Privacy provision in e-learning standardized systems: status

and improvements

指導教授：溫嘉榮教授暑資碩三：吳清淵 M9253309

Introduction

What is standards?

documented agreements containing technical specifications, precise criteria used as rules, guidelines to ensure that materials, products and service fit their purpose

E-learning standards consists of

(1) a bdata modelQ

(2) one or more bbindingSQ

(3) Application Programming Interface (API)

The function of Learners Administration

(1) provides learners with support for management of administrative information.

(2) provides the business logic for learner registration and enrollment.

What is privacy?

Freedom from intrusion into the private life or affairs of an individual when that intrusion results form undue or illegal gathering and use of data about the individual

2. Privacy and security provision in e-learning systems

2.1 Privacy threats

(1) Identity disclosure (2) Likeability and observability of data (3) Location disclosure in mobile network (4) Data disclosure (5) The HTTP cookie

What is HTTP Cookie?

Definition: a file mechanism that creates more automated interaction b

etween a web server and a client Function: (1) provides the remote server with a dmemory T of a user’

s identity. (2) store e-customers’ personal ID, recent activities at a we

bsite,etc. Privacy threats: (1) security failure (2) Monitoring (3) data disclosure (4) limited control (5) collection data

2.2 Requirements for privacy and data protection and relevant technologies

(1) Learners’ personal data must be protected.

(2) Learners’ personal environment must be appropriately controlled in the internal processing of data

(3) Learners must be able to formulate their privacy demands and wishes

Requirements for privacy and data protection and relevant technologies

(4) The service provider should prevent unauthorized accesses to the e-learning environment

(5) Learners’ personal environment, where learners’ personal data is stored must be able to distinguish between the public and private data

(6) The e-learning service provider must have its privacy policy declared.

3. E-learning standardization

E-learning standardization

Various kinds of efforts are contributing to e-learning standardization

ex: (1) IEEE’s Learning Technology Standardization Consortium (LTSC) (2) the IMS Global Learning Consortium

These standardization efforts can be identified into two levels:

Level 1 information models involved; intended to be used by differ

ent vendors in order to produce learning objects and other relevant components of the e-learning system

Level 2 the architectures, software components and provided inter

faces; the expected behavior of software componets responsible for managing learning objects in online environments

4. Privacy and security attributes in e-learner

User profile can be modelled by three data types:

(1) User data: information about personal characteristic of the user.

ex: demographic data, user interests, etc.(2) Usage data: user’s interactive behavior ex: selective user actions, temporal viewing beha

vior. (3) Environment data: user’s software and hardware

and the characteristics fo the user’s current locale or origin.

ex: usage frequency, information about the locale of the user.

4.1 IMS

(1) learner Information in IMS Learner Information Package (LIP) is a collection of information about a learner or a producer of learning content , characteristic of a learner.

(2) IMS LIP focuses on the interoperability of internet-based learner information systems with other systems that support the Internet based learning environment

Typical sorts of learner information which are supported in LIP

(1) education record

(2) training log

(3) the record of professional development activities.

4.1.2 Privacy and security attributes

In this tree structure, each node and leaf have an associated set of privacy information which is used to describe the level of privacy

4.2 The IEEE LTSC Public and Private Information (PAPI)

A multipart standard that specifies the semantics and syntax of information about learners.

Defines references elements for recording descriptive information about knowledge acquisition, personal contact information, learner preference and styles,etc.

A data interchange specification, used for communication among cooperating systems

The logical division that seperates security and the administration of several types of learner information

4.2.2 Privacy and security attributes

Session-View Security Model

(1) Each security session is initiated by an accessor.

(2) The accessor provides security credentials that authenticate the accessor, authorize the accessor, or both.

4.2.2 Privacy and security attributes

Security Parameter Negotiation Model(1) The participants can negotiate security

parameters, before, during and after each session.

Security Extension Model(1) The participants can use additional security

features besides the ones specified in the current model.

4.2.2 Privacy and security attributes

Access Control Model

(1) Accessors can read and write data elements and create new data elements

4.3 The Educause-InternetQ Eduperson

The eduperson specification is an auxiliary object class for campus LDAP directories that includes widely used person attributes in higher education.

4.3.2 privacy and security attributes

beduPerson-Principle Name Q

(1) Contains person’s bNetIDQ in the form of user@univ.edu.

(2) The user can authenticate with this identifier, using locally operated service.

4.3.2 privacy and security attributes

eduPerson Scoped Affiliation

(1) Specifies the person’s affiliation within a particular security domain in broad categories, such as student, faculty, etc.

(2) Used to represent a long-term account linking relationship between an identity provider and a service provider.

4.4 Other approaches

Universal Learning Format (ULF)

(1) Used to capture and exchange various tyeps of e-learning data, ex:online learning content

(2) Borrows from various industry standards for exchanging learning data in web environment and incorporate these standards into one solution.

(3) Compatible with its constituent standards and provides a two-way path for conversion and reconversion.

4.4 Other approaches

The OASIS specification Extensible Customer Information Language (ECIL)

(1) Defines information associated with a person or organization

(2) Supports different customer data elements.Ex: name, birth.

4.4 Other approaches

The customer Profile Eschagne specification (CP Exchange)

(1)Defines a data format for disclosing customer data from one party to another

(2) Enables the specification of privacy meta-information as one option

5.Assessment and propose improvements

General findings

(1) the lack of comparabiltiy between the approaches

(2) These standards do not address privacy issue sufficiently

Suggested Improvements

The ELENA Solution

(1) The privacy preference in ELENA learner profile are specified in the Privacy Info attribute that is attached to each element.

(2) Classifies personal data as high sensitive.

(3) The learner can decide which data to be revealed or protected

(4) The system can category the data according to the learner’s selected preference.