inter-institutional registration
DESCRIPTION
Inter-Institutional Registration. UNC Cause December 4, 2007. Background. 500-600 students each year Various campus agreements No consistency Paper-based process Difficult for students Difficult for administrators Registrars Financial aid University of North Carolina Online - PowerPoint PPT PresentationTRANSCRIPT
Inter-Institutional Registration
UNC Cause
December 4, 2007
Background
• 500-600 students each year
• Various campus agreements– No consistency
• Paper-based process– Difficult for students– Difficult for administrators
• Registrars• Financial aid
• University of North Carolina Online– Doesn’t scale
Goal
• Policy– System-wide consortia agreement– Registrars & Financial Aid
• Clearinghouse– Management– Tracking– Convenience
• Students• Administrators
Inter-Institutional Registration
Home Institution Inter-institutional System Visited Institution
1. Search for Courses2. Add to Bookbag
Select HomeCampus
3. Request Registration
Sign In 4. Redirect
Confirm & Process
5. Redirect if Successful
Acknowledge
NOTIFY
6. Authenticate
EvaluateRequest
7. Download Request
Process8. Approve & Enter DataNOTIFY
Acknowledge9. Authenticate
EvaluateRequest
10. Download Request
Process11. Approve & Enter Data
NOTIFY
View Status
12. Authenticate
Fully Processcredit hoursfinancial aid
cashier
13. Get Tuition Costs
Done14. Mark as Completed
Student
Registrar
Registrar
Registrar
Phased Approach
Phase I - Manual
• Students– Find courses
– Request registration
• Registrar– Approve/Deny via dashboard
– Manually enter information
• Distributed Authentication
Phase II - Web Services
• Eliminate Data Entry– Campus to Clearinghouse
– Clearinghouse to Campus
– ERP
• Streamline campus operation using Banner APIs
What is Shibboleth?
• Higher education standard– From Internet2– Open standard– Open source implementation
• Federated approach– Single sign on– Signed attribute assertions
• Distributed authentication– Clearinghouse never sees credentials!
Shibboleth Architecture
Service Provider(Inter-Institutional Clearinghouse)
Campus A
IdentityProvider
(tomcat)
EnterpriseDirectory
(LDAP, etc)Apache
• Service Provider - The entity willing to accept identity credentials and attributes in order to provide a service to the user.
• Identity Provider - The entity that knows information about the user and is willing to share that information with another party.
• Enterprise Directory - The local campus directory that contains the information to be shared.
Shibboleth Architecture
Service Provider(Inter-Institutional Clearinghouse)
Campus A
User(via web browser)
IdentityProvider
(tomcat)
EnterpriseDirectory
(LDAP, etc)Apache
1. Request Secured C
ontent
Shibboleth Architecture
Service Provider(Inter-Institutional Clearinghouse)
Campus A
User(via web browser)
IdentityProvider
(tomcat)
EnterpriseDirectory
(LDAP, etc)Apache
1. Request Secured C
ontent
2. Send Redirection
Redirect
3. R
eque
st A
uth.
For
m
Shibboleth Architecture
Service Provider(Inter-Institutional Clearinghouse)
Campus A
User(via web browser)
IdentityProvider
(tomcat)
EnterpriseDirectory
(LDAP, etc)Apache
1. Request Secured C
ontent
2. Send Redirection
Redirect
3. R
eque
st A
uth.
For
m
4. S
end
HTM
L Fo
rm
Shibboleth Architecture
Service Provider(Inter-Institutional Clearinghouse)
Campus A
User(via web browser)
IdentityProvider
(tomcat)
EnterpriseDirectory
(LDAP, etc)Apache
1. Request Secured C
ontent
2. Send Redirection
Redirect
3. R
eque
st A
uth.
For
m
4. S
end
HTM
L Fo
rm5.
Pro
vide
Cre
dent
ials
Shibboleth Architecture
Service Provider(Inter-Institutional Clearinghouse)
Campus A
User(via web browser)
IdentityProvider
(tomcat)
EnterpriseDirectory
(LDAP, etc)Apache
1. Request Secured C
ontent
2. Send Redirection
Redirect
3. R
eque
st A
uth.
For
m
4. S
end
HTM
L Fo
rm5.
Pro
vide
Cre
dent
ials
5a. Authenticate
Shibboleth Architecture
Service Provider(Inter-Institutional Clearinghouse)
Campus A
User(via web browser)
IdentityProvider
(tomcat)
EnterpriseDirectory
(LDAP, etc)Apache
1. Request Secured C
ontent
2. Send Redirection
Redirect
3. R
eque
st A
uth.
For
m
4. S
end
HTM
L Fo
rm5.
Pro
vide
Cre
dent
ials
5a. Authenticate
6. E
mbe
d A
sser
tion
7. Send Assertion
Shibboleth Architecture
Service Provider(Inter-Institutional Clearinghouse)
Campus A
User(via web browser)
IdentityProvider
(tomcat)
EnterpriseDirectory
(LDAP, etc)Apache
1. Request Secured C
ontent
2. Send Redirection
Redirect
3. R
eque
st A
uth.
For
m
4. S
end
HTM
L Fo
rm5.
Pro
vide
Cre
dent
ials
5a. Authenticate
6. E
mbe
d A
sser
tion
7. Send Assertion
7a. Exchange Attributes
Shibboleth Architecture
Service Provider(Inter-Institutional Clearinghouse)
Campus A
User(via web browser)
IdentityProvider
(tomcat)
EnterpriseDirectory
(LDAP, etc)Apache
1. Request Secured C
ontent
2. Send Redirection
Redirect
3. R
eque
st A
uth.
For
m
4. S
end
HTM
L Fo
rm5.
Pro
vide
Cre
dent
ials
5a. Authenticate
6. E
mbe
d A
sser
tion
7. Send Assertion
7a. Exchange Attributes
8. Send Secured Content
UNC Federation
WSSU
WCU
UNCW
UNCP
UNCG
UNCC
UNCCHUNCA
NCSU
NCSA
NCCU
NCA&T
FSU
ECSU
ECUASU
GeneralAdmin
Service Provider
Demo
Security - Ideal
Internet
Firewall
PrivateNetwork
ASU UNC-GA WSSU… …
Security - Actual
Internet
Firewall
ASU
Firewall
UNC-GA
Firewall
WSSU… …
Shibboleth Security
• Solution = Public Key Cryptography– x509 open standard
Service Provider Campus A
User(via web browser)
IdentityProvider
EnterpriseDirectoryApache
SSL EncryptionServer Certificate signed by well known Certificate
Authority (CA)
SSL Signed & Encrypted
Web Services
• Machine-to-machine communication over a network:– Standard protocols/formats– Simplifies exchange of data– Using standard web technologies
• HTTP• XML
• Platform agnostic• Vendor agnostic
Why Web Services?
• Cost effective– Open standards architecture– Acts as middleware between heterogeneous systems
• Automate– Entry of bio-demo information– Enrollment & registration in campus student system– Fee assessment– Fee posting
Standard Architecture
• Service Provider– Owner of the process
– Platform that hosts access to the service
• Service Requestor– Client to request and consume
a service
– Manual or automated initiation
• Service Registry– Searchable directory of
published service descriptions
Service Provider
Service Requestor
Service Registry
Standard Architecture
• Service– Software module deployed on a
network accessible platform
• Service Description– Details of the implementation
– Data types
– Operations
– Binding information
– Network location
Service Provider
Service Requestor
Service Registry
Service
ServiceDescription
Standard Architecture
• WSDL (Web Services Definition Language) defines– message formats
– data types
– transport protocols
– transport serialization formats
Service Provider
Service Requestor
Service Registry
Service
ServiceDescription
Publish
WSDL
ServiceDescription
Find
Standard Architecture
• SOAP - Service Oriented Architecture Protocol
– Framework for packaging and exchanging XML messages
– Typically sent using HTTP
– Language and platform independent
– Lightweight protocol
Service Provider
Service Requestor
Service Registry
Service
ServiceDescription
Publish
WSDL
ServiceDescription
Find
Bind
SOAP, WSDL
Inter-Institutional Web Services(Phase II)
• 3 distinct web services– Each university implements
– Implementation can differ depending on internal processes
– Implementation should make use of APIs provided by Banner & PeopleSoft
• Clearinghouse consumes these services
• Services are invoked via human intervention within the clearinghouse
Service Provider
Service
ServiceDescription
Bind
SOAP, WSDL
Service Requestor
Web Service #1(GET_BIODEMO_INFO)
Home Institution Inter-institutional System Visited Institution
1. Search for Courses2. Add to Bookbag
Select HomeCampus
3. Request Registration
Sign In 4. Redirect
Confirm & Process
5. Redirect if Successful
Acknowledge
NOTIFY
6. Authenticate
EvaluateRequest
7. Download Request
Process8. Approve & Enter DataNOTIFY
Acknowledge9. Authenticate
EvaluateRequest
10. Download Request
Process11. Approve & Enter Data
NOTIFY
View Status
12. Authenticate
Fully Processcredit hoursfinancial aid
cashier
13. Get Tuition Costs
Done14. Mark as Completed
Student
Registrar
Registrar
Registrar
#1
Web Service #1(GET_BIODEMO_INFO)
• Home Campus Registrar initiates– From within clearinghouse
• Clearinghouse consumes service– Passes unique student identifier– Service uses identifier to obtain bio/demo data– Returns data to clearinghouse
• Home Campus Registrar proceeds with work flow
Web Service #2(REGISTER_STUDENT)
Home Institution Inter-institutional System Visited Institution
1. Search for Courses2. Add to Bookbag
Select HomeCampus
3. Request Registration
Sign In 4. Redirect
Confirm & Process
5. Redirect if Successful
Acknowledge
NOTIFY
6. Authenticate
EvaluateRequest
7. Download Request
Process8. Approve & Enter DataNOTIFY
Acknowledge9. Authenticate
EvaluateRequest
10. Download Request
Process11. Approve & Enter Data
NOTIFY
View Status
12. Authenticate
Fully Processcredit hoursfinancial aid
cashier
13. Get Tuition Costs
Done14. Mark as Completed
Student
Registrar
Registrar
Registrar
#1
#2
Web Service #2(REGISTER_STUDENT)
• Visited Campus Registrar initiates– From within the clearinghouse– Provides student ID number if this student has attended before
• Clearinghouse consumes service– Passes all Bio/Demo and course information– Register the student
1. Create/update the student in Banner/PeopleSoft2. Admit the student3. Register student into approved course
– Return information– Student’s unique identifier– Course fees (if automatically assessed at time of registration)
Web Service #3(FINALIZE_REGISTRATION)
Home Institution Inter-institutional System Visited Institution
1. Search for Courses2. Add to Bookbag
Select HomeCampus
3. Request Registration
Sign In 4. Redirect
Confirm & Process
5. Redirect if Successful
Acknowledge
NOTIFY
6. Authenticate
EvaluateRequest
7. Download Request
Process8. Approve & Enter DataNOTIFY
Acknowledge9. Authenticate
EvaluateRequest
10. Download Request
Process11. Approve & Enter Data
NOTIFY
View Status
12. Authenticate
Fully Processcredit hoursfinancial aid
cashier
13. Get Tuition Costs
Done14. Mark as Completed
Student
Registrar
Registrar
Registrar
#1
#2#3
Web Service #3(FINALIZE_REGISTRATION)
• Home Campus Registrar initiates– From within clearinghouse
• Clearinghouse consumes service– Passes tuition/fee and course data– Cache data in new tables (specifically for this purpose)
• Processed in batch mode• Applied to student’s account
– No automated processing of student data
Conclusion
• Lookup & tracking service– Students– Registrars
• Phase I = Fall 2008– Shibboleth (required for participation)
• Phase II = At campus’ discretion– Web Services– UNCG pilot for Banner schools– Suggest PeopleSoft campuses collaborate as well
Questions & Discussion