UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
Pots pan workpackage 3
1. PotsPan Project Workpackage 3
Institutional Document Management Pilot
1. Overview and Planning
Workpackage 3 of the JISC PotsPan project was to pilot the use of digital signatures with
management and administrative documents at Swansea Metropolitan University in the context of its
merger with University of Wales Trinity Saint David during the project period. The intention was to
explore the benefits of electronic signatures on documents that needed to be shared on multiple
sites. The original Workpackage specification can be seen in Appendix A.
The merger took place in October 2012 and the new institution is now engaged in a management
planning process that aims to have a fully integrated system in place by mid 2013. Understandably,
the new management document systems that will accompany this process have yet to be designed
and agreed. As a consequence, to meet the objectives of Workpackage 3, a document management
system needed to be chosen that would anticipate future operational needs and be of use to both
the new institution and the wider JISC community.
An expectation of future HE delivery strategies is that online blended and distance learning will
become an increasingly important component. The authentication of assessment documents
submitted remotely online has been a contentious issue1 and many reviews of potential solutions
and new methods have been published2,3. Swansea Metropolitan (the name is retained in the
merged university structure) is currently considering the validation of online distance learning
courses. It therefore seemed both appropriate and potentially valuable to focus the digital signature
pilot on this management issue.
An additional advantage that this Workpackage brings to the project is the opportunity to further
explore the acceptable use of electronic signatures. As noted in other project documents, the use of
a digital pen for signatures in the WBL administrative system was a compromise solution that met
EU audit requirements for a handwritten signature whilst enabling a fully digitised document system
to be established. The proposed Swansea Metropolitan pilot for authenticating online assessment is
not constrained in this way and presents an opportunity to take the electronic signature agenda
forward.
2. Electronic Signatures
Secure electronic signatures are accepted for financial and business transactions globally4 and
virtually any level of security can be included in document management workflows5. Adobe
1
Weller, M. (2002) Assessment Issues on a Web Based Course. Assessment and Evaluation in Higher Education,
vol 7, no. 2. pp109-116.
2
Toole, A. M. (2001) Assessment Authentication for On-line Learning. Professors & Heads of Engineering
Conference. Millennium Stadium, Cardiff.
3
Toole, A. M. (2002) On-line Assessment, Authentication and the design of a VLE. UCLES Seminar Series. The
University Centre, Cambridge.
4
Toole, A. M. (2012) Making Your Mark – Digital Signatures. JISC Innovating e-Learning Online Conference.
November 2012.
5
Adobe Systems Inc. (2011) Digital Signatures Enterprise User Guide. [online]. Available at:
http://www.adobe.com/devnet-docs/acrobatetk/tools/DigSig/Acrobat_DigSig_WorkflowGuide.pdf
2. summarise the capability well in their introduction to the use of electronic signatures6 using their
Acrobat PDF authoring application:
Digital signature capabilities allow authors to set up a secure signing environment and create simple
documents and complex forms with one or more fields. Document authors can design documents
with multiple signature fields each with unique behavioural characteristics and appearances.
A signed field can lock other fields so that signed data can’t be changed, and authors can force
certain signature fields to be a required part of a workflow. Attention to signature field design and
configuration can help make the document “do the right thing” when someone receives it as well as
control what that person can and cannot do with it.
Similarly, the Open Office suite of open source office applications includes the ability to add digital
signatures (and encrypt entire documents) in a secure way. They provide a number of application
scenarios7 including one that is entirely relevant to this case study:
Scenario: Education: Signing and encrypting documents in the education area is interesting,
because it can replace the paper process of correcting dissertations, etc. Students would send their
signed dissertations to professors, who would make annotation, sign these annotation and send the
signed document back to the student.
Product Requirement 1: Sign Complete Open Office Documents;
Product Requirement 2: Encrypt complete documents;
Product Requirement 3: Protect content via password and allow to add annotations (comments) or
tracked changes only;
Product Requirement 4: Sign tracked changes or annotations.
Both Adobe and Open Office enable very similar degrees of security to be applied to their
documents and electronic signature systems. The difference between them is that Adobe is a
commercial product and Open Office is an open source software application and free to use. Cost
will clearly be an important consideration for institutions, and the students using the system, in the
choice of software to adopt.
3. Electronic Signature Security
The basic features of a secure electronic signature system is that it should be able to confirm
ownership of the document, that the signatory was authorised to sign the document and that the
document has not been changed since the signature was applied. Typically the systems will also
identify the computer used to create the document and the date and time the signature was added.
There are a number of systems that achieve this, but one of the most secure involves asymmetric
public/private key encryption where only the owner with the private key can encrypt the
signature/document but anyone with the linked public key can verify the authenticity of the digital
signature/document when they open it.
A further element of security in the system is the use of a third party Certification Authority (CA) that
generates the public and private key certificates. The private key certificate is held on the owners’
computer and ensures that the encrypted data includes verification information that is recognised
by the receiving computer(s) with the public key. If any aspect of the document and signature
security is not verified, then a ‘not valid’ alert will be shown.
As with the software suppliers, there are both commercial and freely available CA providers. Clearly
there must be complete trust by all users in the integrity and security of the provider chosen.
However, as noted earlier, cost is clearly an issue for the institution and the students and this
6
Ibid. P 11.
7
Loehmann, F. (2004) Electronic Signatures and Encryption GUI. [online]. Available at:
http://bcn.boulder.co.us/~neal/i2/OpenOffice_Electronic_Signatures_and_Security.pdf
3. particular evaluation exercise will assess the information from service users in identifying a suitable
free CA service.
For the purposes of the PotsPan project only the electronic signature process will be looked at in
detail, although references to full document encryption will be made where relevant. The general
objective is to identify and test the lowest cost options available and for that reason the Open Office
software application will be used and a choice made from the free CA providers available.
4. Electronic Signatures Pilot Plan
The plan for piloting the use of electronic signatures on documents will involve choosing a CA
provider and creating digital authentication certificates, installing the certificates on the computer
creating the documents, creating of a range of documents using Open Office software and applying
electronic signatures to those documents. The documents will be then transmitted electronically and
an assessment made of the validity of the electronic signatures received and the trust attributable to
them. The pilot will conclude with a further assessment of their use, based on evidence gained
during the exercise, on the value electronic signatures would bring to the authentication of online
assessment submissions.
Implementation of the plan will therefore include:
Identifying a free Certification Authority service, registering as a user and completing all the
security procedures for the creation of authenticated certificates;
Installing the certificates on the PC to be used to create and sign the documents using the
Microsoft Management Console;
Create test documents using Open Office Writer and use the Digital Signatures function to
add certificated electronic signatures;
Send the documents electronically and test the received documents for validity against the
security criteria applied;
Repeat the exercise using assessment cover sheets attached to student assignments
submitted online using Moodle.
The pilot will conclude with a case study based report for inclusion with the JISC PotsPan project
deliverables.
Tony Toole
November 2012
4. Appendix A: Workpackage 3 Specification
PotsPan Project Workpackages
Workpackage 3: Institutional WBL Document Management Pilot
Pilot Institution: Swansea Metropolitan University
Primary Contact: Kathryn David, Head of Commercial Services
Workpackage Specification:
WORKPACKAGE 3: Institutional WBL Document Start Finish Action (deliverables indicated in bold) Milestone Responsibility
Management Pilot
Objective: To implement and evaluate the digital
signature system for distributed institutional
document management, particularly in support of
online Work Based Learning provision
1. Digital pen systems procurement & testing 01.06.2012 31.07.2012 Completed testing exercise and report TT
indicating recommended system.
2. Digital document management system review 01.08.2012 30.08.2012 Completed document review. TT, KD, NP
3. JISC WBL toolkit evaluation & testing 01.09.2012 31.10.2012 Mapping of the JISC WBL toolkit process 31.10.2012 TT, KD, WBL
to SMU WBL delivery. Report & staff
recommendations.
4. Trial of electronic signature systems in online 01.10.2012 21.12.2012 Completed evaluation and test report on TT, KD, WBL
WBL document administration & management electronic signature usage in the WBL staff
documentation system.
5. Online WBL document electronic signature 07.01.2013 26.04.2013 WBL stakeholder workshop and report 26.04.2013 TT, KD
system refinement, evaluation & reporting on digital document management.
![PotsPan Project Workpackage 3
Institutional Document Management Pilot
1. Overview and Planning
Workpackage 3 of the JISC PotsPan project was to pilot the use of digital signatures with
management and administrative documents at Swansea Metropolitan University in the context of its
merger with University of Wales Trinity Saint David during the project period. The intention was to
explore the benefits of electronic signatures on documents that needed to be shared on multiple
sites. The original Workpackage specification can be seen in Appendix A.
The merger took place in October 2012 and the new institution is now engaged in a management
planning process that aims to have a fully integrated system in place by mid 2013. Understandably,
the new management document systems that will accompany this process have yet to be designed
and agreed. As a consequence, to meet the objectives of Workpackage 3, a document management
system needed to be chosen that would anticipate future operational needs and be of use to both
the new institution and the wider JISC community.
An expectation of future HE delivery strategies is that online blended and distance learning will
become an increasingly important component. The authentication of assessment documents
submitted remotely online has been a contentious issue1 and many reviews of potential solutions
and new methods have been published2,3. Swansea Metropolitan (the name is retained in the
merged university structure) is currently considering the validation of online distance learning
courses. It therefore seemed both appropriate and potentially valuable to focus the digital signature
pilot on this management issue.
An additional advantage that this Workpackage brings to the project is the opportunity to further
explore the acceptable use of electronic signatures. As noted in other project documents, the use of
a digital pen for signatures in the WBL administrative system was a compromise solution that met
EU audit requirements for a handwritten signature whilst enabling a fully digitised document system
to be established. The proposed Swansea Metropolitan pilot for authenticating online assessment is
not constrained in this way and presents an opportunity to take the electronic signature agenda
forward.
2. Electronic Signatures
Secure electronic signatures are accepted for financial and business transactions globally4 and
virtually any level of security can be included in document management workflows5. Adobe
1
Weller, M. (2002) Assessment Issues on a Web Based Course. Assessment and Evaluation in Higher Education,
vol 7, no. 2. pp109-116.
2
Toole, A. M. (2001) Assessment Authentication for On-line Learning. Professors & Heads of Engineering
Conference. Millennium Stadium, Cardiff.
3
Toole, A. M. (2002) On-line Assessment, Authentication and the design of a VLE. UCLES Seminar Series. The
University Centre, Cambridge.
4
Toole, A. M. (2012) Making Your Mark – Digital Signatures. JISC Innovating e-Learning Online Conference.
November 2012.
5
Adobe Systems Inc. (2011) Digital Signatures Enterprise User Guide. [online]. Available at:
http://www.adobe.com/devnet-docs/acrobatetk/tools/DigSig/Acrobat_DigSig_WorkflowGuide.pdf](https://image.slidesharecdn.com/potspanworkpackage3-121130022621-phpapp01/85/Pots-pan-workpackage-3-1-320.jpg)
![summarise the capability well in their introduction to the use of electronic signatures6 using their
Acrobat PDF authoring application:
Digital signature capabilities allow authors to set up a secure signing environment and create simple
documents and complex forms with one or more fields. Document authors can design documents
with multiple signature fields each with unique behavioural characteristics and appearances.
A signed field can lock other fields so that signed data can’t be changed, and authors can force
certain signature fields to be a required part of a workflow. Attention to signature field design and
configuration can help make the document “do the right thing” when someone receives it as well as
control what that person can and cannot do with it.
Similarly, the Open Office suite of open source office applications includes the ability to add digital
signatures (and encrypt entire documents) in a secure way. They provide a number of application
scenarios7 including one that is entirely relevant to this case study:
Scenario: Education: Signing and encrypting documents in the education area is interesting,
because it can replace the paper process of correcting dissertations, etc. Students would send their
signed dissertations to professors, who would make annotation, sign these annotation and send the
signed document back to the student.
Product Requirement 1: Sign Complete Open Office Documents;
Product Requirement 2: Encrypt complete documents;
Product Requirement 3: Protect content via password and allow to add annotations (comments) or
tracked changes only;
Product Requirement 4: Sign tracked changes or annotations.
Both Adobe and Open Office enable very similar degrees of security to be applied to their
documents and electronic signature systems. The difference between them is that Adobe is a
commercial product and Open Office is an open source software application and free to use. Cost
will clearly be an important consideration for institutions, and the students using the system, in the
choice of software to adopt.
3. Electronic Signature Security
The basic features of a secure electronic signature system is that it should be able to confirm
ownership of the document, that the signatory was authorised to sign the document and that the
document has not been changed since the signature was applied. Typically the systems will also
identify the computer used to create the document and the date and time the signature was added.
There are a number of systems that achieve this, but one of the most secure involves asymmetric
public/private key encryption where only the owner with the private key can encrypt the
signature/document but anyone with the linked public key can verify the authenticity of the digital
signature/document when they open it.
A further element of security in the system is the use of a third party Certification Authority (CA) that
generates the public and private key certificates. The private key certificate is held on the owners’
computer and ensures that the encrypted data includes verification information that is recognised
by the receiving computer(s) with the public key. If any aspect of the document and signature
security is not verified, then a ‘not valid’ alert will be shown.
As with the software suppliers, there are both commercial and freely available CA providers. Clearly
there must be complete trust by all users in the integrity and security of the provider chosen.
However, as noted earlier, cost is clearly an issue for the institution and the students and this
6
Ibid. P 11.
7
Loehmann, F. (2004) Electronic Signatures and Encryption GUI. [online]. Available at:
http://bcn.boulder.co.us/~neal/i2/OpenOffice_Electronic_Signatures_and_Security.pdf](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)