We've had a few clients ask about how Moodle can address the new distance ed authorization requirements in the Higher Ed Reauthorization Act. The act requires accreditors to "require institutions that offer distance education to establish that a student registered for a distance education course is the same student who completes and receives credit for it. "
This can be interpreted in two ways. The first is deliberate cheating where the student pays someone to take their tests for them. The only way I can think of achieving that is to require proctoring (or require webcams and have them pointed at the student while they take the test. So far, no one has said this is what they mean, but I wouldn't be surprised...
The second interpretation is that insitutions need to have a way of verifying the student's account has not been stolen. To help meet this requirement, I would like to suggest an additional security system that works with, but is separate from, Moodle Auth.
Attached to the profile are a set of user entered security questions. (What is your pets name? What is your favorite color?). The security questions can be set by the admin or they can use the default questions. The site admin would require first time logins to set answers to the questions. The answers would be encrypted and stored as part of the user profile. We could set a trap on the main screen that would force users to enter the security questions if they hadn't already if the system was enabled site wide.
The system would need to be enabled site wide (like a media filter or Ajax) and then enabled by a teacher in various situations. I think it should work with all forms of authentication as it is really a separate level from the auth plugin (although it might be handy to have it talk to the plugin to disable someone's login if they get it wrong more than twice). Once it was enabled sitewide, an option in the generic options for each module would appear allowing the teacher to require the student to answer a security question to access that module. Another option would be to set an IP trigger, so if the student's IP address is different from the last login, they are required to answer a security question. Once they've answered a question in a given session, they are not required to answer another.
When the user attempts to login, or access a course or module with the security framework question enabled, they are taken to a page and randomly presented with one of the questions to answer. If they provide the correct answer, they are forwarded to their destination. If they fail to answer the question, they can get a hint (which they set themselves).
This has the advantage of being light weight, not use public information, and is under the control of the user. Public information can be data mined (obviously) and if someone's ID is stolen, the theif might have access to enough of their record to spoof them.
The 2008 Higher Ed Act Reauthorization is a big change for regionally or federally accredited institutions offering distance education - your design sounds interesting - we've done something similar that integrates with an external system, so no student personal data is kept locally. This was done via a partnership with Acxiom, Inc. Acxiom handles identity verification for a number of US Banks, etc. and is experienced at presenting on privacy and identity before the Federal Govt., Congress, etc.
We've built this as a simple block that can be placed on a site, a course, or a module, which communicates with Acxiom's FactCheckX system via secure web service. Student identity can be checked against Acxiom's database on a schedule determined by the institution, or at the course level by the instructor (the block can be configured in various ways to meet local needs and accreditation requirements).
Acxiom’s solution does not require hardware, and institutions using FactCheckX Authenticate control when, where and how frequently students authenticate. Instructors and administrators are notified of pass/fail rates. The entire process is delivered through a Moodle block that interacts with data that Acxiom already has access to, alleviating any student data management and authentication burden for higher education institutions. The university or college releases no information about its students; as a result, there is no risk of noncompliance with the Family Educational Rights and Privacy Act (FERPA).
Our system is available now, and folks can schedule a demo and/or contact Acxiom for more information (contact information in the links below).
More>
http://www.moodlerooms.com/learningcenter/newsroom/news__node/19/
Could you provide a cite for the Act your referencing? Are you talking about the Higher Education Opportunity Act, PL 110-315? It looks like the text you are quoting may actually be from the American Council on Education's "Analysis of Higher Education Act Reauthorization" which can be found at http://www.acenet.edu/e-newsletters/p2p/ACE_HEA_analysis_818.pdf
but does not provide a sectional analysis or any citations. However, the Act discussed in the terms you quote is the HEOA, PL 110-315, and the language of the Act seems to be a bit different than argued. There sessions held this fall for public comment, but I don't think that regs are available yet. Are you speaking of pilot programs or all HE programs?
but does not provide a sectional analysis or any citations. However, the Act discussed in the terms you quote is the HEOA, PL 110-315, and the language of the Act seems to be a bit different than argued. There sessions held this fall for public comment, but I don't think that regs are available yet. Are you speaking of pilot programs or all HE programs?
FYI, details on the regulatory process will be posted here:
http://www.ed.gov/policy/highered/leg/hea08/index.html
Compliance, to the extent ED has ever actually tried to obtain compliance with any of the education acts adopted (the IDEA was adopted in 1971, ED actually obtained an amendment to the original Act to ensure that no one could ask the Secretary to enforce it, and I don't think there will ever be even modest compliance) will address the regs, not the statute.
http://www.ed.gov/policy/highered/leg/hea08/index.html
Compliance, to the extent ED has ever actually tried to obtain compliance with any of the education acts adopted (the IDEA was adopted in 1971, ED actually obtained an amendment to the original Act to ensure that no one could ask the Secretary to enforce it, and I don't think there will ever be even modest compliance) will address the regs, not the statute.
The way the Open University deals with this is that almost every course has a final exam, in a proctored exam hall, and you have to take a form of ID with you that has a photo (passport or driving licence).
And I expect that there are procedures in place to investigate if someone's performance on the final exam is very different form their performance in the continuous assessment part of the course. (There is an 'exam board' meeting at the end of each course to approve the grades.)
The exception to this is some first-level courses, which are either entirely assessed online, or which have an end-of-course assessment, instead of an exam, which can be handed in remotely. However, note of these lead to a qualification on their own, and cheating on your first level course is going to leave you totally screwed when you get to higher levels.
Oh, and students have to click through an anti-plagiarism notice any time the submit work remotely.
And the penalties if you get caught cheating are very severe.
I wonder if the OU's system would comply with the US legislation, as is?
And I expect that there are procedures in place to investigate if someone's performance on the final exam is very different form their performance in the continuous assessment part of the course. (There is an 'exam board' meeting at the end of each course to approve the grades.)
The exception to this is some first-level courses, which are either entirely assessed online, or which have an end-of-course assessment, instead of an exam, which can be handed in remotely. However, note of these lead to a qualification on their own, and cheating on your first level course is going to leave you totally screwed when you get to higher levels.
Oh, and students have to click through an anti-plagiarism notice any time the submit work remotely.
And the penalties if you get caught cheating are very severe.
I wonder if the OU's system would comply with the US legislation, as is?
A proctored exam is one of the options presented in the Chronicle article linked above. Trouble is, it is very expensive both for the institution and for the students, esp. since a distance education institution in say, Massachusetts, might have students 3000 miles away in California, or even further.
It gets even more costly if you need to check a student's identity more than once a semester.
It gets even more costly if you need to check a student's identity more than once a semester.
Indeed. The OU has a network of exam centres around the UK, and given the UK's geography, most students probably have less than an hour's trip to their exam.
Hi - I'm a new user with six months experience of running a moodle site on 1.8.3. with a very international student base mainly working on campus, but with global connections and some students working from out of the country.
I'm also taxed by the question of how we authenticate students who are working away from site, and how we check identity. I know this isn't the philosophy of Moodle, but we have to be able to demonstrate that the work for which we award our qualifications is the work of the student registered.
Question Banks - I'm drawn to the idea of a battery of personal questions entered by the student. It seems to me that a variation on the existing quiz module would be quite good for this. The questions (probably two or three) can be rotated each time (as for existing quiz), and I would also like to see a time limited response eg 1 minute or less, to avoid a 'ghost user' calling their client on the cellphone to get the answer. Of course all this can ever prove is that the registered student is in the same time and space as their surrogate.
IP Address analysis - The second line of enquiry that I would like to put up for discussion is the IP address. We picked up quite early where two students accessed sequentially via the same IP address, but figured they were probably room mates and one didn't want to fire up his own machine. We also have wireless connections where I guess the IP address could rotate around a number of students.
What was more interesting to me was the student who appeared to have developed time travel - logged in at an IP address registered in one country, and then logging in a few minutes later a thousand miles away. The suspicion (unprovable) is that they gave someone else their login.
I would therefore like to see more development of IP related functions, to help identify where there has been a significant location change in an unreasonably short period, where several user ID's are appearing against an IP address in quick succession, or where a user ID is showing an unreasonable number of IP addresses. Much of this could be achieved through grouping IP data in different ways.
This would include IP maps, unusual IP patterns and clusters of IP activity - could google analytics contribute here?
I'm also drawn back to making conditions of use more explicit (read and sign - I use Quiz for this) including sharing of user passwords, and with specific penalties.
Paul
On the subject of IPs, all the data is there in the log table. It just just a matter of writing some reports to analyse it. That would be a good thing for someone to do.
The Swedish national agency for distance education where I work(ed) had a similar system with a few examination centers. We also offered to send tests to other official schools that the student made an agreement with (including any payment) and giving us a telephone number to the schools office to make sure that it was done at an official level. For students in other countries they could go to the Swedish embassy.
OK, so why have separate 'you are who you say you are' checks, in addition to the standard authentication systems. After all, authentication, by definition, is supposed to be ensuring that the remote users is who they say they are.
Well, I can see some justification, because different tasks require different levels of certainty about who the user at the other end of the wire is. We may want to have greater certainty about who is submitting a quiz, but we don't want to make students jump through extra hoops to post to a general discussion forum. My bank does that. It makes me type my password again every time I try to do a payment online, even though I am already logged in. It is annoying, but I tolerate it, because I understand their reasoning.
So, this is not necessarily just legislative box-ticking, this may actually be a worthwhile feature.
Well, I can see some justification, because different tasks require different levels of certainty about who the user at the other end of the wire is. We may want to have greater certainty about who is submitting a quiz, but we don't want to make students jump through extra hoops to post to a general discussion forum. My bank does that. It makes me type my password again every time I try to do a payment online, even though I am already logged in. It is annoying, but I tolerate it, because I understand their reasoning.
So, this is not necessarily just legislative box-ticking, this may actually be a worthwhile feature.
The whole stuff about asking silly question like who you had a crush on in 7th grade, well I can't think of anything better. Obviously whatever sits sits there should either be a plugin, or at least easy to customise.
I am more interested in how to hook this into the rest of Moodle.
I just said above, that the requirement for extra authentication is task-based. That suggests to me that in places where you might want this extra authentication, you pass an extra optional parameters to the standard require_login function. This would be something like $extraauthtask, and it's value would be a string like 'quiz attempt', or 'forum post'.
Then, probably, instead of a single on-off switch for this feature, the admin would have the ability to control the extra authentication for each task type.
Probably the answers to the extra authentication questions could be stored in extra user profile fields, providing these can be hidden from the student themself when they are logged in. That is, for the student, these fields would be write-only. (I am not sure if hidden user profile fields work this way at the moment. We may need a new mode, visible/hidden from other users/hidden from the user/hidden from everyone).
We already have the mechanism that can force a student to change their password when they log in. We should have a feature where, if the user profile contains required fields, and they are currently blank, the user is required to supply the missing values at the same place where they might be forced to enter a new password.
One final point. For the best implementation of this, it would be better if the student supplied the extra authentication information as they do the upload. The type-password-again system I mentioned above is what my UK bank uses. My Australian bank has a system where, if I want to make a payment online, after I submit the form in my web-broswer, they send a text message to my mobile with a 6-digit number, that I then have to type into the web page.
Technically, this means that we may want the authentication to happen in the middle of a POST HTTP request.
And actually, we already have bugs in the tracker, where standard Moodle auth plugins force people to re-authenticate in the middle of a quiz attempt, and as a result of the redirects that that involves, the student looses some work. Ditto if you get logged out in the middle of posting to a forum.
To that end, it would be really nice to have some server-side caching of POST variables (and uploaded files) before they are redirected by an auth plugin, so the values can be retrieved again when they get back - basically store the data against a unique key, and add that as a parameter that will be added to the URL they get redirected back to after re-authenticating. I am sure there is a bug in the tracker about this idea, but I can't find it.
I am more interested in how to hook this into the rest of Moodle.
I just said above, that the requirement for extra authentication is task-based. That suggests to me that in places where you might want this extra authentication, you pass an extra optional parameters to the standard require_login function. This would be something like $extraauthtask, and it's value would be a string like 'quiz attempt', or 'forum post'.
Then, probably, instead of a single on-off switch for this feature, the admin would have the ability to control the extra authentication for each task type.
Probably the answers to the extra authentication questions could be stored in extra user profile fields, providing these can be hidden from the student themself when they are logged in. That is, for the student, these fields would be write-only. (I am not sure if hidden user profile fields work this way at the moment. We may need a new mode, visible/hidden from other users/hidden from the user/hidden from everyone).
We already have the mechanism that can force a student to change their password when they log in. We should have a feature where, if the user profile contains required fields, and they are currently blank, the user is required to supply the missing values at the same place where they might be forced to enter a new password.
One final point. For the best implementation of this, it would be better if the student supplied the extra authentication information as they do the upload. The type-password-again system I mentioned above is what my UK bank uses. My Australian bank has a system where, if I want to make a payment online, after I submit the form in my web-broswer, they send a text message to my mobile with a 6-digit number, that I then have to type into the web page.
Technically, this means that we may want the authentication to happen in the middle of a POST HTTP request.
And actually, we already have bugs in the tracker, where standard Moodle auth plugins force people to re-authenticate in the middle of a quiz attempt, and as a result of the redirects that that involves, the student looses some work. Ditto if you get logged out in the middle of posting to a forum.
To that end, it would be really nice to have some server-side caching of POST variables (and uploaded files) before they are redirected by an auth plugin, so the values can be retrieved again when they get back - basically store the data against a unique key, and add that as a parameter that will be added to the URL they get redirected back to after re-authenticating. I am sure there is a bug in the tracker about this idea, but I can't find it.
Interesting stuff, from a UK schools perspective I can also see uses for this sort of system.
The UK government recently produced new guidance on data handling for schools which may have implications for Moodle in schools. In particular it would require second factor authentication (like tims mobile sms) for accessing certain sensitive pieces of information. I have many concerns with this[1], but my major concern is that it'll drive teachers away if they have to jump through many hoops to access moodle.
I could imagine getting round this by having the second factor authentication system hook into the roles system when accessing risky capabilities (perhaps it could be driven by events??). Causing second factor authentication request when testing for this capability. (At least then teachers wouldn't have to jump through hoops for everything they do - but just the 'risky operations').
[1] Primarily - why must be the problem be solved by an expensive 'technology solution' rather than investing in an education solution?
The UK government recently produced new guidance on data handling for schools which may have implications for Moodle in schools. In particular it would require second factor authentication (like tims mobile sms) for accessing certain sensitive pieces of information. I have many concerns with this[1], but my major concern is that it'll drive teachers away if they have to jump through many hoops to access moodle.
I could imagine getting round this by having the second factor authentication system hook into the roles system when accessing risky capabilities (perhaps it could be driven by events??). Causing second factor authentication request when testing for this capability. (At least then teachers wouldn't have to jump through hoops for everything they do - but just the 'risky operations').
[1] Primarily - why must be the problem be solved by an expensive 'technology solution' rather than investing in an education solution?
Thank you Dan.....
Why indeed waste a great deal of time on this when there is no better verification for a non-distance student at most US institutions and what in fact does the law require.....
Well, we don't know what the law will require, do we, and it is most likely that the regulations, when and IF adopted would place the burden of specifics on the accreditation institutions, which themselves would then have to adopt and impose requirements.
I have to suggest that the motive underlying some of the proponents of such verification was the press that revealed that some of the folks involved "on the wrong side" of the "war on terror" received instruction at institutions of higher education via publicly funded school loans. Verification provisions would ensure that profiling could be effectively used to screen students. Paranoia? Well, that was, after all, what fueled the Cold War.
Let's look at it this way. How many US institutions of higher education mandate that an instructor implement any closed book, proctored final examination (or any examination for that matter)? I have attended courses where there were several hundred students and the instructor couldn't possibly have known if any of us actually belonged in the course. And on the other hand, educational theory of the past few years would argue that such narrow summative assessments are virtually meaningless, and they get more meaningless the more complex the subject.
To get more granlular, believe it or not, there is no requirement that any public official actually fingerprint one for a license or background check, so there is no guarantee of the instructor's ID, let alone the students. Want to talk about mandatory surgical insertion of RFID in all persons at birth tied to a retinal scan? Oh, and we have to make sure they can't be surgically swapped either. Sound like Homeland Security types?
Frankly, I would have to argue that the quality of the distance education programming I have seen through US Distance Ed programs, including the program actually referenced in the legislation, is appalling. What is more troublesome, a degree for which someone else did the work or a degree from an accredited diploma mill that?
Why indeed waste a great deal of time on this when there is no better verification for a non-distance student at most US institutions and what in fact does the law require.....
Well, we don't know what the law will require, do we, and it is most likely that the regulations, when and IF adopted would place the burden of specifics on the accreditation institutions, which themselves would then have to adopt and impose requirements.
I have to suggest that the motive underlying some of the proponents of such verification was the press that revealed that some of the folks involved "on the wrong side" of the "war on terror" received instruction at institutions of higher education via publicly funded school loans. Verification provisions would ensure that profiling could be effectively used to screen students. Paranoia? Well, that was, after all, what fueled the Cold War.
Let's look at it this way. How many US institutions of higher education mandate that an instructor implement any closed book, proctored final examination (or any examination for that matter)? I have attended courses where there were several hundred students and the instructor couldn't possibly have known if any of us actually belonged in the course. And on the other hand, educational theory of the past few years would argue that such narrow summative assessments are virtually meaningless, and they get more meaningless the more complex the subject.
To get more granlular, believe it or not, there is no requirement that any public official actually fingerprint one for a license or background check, so there is no guarantee of the instructor's ID, let alone the students. Want to talk about mandatory surgical insertion of RFID in all persons at birth tied to a retinal scan? Oh, and we have to make sure they can't be surgically swapped either. Sound like Homeland Security types?
Frankly, I would have to argue that the quality of the distance education programming I have seen through US Distance Ed programs, including the program actually referenced in the legislation, is appalling. What is more troublesome, a degree for which someone else did the work or a degree from an accredited diploma mill that?
I like the SMS message idea, although in the US and elsewhere it could get expensive (email to SMS is usually free to the sender, but the received pays).
My general thinking is a standard password (enter your password again) is not as secure as a two layer system with security questions. If the password is compromised, the second layer at least provides a separate challenge to the user. With most HE institutions in the US, SSO means there is one password for registration, accounting information and LMS. Each of these systems has potential vulnerabilities. A separate security question would allow the advantages of SIS integration but provide a second layer.
My general thinking is a standard password (enter your password again) is not as secure as a two layer system with security questions. If the password is compromised, the second layer at least provides a separate challenge to the user. With most HE institutions in the US, SSO means there is one password for registration, accounting information and LMS. Each of these systems has potential vulnerabilities. A separate security question would allow the advantages of SIS integration but provide a second layer.
Relatedly, it may be worth looking into making Moodle capable of authenticating with standard two-factor authentication deceives - as this seems to be the way the security standards are going.
I don't think the current auth architechure supports the passing of multiple login variable that would be required of a plugin that accepts a OTP type login:
http://en.wikipedia.org/wiki/One-time_password
For those that don't know, in a OTP system, you go to the website, enter your username and password (something you know) and then enter a number that is currently displayed on the token/key-fob (something you have). The number on the token changes every X seconds, or when you press the button to display it. The server calculates if that is the correct entry for the current moment in time.
Basicallty the school would mail your the token when you enrol, and that would prevent somebody for taking over your account, unless they knew your password AND stole the token (each one is unique).
This is the way that banks and even World of Warcraft are implementing two factor auth.
I don't think the current auth architechure supports the passing of multiple login variable that would be required of a plugin that accepts a OTP type login:
http://en.wikipedia.org/wiki/One-time_password
For those that don't know, in a OTP system, you go to the website, enter your username and password (something you know) and then enter a number that is currently displayed on the token/key-fob (something you have). The number on the token changes every X seconds, or when you press the button to display it. The server calculates if that is the correct entry for the current moment in time.
Basicallty the school would mail your the token when you enrol, and that would prevent somebody for taking over your account, unless they knew your password AND stole the token (each one is unique).
This is the way that banks and even World of Warcraft are implementing two factor auth.
woops, I see this is a duplicate of some of the discussion above - I missed it on my first read through...
Jason needs a solution which asks input at the beginning of a class which can be incorporated into a quiz or activity during the class. Ata minimum, access to those inputs must be blocked during the quiz or activity, and the course cannot continue or must be retaken without the correct answer. I know this is not a perfect solution, however, it is the solution that meets the requirements of the continuing education agency - which I assume applies to a large demograph of Moodle courses.
All solutions will have flaws, so a simple solution to meet program requirements is all that is needed...
The rub is ... is there anything on Moodle that can do this?
Check out this thread. There are a few of us who have been required to implement security questions separate from the login for a couple of years now due to distance learning requirements for licensing courses etc. Greg's hack may be of help to some of you...
http://moodle.org/mod/forum/discuss.php?d=83695
http://moodle.org/mod/forum/discuss.php?d=83695