Meteor - PowerPoint PPT Presentation

1 / 41

About This Presentation

Title:

Meteor

Description:

... available for Apache Tomcat, which is free. Meteor Application(s) ... Create a JKS (Java) key pair. Have certificate signed by a known CA (Verisign, Thawte, etc. ... – PowerPoint PPT presentation

Number of Views:36

Avg rating:3.0/5.0

Slides: 42

Provided by: timca

Category:

more less

Transcript and Presenter's Notes

Title: Meteor

1
Meteor Mapping Your Future

Leveraging Technology to Provide Enhanced Services

3rd Annual Conference on Technology
Standards May 2, 2006
2
Mapping Your Future

Mapping Your Future (MYF) is a public-service web
site (mapping-your-future.org) providing career,
college, financial aid, and financial literacy
information and services.

3
Meteor

Meteor is a web-based universal access
channel for financial aid information.
Information from multiple data providers is
aggregated to assist the FAP and the borrower
with the financial aid process, repayment and
default aversion. Meteor is a collaborative
development effort utilizing leading-edge
technology.

4
Collaboration

Both are collaborative projects of the financial
aid industry
Similar missions
Can better serve students, families, and schools
Sharing diverse education and experience
Sharing technological expertise

5
Collaborative Projects

Meteor school display
Display data for school users who login to
On-line Student Loan Counseling (OSLC) Financial
Aid Office (FAO) Access Area
Meteor Student display Display data for
students completing OSLC (exit counseling)

6
Basic Meteor Set-up
7
Three Major Steps

Install
App Server
Meteor Software
Data Connectors or Drivers

Configure
Keys/Certificate
Properties Files
SSL Connectivity

Customize
Authentication Method
Data Access

8
Step 1 - Install

Java Application Server
An App Server is a web server that serves Java
Servlets and JSP pages (similar to ASP, PHP,
CGI, etc.) Meteor is known to work on several app
servers. Greatest support is available for
Apache Tomcat, which is free
Meteor Application(s)
Meteor applications will deploy out of the box
on most app servers.
Install Custom Drivers/Connectors
Install any drivers/connectors necessary to
access your legacy data using Java (SQL,
Mainframe bridge, etc.).

9
Step 2 - Configure
Create Key Pair and Configure SSL

Create a JKS (Java) key pair
Have certificate signed by a known CA(Verisign,
Thawte, etc.)
Private key resides on Meteor server

10
Step 2 - Configure
Create Key Pair and Configure SSL

Public key is placed in the Meteor Registry
Configure App Server to use SSL Communication
Only
Note You generally cannot use an existing IIS
or Apache SSL certificate. Theyre not stored in
the same format.

11
Step 2 - Configure
Why use a Key Pair?

Each key can unlock data that was locked by
the other key but cannot unlock info it locked
itself.
If a document is modified in transit, unlocking
it will fail.
Assures a valid meteor participant is requesting
the data

12
Step 2 - Configure
Why use a Key Pair?

Assures that a request hasnt been modified by
some 3rd party
Standard SSL encrypts the request and response
Third-party signature (Verisign, Thawte, etc.)
verifies that each organization is valid/reputable

13
Step 3 Customize
End-User Authentication

Meteor does not ship with its own authentication
system
Must choose one of two methods 1. Implement
Java codeIUserAuthentication to talk to your
existing authentication system. 2. Implement
code in your existing system to create a SAML
Assertion that can be passed to Meteor to verify
that the user has been logged-in. (Recommended)

14
Step 3 Customize
End-User Authentication

Meteor team can provide sample Java code for
method 2
Method 2 can theoretically be performed in any
language. Some proofs of concept exist.

15
Step 3 Customize
What is a SAML Assertion?

SAML Security Assertion Markup Language
http//www.oasis-open.org/
SAML assertions are XML documents

16
Step 3 Customize
What is a SAML Assertion?

A SAML Assertion says
I logged this user in
Im Level N sure of the persons identity (N1
to 3)
This user has a certain access role (FAO,
Borrower, etc.)

17
Step 3 Customize
What is a SAML Assertion?

SAML assertions digitally signed with an entitys
private key
SAML assertions can be used for single sign-on
applications

18
Step 3 Customize
Authentication Using SAML (Recommended)

Organizations existing enterprise sign-on system
is modified to create a SAML Assertion after
authenticating the user.
User clicks form submit button and assertion is
passed to Meteor via HTTP Post.

19
Step 3 Customize
Authentication Using SAML (Recommended)

Meteor validates SAML Assertion against the
public key in the Meteor Registry and grants or
denies access as appropriate.
Note Java classes and sample code exist to
create the SAML Assertion.

20
Step 3 Customize
Data Provider Customization

How do I link Meteor to my data?
Implement DataServerAbstraction Interface
Retrieving Data
Creating the Response
Where can I find help?

21
Step 3 Customize
Implementing DataServerAbstraction Interface

Public MeteorDataResponse getData(MeteorContext
context, String ssn)
Security Token
Contained within the MeteorContext
Requestor Role (Borrower, FAO, CSR)
Opaque User Id

22
Step 3 Customize
Retrieving Data

Use existing Meteor sample code
Predefined database schema
Data must be loaded into database
Direct access to production data
SQL embedded
Real time access to data
Transaction Calls
RPC, MQ, SOAP, CICS Gateway

23
Step 3 Customize
Creating the Response

MeteorDataResponse Object
Mapping Data
Data is mapped to container classes.
Start early in the process.
Seek help from business experts.
Meteor software handles formatting the response.

24
Step 3 Customize
Help Resources

Meteor Tech Team List Server
Sample Code
http//www.meteorcentral.com
Source Code
Production Releases
http//www.nchelp.org/meteor.htm
Documentation
Meteor Setup Guide

25
MYF Exit Counseling Pilot

Integration of Real-Time Data

26
Overview of Project

Mapping Your Future (MYF) and Meteor have
collaborated to create Meteor Borrower Display, a
customized application that allows student loan
borrowers to view their loan data via the Meteor
network, in real time, when completing Mapping
Your Futures Online Student Loan Counseling
(OSLC). New York State Higher Education Services
Corporation contributed significantly to the
application, initiating a full production pilot.

27
Overview of Project

This default prevention initiative benefits both
schools and students helping schools meet
regulatory requirements to provide loan
indebtedness information during exit counseling
and providing students with real-time information
about their student loans. This makes for a much
more valuable exit counseling experience.

28
Flowchart
29
(No Transcript)
30
(No Transcript)
31
(No Transcript)
32
(No Transcript)
33
(No Transcript)
34
(No Transcript)
35
(No Transcript)
36
(No Transcript)
37
MYF Technical Requirements

Meteor installation
Ability to accept/pass SAML
New XSLT file
Parse/display XML using ColdFusion

38
Meteor Technical Requirements

Implemented Meteor Authentication Provider by
leveraging HESCs existing authentication
application (HescPIN)
Create HescPIN authentication requests
Parse HescPIN authentication responses
Use Meteors SAML library to generate send a
HESC signed SAML assertion to MYF

39
Benefits of the Project
40
Collaborative Approach

MYF and HESC are able to leverage existing
technology to offer enhanced services
MYF provides HESC customers with an improved exit
counseling experience.
Meteor provides students accurate up to date
information.
HESC can provide access to this feature for any
school. (Students must have a HescPIN to see
Meteor data as part of their exit counseling
session.)

41
Contacts