Inter-Institutional Registration

Inter-Institutional Registration

UNC Cause

December 4, 2007

Background

• 500-600 students each year

• Various campus agreements– No consistency

• Paper-based process– Difficult for students– Difficult for administrators

• Registrars• Financial aid

• University of North Carolina Online– Doesn’t scale

Goal

• Policy– System-wide consortia agreement– Registrars & Financial Aid

• Clearinghouse– Management– Tracking– Convenience

• Students• Administrators

Inter-Institutional Registration

Home Institution Inter-institutional System Visited Institution

1. Search for Courses2. Add to Bookbag

Select HomeCampus

3. Request Registration

Sign In 4. Redirect

Confirm & Process

5. Redirect if Successful

Acknowledge

NOTIFY

6. Authenticate

EvaluateRequest

7. Download Request

Process8. Approve & Enter DataNOTIFY

Acknowledge9. Authenticate

EvaluateRequest

10. Download Request

Process11. Approve & Enter Data

NOTIFY

View Status

12. Authenticate

Fully Processcredit hoursfinancial aid

cashier

13. Get Tuition Costs

Done14. Mark as Completed

Student

Registrar

Registrar

Registrar

Phased Approach

Phase I - Manual

• Students– Find courses

– Request registration

• Registrar– Approve/Deny via dashboard

– Manually enter information

• Distributed Authentication

Phase II - Web Services

• Eliminate Data Entry– Campus to Clearinghouse

– Clearinghouse to Campus

– ERP

• Streamline campus operation using Banner APIs

What is Shibboleth?

• Higher education standard– From Internet2– Open standard– Open source implementation

• Federated approach– Single sign on– Signed attribute assertions

• Distributed authentication– Clearinghouse never sees credentials!

Shibboleth Architecture

Service Provider(Inter-Institutional Clearinghouse)

Campus A

IdentityProvider

(tomcat)

EnterpriseDirectory

(LDAP, etc)Apache

• Service Provider - The entity willing to accept identity credentials and attributes in order to provide a service to the user.

• Identity Provider - The entity that knows information about the user and is willing to share that information with another party.

• Enterprise Directory - The local campus directory that contains the information to be shared.



Campus A

User(via web browser)

IdentityProvider

(tomcat)

EnterpriseDirectory

(LDAP, etc)Apache

1. Request Secured C

ontent



Campus A


IdentityProvider

(tomcat)

EnterpriseDirectory

(LDAP, etc)Apache


ontent

2. Send Redirection

Redirect

3. R

eque

st A

uth.

For

m



Campus A


IdentityProvider

(tomcat)

EnterpriseDirectory

(LDAP, etc)Apache


ontent

2. Send Redirection

Redirect

3. R

eque

st A

uth.

For

m

4. S

end

HTM

L Fo

rm



Campus A


IdentityProvider

(tomcat)

EnterpriseDirectory

(LDAP, etc)Apache


ontent

2. Send Redirection

Redirect

3. R

eque

st A

uth.

For

m

4. S

end

HTM

L Fo

rm5.

Pro

vide

Cre

dent

ials



Campus A


IdentityProvider

(tomcat)

EnterpriseDirectory

(LDAP, etc)Apache


ontent

2. Send Redirection

Redirect

3. R

eque

st A

uth.

For

m

4. S

end

HTM

L Fo

rm5.

Pro

vide

Cre

dent

ials

5a. Authenticate



Campus A


IdentityProvider

(tomcat)

EnterpriseDirectory

(LDAP, etc)Apache


ontent

2. Send Redirection

Redirect

3. R

eque

st A

uth.

For

m

4. S

end

HTM

L Fo

rm5.

Pro

vide

Cre

dent

ials

5a. Authenticate

6. E

mbe

d A

sser

tion

7. Send Assertion



Campus A


IdentityProvider

(tomcat)

EnterpriseDirectory

(LDAP, etc)Apache


ontent

2. Send Redirection

Redirect

3. R

eque

st A

uth.

For

m

4. S

end

HTM

L Fo

rm5.

Pro

vide

Cre

dent

ials

5a. Authenticate

6. E

mbe

d A

sser

tion

7. Send Assertion

7a. Exchange Attributes



Campus A


IdentityProvider

(tomcat)

EnterpriseDirectory

(LDAP, etc)Apache


ontent

2. Send Redirection

Redirect

3. R

eque

st A

uth.

For

m

4. S

end

HTM

L Fo

rm5.

Pro

vide

Cre

dent

ials

5a. Authenticate

6. E

mbe

d A

sser

tion

7. Send Assertion

7a. Exchange Attributes

8. Send Secured Content

UNC Federation

WSSU

WCU

UNCW

UNCP

UNCG

UNCC

UNCCHUNCA

NCSU

NCSA

NCCU

NCA&T

FSU

ECSU

ECUASU

GeneralAdmin

Service Provider

Demo

http://iic.northcarolina.edu/iic_home.php

Security - Ideal

Internet

Firewall

PrivateNetwork

ASU UNC-GA WSSU… …

Security - Actual

Internet

Firewall

ASU

Firewall

UNC-GA

Firewall

WSSU… …

Shibboleth Security

• Solution = Public Key Cryptography– x509 open standard

Service Provider Campus A


IdentityProvider

EnterpriseDirectoryApache

SSL EncryptionServer Certificate signed by well known Certificate

Authority (CA)

SSL Signed & Encrypted

Web Services

• Machine-to-machine communication over a network:– Standard protocols/formats– Simplifies exchange of data– Using standard web technologies

• HTTP• XML

• Platform agnostic• Vendor agnostic

Why Web Services?

• Cost effective– Open standards architecture– Acts as middleware between heterogeneous systems

• Automate– Entry of bio-demo information– Enrollment & registration in campus student system– Fee assessment– Fee posting

Standard Architecture

• Service Provider– Owner of the process

– Platform that hosts access to the service

• Service Requestor– Client to request and consume

a service

– Manual or automated initiation

• Service Registry– Searchable directory of

published service descriptions

Service Provider

Service Requestor

Service Registry


• Service– Software module deployed on a

network accessible platform

• Service Description– Details of the implementation

– Data types

– Operations

– Binding information

– Network location

Service Provider

Service Requestor

Service Registry

Service

ServiceDescription


• WSDL (Web Services Definition Language) defines– message formats

– data types

– transport protocols

– transport serialization formats

Service Provider

Service Requestor

Service Registry

Service

ServiceDescription

Publish

WSDL

ServiceDescription

Find


• SOAP - Service Oriented Architecture Protocol

– Framework for packaging and exchanging XML messages

– Typically sent using HTTP

– Language and platform independent

– Lightweight protocol

Service Provider

Service Requestor

Service Registry

Service

ServiceDescription

Publish

WSDL

ServiceDescription

Find

Bind

SOAP, WSDL

Inter-Institutional Web Services(Phase II)

• 3 distinct web services– Each university implements

– Implementation can differ depending on internal processes

– Implementation should make use of APIs provided by Banner & PeopleSoft

• Clearinghouse consumes these services

• Services are invoked via human intervention within the clearinghouse

Service Provider

Service

ServiceDescription

Bind

SOAP, WSDL

Service Requestor

Web Service #1(GET_BIODEMO_INFO)



Select HomeCampus


Sign In 4. Redirect

Confirm & Process


Acknowledge

NOTIFY

6. Authenticate

EvaluateRequest

7. Download Request



EvaluateRequest



NOTIFY

View Status

12. Authenticate


cashier



Student

Registrar

Registrar

Registrar

#1

Web Service #1(GET_BIODEMO_INFO)

• Home Campus Registrar initiates– From within clearinghouse

• Clearinghouse consumes service– Passes unique student identifier– Service uses identifier to obtain bio/demo data– Returns data to clearinghouse

• Home Campus Registrar proceeds with work flow

Web Service #2(REGISTER_STUDENT)



Select HomeCampus


Sign In 4. Redirect

Confirm & Process


Acknowledge

NOTIFY

6. Authenticate

EvaluateRequest

7. Download Request



EvaluateRequest



NOTIFY

View Status

12. Authenticate


cashier



Student

Registrar

Registrar

Registrar

#1

#2

Web Service #2(REGISTER_STUDENT)

• Visited Campus Registrar initiates– From within the clearinghouse– Provides student ID number if this student has attended before

• Clearinghouse consumes service– Passes all Bio/Demo and course information– Register the student

1. Create/update the student in Banner/PeopleSoft2. Admit the student3. Register student into approved course

– Return information– Student’s unique identifier– Course fees (if automatically assessed at time of registration)

Web Service #3(FINALIZE_REGISTRATION)



Select HomeCampus


Sign In 4. Redirect

Confirm & Process


Acknowledge

NOTIFY

6. Authenticate

EvaluateRequest

7. Download Request



EvaluateRequest



NOTIFY

View Status

12. Authenticate


cashier



Student

Registrar

Registrar

Registrar

#1

#2#3

Web Service #3(FINALIZE_REGISTRATION)

• Home Campus Registrar initiates– From within clearinghouse

• Clearinghouse consumes service– Passes tuition/fee and course data– Cache data in new tables (specifically for this purpose)

• Processed in batch mode• Applied to student’s account

– No automated processing of student data

Conclusion

• Lookup & tracking service– Students– Registrars

• Phase I = Fall 2008– Shibboleth (required for participation)

• Phase II = At campus’ discretion– Web Services– UNCG pilot for Banner schools– Suggest PeopleSoft campuses collaborate as well

Questions & Discussion

Date post:	03-Jan-2016
Category:	Documents
Upload:	fritz-calhoun
View:	20 times
Download:	0 times

Inter-Institutional Registration

Documents