Web Service Based Secure E-Learning ... - Semantic Scholar

12 downloads 48408 Views 231KB Size Report
Technology has eroded the learning strategy from beneath the apple tree to learn any ... Web services are perfect blue print for agile business environment. But.
Journal of Convergence Information Technology Volume 5, Number 7, September 2010

Web Service Based Secure E-Learning Management System – EWeMS M.S.Saleem Basha* and P.Dhavachelvan Department of Computer Science, Pondicherry University, Puducherry 605014, India {[email protected], [email protected]} doi: 10.4156/jcit.vol5.issue7.8

Abstract Technology has eroded the learning strategy from beneath the apple tree to learn any where at any time. The learners do not have to travel for acquiring knowledge through e-learning. Learning is the ability of the learner to enhance his character and behavior. One of the most important roles of the information and communication technology is to provide e-learning. E-learning fulfils the thirst of knowledge for the learner at any location, time and age while compared with classical learning system. This paper aim to provide the web service based secure e-learning management system (EWeMS) to address the issues and challenges of the traditional E-learning Management System (EMS). EWeMS are superior in terms of convenience, agile, reusability, independence, adaptation, and interaction. EWeMS provides an environment for management and e-learning strategy. EWeMS focused around the following core features namely Content Protection, Content Management, Learning Management, Delivery management, Evaluation management, Access Control, Audit, Event Notification, Partner Collaboration etc., and truly focused on integrated platform consistent with emerging needs of e-learning and managements.

Keywords: Web Service, E-Learning, E-learning Management System and Web Service Security. 1. Introduction E-Learning is the emerging mission in the field of educational technology. Institutions and organizations are focusing towards the development of E-learning system for the many benefits and vogue. As a result of increased access to E-learning contents, any time and any where, the institutions and organization must provide the authoritative contents to the learners. The term e-learning in general refers to computer-enhanced learning, and the first general-purpose e-learning system was the Programmed Logic for Automatic Teaching Operations (PLATO) developed by the Computer-based Education Research Laboratory (CERL) of the University of Illinois at Urbana-Champaign in early 1960’s [20][18]. An e-learning project is a discrete package obtained at the end of one specific elearning project. The product may be new course, a new learning module, or a new e-learning curriculum. It may be a new learning management system or physical platform for delivering elearning. Later an e-learning product could be a revised package coming out of an e-learning maintenance or enhancement project. Finally, an e-learning project is an initiative to deliver or enhance a discrete package of e-learning content or to create, install, or maintain software or infrastructure to support the e-learning process. An organization which launches e-learning will ultimately support internal staff, business partners and students. An ongoing e-learning process will require resources and staffing to support it on an ongoing basis. After launching e-learning initiative may become a fundamental business strategy as information technology, telecommunication and e-commerce. The tremendous growth in web service has diverted the e-learning system developers to develop their e-learning system from traditional web based systems due to the flexibility and looseness characteristics of web service. Web services are perfect blue print for agile business environment. But the question remains unanswered i.e. security. Large scale research has been initiated to answer to the question of web service security. But still there is no proof for hundred percent secured web services. The diversity in the implementation and the environment has made the web service unsecured.

2. E-Learning as Behavior Modification The phenomena of e-learning are the act of acquisition of additional knowledge, skill and attitudes, it is fundamental to the development of a person The phenomena of e-learning is the act of acquisition of further knowledge, skill and attitudes, is fundamental to a person’s development. Electronic learning

57

Web Service Based Secure E-Learning Management System – EWeMS M.S.Saleem Basha and P.Dhavachelvan

has the feature of assignment submission, e-lectures, knowledge evaluation, questions generation, exam grading and communication between the users [8]. An increment in e-learning is characterized by a corresponding modification of human behavior. E-learning is therefore defined as a relatively permanent behavior modification. Conversely, no e-learning is said to have occurred if there is no behavior modification. In other words, e-learning is describable, observable and measurable. This is indeed the psychological view point of e-learning where the learner is considered to be a black box and learning is described in terms of initial condition A and final Condition B as illustrated in Figure 1. Enhanced Behavior

E-Learning System

Entry Behavior

Figure 1. Definition of E-learning as behavior model The development of e-learning management system must be able to 1. Analyze the process of learning 2. Classify learning into different modules / Domains 3. State the importance and limitation of teaching, learning and evaluation by objectives, and 4. State some lessons from the theories of learning. Learning is individual to learner. It takes place with one’s own motivation and interest. One may learn by oneself through reading, writing, observing, listening and discussing through internet. Different persons learn at different rates with different stimuli and in different environment. Self actualization Growth Esteem needs Social needs

Relatedness

Security needs Physiological needs

Maslow’s Hierarchy of needs

Existence

Alderfer’s ERG Theory

Figure 2. E-Learning Hierarchy Mapping Motivation to learn is the most predominant factor which governs the quality and quantity of learning it implies the existence of a motive force and the mobilization of one’s energies towards the attainment of a goal. Motivation may be intrinsic or extrinsic. Intrinsic motivation refers to a state of self arousal, activation and vigor with in a learner. Extrinsic motivation is provided form without by factor such as praise, positive reinforcement and reward system. Often extrinsic motivation triggers intrinsic motivation. It is believed that motivation corresponds to needs of an individual. According to

58

Journal of Convergence Information Technology Volume 5, Number 7, September 2010

the Maslow’s et al. proposed the hierarchy of needs, the primary needs of an individual are physiological i.e. organically induced and further needs are psychological [13] as illustrated in Figure 2. It follows that the basic needs must be satisfied before one feels the need and motivation to learn for recognition and achievement. Alderfer’s et al. proposed the ERG (Existence, Relatedness and Growth) theory [1] classifies the needs as those related to existence, relatedness and growth.

3. Modular Objective An objective is a statement of intended terminal ability of learner. The ability so identified is usually executable observable and measurable. It is better to have even directional objectives than not to have them at all. Since the terminal ability refers to modified behavior, an objective is also termed as ‘behavioral objective’. Sometimes the term ‘instructional objective’ is used in literature; this is to stress that the objective is intended to be achieved through the process of instruction. Statement of an objective for an adult learner is akin to the destination for a traveler. Destination and the route must be specified before an itinerary is made. Enroute points are analogous to ‘enabling objectives’ which facilitate the achievement of terminal objectives. Modified Behavior Exit Objective Assessment

Learning Process

Editors

Teaching Method

Teaching Learning Evaluation Strategy

Management Activities

Other Resources

Audio, Video Resources Content

E-Learning Web Service

Objective

Student

Figure 3. Lifecycle of E-learning Web Service Of one did not know where one is going to reach, one is not likely to reach there at all. It is objectives, which decides the teaching strategies and resources should be employed to match the learning style of the students. In fact the entire cycle of events in the teaching-learning-evolution cycle begins with objective and ends with objectives, as shown in Figure 3. As the name implies, the web service e-learning management system is a cyclic process which outlines the process of teaching, learning and evaluation in relation to the objectives. In fact, it is the strategy of matching of teaching, learning and evaluation activities to ensure the achievement of each of the intended objectives in turn.

59

Web Service Based Secure E-Learning Management System – EWeMS M.S.Saleem Basha and P.Dhavachelvan

It is for this reason that the cycle commences from objectives and again, ends at the objectives. The process attempts to change the entry profile of a student into the exit profile after the cycle is completed. The feedback loop to ‘receive the strategy’ is to ensure that the learning L has positively occurred; if not, the steps are modified and repeated to achieve the objective. A lesson is said to be successful if all the intended objectives are achieved. Objectives are often classified as ‘general objective’ and ‘specific objective’. A general objective is a rather general statement of student ability. The statement of a specific objective usually starts with the phrase. ‘on successful completion of all activities, planned and provided, the student must/will be able to …’ and continues with the mention of the action verb; the quantity or number; the constraints of operation and the criterion or minimum acceptable level. It is indeed the exact specification of these parameters which constitute a specific objective. The most important parameters on a specific objective are the action verb describing the output of the learner.

4. Web service computing and E-learning Management System Web Service can exist without E-Learning Management System (EMS), and EMS prospered without a comprehension closes to web service. In the field of knowledge management, where organizations have goals that are very similar to those of educators, one of the main reasons why 80% of implemented systems have failed [9] is the lack of incentive to contribute. The combination of web service and EMS is stronger than someone is alone. Web service makes available the ability to create process independence. Web service can be created automatically that can be reemployed across the boundaries of enterprise and in the multiple processes. EMS is an emerging framework to visualize, improve and executing new process in e-learning environment. EMS is a methodology, also a collection of tools that the businesses to specify e-learning processes. The services are treated by the EMS that addresses how the organizations can identify, can model, can develop, and can manage their service processes, including the processes that IT imply the systems and human interaction. With the advent of design principles, patterns and techniques the services are well defined to minimize the gap between the editors and the learners. EMS is not a technology rather it is an architectural style to make the availability of resources to the participants using the service which spans across the boundaries of enterprise which fulfills the business and goals of an organization, which can be choreograph these services to composite application and invoke them through standard protocols. IT professionals and business user are more benefited by combining the EMS and web service. It can be said that the web service is a building block for e-learning management system of an e-learning application. In the circumstances of natural partners’ web service and EMS must be hand-in-hand to assemble new application for e-learning. In short EMS is modeled as a set of individual processing tasks. EMS defines to create process model, process automation, the way to invoke the service and the process flow of the service. Whereas, the UDDI reveal the service information to the consumer, which hides the information of the service composition, orchestration and flow. Due to these characteristics many companies and IT industries are focusing towards web service for more strategic and usability. Due to tight coupling of integration technology and individual business application in a traditional EMS, a small change in the business process or integration technology may lead to increase the operational cost and also it affect multiple applications beneath this. This tight coupling is a nightmare for the developers to modify the integration technology and interfacing to accommodate the changed business process. The introduction of service is more beneficial, without the web service in EMS is complex and brittle. Web Services reduce the bottleneck of the EMS, the process layer to access the underlying business directly to contaminate with unnecessary details about the technology, APIs and application. Due to above said advantages the web services are becoming a popular technology to connect the application both within and across enterprise boundaries. Due to the popularity, the web service has encounters the problem of insecurity and security has become an important concern impeding the widespread adoption. Much work has been carried out to standardize the business process management for more than a decade. The standardization of business process management and workflow technology has been discussed for more than ten years [11]. Oasis, WfMC, W3C, BPMI, OMG is the most popular organizations who work towards the process of specifying the business process management for different aspects of application

60

Journal of Convergence Information Technology Volume 5, Number 7, September 2010

5. E-learning Web Service Management System Web service is a complex blend for agile business environment. Collaborative learning [10] is a term used for a variety of educational approaches involving joint intellectual effort by students or students and teachers together. E-learning needs a set of shared components technologies that supports shared information, communication and co-ordinates access to shared objects on different platforms [16].The security is the major attributes for e-learning and the e-learning management system. The Figure 4 illustrates the complete web service scenario for e-learning. E-learning is the emerging technology for distance education, especially for students and executives has revealed that e-learning is the fastest growing trends in higher education. Elearning can offer hundreds of courses including management and technical courses are also offered by the educational institutions and universities worldwide. A large number of research efforts are hence focusing on a planned infrastructure development for E-learning [17][15][19]. The main functions of e-learning environments are to provide explanation, tutoring and intelligent diagnosis of student’s understanding [15]. Bekim Fetaji et.al. [3] pointed out some problems and limitations regarding existing e-learning systems and depicted that e-learning at present is still in static style; in a form of “online newspaper and information transmission”. Hasan Al-Sakran et al. [7] tried to eliminate the existing limitations of e-learning by proposing a new distributed e-learning system based on Agent technology and Case Based Reasoning (CBR). This insisted us to develop a framework for e-learning management system in web service. Lookup Administrator / Business Manager

Find

Service Manager -Configure -Define Policies -Monitor Service Activity

Publish

E-Learning Service Provider

Service Registry and Activity storage -Definition -Location -Cache Configuration -Transformation Setting -Security Configuration

ESB

Access policy Enforcement

Students

Editor

Access Control by ECF

Enterprise Application Adapter

SOAP

Interface Management

SOAP

Service Composition

Access Control by ECF

Content Protection Frame work Content management Frame work Learning management Frame work Delivery management Frame work Evaluation Frame work

Access policy Resolution Access policy Admin.& Audit

Service Bus

Business Logic

-Dynamic Connectivity -Security -Transformation -Event Handling -Policy Management -Exception Handling -Versioning -Logging -Monitoring

HTTP/SMTP/ XML/HTML/ Text Event Notification Receipts HTTPSOAP/EJB/ JMS Enterprise ELearning Service 1 Enterprise ELearning Service 2

Partners

Service Message Queue Web Service Standard Stack

SOAP

Application Server

Firewall External ERP / Database System

Enterprise ELearning Service n

Partner E-Learning Service 1 Partner E-Learning Service 2

Adapter API SAP

Partner E-Learning Service n

Figure 4. E-learning Web Service Management Framework

61

Web Service Based Secure E-Learning Management System – EWeMS M.S.Saleem Basha and P.Dhavachelvan

The access control for the users is the complex activity for e-learning through web service. Web service may be simple or compound and can be offered by one service providers or a group of service providers. Initially e-learning service providers register their e-learning services to the registry usually in UDDI. This registry will act as a yellow page for the students to look into that for the appropriate course through the lookup manager to the service manager. The service manager will redirect to the corresponding e-learning service provider who offers the particular course that the student needs. At first e-learning service provider will register the student profile and insists the students to create user name and password under some terms and condition such as fee, content, copy protection, duration etc., at this stage he will be authenticated to avail the e-learning web service. Through the ESB (Enterprise Service Bus) the students can login to the particular e-learning web service provider to access the course. ESB consists some of the ingredients namely service registry and activity storage, Content protection framework, content management framework, learning management framework, Delivery management framework, Evaluation framework, interface management, message queue and service bus. Service Registry and activity storage: Web service definition is the statement about the implementation details, interfaces, location, transformation settings, catch configuration, security configurations etc., which is given by the service providers. These definitions will support at the end terminals for better response of the web service orchestration and compositions. Content Protection framework: E-Learning is usually a profitable business and has the access control for the users. The editor prepares the curriculum for the courses offered by the educational institution and develops the content for the courses according to the syllabus. This content has to be protected against the copying from the pages or any alterations to the content. The content protection framework will takes care for all the issues relating to the contents. Content Management Framework: Updating the content with university regulation is the essential aspect in teaching and learning strategy. Maintenance of e-learning environment and the distribution of elearning contents and information is managed accordingly for the better run of the e-learning system. Content management framework has a important role in content analysis, audience analysis, goal analysis, medium analysis, design approach, organization of the content, methods and strategy and navigation. Learning Management Framework: the learning management frameworks must provide the content and learning methodology as easy as to the students. The learning management framework and the student profile must work hand in hand, for example a student form the electrical discipline wants to learn computer science programming, the learning management framework must provide the course which is related to electrical disciple. Delivery Management Framework: Content delivery is final step to display the content in the students’ desk. The content may be in the format of audio, video or a text. The appropriate plug-ins and the interfaces have to be invoked in the web page. Exception and event notification has to be reported to the e-learning service providers. Evaluation Framework: At the end of the course all the student must be evaluated and ranked for certification or to move to the next level of the course. The assessment engine in the evaluation framework will generates quiz or test question for evaluating the students. The assessment engine analyzes the students for appropriate quiz level. Based on the students’ capabilities the quiz level is chosen. Message Queue: the request from the students must be served according to the priority. The flood in the server may lead to larger waiting time of the student. The server replies to the request on after another from the message queue. Interface Management: interface management has two interface repositories namely proxy and stub. These repositories will provide appropriate interfaces to clients and servers.

62

Journal of Convergence Information Technology Volume 5, Number 7, September 2010

Service Composition: As said earlier to complete a task one or many services are needed. If many services are needed to complete a task then service composition will take the role to prepare a statement which service must orchestrate first and which service must orchestrate second and goes on. The sequent of the orchestration will gives the meaningful results. This is like the arrangement of words in the crossword. All the communication will be in the form of messages through SOAP protocol. Due to openness of the web service many enterprises and partner can take part to complete a task. The partners and the enterprise application must agree with the security policies and procedures to work collaborative.

6. Web Service Security for E-Learning While speaking web service security, the issues are usually coins around confidentiality, authorization, authentication, non-repudiation and integrity. VOs are required to agree upon a framework for resource description so that the grid services can share, locate and apply security measures [4][6], similarly web service also requires to agree upon a framework so that the E-learning management system can share, locate and apply security. The highly distributed, federated and heterogeneous nature of the web service gives way to major security threats and challenges irrespective of the implementation environment. The flexibility of the web service security is depends on the granularity. Fine grained web service are easy to implement and difficult to maintain, coarse grained web service are difficult to implement and easy to maintains. The perfect choice of granularity may provide the complete control of web service operation and can be enforce at any point when it needed by the requesters with the organization and across the boundaries of organization without jeopardizing the business critical systems. Web service provides the leverage existing security infrastructure with ensured standards and interoperability. Due to this restriction most of the organization’s web services are catered within their firewalls this fails to utilize the complete magical features of web service. Addressing security features is a great issue but it is mandatory for the organization to address it, probably with authentication. Determination of the authentication mechanism makes the most sense in the environment and proper integration in the web service. Once the user has been authenticated, and then the problem of authorization arises here which is complex than authentication. A web service requester can send a message to another web service if and only if this web service must contain the data to permit the web service requester to update the web service or avail the web service. Once the basic security features are addressed than it is likely to address additional features with ease such as encryption, digital signatures, non repudiation etc., OASIS, W3C and IETF are some of the standard bodies who in major platform and security vendors. Message integrity, single message authentication and confidentiality are provided through quality of protection by the enhancement of web service security to SOAP. This mechanism gives way to integrate wide range of security model and cryptographic technologies, also provides a mechanism to integrate security tokens with messages. Transport Layer Message Layer Service Consumer

Message Message Header

Message Content

Security Header Security Tokens Encryption Info Digital Signature

Time Stamp

SOAP Message Content

Service Pay Load

ECF Wring

Figure 5. Proposed ECF Wring in SOAP

63

Service Provider

Web Service Based Secure E-Learning Management System – EWeMS M.S.Saleem Basha and P.Dhavachelvan

Inspite of all the benefits SOAP is comparatively slower than middle ware technologies and also no default authentication is possible with existing SOAP protocol. In the e-learning environment the size of the message content plays a major role, but SOAP performance will be compromised for large size of message. A new approach is required for the security management within and across the organization boundaries due to the openness introduced by web service based application. The need for web service security is particularly pressing for business, based on several factors. Primarily, the nature of business itself both drives and it is led by the sensitive information for every customer data from the third party assets. The business must provide the highest levels of the confidentiality, supported by the strong protection for account, assets and information of deal. Secondly, the business must act in accordance with an increasing number of regulatory and standard acts, as Sarbanes-Oxley and Basel II, which imply rigorous requirements for the safety, checking and doing a report. As a consequence of the critical needs of confidentiality, protection of information and conformity, an organization that puts into practice of an ambience sure web service must completely address the following quotes. For successful authentication and user identity management, a common identity management solution is required. To identify the user and automatic mapping of user’s identity across organizations, systems, services and components requires an automated system and privileges. Added functionalities are required to reuse the web services across legacy application. Auditing, reporting and security control must be an integral part of the web service environment. More over web service must be continuously monitored for safety related issues such as malware, internal misuse and misconfigurations and finally users must be able to navigate easily across organizational boundaries and Web services with a minimum of password and identity verification procedures. We propose a new concept in web service called Expected Clandestine Figure (ECF which may be a CPU ID or Mother Board serial number) for default authentication of the service consumer in a closed group environment. In RFID technology, smart card has a wider user used in diverse area and application. Usually smart card system works by install a smart card reader at the entrance and connects through network which consist database and system application. Because the system required bigger database that stored staff information, cost of investment will be increase towards the system requirement. This is because usually the staff access can validate through authentication process that compare serial number and data on the card with a serial number stored on database [14]. Similarly by considering the ECF, the service is created from the scratch along with the usual user name and password, or any bio metric authentication etc. The traditional way of using username and password the consumer may be authorized at the initial stage of binding with the service provider beyond that for each transaction the same username and password is carried out for the preceding service; at this point where the security attacks are happened form the other network. So a mechanism in the service to capture the ECF from the consumer’s system is proposed. By ECF, the service provider can be intimated that the authorized user is accessing the service in association with the username and password or any biometric authentication techniques. For each successive request the ECF is used rather than the usual techniques. The consumer or hackers has no aware of ECF which the provider alone can extract the ECF. This caused the attackers to fail in their objective. And also the provider always expects the Expected Machiavellian Figure (EMF, detail of attacker) and if, the server senses the EMF, the appropriate action will be initiated. This gives insight to the built in security features of the web service and device authentication. SOAP and MQSeries (which is a business integration middleware proposed by IBM) doesn’t perform default authentication or authorization. Web Services Addressing SOAP binding defines the binding of the abstract properties defined in Web Services Addressing Core to SOAP Messages [12]. To achieve default authentication and to build a service with default authentication, the service must be modeled to accommodate the security mechanism with in a service, in this case an ECF Wring which extracts the ECF form the consumer though standard SOAP message. It is proposed that the standard SOAP protocol has not been altered, although the service payload is split to accommodate ECF Wring which is synchronized with the E-Learning Management System to get the ECF for every preceding communications as depicted in Figure 5. IT industries believed that implementing the web service based business will have significant returns in the value chain and enhance the customer relation. Many standard organization and consortium are laying the foundation for web service security [2]. To be more beneficial E-Learning Management System and Web Service

64

Journal of Convergence Information Technology Volume 5, Number 7, September 2010

should go hand-in-hand. E-Learning Management System tells the complete activities, underlying technologies, interface of the web service to end users. Introducing ECF is starts from the security aspects by defining the roles, activities, procedures and policies to implement the web service in ELearning Management system. The following steps are to be defined before build the secure service in the business process definition: 1) Define the service (simple or composite). 2) Define the ingredients of service (object /components or both). 3) Define input /output, process, storage of the service. 4) Define policies, procedures and mechanisms of the service. 5) Define the security model under which a particular service is built. From the Figure 4 it is clear that any communication between the students and the E-Learning Management System or with external partners is truly base on the ECF, which is the block named ‘Access Control by ECF’. This approach is more suitable for close group communication. In a close group the service provider has complete knowledge about the service consumer. In the traditional case each consumer will be provided with the user name and password, in our approach additionally the consumer has to provide the hardware serial number(s) which has to register with the E-Learning service provider and this number is mentioned as ECF by the E-Learning service Provider along with the username and password. For each communication the consumer is authenticated with user name, password and ECF. Whenever a student enters to an E-learning environment, there is a mechanism to get the username and password, along this username and password the ECF Wring will extract the students’ hardware information. If this number matches with the number that was previously registered with the service provider then the student will be authenticated and allows for further process else he will be denied. Here the reader may raise the question that what happen when the authorized consumer sits on the other system? The answer to this is explained in the following scenarios and cases. Table 1. sample Comparison of EWeMS and Traditional EMS Parameters EWeMS Traditional EMS

Institutional

Web Service gives way to build the Traditional approach is tight with the business agile, flexible, Simple and business environment, any change in Administrative Affairs traceable the business may need to rebuild the entire EMS Introducing web service in the Web based traditional EMS business consumes heavy revenue consumes lesser revenue due to the Financial and consequently the value chain simplest architecture. The returns also and return on investment in more lesser when compared to EWeMS. than the traditional approach Building Web service infrastructure Traditional web based approach is is complex because of additional easy to build. Infrastructure ingredients such as UDDI, Proxy, ESB, Service Manager, etc., and easy to maintain Diffusion Loosely Coupled Tightly Coupled Adaptation Easy Adaptation Fair Adaptation EWeMS is complex to implement Traditional e-learning management Implementation and highly Reusable system is simple to implement and merely no reusability Return on Investment High return on investment Medium return on investment One of the advantage of the web Traditional web based e-learning Partnership service is partner collaboration is system provides no rooms for highly achievable partnership collaboration Look up mechanism and the service Traditional web based e-learning discovery process reveals all the service in not self marketable. The possible web service based elocation and address of the e-leaning Marketing learning and the location of the e- must be human marketable learning service provider i.e. Self Marketable

65

Web Service Based Secure E-Learning Management System – EWeMS M.S.Saleem Basha and P.Dhavachelvan Web service is auditable easy with Control over traditional web based precise mechanism. system is not easy. High Level of Security with Low level of security Security minimum cost One of the reason for the familiarity May not provide QoS as compared QoS of the web service is appreciable with web service. QoS Service Pure Web Service Web Based Service Orientation Any where at any time Not possible Web service provides an excellent The traditional web based e-learning system provides additional burden for analysis of the content and the Content Analysis supporting resources due to the the content analysis. distributed characteristics. Every communication takes place Due to the lack of security and through SOAP protocol and the ECF authentication challenges the analysis Audience Analysis authentication scheme. The analyses is difficulty. of the audience are done in ease. After the audience analysis the goal The prior step of the goal analysis is of the e-learning can be predicted the audience analysis. The difficulty Goal Analysis easily. of the audience analysis is inherited to the goal analysis too. The audience and the goal analysis Due to the audience and the goal are made easy with the web service analysis are made difficult with the Medium Analysis obviously the medium analysis also traditional e-learning system, the made easy. medium analysis also difficult to analysis. Web service is made perfect blue Tradition e-learning system is not Design Approach print for agile business capable for the agile business environment. environment. Introducing new methods and Difficult to introduce new methods Methods and Strategies strategy are easy in web service and strategy in traditional e-learning Pedagogical system. Web service almost gives the same Almost all the dynamic presentations Presentation presentation as the traditional eare possible in traditional e-learning learning system. system. Web service doesn’t exhibits the Traditional e-learning system is a Exhibits underlying technologies. It is white box approach. completely transparent to the user. The advancement of the web It also supports RIA, but the service and technologies the RIA integration with the application is Demonstration (Rich Internet Application) gives complex. hand for the better visual and audio demonstration. The web service provides innovative Introducing new innovative drills and Drill and Practice drills and modern practices. practices are difficult. Web service supports all Tradition e-learning system also supports Simulation simulations and plugins. all simulations and plugins, provided the environment must be compactable. Collaboration with the partners is Collaborations are not possible in this Collaboration made easily with the web service. system. Due to reusability characteristics any Whole system has to be rebuild Generative Development development can be made faster than the traditional e-learning system. Infrastructure Planning Complex and robust Simple and fragile Needed additional Hardware than No Need of additional hardware Hardware Traditional System Technological Reusable property of the web Traditional EMS consumes time to Page and site Design service makes the page design easy build a page in the site. Easy to navigate across Difficult to navigate across Navigation organization Organization Audit

66

Journal of Convergence Information Technology Volume 5, Number 7, September 2010 Accessibility Usability Testing Evaluation

Assessment of Learners

Highly controlled and secured Hard because of loosely coupled with application Easy due to reusability

Learning Environment Same as traditional system Content Protection Highly protected due to access Management control by the ECF One time edition and can be reused Content Management for other courses Learning management is simple in web service because of the Learning Management characteristics of the service and the authentication schemes. Delivery management is simple in web service because of the Delivery Management characteristics of the service and the authentication schemes. Evaluation management is simple in web service because of the Management Evaluation Management characteristics of the service and the authentication schemes. Security management is simple in web service because of the Security Management characteristics of the service and the authentication schemes. Policy management is simple in web service because of the Policy Management characteristics of the service and the authentication schemes. Exception management is simple in web service because of the Exception Management characteristics of the service and the authentication schemes.

Unsecured Simpler than the web service approach. Unique assessment has to develop for every discipline Supports all the environment Possibility of copying the content Separate edition for all the courses Learning management is difficult because of tight coupling with the application. Delivery management is difficult because of tight coupling with the application. Evaluation management is difficult because of tight coupling with the application. Security management is difficult because of tight coupling with the application. Policy management is difficult because of tight coupling with the application. Exception management is difficult because of tight coupling with the application.

Scenario 1: When the authorized student sits on the other system which is not registered with the service provider than the authorized consumer will not allowed because the serial number of the hardware will mismatch, under this situation the provider will pop up a message that “you are accessing our service from another system would you like us to allow you” with two options allow and not allow, if the authorized consumer clicks on allow, a message will be sent to the authorized student’s mobile phone with two options ‘yes’ or ‘no’(or a secondary question will be raised instead of cell phone message), the service provider waits for the response from the authorized student’s mobile phone, if the response is ‘yes’ the authorized consumer is allowed for further process or an email will be dispatched to the authorized student. Further communication will be allowed by clicking on the link in the email of the authorized student. Scenario 2: When an unauthorized student assess the e-learning web service from the system which is registered with the service provider, while the unauthorized student tries with random username and password, the transaction will be denied because the given user name and password mismatches. When an unauthorized student assess the e-learning web service from the system which is not registered with the service provider with the same password and username of the authorized student then the transaction will be denied because of hardware serial number mismatches, under this situation the provider will pop up the same message as in the case of scenario 1 that “you are accessing our service from another system would you like us to allow you” with two options allow and not allow, if the unauthorized student clicks on allow, a message will be sent to the registered student’s mobile phone with two options ‘yes’ or ‘no’. In this scenario the registered student will come to know that some one is

67

Web Service Based Secure E-Learning Management System – EWeMS M.S.Saleem Basha and P.Dhavachelvan

accessing his account, this initiate him to contact the service provider as soon as possible or to change the username and password, mean while provider waits for the response from the unauthorized student’s mobile phone but the response will be ‘no’ because the registered user is not consuming the service and hence the unauthorized student will not allowed for further process. In this scenario the authorized student aware that some one is using his username and password, this triggers the authorized student to take immediate action. It is predicted that the implementation of the e-learning web service management system as in Figure 4 then result would be as in the Table 1. As stated above, in our approach the ECF plays a major role in the authentication of the web service consumer of e-learning environment. The business logic determines the access control of the learners which is specified in the access policy enforcement. Separate policy is stated for the different levels of the learner and the editors. The access policy enforcement is also applicable for all the management activities of the e-learning system. The access policy resolution specifies the consolidated / mutual agreed policy upon a web service by the two or more service providers and the administration and auditing of the policy is the essential activity for the analysis and reporting.

7. Conclusion ECF is an innovative approach for two factor authentication of web service consumers using proprietary analyzing algorithm. The proposed idea work at the device level, ECF Wring captures the hardware specification that is used as input to the proprietary analyzing algorithm for strong authentication than password. This scheme gives way to create two factor authentication scenarios where the traditional user name and password combination is tied to device authentication, the level of confidence that can be expected from any session at any given time. Many benefits can be derived from strong machine-to-machine authentication. The ECF based solution is based on solid foundation of technology, product and support. This solution is robust, easy to implement and drastically reduces risk in many areas of business, while opening up new opportunities for revenue generation for customers and provider.

8. Acknowledgement This work has been carried out as a part of ‘Collaborative Direct Basic Research in Smart and Secure Environment’ Project, funded by National Technical Research Organization (NTRO), New Delhi, India. The authors would like to thank the funded organization.

9. References [1] Alderfer, Clayton. P, Existence, Relatedness and Growth, Human Needs in Organizational Settings, New York Free Press, 1972. [2] Anoop Singhal, “Web service security challenges and techniques”, POLICY’07, IEEE, pp 282282, 2007. [3] Bekim Fetaji, Majlinda Fetaji, “E-learning Indicators Approach to Developing E-learning Software Solutions”, International Conference on Computer as Tool, EURCON, 2007. [4] Brooke J., et al., “Semantic Matching of Grid Resource Descriptions”, Proceedings of 2nd European Across-Grids Conference, 2004. [5] Brusilovsky, P., Eklund, j., & Schwarz, E. “Web-based education for all: A tool for developing adaptive courseware, Seventh International WWW Conference on Computer Networks and ISDN Sytems, 30, 1-7, 291-300, 1998. [6] Harth, Andreas et. al., “A Semantic Matchmaker Service on the Grid”, Proceedings of 13th International World Wide Web Conference (WWW2004), New York, pp. 326-327, 2004. [7] Hasan Al-Sakran, (2006), Developing e-learning system using Mobile Agent Technology, IEEE, Conference on Information and Communication Technologies, ICTTA’06, 1, 647-652 [8] Hosam F. El-Sofany1, Ahmad M. Hasnah, Jehad M. ALJa'am1, Fayed F. M. Ghaleb, and Samir A. El-Seoud, “A Web-Based E-Learning System Experiment “, International Journal of Computing & Information Sciences, 4, 1, 22-29, 2006.

68

Journal of Convergence Information Technology Volume 5, Number 7, September 2010

[9] Hylton, “A KM initiative is unlikely to succeed without a knowledge audit”, www.HyltonAssociates.com, 2002 [10] J.D. Yoder and C.M. Hochevar, “Encouraging Active Learning Can Improve Students, Performance on Examinations”, Teaching of Psychology. 32, 2, 91-95, 2005. [11] Jan Mendling, “Business Process Execution Language for Web Service”, IBM, 2005. [12] Martin Gudgin and Marc Hadley, “Web Services Addressing - SOAP Binding”, W3C, 2004. [13] Maslow.A.H, “A theory of Human Motivation”, Psychological Review, 50, 4, 370-396, 1943. [14] Muhammad Tarmizi Lockman and Ali Selamat, “Verification and Validation Communication layer of Embedded Smart Card System”, International Conference on Electronic Design, IEEE, pp 1-5, 2008 [15] Shum, S.B., “CoAKTinG: Collaborative Advanced Knowledge Technologies in the Grid”, Eleventh IEEE Int. Symposium on High Performance Distributed Computing (HPDC-l 1), Edinburgh, Scotland, 2002 [16] Tajudeen A. Atolagbe, “E-learning: The Use of Components Technologies and Artificial Intelligence for Management and Delivery of Instruction”, 24th International Conference on Information Technology ITI, Cavtat, Croatia, 2002. [17] Wilson S, Blinco k. and Rehak D, “An e-Learning Framework: A Summary”, JISC-CETIS (UK), and Industry Canada, 2004. [18] Woolley, D.R., “PLATO: the Emergence of Online Community”, http://thinkofit.com/plato/dwplato.htm, 1994. [19] www.accessgrid.org [20] www.wikipedia.org.

69