Data Transport Standard DTS for NCHELP

1
Data Transport Standard(DTS)for NCHELP

• Business Perspective

2
DTS for NCHELP - Business

• Topics
• DTS Defined
• Brief History of Project
• PESC Documentation versus ESC Documentation
• Benefits of DTS over existing transports
• Implementation Strategies

3
DTS for NCHELP - Business

• PESC DTS Specification
• The PESC DTS defines a high level framework,
  built on internet specifications, for moving data
  securely. This standard is a roadmap for how to
  utilize specific internet technologies providing
  for a secure, real-time (immediate) or batch
  (deferred) communications channel to safely move
  mission critical data.

4
DTS for NCHELP - Business

• What DTS is not
• not a product
• it is a specification
• not content sensitive
• it is designed to exchange any type of data,
• Inquiries (Online Customer Access)
• Data exchange (CL4, CL5, CRC, CAM, Enrollment
  Reporting, Lender Manifest, etc.)

5
DTS for NCHELP - Business

• What is DTS?
• DTS is content neutral
• DTS uses internet technologies to facilitate real
  time (immediate) and batched (deferred) data
  exchange
• DTS does not require a vendor specific product
  instead specifying stable internet technologies
• DTS reduces programming and per-transaction costs
  through standardization
• DTS utilizes standard HTTPS encryption and
  digital signatures to secure the channel

6
DTS for NCHELP - Business

• Where DTS fits in your infrastructure
• DTS is a Web Service based B2B communication
  systems
• DTS is a specification that supplements FTP data
  transport
• FTP or secure FTP utilizing PGP (rfc2440)
• FTP still valid for large payloads (generally up
  to 10Mb)
• DTS is intended to supplement or replace existing
  email transport systems with DTS Client software

7
DTS for NCHELP - Business

• What are the DTS Technologies?
• WSDL (Web Services Description Language)
• SOAP (Simple Object Access Protocol)
• WS-I (Web Services Interoperability)
• HTTP (Hyper Text Transfer Protocol)
• SSL (Secure Sockets Layer)
• X.509 Certificates
• zLib (rfc1950) Compression
• Other Web Services specifications (WS-)

8
DTS for NCHELP - Business

• Brief History
• Originated within NCHELP EEAT
• Overcomes inefficiencies of existing transports
• Solves inflexibility and inefficiencies with
  existing encryption methodology
• Supports real-time (immediate) and batch
  (deferred) processing

9
DTS for NCHELP - Business

• Brief History (cont)
• Now governed by PESC
• DTS approved as a PESC standard on 5/1/2006
• NCHELP EEAT remains significantly involved in
  governance due to extensive transport experience
• Expanded visibility of the standard broader
  education community adoption and implementation
• PESC Membership includes
• AACRO, COHEAO, NACUBO, NASFAA
• FSA, Registrars, NCHELP, among others
• greater FAMS involvement

10
DTS for NCHELP - Business

• PESC DTS Specification
• specification defines a high level framework for
  moving data securely.
• builds on internet specifications
• is a roadmap of how to utilize specific internet
  technologies to achieve a secure communications
  channel and move information.

11
DTS for NCHELP - Business

• NCHELP Technical Manual
• extending DTS Specification
• identifies specific payload information for FFELP
• CL all current versions
• CAM all current versions
• Lender Manifest
• Generic transport (MSC01 data types)
• supports future content enhancements as needed

12
DTS for NCHELP - Business

• Business needs solved by DTS
• Delivery assurance
• Content neutral
• Useful for internal and external business
  communications
• Support Immediate and Deferred data processing
  models
• Cryptographically secure
• No distribution or vendor royalties uses public
  standards
• Larger payload (generally up to 50 Mb)
• Multiple technical platforms (.NET, Java, etc.)

13
DTS for NCHELP - Business

• POP3
• No confirmation
• Lost mail
• order of receipt uncertain
• FTP
• Confirmation by FTP Reply codes which are
  complicated to manage
• Order of receipt but can be complicated to manage

• Delivery assurance
• DTS
• Active Confirmation
• mandatory synchronous response
• Order controlled by sending party
• client dictates payload delivery

14
DTS for NCHELP - Business

• Highly Secure
• Encryption
• POP3/FTP uses external encryption application
• DTS encryption built-in (SSL part of HTTPS)
• Digital Signatures
• POP3/FTP signatures part of encryption
  application
• DTS signature with X.509 certificate part of
  specification (built-in)

15
DTS for NCHELP - Business

• Security from Experience
• Encryption separate steps/application
• Key management / exchange

16
DTS for NCHELP - Business

• Key Management
• Out-of-Band Exchange and management
• DTSv2 Certificate in transmission
• Signed by Certificate Authority ensures
  authenticity
• No out-of-band/prior exchange
• No storage necessary
• Single point for revocation/update

17
DTS for NCHELP - Business

• Larger Payloads
• 50mb limit per specification
• POP3 1mb FTP 10mb
• PayloadBytes header element
• Single Transport for anything without evaluating
  payload
• PayloadType Header element

18
Reference Implementation Architecture
19
Reference Implementation Architecture
20
Reference Implementation Architecture
21
Reference Implementation Architecture
22
Reference Implementation Architecture
23
DTS for NCHELP - Business

• Implementing DTS
• All informational elements currently used by POP
  and FTP are provided as Header elements in DTS
• Diagram DTS into Existing system

24
DTS for NCHELP - Business

• PESC versus ESC Documentation
• http//www.pesc.org/workgroups/datatransport/
• Data Transport Standard v 1.01 Specification
• Data Transport Standard V 1.0 Reference
  Implementation Guide
• http//www.nchelp.org (e-Library gt Electronic
  Standards Documentation Tools gt Electronic Data
  Exchange Documentation)
• NCHELP Technical Manual