Pre-Meteor Environment (1980’s & 1990’s)
Lenders, Guarantors, Servicers, Schools and
others all offered independent web services
Required multiple logins
Low level of security:
Many
required only SSN and DOB to access
financial aid award data!
In the beginning….
Department of Education Modernization
Plans
Performance Based Organization approved
with Higher Education Amendments in 1998
Modernization
Blueprint
Released September 30, 1999
Second Edition - 2000
Third Edition – 2001
Fourth Edition – 2002
In the beginning….
FFELP Providers Solution
Spring 2000: CEO meeting sponsored by
NCHELP
Critical decisions:
Create
an information network to provide
aggregated financial aid information.
Foundation Principles
Open
Source
Open Collaboration
Freely Available
Controlled Participation Network
Increasing Importance for
Access to Distributed
Databases
Legislative Changes
Ensuring Continued Access to Student
Loans Act (ECASLA)
Loan Participation Purchase Program
Loan Purchase Commitment Program
Growth of Split Servicing
Student used multiple lender/guarantor
combos to take advantage of benefits
Student consolidated while in-school
Student transferred to a new school
School switched from FDLP to FFELP or vice
versa
Lender suspended student loan offerings
Impact to Borrower
Payment schedule complications
Multiple payment due dates
Differing payment amounts
Multiple payment methods
Potential loss of extended repayment options
Deferment and forbearance complications
Inconsistent deferment documentation standards
Inconsistent forbearance period maximums
Coping with the Impact
Each of these inconveniences is easily
overcome so long as the borrower knows
who their lenders/servicers are and how to
get in touch with them.
Meteor Today
14 Points of access to the Network
20 Data providers
School Authentication Agents
Several custom implementations
Meteor Participant Types
Organizations that implement the Meteor
software
Access Providers (AP)
Authentication Agents (AA)
Data Providers (DP)
Index Providers (IP)
The Meteor Process
Users
Federated
Authentication
Process
Access
Provider
One
Student/Borrower
or
Financial Aid
Professional
or
Access Provider
Representative
or
Lender
Data Providers
Two
Index
Provider
Three
The Meteor Registry
Each participant is required to register, sign a
participation agreement, and submit policies and
procedures surrounding their authentication
process.
The Meteor Team Leads review the policies and
procedures and assign a Level of Assurance
Meteor uses a centralized LDAP server to contain:
•
Public keys of all participants
•
Network status information (active, pending, suspended)
•
Contact Information
Meteor Authentication
Objectives & Process
Meteor’s Authentication
Objectives
Provide a flexible, easy to implement
authentication system.
Ensure compliance with the Gramm-LeachBliley Act (GLBA), federal guidelines, and
applicable state privacy laws.
Assure data owners that only appropriately
authenticated end users have access to data.
Ensure compliance to participant organizations
internal security and privacy guidelines.
The Meteor Authentication
Model
Each Access Provider uses their existing
authentication model (single sign-on)
Meteor levels of assurance are assigned at
registration
Meteor Level 3 complies with the NIST
Level 2
Meteor’s Authentication
Requirements
User is required to provide an ID and a
shared secret.
Assignment and delivery of shared secret
must be secure.
Assignment of shared secret is based on
validated information.
Reasonable assurances that the storage of
the IDs and shared secrets are secure.
Meteor’s Authentication
Requirements
Access provider must ensure appropriate
authentication for each end user and provide
traceability back to that user
Access provider must provide authentication policy
to central authority
Access provider must provide central authority with
30 day advance notice of changes to authentication
policy
Access provider must agree to appropriate use of
data
The Meteor Authentication Process
End user authenticates at access provider
site or through a Meteor approved third
party Authentication Agent
Access provider creates authentication
assertion (SAML)
Access provider signs authentication
assertion with digital certificate
SAML Assertion Attributes
Role of end user
Social Security Number
Authentication Process ID
Level of Assurance
Opaque ID
Organization ID and Type
Meteor and the National
Student Clearinghouse:
Campus Based Authentication
Campus Based Authentication
Schools
that have entered into an
electronic services agreement with the
Clearinghouse will act as Authentication
Agents.
Students campus issued credentials will
be utilized to access Meteor and other
Clearinghouse services via Student SelfService Web site
The National Student Clearinghouse
Student Self-Service
Meteor
is integrated into the
Clearinghouse’s Student Self-Service
Application
For schools that wish to provide students
with Meteor access, Meteor loan detail is
incorporated into the LoanLocator display
What’s Next?
Online Award Letter Pilot
Will serve as a debt management tool
Borrowing history presented BEFORE a new award is
accepted
Ensures that borrower is aware of the potential
impact of increasing his aggregate loan(s)
amount
Total current outstanding
New total outstanding with the addition of the new loan
Repayment scenarios based on aggregates
For More Information….
Interactive Web Site Launched
www.MeteorNetwork.org
Audio presentation
Interactive demonstration version of the
software
Link to the Meteor project site
Project Documentation
www.NCHELP.org/Meteor.htm
Implementation Information
Current Provider List
User Guide and other
documentation
Contact Information
Tim Cameron
NCHELP
Meteor Project Manager
[email protected]