Controlling Access to OLab cases

How do you control who has access to which cases?

In general, we are pleased to make OLab cases as accessible as possible. The software itself is free and open-source, and we generally encourage authors to make their case content accessible under a Creative Commons licence.

So, how do you, the case author, control who has access to your cases: who can play them, who can make copies or edit them, who can get credit for participating? In OLab versions 2 to 4, we have multiple ways of controlling this access (which gets confusing). It is up to you as the author as to how wide you make that access. We can make suggestions but it is your decision.

Simple Internal Security Levels

Within OLab versions 2 and 3, we have some simple internal levels which will help with this. Firstly, you can apply a security level to the case you have just created. You can make your case:

  • Open: anybody can play it, if they know the URL. No login required.
  • Closed: OLab login required but otherwise unrestricted
  • Private: only users and authors specified in the map’s Details page can play it
  • Keyword: a simple key or password is required, once you access the case via URL

There are also some simple internal security levels for users. As noted, for open cases, they are accessible without a login. All other activities in OLab need you to be logged in the OLab server. The user security levels are:

  • Learner: can play cases but not create or edit them
  • Reviewer: can play cases and comment on them but not edit them.
  • Author: can create, edit or play cases.
  • Director: can create and control Scenarios
  • Superuser: awesome, cosmic power (itty, bitty living space… oops, sorry, that’s Aladdin)

There is more info in the OLab3 User Guide about these various levels and what you are allowed to do.

Playing Nice with Others

In various projects over the years, we have adopted many different approaches to embedding OLab materials in other systems, and in using OLab as ‘contextual glue’ to embed other materials within OLab. Some of these mechanisms can be done quite simply; some provide quite sophisticated levels of authentication and access control.

For situations where you want things to be completely unrestricted and do not want to track who is doing what, you can simply make your cases Open (see above) and include the URL to the case within the link that you provide to your users.

But in many situations, it is helpful to be able to track how users perform, or to see who is using your cases. For this, some sort of login or authentication is needed. Again, you can do this with OLab’s internal security levels mentioned above. But if you are integrating your OLab cases with other materials such as Moodle courses or WordPress pages, there are more sophisticated ways to do this. Users hate having to use multiple passwords and login several times.

OLab v3 does support simple OAuth 2.0 logins. This means that users can login to cases using their Facebook or Twitter ID. We did support a wider range of OAuth logins (e.g. Google+) and can set this up if there is a need within a specific project.

Another simple way to control who has access to your cases is to apply the internal Keyword security mentioned above. The case will then appear in publicly listed cases on the OLab server and users need to know the keyword in order to play it. You can provide this keyword in a WordPress page, or similar. While this approach is simple, it has the disadvantage that you may not be able to identify which user was which in a session.

Learning Tools Interoperability (IMS-LTI)

We have implemented the IMS-LTI standard in OLab3. The Learning Tools Interoperability (LTI) protocol is quite powerful and is not too difficult to set up. LTI allows you to set up authentication and control across multiple learning platforms. For the user, this effectively means Single Sign-On and not having to remember multiple sets of credentials.

As an aside, in OLab2 and OLab3, we do have basic support for SCORM, which is often requested. However, in practical terms, we have found SCORM to be overly rigid and too easy to break. There are now better mechanisms for doing what SCORM promises that are less rigid (IMS-LTI), or that provide far better information about user activity (xAPI and LRS).

The LTI protocol uses secure internal handshaking to assure software platforms that the user is who they say they are, and passes on what they are allowed to do. It is better explained here. A software platform can be an LTI Producer (ie it produces a learning module that can be consumed in another platform) or an LTI Consumer (ie it consumes a learning module that was produced by another platform: the LTI Producer). OLab3 can act as an LTI Producer or an LTI Consumer. That means you can embed OLab cases within another LTI course eg Moodle; or you can embed Moodle modules within OLab cases.

As a practical example, we have LTI authentication between OLab3 and our CURIOS video mashup service. To create a new CURIOS mashup, simply login to OLab3, which will then pass on your authentication to the CURIOS service.

Team-Based Case Authoring

Most projects do not need to deal with this because the case authoring process is quite simple and lightweight. However, for our DynIA project where we had multiple authors working simultaneously on our case set, we implemented some simple record-locking mechanisms so that authors do not overwrite each others’ efforts. This is better described here. It has not been used extensively since most projects find that such clashes are rare.

Sharing Materials

At its heart, OLab has always been set up to make the sharing of cases and related materials easy. Case portability, using the ANSI-Medbiquitous MVP standard, has been available since 2004. This allows you to easily move cases written on one OLab server to another OLab server very easily. It also allows you to use cases written on other virtual patient platforms, such as CASUS or DecisionSim, without too much conversion work.

We recommend to all our author groups that they use a Creative Commons licence, which allows you to easily specify how your cases can be reused. The vast majority of our cases on our OLab servers can be reused, but this is up to you, the author, as to how much you want to restrict such reuse.

Remember that the usual copyright restrictions apply when using materials from elsewhere. We have some tips on how to deal with this. Linking to an object is generally acceptable. In particular, be careful with materials that have been placed behind a paywall, or cartoons (especially Disney who can be aggressive in pursuing copyright issues).

We have found that in OLab3, there has been a lot of reuse of objects and modules within cases. Rather than wanting to reuse the entire case, there are often pieces of a case that are useful elsewhere. It is easy to reuse Files, images, CURIOS mashups and Elements from one OLab3 case to another. It is harder to reuse Questions, Avatars, Counters.

In OLab4, we are taking things a big step further. We now have Scoped Objects: this makes it much easier to reuse all of the above case objects and to control who can modify them later. This will be a big time-saver in case authoring.