Transcript Where Did My Loan Go?

Campus Based Authentication &
The
Project
Presented By:
Tim Cameron
National Council of Higher Education Loan Programs
The Meteor Story
What is Meteor?





Web-based network for aggregated real-time
inquiry of financial aid information
One stop, online web service
Collaborative effort of the FFELP community
Freely available software and access to the
network
Customization options are available
In the beginning….

Pre-Meteor Environment (1980’s & 1990’s)
Lenders, Guarantors, Servicers, Schools and
others all offered independent web services
 Required multiple logins
 Low level of security:

 Many
required only SSN and DOB to access
financial aid award data!
In the beginning….

Department of Education Modernization
Plans

Performance Based Organization approved
with Higher Education Amendments in 1998
 Modernization




Blueprint
Released September 30, 1999
Second Edition - 2000
Third Edition – 2001
Fourth Edition – 2002
In the beginning….

FFELP Providers Solution
Spring 2000: CEO meeting sponsored by
NCHELP
 Critical decisions:

 Create
an information network to provide
aggregated financial aid information.

Foundation Principles
 Open
Source
 Open Collaboration
 Freely Available
 Controlled Participation Network
Increasing Importance for
Access to Distributed
Databases
Legislative Changes

Ensuring Continued Access to Student
Loans Act (ECASLA)


Loan Participation Purchase Program
Loan Purchase Commitment Program
Growth of Split Servicing





Student used multiple lender/guarantor
combos to take advantage of benefits
Student consolidated while in-school
Student transferred to a new school
School switched from FDLP to FFELP or vice
versa
Lender suspended student loan offerings
Impact to Borrower

Payment schedule complications





Multiple payment due dates
Differing payment amounts
Multiple payment methods
Potential loss of extended repayment options
Deferment and forbearance complications


Inconsistent deferment documentation standards
Inconsistent forbearance period maximums
Coping with the Impact
Each of these inconveniences is easily
overcome so long as the borrower knows
who their lenders/servicers are and how to
get in touch with them.
Meteor Today
14 Points of access to the Network
 20 Data providers
 School Authentication Agents
 Several custom implementations

Meteor Participant Types

Organizations that implement the Meteor
software
Access Providers (AP)
 Authentication Agents (AA)
 Data Providers (DP)
 Index Providers (IP)

The Meteor Process
Users
Federated
Authentication
Process
Access
Provider
One
Student/Borrower
or
Financial Aid
Professional
or
Access Provider
Representative
or
Lender
Data Providers
Two
Index
Provider
Three
The Meteor Registry

Each participant is required to register, sign a
participation agreement, and submit policies and
procedures surrounding their authentication
process.

The Meteor Team Leads review the policies and
procedures and assign a Level of Assurance

Meteor uses a centralized LDAP server to contain:
•
Public keys of all participants
•
Network status information (active, pending, suspended)
•
Contact Information
Meteor Authentication
Objectives & Process
Meteor’s Authentication
Objectives




Provide a flexible, easy to implement
authentication system.
Ensure compliance with the Gramm-LeachBliley Act (GLBA), federal guidelines, and
applicable state privacy laws.
Assure data owners that only appropriately
authenticated end users have access to data.
Ensure compliance to participant organizations
internal security and privacy guidelines.
The Meteor Authentication
Model
Each Access Provider uses their existing
authentication model (single sign-on)
 Meteor levels of assurance are assigned at
registration
 Meteor Level 3 complies with the NIST
Level 2

Meteor’s Authentication
Requirements

User is required to provide an ID and a
shared secret.

Assignment and delivery of shared secret
must be secure.

Assignment of shared secret is based on
validated information.

Reasonable assurances that the storage of
the IDs and shared secrets are secure.
Meteor’s Authentication
Requirements

Access provider must ensure appropriate
authentication for each end user and provide
traceability back to that user

Access provider must provide authentication policy
to central authority

Access provider must provide central authority with
30 day advance notice of changes to authentication
policy

Access provider must agree to appropriate use of
data
The Meteor Authentication Process

End user authenticates at access provider
site or through a Meteor approved third
party Authentication Agent

Access provider creates authentication
assertion (SAML)

Access provider signs authentication
assertion with digital certificate
SAML Assertion Attributes

Role of end user

Social Security Number

Authentication Process ID

Level of Assurance

Opaque ID

Organization ID and Type
Meteor and the National
Student Clearinghouse:
Campus Based Authentication
Campus Based Authentication
 Schools
that have entered into an
electronic services agreement with the
Clearinghouse will act as Authentication
Agents.
 Students campus issued credentials will
be utilized to access Meteor and other
Clearinghouse services via Student SelfService Web site
The National Student Clearinghouse
Student Self-Service
 Meteor
is integrated into the
Clearinghouse’s Student Self-Service
Application
 For schools that wish to provide students
with Meteor access, Meteor loan detail is
incorporated into the LoanLocator display
What’s Next?
Online Award Letter Pilot

Will serve as a debt management tool


Borrowing history presented BEFORE a new award is
accepted
Ensures that borrower is aware of the potential
impact of increasing his aggregate loan(s)
amount



Total current outstanding
New total outstanding with the addition of the new loan
Repayment scenarios based on aggregates
For More Information….

Interactive Web Site Launched
www.MeteorNetwork.org
Audio presentation
 Interactive demonstration version of the
software
 Link to the Meteor project site


Project Documentation
www.NCHELP.org/Meteor.htm
 Implementation Information
 Current Provider List
 User Guide and other
documentation
Contact Information

Tim Cameron
NCHELP
Meteor Project Manager
[email protected]