modernizing financial aid delivery jim farmer instructional media + magic, inc. as presented at the...
TRANSCRIPT
Modernizing Financial Aid Delivery
Jim Farmer
instructional media + magic, inc.
As presented at the
School and Lender Spring Workshop
Education Assistance Corporation
Tuesday, February 27, 2001 and Wednesday, February 28, 2001
Aberdeen, South Dakota and Bloomington, Minnesota
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Modernization is …
A term used by federal and state government referring to information technology initiatives designed
• from a citizen (student) user’s perspective
• to provide improved service
• at lower cost.
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
The unknowns
• Students’ response to e-commerce and e-government
• Schools’ capacity and preferences for modernization
• Implementation capacity of• Office of Student Financial Assistance
• Guaranty agencies
• Lenders
• Servicers
• Software developers
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Implementation is limited by
• IT talent, especially those knowing both the application and the new technology
• IT budgets
• Ability of the industry to work together, especially on standards
• Capacity of the organizations to accept change
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Students, schools have a choice
• Paper forms and mail
• Web-based transactions
• School-based systems• Specialized systems
• Enterprise systems
• Integrated systems
• Outsource financial aid services
or any combination
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Challenges to financial aid delivery
• Improving service
• Lowering unit cost
• Retaining and replacing financial aid professionals
______________________
• Increasing available funds for postsecondary education
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Today’s agenda
• Background of Modernization
• SFA Performance
• Current and planned SFA Initiatives
• The Meteor Project, an example of the technology
• Electronic ID
• Observations and Recommendations
Project EASI to the PBO
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Project EASI – 1997 - 2000
Recommendations from the Project
Provide the Customer a Single Point of Interface
Create a Student-, Prospective Student-, and Family-focused “System”
Reduce Costs, and Improve Program Integrity and Oversight
Support Life-long Learning at Multiple Schools
Concept Document, June 23, 1997
Project EASI Provided a Concept, Requirements, and Transition Strategy for Modernization
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Student Financial Assistance
The Government’s First Performance-Based Organization
“A Performance-Based Organization (PBO) Shifts the Focus of Government From Red Tape to Results.”
“The PBO Concept Was…Applied in a Solid, Bipartisan Way by the Department (of Education) and a Congress...It Is a New Way to Run the Government.”
COO Greg Woods, Swearing In Ceremony, Dec 8, 1998
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
SFA Performance Objectives, 2000
Increase Customer Satisfaction Index to the Range of America’s Best Financial Service Companies.
Reduce Unit Cost by Twenty Percent
Increase Employee Satisfaction Rating to the Level of Workers Who Reach for the Stars
Interim Performance Objectives 1999
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Modernization Strategies
“Integrate the Information Systems ... a Transition Strategy for Planning and Managing the [Simultaneous] Replacement of All of the Existing Title IV Systems With an Enterprise Data Base and Six Application Modules.”
Implementing the Higher Education Amendments of 1998: Advisory Committee on Student Financial Assistance
January 1999
“Buy a Little, Test a Little, Fix a Little”
Modernization Blueprint, April 30, 1999
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Why ‘Buy a Little, Test a Little…’
Harry Feely, Project EASI Has Graduated, Aug 28, 1999
5-year Timeframe
Single Implementation
Consolidated Data
Focus on Enterprise
Conceptual Framework
3-year Timeframe
Modular
Virtual Data Network
Focus on Channel
Planned Architecture
Project EASI Blueprint
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Why ‘Buy a Little, Test a Little…’
High performance, reliable Middleware is now available – Lowers Risk of Failure
Immediate cost savings
Virtual Data Center now cost-effective
Customer Interaction Center improves satisfaction, reduces unit costs
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Key Technology Drivers
Building on the Internet Shortening the Development Life-Cycle Emphasizing Skills Streaming Technology
Voice, data and video Investing in Information Management
TechnologyCustomer Resource ManagementData Warehouse Data Mart
Steve Hawald, Software Developers Conference, Mar 10, 2001
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Web-Enabled Applications
FAFSA on the Web
Schools Portal Release 2.0 with Single Sign-On
Financial Partners Portals – FY 2002
Student On-line Access to Direct Loan Servicing
API to SFA Systems
Specifications 09/30/01
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
SFA Initiatives for 2001
1. Turbo FAFSA
2. Common Origination and Disbursement
3. Financial Management System with E-Business Center
4. NSLDS Mad Dog Changes
5. Schools Portal with Single Logon
6. E-Signature and Promissory-Note
7. Consistent Answers for Customers
(Contact Centers, CRM, Customer Data)
8. Human Resources Support System
9. Product Support Analysis
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
SFA Initiatives for 2001
1. Turbo FAFSA
2. Common Origination and Disbursement
3. Financial Management System with E-Business Center
4. NSLDS Mad Dog Changes
5. Schools Portal with Single Logon
6. E-Signature and Promissory-Note
7. Consistent Answers for Customers (Contact Centers, CRM, Customer Data)
8. Human Resources Support System
9. Product Support Analysis
SFA Performance
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Customer Satisfaction
1999 2000 Change
Federal Government (Overall) 68.6 68.6 0
Student Financial Assistance 63 70 +7
Internal Revenue Service 74 75 +1
(e-file only)
Fed. Emergency Mgmt. Agency 73 73 0
U.S. Mint 86 84 -2
American Customer Satisfaction Index
University of Michigan Business School
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Reducing Unit Costs
Annual Cost per Recipient
18.72 19.0818.06
22.30
$0
$5
$10
$15
$20
$25
1999 2000 2004SFA Goal
2004Projected
PlannedReduction
Each dollar reduction represents $14 million annual savings
SFA FY2001 Performance Plan
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
FAFSA Savings Reinvestment
SFA
$23 million
Operating CostsInvestment in Information Technology
Electronic FAFSA
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
[SFA] CIO Score Card - 2000
Rational Rose Tools
IBM MQ series - EAI/ Middleware
LDAP Compliance / BI Tools
RSA COTS tools
XML Compliance & Applications
Informatica - ETL tools
Digital Signatures
Published APIs
N-Tier Web Application
Coupled VDC Migration
Designed Data Warehouse
SLA’s in Place
Migrating to Seat Management
OPS Readiness Review
Designed Portal Apps
Internet/VPN
New Management Team
Training
IT Policy GuideManagement
Operations
Technologies
B+
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Software Development Life-Cycle
Time(6 Months)
Victims
Exploiters
New Forces
Change
New Players
Killer Applications
Death of Brands
Steve Hawald, Software Developers Conference, Mar 10, 2001
Modernization of Financial Aid Delivery
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Financial aid delivery - Then and Now
“Driving” Customer
Principal objective
Financial aid delivery system design
SFA customer service
Student
Service at the lowest unit cost
Information Technology
Industry Leading
School
Service at any cost
Regulations
Industry Lagging
THEN NOW
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Students expect …
• Web-based services
• with current, complete information
• available 24 hours a day, 7 days a week
• from any location
• with a single sign-on
Single sign-on will require either shared authentication or pin aggregation (automatic sign-on from stored user names and pins)
Note:
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Most Satisfied Customers
Transaction Type Score
Electronic 75
Paper 48
Internal Revenue Service, Percentage satisfaction, by type of filer
Customers Using Electronic Services Are More Satisfied Than Those That Don’t.
Steve Hawald, Software Developers Conference, Mar 10, 2001
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Web ApplicationFAFSA on the Web - 1999/2000Web ApplicationFAFSA on the Web - 2001
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
FAFSA On The Web
FAFSA e-Filers
0.0
0.5
1.0
1.5
2.0
2.5
3.0
3.5
4.0
4.5
97-98 98-99 99-00 00-01
Mill
ions
of
stu
dents
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Common Origination and Disbursement
• Common Record based on CommonLine XML and IFX Forum’s LoanML
• Accommodates Pell, Direct Loan, FFELP, alternative loans, and potentially state grants
• Both real-time, single transactions and batch multiple transaction data exchanges planned
• School pilot in 2001, Phase in 2002-2005
• Industry standards
Common Record
From Richard Tombaugh’s presentation to the Common Origination and Disbursements Task Force
February 22, 2001 Meeting
and planned presentation at the
March 10, 2001 Software Developers Conference
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Common Record Components
• Project has three component parts:
• Identification of data elements
• Determination of data edits
• Creation of business messages
Richard Tombaugh, Common Record Status Report, February 22, 2001
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Identification of Data Elements
• Approach taken:
Identify all data exchange activities in which schools currently engage
Identify the data elements that are exchanged in each such activity
Develop “crosswalks” of all programs having common or similar transactions
Separate the crosswalks into logical XML “blocks”
Richard Tombaugh, Common Record Status Report, February 22, 2001
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Approach Taken (continued)
Review similar work being done elsewhere in the industry (PESC/ANS, IFX Forum, LoanML, CommonLine)
Engage in dialogue with these other initiatives to reduce redundancy and maximize consistency
Attach XML “tags” to each common element, using IFX Forum naming conventions (including the use of work already done by IFX Forum and expanded by CommonLine committee)
Richard Tombaugh, Common Record Status Report, February 22, 2001
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Approach Taken (continued)
Subject crosswalk drafts to scrutiny of program experts (SFA staff, industry committees, user groups, 3rd party software developers, etal.)
Incorporate input from reviewers
Review work to ensure that all data elements have been included and that tags are unique
Present recommended data element “dictionary” to SFA and industry for adoption
Richard Tombaugh, Common Record Status Report, February 22, 2001
Develop “crosswalks” of all programs having common or similar transactions
Person BlockCommon Record Work GroupCommon Record Layout
Field Length
Field Type Req?
Field Length
Field Type Req?
Field Length
Field Type Req?
CommonLine 5.0 Draft
LoanFX Direct Loans AY2001-2002
DETAILRecord Code: The value identifying the Application Send (@x) Detail Record. All record types
2 X(002) Y
Record Type Indicator Code: Character code indicating if this detail record contains a new application submitted for processing. A = New application submitted for processing. C = Correction application submitted for processing. R = Reprint of a
1 X(001) Y
Borrower Last Name: The last name of the borrower identified in Borrower SSN. Application Send (@1) Detail Record
35 X(035) Y LastName: Last Name. Generic element for an individual's last name.
40 Borr Last Name: The borrower's last name.
16 A/N Y
Borrower First Name: The first name of the borrower identified in Borrower SSN. Application Send (@1) Detail Record
12 X(012) Y FirstName: Customer's First Name. Generic element for an individual's first name.
40 Borr First Name: The borrower's first name.
9
Borrower Middle Initial: The middle initial of the borrower identified in Borrower SSN. Application Send (@1) Detail Record
1 X(001) Y MiddleName: Middle Name. 40 Borr Middle Initial: The borrower's middle initial.
1
Borrower SSN: The borrower’s 9-digit Social Security Number. For Federal PLUS loans, this is the parent’s SSN. Application Send (@1) Detail Record
9 9(009) Y TaxId: Customer Tax ID. 12 Borr SSN: Borrower's Current Social Security Number.
9
S e p a r a t e t h e c r o s s w a l k s i n t o l o g i c a l X M L “ b l o c k s ”
Block Pell GrantState Grant
Campus- Based
Direct Loan
Stafford PLUS Alternative
Person X X X X X X XGrant Application X X XLoan Application X X X X XCredit Supplement X XLoan Co-signer X XLoan Reference X X X X XAlternative Loan Supplement XSchool Certification X X X X X X XLender Approval X X XGuarantor Approval X XApplication Response X X X X XLoan Change X X XDisbursement X X X X X X XFISOP XNSLDS X X X X XSSCR X X X X XState Supplement X
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Review similar work
• SFA’s Conceptual Enterprise Data Model
• NCHELP’s CommonLine (XML version)
• IFX Forum’s LoanML
• ED & AACRAO’s Postsecondary Student Data Handbook
• PESC XML Forum
• ANSI aid origination, loan guaranty, and enrollment verification standards
• Educause Eduperson initiative
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
COD, an analysis
• Changes the paradigm of financial aid delivery
• Improves service, reduces costs• Offers colleges and universities an
integrated, simplified service on an aggressive schedule, but later than Meteor
----------------------------Creates an incentive for the student loan industry
NCHELP CEO Conference, Session on Software Development, Jan 11, 2001
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Schools portal
• Introduces portal concept to additional colleges and universities
• Design consistent with good Web designs; in other words, it is attractive and functional
• Personalization of portal display• Single SFA signon for financial aid
professionals (Fall 2001)• Focuses consistent organization of federal
materials and services• Integrated with “customer interaction
center”
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Web Portals - Schools Portal 03/01
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Why a portal?
• User and provider choices of content
• Authentication/aggregation
• Personalization and preferences
• Continuity of user experience
• Portals benefits user
• Convenience and efficiency
• Portals benefit provider
• Context for presentation
• Continuity of experience
• Knowledge of the customer user
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
SFA portals, an analysis
• Set a minimum standard of design and function for portals
• Increases “market share” because of design, first contact
• Provides “single signon” • Increases self-service transactions (lowering
costs)• Decreases and changes the form of
customer interaction center contacts
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Customer Interaction Center
Improves the Quality of All Services
Consolidates Call Centers
Customer Resource Management (CRM) Standards
Provides On-line Access to All SFA Systems
Supports Customer Self-service Via IVR, E-mail, Web-access
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
School alternatives
Methods of exchanging data with SFA• Use paper forms, manual procedures, and
• Use the SFA school portal for manual entry, automated processing
• Use school-based financial aid systems
• Batch exchanges of data
• Real-time transactions
The Meteor ProjectA preview of SFA implementations
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Meteor wrote:
The Meteor Project is developing…
• prototype open source software
• to permit a “partner” to display or use student-specific federal financial aid data
• in real-time,
• using Office of Student Financial Assistance API specifications.
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Diagram of Meteor Concept
Web ServicesHTML
MeteorXML
StudentStudent Access Provider Access Provider Data Provider Data Provider
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Pilot implementation ...
Web ServicesHTML
MeteorXML
StudentStudent NationalNationalStudentStudent
ClearinghouseClearinghouse
Guaranty Agency, Guaranty Agency, Lender, or SchoolLender, or School
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
As implemented ...
Web ServicesSecure HTML
MeteorSecure XML
StandardBrowserStandardBrowser uPortaluPortal
MeteorSOAP
MeteorSOAP
MeteorSOAP
MeteorSOAP
DatabaseDatabase
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
The development configuration
uPortalStandardBrowserStandardBrowser uPortaluPortal
Meteor SOAPJAVA ComponentsMeteor SOAPJAVA Components
Meteor SOAPJAVA ComponentsMeteor SOAPJAVA Components
DatabaseJDBC ConnectionDatabase
JDBC Connection
LinuxApacheTomcat
LinuxApacheTomcat
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
The demonstration
• To show the operation of Meteor, the demonstration presentation included the uPortal with a Meteor Channel on the top half of the screen and a secure telnet session showing the flow of traffic--specifically the SOAP messages that included in the XML content--to and from the Meteor server, on the bottom half. (A sample screen follows)
• The demonstration was a dial-in connection, to the Internet, accessing servers in the Washington, DC office. The dial-in connection was operating at 28.8 Kilobits per second (roughly 2,900 characters per second) . The message turnaround was less than one second.
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Split screen demonstration
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Student Meteor Channel - Entry
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Meteor XML Request message
>>(Tue Jan 09 11:50:58 EST 2001) Processing SOAP request...
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"> <SOAP-ENV:Body> <ns1:getLoanHistory SOAP-ENV:encodingStyle="http://xml.apache.org/xml-soap/literalxml" xmlns:ns1="urn:ifx-loan-server"> <IFXRequestEl> <IFX> <SaisSvcRq> <RqUID/> <SPName>gov.studentclearinghouse</SPName> <LoanHistoryRq> <CustId> <SPName>gov.ssa</SPName> <CustPermId>448377707</CustPermId> </CustId> <DateOfBirth>1980-09-03</DateOfBirth> </LoanHistoryRq> </SaisSvcRq> </IFX> </IFXRequestEl> </ns1:getLoanHistory> </SOAP-ENV:Body></SOAP-ENV:Envelope>
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Meteor XML Response message [1]
Launching query ...
>>(Tue Jan 09 11:50:59 EST 2001) Sending SOAP response...
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"> <SOAP-ENV:Body> <ns1:getLoanHistoryResponse SOAP-ENV:encodingStyle="http://xml.apache.org/xml-soap/literalxml" xmlns:ns1="urn:ifx-loan-server"> <return> <IFX> <SaisSvcRs> <Status> <StatusCode>0</StatusCode> <Severity>Info</Severity> <StatusDesc>Successfull Retrieval</StatusDesc> </Status> <RqUID/> <SPName>gov.studentclearinghouse</SPName> <LoanHistoryRs> <CustId> <SPName>gov.ssa</SPName> <CustPermId>448377707</CustPermId> </CustId> <CustName> <FirstName>Sue</FirstName> <MiddleName>B</MiddleName> <LastName>Smith</LastName> </CustName>
continued
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Meteor XML Response message [2]
<CustInformation> <DateOfBirth>1980-09-03</DateOfBirth> <PreviousPermId> </PreviousPermId> <FormerLastName/> </CustInformation> <StudentStatus> <CurrentlyEnrolled>Y</CurrentlyEnrolled> </StudentStatus> <LoanInformation> <LenderIdType>OPEID</LenderIdType> <LenderId>824607</LenderId> <LenderName>Oklahoma Student Loan Authority</LenderName> <SchoolIdType>OPEID</SchoolIdType> <SchoolId>003152</SchoolId> <SchoolBranch>00</SchoolBranch> <SchoolName>University of Central Oklahoma</SchoolName> <InformationSourceIdType>OPEID</InformationSourceIdType> <InformationSourceId>824607</InformationSourceId> <InformationSourceName>Oklahoma Student Loan Authority</InformationSourceName> <InformationSourceDate>2000-09-30</InformationSourceDate> </LoanInformation>
continued
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Meteor XML Response message [3]
<LoanInformation> <LenderIdType>OPEID</LenderIdType> <LenderId>809063</LenderId> <LenderName>Bank of Oklahoma</LenderName> <SchoolIdType>OPEID</SchoolIdType> <SchoolId>003152</SchoolId> <SchoolBranch>00</SchoolBranch> <SchoolName>University of Central Oklahoma</SchoolName> <InformationSourceIdType>OPEID</InformationSourceIdType> <InformationSourceId>809063</InformationSourceId> <InformationSourceName>Bank of Oklahoma</InformationSourceName> <InformationSourceDate>2000-11-12</InformationSourceDate> </LoanInformation> <LoanInformation> <LenderIdType>OPEID</LenderIdType> <LenderId>831163</LenderId> <LenderName>First Oklahoma bank & Trust</LenderName> <SchoolIdType>OPEID</SchoolIdType> <SchoolId>003152</SchoolId> <SchoolBranch>00</SchoolBranch> <SchoolName>University of Central Oklahoma</SchoolName> <InformationSourceIdType>OPEID</InformationSourceIdType> <InformationSourceId>831163</InformationSourceId> <InformationSourceName>First Oklahoma Bank & Trust</InformationSourceName> <InformationSourceDate>2000-10-16</InformationSourceDate> </LoanInformation> </LoanHistoryRs> </SaisSvcRs> </IFX> </return> </ns1:getLoanHistoryResponse> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
uPortal Meteor Channel - Display
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Meteor branding
• The portal channel (or Website) is branded by the data provider
• Information is branded by source
• Logos are used for lender identification
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
What Meteor learned...
• The XML/SOAP business message turnaround is < 1 second.
• Because of the scope of authorization for access, two separate channels were needed• Student and parental access to the
student’s information• Financial aid professionals access to
information about students
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Authorization
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Selection
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Display
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Versions of the Meteor channel
• 0.7 - Current version support loan lists
National Student Clearinghouse pilot
• 0.9 - Access to lenders, guaranty agencies
NSC multiple guaranty agency, lender pilot
1.0 - Shared authentication, distributed data sources
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Meteor alternatives
School
GuaranteeAgency
Lender
Servicer Student
Access Providers
Data Provider
Combined Data/Access Provider
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Pilot implementation
Access Provider Website
National StudentClearinghouse
National StudentClearinghouse
Loan Locator ListLoan Locator List
Student AuthenticationStudent Authentication
Home PageHome Page
•Loan 3•Loan 2•Loan 1
PHEAAPHEAAGreat LakesGreat LakesSallie MaeSallie Mae
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
On the way...
• Meteor initiated convergence to ensure all parties would use the same data exchange.• SFA’s Common Record• Student Loan Industry’s CommonLine XML.• IFX Forums Business Message Specification
and LoanML.• SFA will use the SOAP protocol for “XML
business message” data transport.• CommonLine High Performance Channel
recommended the use of SOAP.
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
On the way...
• Meteor used open source Java SOAP components from the Apache Foundation.
• The Meteor software itself was written to the current Java 2 specification.
• Meteor demonstrated the software using the JA-SIG uPortal with Meteor supplied XSLT transformations.
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Meteor/NSC Pilot
Mar - NSC Loan Locator Service
Apr – Loan detail from Sallie Mae, Great Lakes, and PHEAA
May – Adding detail data from others that want to implement.
Dan Boehmer, Jan 9, 2000 Meteor Sponsors Meetingas subsequently amended
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Meteor implementation
March 2001
May 2001
July 2001
July 2001
Schedule based on Sponsor priorities and
selected method of shared authentication
1. Sponsors
2. Sponsored pilots
3. Schools
4. JA-SIG, general
Estimated Date Priority
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Standards and their implementation
MeteorSFA
Announced
Under study
Predicted
UMLXMLJava
SOAP XML-RPC
UDDI
AuthMLS2ML
Planned
Proposed, with convergence
[Feb 2000]
Electronic IDs
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
E-Signature and promissory note
• Students, parents will choose whose e-signature to use
• SFA has no business incentive to share e-signature authentication
• Registration is expensive ($5 to $50); authentication is cheap ($0.005 to $0.04)
• Different levels of authentication for different purposesPaul Tone, Town Hall Meeting on E-Signature, Dec 14, 2000
• JA-SIG Portal, Meteor will support shared authentication using industry standards
subject to Meteor Sponsor approval
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
To make U2B work we need…
From comments at the NIST Electronic Documents Conference, Mar 16, 2000
• Resolution of [digital] signature requirements
Beth Grossman, ACCORD
• Legal/ trust/ non- repudiation [of electronic ID].
PKI Betsy Fanning, AIIM
• [Defining] the relationship between PKI certificates and signed documents?
Carol Jacobson
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Legislative compliance timeline
GPEA
E-SIGNE-SIGN
Signed 10/21/98
Signed 06/30/00Effective 10/01/00
Record retention requirements6/01/01
Effective for FFEL, Perkins and Direct Loan
06/30/01
Effective10/21/03
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
E-Sign legislation
• To promote e-commerce in private sector
• Legal equivalence between paper and electronic documents for binding transactions
• Applies to private sector SFA transactions regulated by Federal and State government
• Government to specify standards to ensure accuracy, integrity, and accessibility of records
• Requires consent and protection of [student] consumer in electronic context
Charles Coleman, “Town Hall on Electronic Identification,”
Washington, DC, December 14, 2000
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Shared or “remote” authentication
• On December 14, 2000, SFA announced that they will support authentication of SFA-issued PINS and ACES electronic signatures.
• SFA PINs can be used--at a cost--for authenticating Title IV transactions.
• SFA plans to honor school, bank, and state agency electronic Ids offering comparable or higher levels of trust.
“However, on January 29, 2001 SFA said they could not get agreement from the Social Security Administration to permit others using SFA’s PIN authentication system.”
Justin E. Tilton, The Meteor ProjectDestin, Florida, Feb 5, 2001
Quote:
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Electronic Identification
Single Sign On for Students and Financial Aid Professionals
Remote Authentication of Students
SFA Pin Via Proprietary Protocol
ACES Digital Certificates Via GSA
2002-2004 Plans
Shared Authentication Using SFA PINs, ACES Certificates, School PINs, Bank PINs and Certificates
Town Hall Meeting on Electronic Identification
December 14, 2000
The Federal Digital Signature Initiative
General Services Administration
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
The federal ACES initiative
• ACES will facilitate public access to services offered by government agencies through use of information technologies, including on-line access to computers for purposes of reviewing, retrieving, providing, and exchanging information utilizing e-commerce in a secure transaction environment through the use of certificates.
• By law, access to some government computer systems can be granted only when the agency is provided with assurance that the individual attempting access has been properly identified and authenticated.
From: /fedcac.gsa.gov/aces.stm, Feb 10, 2001
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
ACES federal digital signatures
• Five categories of Government to Public communications have been identified by OMB that could require this strong authentication
Stan Choffrey, GSA/FTS, Dallas,Texas, May 25, 2000
• Application and Transfer of Benefits
• Application and Administration of Grants
• Submission of Reporting or Filing Requirements
• Exchange of Personal/Private/Proprietary Information
• Procurement Actions
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Who Can Use the ACES PKI?
• Any citizen, business entity or governmental entity may apply for and be issued ACES certificates as subscribers.
• Therefore, non-federal entities may participate in ACES in two ways:
• As a subscriber to do business with the Federal Government, or
• As an authorized Relying Party when duly authorized by a Federal Agency for legitimate program purposes.
David Temoshok Access America for Students ProgramOffice of Federal Electronic Commerce
General Services AdministrationApril 12, 2000
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Who will have ACES certificates?
• Veterans who receive educational benefits
• Members of the Armed Forces
• Citizens participating in Department of Labor employment and training programs
Many college and university applicants and students will have federally-issued ACES certificates
Note:
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
State initiatives
• Illinois has become the first state to launch a comprehensive electronic government initiative.
• Over the next 18 months, we hope to distribute over a million digital I.D.s to citizens and businesses, to enable them to do business with the State as an integrated, secure, web-driven government.
“2001 State of the State,” Governor George H. Ryan
January 31, 2001
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Digital signature services
The State of Illinois Public Key Infrastructure project (PKI) provides an enterprise-wide infrastructure to facilitate electronic government services. PKI utilizes public key cryptography and digital signatures, along with software to manage those certificates. Building these services into software applications provides the means to authenticate users, ensure privacy and integrity of data, and establish the audit trails needed to give electronic transactions the same or better levels of assurance that we are able to provide when we do business in paper.
IL Technology, Oct 2000
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
The Illinois Act protects consumers
• takes into account … lack of sophistication and technical capabilities of consumers;
• provides criminal penalties for forgery of digital and electronic signatures
• a signature cannot be automatically attributed to a person unless it meets certain stringent qualifications
• a secure signature cannot be attributed to a consumer, even if he or she was negligent in compromising the means by which the signature was created, if the signature was not in fact made by the consumer.
“Illinois Enacts Groundbreaking Electronic Commerce Legislation,”
Mc Bridge, Baker and Coles, Chicago, Illinois, 1998
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
SFA electronic identification
• Single Sign On for Students and Financial Aid Professionals
• Remote Authentication of Students
• SFA PIN via Proprietary Protocol
• ACES Digital Certificates via GSA
• 2002-2004 Plans
• Shared Authentication Using SFA PINs, ACES Certificates, School PINs, [State PINs], and Bank PINs and Certificates
Town Hall Meeting on Electronic IdentificationDecember 14, 2000
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
E-Signature and promissory note• Students and parents will decide whose e-
signature to use
• SFA has no business incentive to share e-signature authentication
• Registration is expensive ($5 to $50); authentication is cheap ($0.005 to $0.04)
• Different levels of authentication for different purposes
Paul ToneTown Hall Meeting on Electronic Identification
Dec 14, 2000
• JA-SIG Portal, Meteor will support shared authentication using industry standards
recommended to the Meteor Sponsorsby Justin Tilton of The Meteor Project
JA-SIG Conference, Feb 5, 2001
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Legal and policy standards
• Standards for E-Signature
• Digitized Signature
• Digital Certificate
• Digital Document Note
Identifiers
Personal Identification Number (PIN)
Other Data
• Retention and Retrieval of Records
• Submission of Records to ED “E-Signature: Implications of the E-SIGN
Legislation for Student Aid”Electronic Access Conference,
Phoenix, AZ, Dec 11-12, 2000
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Questions and answers (lenders)
Q. If a student refuses E- MPN, how will process work?
A. E- Sign gives the student the option to choose. Students and lenders must mutually consent to go electronic. Paper options will be available.
Q. Who has the legal responsibility to inform the student on rights and responsibilities?
A. The lender, not the school. The same place as they reside today.
Q. What can be done with SFA PIN vs. the school’s PIN?
A. The responsibility of enforcement of the PINs certification would be the school’s if the school PIN is used.
Questions and Answers fromthe Electronic Access Conferences
Nov 2000, (documented after the conference)
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Questions and answers (schools)
Q.Schools may want the ability to confirm the validity of a student’s SFA-PIN number. How can this be done by the school?
A. Security issues would prevent the schools from getting the shared secret of the SFA- PIN. Authentication is best done by SFA.
Q. Could a school’s PIN number be used for E- MPN signing?
A. Yes, but all other standards must be adhered to (supporting documents,verification, security, etc.)
Questions and Answers fromthe Electronic Access Conferences
Nov 2000, (documented after the conference)
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Requirements for documentation
3B. A system should be in place to track password usage and changes. Recorded events and information should include:
1. user identifier2. successful and unsuccessful log-ins3. use of password changing procedures4. user ID lock-out record5. date6. time7. physical location
Trustworthy Information Systems Handbook[Minnesota] State Archives Department
Aug 2000, Sec 9, p. 12
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Requirements for documentation
3C A system should be in place to log and track users and their online actions. Audit information might include:
1. details of log-in (date, time, physical location, etc.)
2. creation of files/records3. accessed file/record identifiers and
accompanying activity (deletion, modification, change of sensitivity/security level)
4. accessed device identifiers5. software use6. production of printed output7. overriding of human-readable output markings8. output to storage devices
Trustworthy Information Systems Handbook[Minnesota] State Archives Department
Aug 2000, Sec 9, p. 12
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
PKI is an economic issue
Time
Unit Cost
Number of Users
Today
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Colleges and universities should…
• Implement the infrastructure for electronic identification including digital signatures
• Provide for remote authentication
• Provide a school portal with aggregation
• Develop the procedures for documenting user registration and maintenance of electronic identifiers
• Provide for a complying electronic record of e-commerce activity
• In a standard format for exchange
Observations and Recommendations
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Working Together: The Tasks Ahead
Enabling Real-Time Transaction Processing
Exchanging Data in Real-Time
Authentication: Knowing Who Our Computers Are Doing Business With
Sharing “Lessons Learned” and “Best Practices”
Steve Hawald, Software Developers Conference, Mar 10, 2001
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Working Together: SFA’s Role
Upgrading SFA Systems
Adopting Mutually Beneficial Data Transport Standards
Developing Technology
Implementing Policies for Authentication That Preserve Privacy and Validate Electronic Transactions
Steve Hawald, Software Devlopers Conference, Mar 10, 2001
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Recommendations to the community
• Invest in the technologies • XML as used for e-commerce• Java and Java Server Pages
• Focus on customer behavior and preferences
1. Students and parents
2. Colleges and universities• Partner with leaders
inst
ruct
ional m
ed
ia +
magic
inst
ruct
ional m
ed
ia +
magic
Standards
The end
www.immagic.com