Security of on-line content is an important and complex issue, and as interest in e-Learning education grows user identity validation is of increasing importance.
The concept of security as it applies to on-line education and content encompasses several areas including:
- Can my site be hacked ?
- Can unauthorised users post content ?
- Is my site hosting malware, spyware, or adware ?
- Are my users real ?
- Is my site being targetted by spam or bots ?
- Are posted comments appropriate or spam ?
- Is my content secure ?
- Do I want my content to be freely accessible ?
- Are user-only areas private ?
- Is content accessible that I don’t want to be accessible ?
- Do I have a disclaimer ?
- Are my authors behaving in a professional manner ?
- Is my content copyrighted, if so by whom ?
The above questions act as a guide for novice web-designers to consider, how they wish to arrange their site, which plug-ins to use, and even which Web Content Management Systems they should use.
Some security issues can be addressed using site plug-ins, such as CAPTCHA programs, utilising spam detection protocols, or requiring comment authorisation by site moderators.
Many other security issues are complex and require advanced computer skills to address, and despite implememting security protocols your site may still be vulnerable to attack. This is demonstrated by the many large international companies that have been victims of malicious cyber-attacks despite spending millions of dollars on network security.
User Identity Validation
The majority of web-based medical education resources provide educational material for those individuals who wish to access it. Whilst this is useful for self-directed learning it does not allow the user to gain credit for their educational activities. For this to happen the site itself must be recognised by an appropriate educational governing body, e.g. ACEM, then the user must be able to demonstrate successful completion of a learning goal, e.g. viewing an on-line presentation. Completion of a learning goal may also be further validated by completion of an assessment or test.
Other e-Learning resources are already recognised, or are provided by educational institution e.g. distance e-Learning in a University course, or completion of an on-line pre-course MCQ.
One challenge faced in these scenarios is that of ‘User Identity Identification’, or more simply put ‘is the person on the computer who they say they are ?’
Some solutions commonly used to address this issue are:
User Based Log-In
- Each individual is assigned a user name and password
- Allows site moderate to track progress
- Does not guarantee user identity e.g. people sharing log-in details
IP Address Logging
- Tracks user IP address to confirm identity
- Only useful in systems with fixed IP addresses e.g. local networks
- IP Addresses can be hidden or mirrored
- Only tracks computer not necessarily which user
- Links unique code with user identity
- E.g. Certificate for completion of learning goal has unique number which is linked in database to an individual
- Prevents copying / exchanging of certification
- Does not guarantee person who completed goal is the user with which certificate is associated
- Advanced forms include watermarks, and holograms
There are a number of other options and many institutions will use multiple identification procedures simultaneously. Implementation of these protocols, like web site security, is complicated and requires expert level knowledge, and often considerable resources to adequately implement. Unfortunately there will always be individuals who look to circumvent any security or validation process, and those involved in e-Learning need to remain mindful of this fact.