[Zope] Secure Quizzing/Testing Project

Jim Washington jwashin@vt.edu
Thu, 14 Nov 2002 10:52:06 -0500 

Hi, all

My group is considering putting together a proposal for a web-delivered 
high-stakes testing environment, which needs to be secure, safe from 
copying, etc...  We have mainly done on-line surveys in the past, where 
the most sensitive data is an occasional ssn, for which we use SSL and 
we put the database behind a firewall, and this is secure enough.  This 
would be a much bigger project.  We may or may not get the contract, but 
I thought I would send a few ideas out to the Zope brain trust and see 
what you-all think. Zope-edu seems to be missing in action, so I hope 
this is a good place to introduce this.

I am thinking toward a Zope backend and a Mozilla/XUL client.  Single 
source for code and data, so no clients to distribute, and available to 
almost every machine/OS out there.  (Install Mozilla/Netscape7; mozilla 
-chrome https://our.url/testname; take the test.)  With XUL, the source 
of the page/application is not readily available, so this has a 
marginally better item security than html.

Test content (question banks, assessments) would be maintained in 
ParsedXML in (standard?) IMS-QTI format 
http://www.imsproject.org/question/.  Though IMS-QTI is dreadfully 
complicated, the IMS folks seem to have this solved for the general 
case, and why reinvent the wheel?

Yes, of course, proctors on the client side will be essential.  "On the 
web, nobody knows you're a dog."  :)

Special buzzword compliance may be important for future-proofing: 
Accessibility and internationalization in particular.

These are just initial thoughts.  I would think there should already be 
a project out there with similar ideas, but none really stood out. 
 PHPTest seems to use the IMS-QTI model, but it's php, and I would 
rather get away from DTML-ish solutions; besides, zope has really good 
security policies built-in.  SCORM refers to the IMS -QTI model, but if 
I am correct, any implementations are proprietary at the moment.  

Any ideas?  Any projects out there?  I would much rather contribute to 
an existing open-source project than create my own (probably necessarily 
proprietary)  one.

-- Jim Washington