Washington Trip – August 13 and 14, 2002
Bernard W. Gleason
Purpose and General Comments
The following is a summary of my recent visit to Washington, D.C. The purpose of the
trip was to meet with as many individuals as possible within federal agencies and external
support organizations, to gain insights and to establish personal relationships that can be
tapped in follow-on activities. The secondary purpose was to assess the possibility of
Boston College serving as the lead institution in the design and testing the “transitive
trust” authentication model for higher education.
In the transitive trust relationship federal agencies and other external data and service
providers would rely on local campus authentication and authorization for electronic data
exchange. For example, a student logged on to the campus portal (or secure Web
environment) would be able to access the Department of Education’s Web Services
without needing to logon on again. The campuses would authenticate the user and the
user’s identification and role would be “asserted” to the Department, likely using the
SAML (Security Assertions Markup Language) standard.
As the nation has become more security conscious there is heightened awareness within
colleges and universities, as well as within government agencies. But security means
additional overhead and the big issue, as always, is cost – how do we assess risk and put
the right levels of control in place without imposing new costs on institutions? And at the
same how do we create and improve efficiencies through the effective deployment of
Higher education and the federal government are dealing with the widespread use off
weak authentication models such as Social Security/Date of Birth. The recent events
involving Yale and Princeton have highlighted the problem and will likely quicken the
pace of institutions, federal agencies and other support groups (e.g., loan guarantors,
Federal Student Clearinghouse) to conform to more appropriate and stricter audit
requirements. The option in each case (and there are hundreds of instances) is to create
another independent, proprietary authentication system with separate credentials for
every user. For the federal government this would mean the registration, issuance and
management of separate credentials for every student, and the added requirements for
institutions to provide on-going changes in the status of students. The cumulative costs
could be measured in billions of dollars.
The alternative to adopt a transitive trust model which also addresses the most basic
requirements of the customer base – i.e., users do not want to have to select and to
manage a separate set of credentials for every service or application. Boston College,
which has established and maintained an effective management of identities for user
groups (students, faculty, staff), is well positioned to adopt a transitive trust relationship,
to work with standards bodies and other working groups, and to participate as a test
Bernard W. Gleason 1 28 August 2002
There are standards organizations working on parts of the elements of the trust model and
multiple groups within higher education and the federal government are attempting to
address the issue in various ways. Although many of the efforts seem disjointed, there is
a common understanding of the problem and a common understanding of the best
approach to resolution. What is missing is a central focal point of coordination within
higher education and a proposed solution (set of standards).
I am connected with the people within higher education – i.e., Educause, NACUBO,
Internet2 and JA-SIG – who are involved in this area. Over the past couple of months I
have made many presentations on the topic at professional meetings and conferences and
have written articles in the general topical area for Educause and NACUBO – see
attached. The visit to Washington allowed me to establish personal contacts within the
federal government and to begin the process of further discussions.
What happens next? The next step logical step is to determine the best way to begin the
process of inter-institutional and inter-organizational coordination, scope the leadership
role that I might play, and develop a plan for external funding or incorporation within an
existing higher education organization.
Observations, Responses and Opportunities
Jim Farmer arranged most of the appointments in Washington, D.C. Jim is based in
Washington and has been involved in information technology within higher education for
as many years as me. Recently Jim has worked on a consulting basis within the
Department Education’s Financial Student Aid (FSA) and as a project administrator for
the uPortal project within JA-SIG. These associations have lead to the identification and
establishment of contacts within federal government agencies and associated private
The following is a summation of each visit (or topical area) along with my observations,
where there are opportunities, and suggested follow-on activities. The comments are
intended to be comprehensive and to elicit discussion that will lead to the determination
of next steps.
Department of Education – Transitive Trust: On May 8, 2002 I made a presentation at
the U.S. Department of Education FSA CIO Update. From feedback it seemed evident
that the Department of Education shares a common view of trust relationships – i.e.,
authentication from an intermediary campus portal. I expected the computer security
leader, Andy Boots, who I met at the CIO Update, to be more gung ho about creating a
transitive trust test. Mr. Boots stated that security is a more complex problem from the
Department’s perspective because of the number of different security methods that must
be supported for their diverse user base and the cost of developing a single sign-on
infrastructure for the many FSA applications. That is a long way of saying that FSA first
concern is to first deal with the integration of existing FSA application, which all have
separate authentication schemes.
Bernard W. Gleason 2 28 August 2002
The other complication that arises within the Department is the concentration on serving
and providing access to loan guarantors and lending agencies, not the holder of the loan
(students). One other perceived limitation of building a transitive trust is that loan
information is gathered before a borrower establishes a relationship with an institution
and receives campus credentials. This issue occurs in other areas on campuses,
particularly in the Admission’s area, but is more of a challenge than an obstacle.
Opportunity: Consider the creation a Transitive Trust proposal for submission to DOE
that includes the identification of a group of people and institutions that are willing to
participate, information access expectations, and a design specification that states
precisely what standards and techniques would be employed in the transitive trust model.
The proposal would tie into and be consistent with the government’s e-Authentication
initiative. The FSA CIO might be supported of a pilot project, one that is less than $100k
and does not need extensive approvals.
e-Authentication: In June, 2002 the government launched what is being called the
eAuthentication Initiative -- an action plan to build a mutual trust infrastructure that will
support the wide-spread use of electronic interactions between the public and the
government and across government agencies. The major objective is the improvement of
service to citizens through electronic government. The task force intends to identify 30
to 40 e-government initiatives that improve efficiency and effectiveness by providing
one-stop services and common interoperable solutions that match appropriate risk levels
with the trust requirements placed on individuals for each initiative.
In the e-Authentication project it is not clear who is representing the interests on higher
education, in particular the student population. It is likely that the usual suspects from
within I2 and Educause will be recognizing the opportunity and will be responsive.
However, there is a question of whether or not one of these groups will apply the
dedicated effort and provide an unbiased higher education response that is consistent with
the objectives set forth by the e-Authentication task force. Adopting compatibility with e-
Authentication standards is a going to be mandatory for all institutions to interact with
Opportunity: It seems appropriate for higher education to participate in the federal e-
Authentication effort without trying to lead the project. The primary objective should be
to develop a trust relationship specification (transitive trust model) that will permit
campus officials and students to access federal information resources in a standard way –
full compliance with e-Authentication.
The e-Authentication model is likely to be built from Web Services standards (SOAP,
UDDI, WSDL), WS Security, SSL, server certificates and higher education SAML
assertions. SAML will provide attribute assertions that will sign and verify SOAP
messages by mapping authentication from the requestor to the recipient and appending a
SAML token. This model is completely compatible with perceived transitive trust
models for higher education.
Bernard W. Gleason 3 28 August 2002
The best approach may be to participate in the e-Authentication task force and to work
with the federal government and appropriate security vendors, and to build a
demonstration application that complies with standards and approaches that are under
consideration. Boston College would be a good candidate to serve as the demonstration
National Student Clearinghouse: The National Student Clearinghouse (NSC) receives
student enrollment data on more than 90% of the college and university students 3 times
a year. NSC, whose roots are in financial aid, also receives a list of loans from lenders
and guarantors and the federal Direct Loan program. In turn NSC notifies the lenders and
guarantors of the enrollment status of students. NCS also provides a central point for
degree validation. NCS is non-profit but charges a $5 fee for every inquiry.
The whole area of certification has become very important, not just for enrollment status
and financial aid, but NCS has experienced rapid expansion into areas such as auto
insurance, health insurance and apartment rentals – relieving campus registrar’s of the
burden. Degree validation has also become a common requirement for employee
The obvious, major flaw in NCS business model is the lack of required currency in
student status data – access to up-to-date data, instead of 3 times a year, has become a
requirement in most instances. NSC is working on creating a Web Services capability
that would permit authorized institutions to send changes to NSC in a near-real time
mode and for authorized customers (agencies) to perform certifications on current
information in real time using Web Services.
Mark Jones from NSC was in agreement with the assessment of a need for a transitive
trust model to support these Web Services and that the model would likely exchange
SAML assertions using WS-Security for SOAP messaging, consistent with the emerging
federal e-Authentication and Liberty Alliance standards. NSC is using Flamenco
Networks for full support of Web Services, including a lightweight proxy and full
monitoring of connections.
While NSC seems to be moving in the right direction with Web Services, it was
surprising to hear that NSC is not focused on providing access to students to validate
their personal information or to provide a mechanism for corrections. NSC was also not
very concerned about solving the problem of using Social Security Number/ Birth Date
for student access. NSC, whose primary role is student certification, seemed to have no
interest in SEVIS and playing a role in the validation of foreign students. It is reasonable
to expect that this perspective will change once a business case can be built.
Opportunity: Write a proposal to NSC, one that would be consistent with the one to
DOE and with eAuthentication specifications. The pilot project would demonstrate how a
transitive trust arrangement would be established between the institutions’ student
Bernard W. Gleason 4 28 August 2002
systems to provide real-time data changes. Mark Jones indicated that he would be very
interested in establishing Web Services tests with a group of colleges and universities.
Boston College would be a prime candidate to participate in a pilot.
The project could also include a demonstration of how a student could invoke a Web
Service to validate their data at NSC using institutional credentials, not Social Security/
Birth Date so that student’s can perform a free self-validation and self-report errors back
through the student’s institution. NSC could also play a significant role in the pilot of
transitive trust with DOE Federal Student Aid’s emerging NSLDS II project.
Liberty Alliance: Liberty Alliance is an association of software vendors and commercial
and non-commercial service providers who have banded together to provide an open
single sign-on specification. The specification includes federated authentication from
multiple providers operating independently while protecting consumer privacy. While the
optimum situation would be for all individuals to have a single set of credentials, people
already have IDs and passwords for multiple service providers, on and off campus.
Hence, there needs to be an approach that supports the requirement for single sign-on
while still supporting existing credentials. This technique is referred to federation.
Federated single sign-on enables users to sign on with one member of an affiliate group
and subsequently use other sites within the group without having to sign-on again.
The Liberty Alliance specifications are going to be key standards in the definition of trust
relationship for higher education and for the federal government’s e-Authentication
Opportunity: Liberty Alliance is holding an open meeting in Chicago for members. I
have communicated with Ken Klingenstein at I2 and he has approved my attendance as a
representative of Internet2. JA-SIG may want to consider to joining – there is no cost for
affiliate membership for non-profit organizations. If that were the case, I or someone else
could attend as the JA-SIG representative. My main concern is not which organization is
the sponsor but rather being able to attend.
SEVIS and Association of Jesuit Colleges and Universities (AJCU): The meeting with
Fr. Currie, President of the AJCU, was intended to be introductory and to talk about ways
in which Boston College could share with the other Jesuit schools. I explain the Boston
College/Folderwave business model and that applications have been developed that
would be available for use in an application service provider (ASP) model. In particular,
we talked about how compliance with SEVIS regulations might be accomplished in a
cooperative way using technology that is being developed at BC.
I intentionally did not provide any written material nor did I get into specific details but
rather attempted to see if there would be any mutual interest and to treat the meeting as
introductory. I suggested a follow-on meeting with Bob Burke and the possibility of
Bernard W. Gleason 5 28 August 2002
conducting a web seminar to demonstrate the SEVIS application and other applications.
Fr. Currie was supportive.
Unfortunately, I was not able to visit with anyone from Immigration and Natuarlization
Services (INS) to talk about our approach – i.e., intermediate agent (Folderwave) acting
in behalf of many schools.
Mark Jones remarked that many companies that are trying to build services similar to
Folderwave/SEVIS have approached NSC. These are primarily security companies and
he mentioned a few – Kroll and Background America – that I have not checked out.
Opportunity: The next step is to meet is to follow up with Fr. Currie and to make a
personal introduction – Bob Burke with Fr. Currie. The first order of business will be to
alert the other schools and to gauge their interest and the provision of explanatory
material and a notice of a voluntary participation in a web seminar.
NACUBO: Prior to the visit to Washington I traded e-mails with Mark Olson at
NACUBO in which we talked about trust relationships. We intended to meet in D.C. but
our schedules collided.
In any case Mark is interested in getting NACUBO to take an active role in activities
such as the transitive trust model. He recognized the importance and expressed his
personal need to become more knowledgeable. Mark also expressed an interest having
me write another article for Business Officer that focused on trust models.
Opportunity: Unknown. I will stay in contact with Mark Olson and explore various
avenues of cooperation with business officers.
XML Forum: In 2000 the Postsecondary Electronic Standards Council (PESC)
established the XML Forum for the purpose of establishing Extensible Markup Language
(XML) standards for the higher education community. The charter of the XML Forum is
to focus on the XML needs of the higher education community and to evaluate XML
initiatives that impact the community. The Forum membership is open to all
organizations that are interested in using XML in their data exchanges with education
entities (schools, software and service providers, and financial aid lenders and guaranty
Mark Jones and Jim Farmer questioned the effectiveness of the XML Forum and the
ability of the group to create the required XML standards in an acceptable timeframe.
They also identified the absence of a strong institutional presence, especially from the
college and university information technology sector. The financial aid community
dominates the forum. There is also a leadership issue – the position of executive director
of the XML Forum is vacant.
Bernard W. Gleason 6 28 August 2002
A comparison can be drawn with the effectiveness of HR XML, where there has been
broad support from the vendor community – e.g., SAP, Peoplesoft -- and the federal
government’s Office of Personnel Management. As a result, the capabilities exist to use a
standard approach to the invocation of Web Services from within a Human Resources
application program. A similar set of XML standard schemas is needed to support for
student information. To date the definitions have been limited mostly to transcripts based
on existing EDI standards.
Opportunity: Unknown? Need to learn more about the XML Forum and to understand
the impediments and what it will take move forward with XML schemas for higher
education community. Also need to determine whether it is worthwhile to seek
membership in the forum.
Meteor Project: Meteor, which is administered through National Council of Higher
Education Loan Programs (NCHELP), is intended to provide a central point for direct
access to student loan data. The ultimate goal of the project is to provide appropriate
access to campus financial aid administrators, loan guarantors, loan servicers, lenders and
borrowers (students). At one time this project represented an early implementation of
Web Services and a project that was worth tracking. Boston College was very interested
in becoming an early implementer. That level of interest no longer exists.
Over the past year the project implementation has slowed to a point where schedules are
uncertain and the process has become dominated by lawyers. Meteor has veered off
course and has designed its own proprietary trust model. In addition, the initial
implementation is focused on loan guarantors and lenders and will not provide access to
borrowers – the most important target.
Opportunity: None. In the conversation with Tim Cameron it was agreed that we would
defer any future interest in Meteor until it became a mature product and that the project
team was in a position to talk about providing student access via a transitive trust
Application Architecture: Tim Farmer and I had a chance to discuss our respective
visions of the emerging application architecture. We are in agreement that the next
generation will be an assemblage of modules that are interconnected with Web Services
and other integration techniques and that the portal will function as the common point of
user entry and authentication. The portal framework provides a means for creating a new
generation of applications – applications that aggregate information and channels so that
the presentation is separated from the business logic.
This architectural shift will be particularly true in the Student Systems area where many
institutions are still running legacy applications and trying to plot a migration strategy
that will allow for the salvaging of the best parts of current systems. Many schools may
Bernard W. Gleason 7 28 August 2002
select a single set of integrated systems from a single vendor in the Human Resources
and Financials, but not for student applications.
Opportunity: We need a good demonstration application – one that provides information
and service from multiple, disparate sources to address a specific business process and a
specific group of customers. It is advisable to concentrate on student systems because this
is the application area that is unique to higher education. A modern Student Registration
component would serve as a good example of how the portal framework could be
effectively deployed as the application framework.
BC’s Director of Student Services, Louise Lonabocker has agreed to work with me to
design of a new undergraduate student registration system that is based on a portal and
Web Services framework. Louise is interested in building a proof-of-concept model – one
that is not bound by existing technology or vendor products but can be adapted based
upon experience and feedback. The model design and demonstration would become
public information with distribution as open source or through Louise’s leadership within
Columbia is following a similar migration strategy and contact needs to be made with
Maria Mosca at Columbia and Informs, a software company who is working with
Columbia in their migration from IBM mainframe to a J2EE environment should be
e-Transcript: I met with the contractors from Immagic who are creating an electronic
transcript system for the California state system based on Web Services. The system will
allow appropriate administrators at any of the branch institutions to electronically retrieve
a transcript from any of the participating institutions. With the e-Transcript capability a
counselor at one institution would review the transcript of a transfer student directly on
the Web, thus eliminating the costly and inefficient requesting and manual transmission
of paper transcripts. Importantly, the transcript is always current.
This project is similar in structure to Project EASI except that modern technologies such
as XML, Web Services and the Internet are being deployed instead of EDI over a private
network. The developers have deployed XML schemas for transcripts based on the best
available standards. In the working model transcripts at one school are being retrieve
from another institution via a Web Service using SOAP and rendering the XML as a
channel in uPortal. The e-Transcript model also supports on-line payment processes and
the distribution of transcripts in any desired method – e.g., FAX, e-mail attachment or
Opportunity: We should work cooperatively with the e-Transcript developers, Immagic,
who are creating one of the first examples of a useful Web Service. One short-term
objective should be use test BC data for creating an e-Transcript channel within the
Boston College uPortal implementation.
Bernard W. Gleason 8 28 August 2002
InFinet: inFinet was not a subject of the Washington visit but came up in my discussions
with Jim Farmer – Jim has also been working with inFinet and Loyola Chicago. Boston
College is currently in the process of implementing inFinet’s QuikPay system for ACH
payments. In the Spring 2002 during planning talks with inFinet’s chief technical officer,
David King, the topic of transitive trust and SAML assertions was discussed for the BC
implementation. By mutual agreement, inFinet and BC agreed to establishing a
proprietary transitive trust -- i.e., inFinet is accepting BC credentials for authentication
and identification – but decided to defer on SAML. The reason was expediency (meeting
the time schedule of the BC Financial Office) and the lack of mature SAML standards for
Opportunity: We should maintain contact with David King from inFinet and encourage
participation in pilot test of a standards-based transitive trust model for higher education.
In the near-term we should encourage inFinet to participate in a demonstration based on
uPortal, in which payment processing through inFinet would be built as a Web Service
and hopefully would include the use of IFX XML – XML standards being deployed in
financial services sector. For example, if IFX is used then a BC bill could be displayed on
the same web page with other bill payment displays from other sources -- e.g., telephone
Java in Administration Special Interest Group (JA-SIG): JA-SIG, on which I serve as
a Board member, was formed 2 ½ years ago to promote the Java programming. The
group veered into the development of the open source portal for higher education –
uPortal. Jim Farmer and I discussed the possibility of an expanded role for the
organization and association with of other groups working in similar areas, particularly
other aspects of the transitive trust model – i.e., Web Services, higher education XML
standards and SAML assertions.
Jim and I also talked about providing a mechanism for highlighting activities in
Washington that relate to JA-SIG and would be of interest to management – e.g.,
Common Origination and Disbursement future and the FSA CIO Conferences, SEVIS
status, e-Authentication, HR-XML standard, and Veterans Administration. Justin Tilton
suggested the creation of a "Developers News Channel" that could summarize events in
Washington--federal and associations--and standards activities in a uPortal compliant
Opportunity: There is a special Board meeting scheduled for August 29 at Princeton at
the expanded role of the organization will be a topic and relationships with other groups.
Bernard W. Gleason 9 28 August 2002