1. Introduction We developed a distributed-open asynchronous information access environment where users have web-based interfaces from different locations through a complete security mechanism and user authentication interface integrated to commodity interfaces. The environment provides asynchronous collaboration of supervisors, instructors, co-instructors, TAs, students, guests, and administrators through the Web Browsers. Distributed students can register on-line for the courses and get services like password assignment, post office & automated mail lists, file uploading, pictured class lists, surveys, grades, evaluations, performance assessment, and other account administration. The student records and their performance records are planned to be kept in a database continuously that provides a base for a virtual university student services. Students performance pages include their grades, grader comments, averages, expected grades, failures and suggestions, etc. A student can access his performance page, at any time from any where having web access, and can include his resume at job applications for more reliable evaluations. Besides the convenience of online grading and submitting the grades to the students, instructors use the environment as a technical services provider for the course preparation and as an assessment tool during the semester, or later as a long-term reference. The graders can see various statistics about the students at any time while grading from a web browser. A categorized questionnaire database is useful for online surveys and quizzes. Preparing class surveys provides tracking of the students' progress, understanding of course quality, and increased adaptability to student needs. Possible customizations of grades brings more flexibility to grading. The environment also presents an user friendly administration interface on the web. A server administrator can tune the performance and change the configuration from any web browser connected to the Internet network. Our architecture design considered a broad perspective of educational environments. Similar feature sets exist in other course management systems such as WebCT [WebCT]. The architecture of WebCT is based solely on the Web Server and file system. While this is suitable for many situations, our architectural design is driven by the need to incorporate commodity databases as in PAPI [PAPI] specifications on data interchange formats, and other advanced web systems used by our professors in developing course materials such as WebWisdomNT [WebWisdom]. 2. Basic Needs and Problems encountered leading to the project In our experience with distance learning, we realized that especially the outside distributed students had difficulties in following a course presented with recent web technologies. A new complete integrated environment needs to be presented to the outside registered students to make them feel like they are attending a virtual university, and also benefits the on-campus students with a complete course environment on-line. Not having the student records in a trustable, easily-securely accessible database environment is a complete disadvantage for both on and off-campus students. Specific web-based interfaces should allow users to access certain information,perform related operations, and store the results in a stateful environment. The team offering the courses also felt overloaded by the work of technical class preparation. Construction of class lists, email lists, making Unix accounts, listing student home pages, submitting passwords to students and keeping track with add-drop students, measuring class level with surveys for different types of courses needed many hours of human effort because of no automated environment. Issues like grading became a problem with distributed teaching teams. Furthermore, online progress tracking, having a categorized questionnaire databank, automatically generated evaluation reports, and similar services became a need more than a luxury. 3. Features We designed the student records system specifically to offer the following functionalities through the Web: Menus Image URL http://carver.npac.syr.edu:3768/users-docs/msen7/paper/userstudentmenus.gif 3.1 Course Records One can see the courses listed to use operations like browse, update, and delete on the present courses, or new courses can be added. Instructors can prepare surveys to be filled by on-line registering students. 3.2 Student Records Staff users can see the students registered in each course listed. One can create new students, browse, update, and remove students. Students can access their own records, which they get by on-line registering to the courses. They can always see their performance records, use the post office, upload homework files, administer their virtual directories and personal accounts, see enhanced class Web links collected, and use other tools. 3.3 Assignments & Grading The team offering courses to students can make new assignments through the web interfaces and specify grading information about the assignments such as weights, published URLs, etc. The on-line grading provides an asynchronous collaboration between distributed staff team members which is invisible to the students. Students may see their grades online, securely and privately after they are published by graders. The grading interface contains different information and comments depending on the security level of the accessing person; grader, students, assistants, instructors, supervisors, parents, etc. The grader may use various interfaces, has different grading alternatives, e.g., numeric, countless customized word grades, etc., and feedback information while grading, e.g., averages, ranks, etc. Image URL http://carver.npac.syr.edu:3768/users-docs/msen7/paper/grading.gif 3.4 File Manager The NPAC Virtual File Manager is integrated in the environment for uploading homework files into virtual directories in server side, and directory-file manipulations.[VPL] Image URL http://carver.npac.syr.edu:3768/users-docs/msen7/paper/filemanager.gif 3.5 Surveys & Quizzes Through the web interfaces, instructors can prepare surveys & quizzes for students at any time during the course offered. A categorized question bank is kept in the database to enable re-use of previous questions. Questions may be distributed into different categories, and presented in a logical way to the students independent of their preparation time. Beyond the regular quizzes, different aspects of quizzes - from student-self evaluation quizzes to pop-quizzes in class time - are currently in progress. The survey results are automatically evaluated and immediately presented to supervisors on their browsers. By using the surveys and quizzes the understanding level and expectations of the class may be measured, and the performance of the class can be improved. Image URL http://carver.npac.syr.edu:3768/users-docs/msen7/paper/surveyresult.gif 3.6 User records In addition to the student, accounts are kept in the system for instructors, co-instructors, supervisors, super users, TAs, graders, administrators, browsers, other system administrators, etc. These records contain personal information about the users and their access privileges. The security issues about different levels of users will be discussed later. 3.7 Services and legacy systems connections One of the important characteristics of the project is that it contains many services automated in its environment. The load of the staff offering courses in NPAC relieved considerably. Besides these services, there are other services directly offered in the environment, like its own post-office categorized email lists. Administrators can do performance tuning and configuration changes from an easy front-end interface. The access logs of students using web-based materials are kept for future reference and assessment. 3.8 Security Issues Student records are among the most private kinds of information in education. Because of its exposure to the public over the Internet, the whole environment is subject to attacks to capture, to alter, to destroy the private information. For the sake of completeness, complete security should be inserted into the architecture. We solved the security issues under the following categories: Image URL http://carver.npac.syr.edu:3768/users-docs/msen7/paper/security.gif 3.8.1 Communication channel security: Currently, we are using the technology to secure the communication channels over a public network by using public key cryptography in the SSL protocol for securing the transfer of information over the Internet. 3.8.2 User authentication: Like many computer operating systems, a user authenticates himself by entering a user login id and a secret password known solely to himself and the system. 3.8.3 User access lists: The second part of the authentication mechanism is keeping access lists for the users. All the users are restricted only to access to the allowed part of the database, HTML pages. Access lists can be easily manipulated in the user records interface, simply by carrying present course names to the access list box. 3.8.4 User privilege levels: Since privacy issues are most important in such a system, user password authentication and access lists are not enough to keep privacy by themselves. After those steps, a user must have powerful enough privileges to access, delete, update some records, or to see HTML information pages. 3.8.5 Presentation security: One of the challenging issues in the security is not the communication security but keeping the data private after the data is transfered. It is highly possible that students may view their grades and other private records in a public cluster. Although it is not possible to provide complete security at this level, we improved different strategies to make the risk as low as possible; the SSL server prevents browser caching in general, timeout clocks destroy the windows, the new unique id given by each login, with expiration time, prevents using same URL and stealing passwords, etc. 3.9 HTML Editable User Interfaces in template library All the user interfaces are presented through the WEB browsers, and they are also kept as HTML-like files in a template library separated from the implementation and the database records. One can easily edit user interfaces as HTML files without any technical knowledge of the environment. Also using various style sheets for different users is possible. 3.10 Easy system administration A front end menu is prepared for the administrators, who are configuring the connections like, JDBC-Database connectivity, and tuning up the performance, etc. Any third party, who wants to use the project for themselves, can easily use the project just by using user friendly front-end guides without any deep knowledge of components without having highly skilled computer experts. 4. Architecture and technologies involved The entire architecture is implemented based on the concern of usability, performance, portability and easy installation to any machine. The involved technologies include HTML, JavaScript, Java, JDBC, SQL, SSL and a limited amount of Perl for specific local legacy systems. The below figure illustrates the architecture of the environment; Image URL http://carver.npac.syr.edu:3768/users-docs/msen7/paper/architecture.gif The architecture is a multi-tier architecture. In general it can be seen as a three-tier architecture. The more layers in the middle tier are especially designed in semantics of modularity and easy integration with other related projects. The user interface is completely presented as an commodity interface. All the data access, and functionality is managed through the client browsers. The communication with the outside world is provided through dynamically produced HTML pages by the servlets. The communication channel is secured with SSL to complete other inside security mechanisms as previously mentioned. In the middle tier, the main intelligence of the environment is placed hierarchically. The first level contains the high level functionalities to talk with the clients and to perform the operations in a more advanced level without considering the low level system dependencies like database connectivity. The relational database records are considered as the objects at this level. The second level mainly serves as a cache memory to database objects. The cache mechanism provided performance increases by decreasing accesses to the database for each operation. The objects in the cache are defined as the objects which are kept in a single relational database table row entry and the related methods to perform on them. The last level performs low level operations like connecting to the databases and performing database related operations. Each independent type of tables like, students, users, courses, etc., has an associated class. The last layer in the architecture is the database back-end. Since the implementation is done with Java, any suitable database supporting basic SQL standards can be chosen and the database access can be forwarded to the selected database through a JDBC bridge update in the front end options. The parser dynamically produces HTML user interfaces through the template library stored in outside editable HTML-like files. Finally, the architecture includes the legacy systems through a cgi module. 5. Conclusion and Future Directions NPAC's student records database environment has been used by many students, about 450, and staff in the last two years. It has evolved with professional experience and new needs both by on and off campus course offerings[SC98]. The environment keeps a rich set of online available tools useful in education. Distributed students from Missisipi, Boston, Georgia, Houston, and Syracuse have successfully registered on-line for the same course offerings in the environment. The implementation is entirely written in Java in a portable fashion. Another educational organization has also installed it. Its layered and modular architecture provides easy upgrading and integrability with other environments, e.g., high level sharing database records. The environment provides easy server administration and configuration through the Web additional to its convenience for users. Currently we are developing new assessment tools having a new horizon using data mining techniques on combination of environment logs and other synchronous and asynchronous resources logs. We are planning database integrations with our other current projects through XML. Using DHTML in user interfaces is another issue. Acknowledgments: We would like to thank S. ElMohamed and M. Ispirli for their feedback in various stages of this project. 6. References [VPL] K. Dincer and G. C. Fox, Using Java and JavaScript in the Virtual Programming Lab: A Web-Based Parallel Programming Environment, in Concurrency: Practice and Experience Journal, June 1997. [HPDC-6] K. Dincer and G. C. Fox, Design Issues in Building Web-based Parallel Programming Environments, in Proceedings of the Sixth IEEE International Symposium on High Performance Distributed Computing (HPDC-6), Portland, OR, August 5-8, 1997. [SC98] David E. Bernholdt, Geoffrey C. Fox, Roman Markowski, Nancy J. McCracken, Marek Podgorny, Thomas R. Scavo Syracuse University | Debasis Mitra and Qutaibah Malluhi, Jackson State University, Synchronous Learning at a Distance: Experiences with TANGO, SC 1998. [WebCT] Murray W. Goldberg and Sasan Salari, "An Update on WebCT (World-Wide-WebCourse Tools) - a Tool for the Creation of Sophisticated Web-Based Learning Environments", Proceedings of NAUWeb '97 - Current Practices in Web-Based Course Development, June 12 - 15, 1997, Flagstaff, Arizona. [PAPI] Frank Farance (edutool.com), James Schoening (US Army),Public and Private Information Specification, http://www.edutool.com/papi/papi-500.html [WebWisdom] Geoffry C. Fox, URL http://www.npac.syr.edu/users/gcf/wisdom/help/