Learning Environment – Components #EduScotICT #Glow2 #Glew

Learning Environment – Components

(Sorry that this is a long post – but there is quite a lot to say here)

In light of Charlie Love’s recent publication of his proof of concept portal ( see glew.org.uk and also  http://charlielove.org/?p=7810) he has worked on in the context of Glow Futures, I thought it would be worth sharing the essential components of a paper which I wrote some time ago.  This sets out a high level vision for the components which might constitute a learning platform.

There are three points I want to highlight:

  1. I take the view that an absolutely fundamental concept here is the establishment (and maintenance) of a trusted user base.  This trusted user base should be a welcomed basis for collaboration for the future benefit of education in Scotland – it should be a basic right for every Scottish pupil, parent and teacher to be a member of this community.  This should be an area of strategic investment by he Scottish government.
  2. Secondly, what I call “Universal Search“ is also a fundamental requirement in any environment bringing together disparate applications.  This feature will give users the capability to find relevant content across the whole platform through one search tool.  This was an original object of Glow but there were various obstacles which prevented this being fully achieved.  Lessons learned!!
  3. And lastly the user interface should be instinctive and customisable making provision for the wide range of user ages and abilities (and disabilities) requiring access to the environment.

In my ideal world – this portal should provide a platform for its community to develop values and behaviours to prepare them life beyond school.  For this reason a desirable characteristic of this environment is that it provides a passage for learners, which is initially more restricted and protected and later more open and unrestricted.

The end product of this should be individuals who whilst still retaining their Glow accounts are able to freely share and collaborate using tools that are not necessary intrinsically part of the Glow platform.  It should also be possible for users to publish to the wider community using Glow tools, but most importantly do this in a responsible manner.

BYOD is now more than ever a basic requirement – this much be a key feature of the future of ICT is our schools.  I take this to be a given in the context of the rest of this paper.

It is very easy to iterate these points but I also recognise that there is a burden of responsibility which weights heavily on todays decision makers who need to temper the need for budget restraint against providing the best opportunities for our future generations.

Much has been made about the cost of the original Glow Platform which was £37.5M + VAT over the first 5 years (= 44/5  = £8.8M inc VAT).

Compare that to the total spend on Schools Education which was in 2008-9 £4,869,127,000 (source http://www.scotland.gov.uk/Publications/2010/05/11134917/3).

So based on this the total cost of Glow was 0.18% of the total Schools spend in 2009 or to put another way for every £100 spent on Schools Education 18 pence went towards Glow.

1.    Introduction
This system will be a supplement to existing classroom support and can be used both in the classroom and out with school hours from any location where broadband Internet access is available.  The solution will be made up of a number of components some of which will be core and essential others which are optional add-on modules.  Where it is deemed necessary to own solution components, these will be hosted in a data centre and provided to end users as a number of tightly integrated web based services which can be configured according to specific customer requirements.  Indicated below is a brief description of all the service modules which can be combined to provide a custom solution.

In view of the nature and range of the services required, those which are not existing cloud based services, will be hosted in a secure data centre which is connected to a country wide network featuring good (high bandwidth and low latency) connectivity to all schools.  Currently the JANET network is used for this purpose, this should continue to be the case if there are no changes to the connectivity landscape.  This data centre and its hosted services will need to be available on a 24/7 basis and the services should be able to perform efficiently across the network.  In view of the fact that young children will be make up a substantial proportion of the user base, it will be necessary to underpin the end user services and applications with a number of safety measures which are designed with school users in mind.  The data centre will need to operate to similar performance standards as any other commercial data centre but will also need to support some services which are specific to the education sector.  The nature of modern teaching and learning is such that there will be occasions when large groups of pupils in a given school will need to access broadband resources which are hosted in the data centre – with this requirement in mind it will be essential deploy network optimization services as part of the overall solution.

The overall approach taken here is to design a modularised system which has the capacity to be expanded or shrink both in terms of user base and features sets. Access will also be possible from mobile devices through the provision of custom Apps as well as desktop and laptop computers.

2.    The learning environment core components
Account provisioning and maintenance system
A web based system for configuring the system components and the managing the user base will be provided.  This system will feature a hierarchy of admin roles which will allows some tasks to be delegated to nominated users at country, regional and local levels.  For example the creation users accounts can either be done manually or using trusted inputs from existing school Management Information Systems.  The transmission of management information will be performed via a secure and encrypted web service to ensure that user data confidentiality can be maintained.  This approach will allow system administrators to take ownership of their local users and deal directly with any user management tasks are necessary such as creating and deleting users, and moving users from one school to another etc.

2.2. Single Sign On Service (SSO)
This service is used to authenticate and authorise users to access the system!  When a user attempts to access any part of the service package this module will confirm that the user is a member of the system and also has appropriate access privileges.  The user is required to have a valid and current user ID and password.  Once a user has logged into the SSO service it is possible for that user to subsequently, during the current web session, to access any module to which the user has been granted access rights.

2.3. Portal Service
The portal provides the basic user interface with which all users interact when first logged in!  The portal can be configured to show linkages all system modules to which the current user has been given access privileges by means of portlets. So if a user has not been configured to have access to a particular service it will not be visible on the users portal screen.  The Portal will also have the ability to provide real time status information about the users applications through the portlets according to specific application features.  So for example if a user has access to the email application, it will be possible see on the email portlet when new mail has arrived in the users mail box or if the user has access to the Managed Learning Environment information about due assignments could be notified etc.  The portal should also be customisable in terms of the range of applications that can be integrated and look and feel of the user interface so that interfaces can be designed and selected for different users types including young pupils, older pupils, teachers, university students etc.

2.4. Global User Directory Service
The global directory service contains a record for all system users holding necessary personal information access rights concerning the system modules to which each user has been granted access.

All users are granted some level of read access to the directory and can discover information about other users.  It is also possible for users to configure the directory to hide some information about them selves that they do not want to share.  So for example if a users mobile phone number is in the directory a user can choose to hide this particular field from other users.  This restriction can be applied either on a global or user group basis.  So a teacher might allow his/her mobile phone number to be shown to other teachers in their own school but deny access to all other system users.

2.5. Presence
The presence module is tightly coupled to the SSO service so that as soon as a user has been authenticated to access the system their status will be update to show that they are online.  It will be possible for the user to change their statues when logged based on their current work activity. So when in a meeting the user status can be setup to “do not disturb” etc…

2.6. User Interface
The user interface should be configurable to allow users to select an appropriate look and feel according to their needs.  Support for screen readers should be provided throughout the entire platform to provide support for impaired users.

2.7. Federated Authentication
In order to extend the use of the SSO service thus providing access to “external content” the system should be a member of an appropriate access federation.  In this way and using SAML based federated access system it will be possible for system users to gain access to third party protected content.  It will further be possible for users to benefit from personalised access to this third party content – this will be useful where some users can be granted authoring capabilities whilst others need only read only access etc.  It is likely that Federations will already exist and it would be desirable to also have support for cross Federation access.

3.    Content Services
Content can be stored in the system in a number of different ways depending on its type.  The follows content storage/publishing system are available.

3.1. Content Object Repository (COR)
This system allows static content objects to be stored and shared.  It is possible to store the following content types, Application Documents ( eg Word, Excel, Power Point, Audio/Video or any other computer based application), it is possible for the publishing user dictate which groups of users may have access to the content being published.  The publishing user can also apply tags to content to make it more discoverable.  Content tags can either be pre or user defined.

3.2. Managed Learning Environment (MLE) or Virtual Learning Environment ( VLE)
The MLE is used to produce, manage and execute ‘lessons’.  Lessons are typically created by teachers but it will also be possible for other system users to be given management rights in the MLE.  Only lesson control data will be stored in the MLE with the Content Object Repository being used to store and serve the learning objects.  Learning objects can also be linked into the system from any external repository assuming that appropriate access right have been granted.

3.3. Video Portal
This service is specifically designed to efficiently store and serve video based content.  The system can store video content in a range of formats which can then be linked into lessons in the MLE module.  Video assets can be stored, tagged and searched and will seamlessly exist alongside other content.

3.4. Web Service and Wiki’s
Users will have access to web publishing services which will enable them to publish both their own static web pages and also build collaborative content using Wiki’s etc.  In either case the content published will be indexed so that each asset (or item) can be discovered by the systems internal search engine.

3.5. Blogs
Each user of the system will have the option of maintaining a personal Blog which can be configured to visible to restricted groups of users.  Typically, a pupil’s Blog will not by default be visible on the public internet, but it will be possible to assign various grades of visibility to any users blog.  So visibility can be controlled between very restrictive (own class and teacher only) and very open – accessible to the whole internet.  The degree of restrictiveness will be set according to local management policies.

3.6. Content Search
All the above systems can be searched through the global search tool which is accessible from the portal and from within other modules where appropriate.  Search results will be presented to the user based on the users access privileges and in the context of any work that they are currently engaged with.  The user profile in the directory will be key in allowing the search module to rank relevance of the search results.  So for example if a user is a pupil engaged in a particular subject lesson the result will be ranked according to the pupils current work context.  Where a user is denied access to any content, that content will not be returned in any search results.  The global search engine will have the ability to index content from a wide range of repositories including external repositories using a standards based remote search protocols and standards.

4.    Collaboration and Communication services
The solution is rich in communication and collaboration tools which facilitate both real time and asynchronous activities.

4.1. Presence
When a user is logged in to the SSO service the Presence service will provide a signal to all collaboration applications that the user is online.  It is also permissible for the user to define and control the exact presence status message according to their own work pattern.   So for example the displayed message could be set to “on the phone” or “away from my desk” etc….

4.2. Real Time Collaboration
Users will be able to use a suite of real time collaboration tools.  The real time collaboration system will support communication using one to one and one to many text messaging (chat) and Video/Audio.  Users can also jointly author documents allowing them to share documents so that editorial control can be handed from one to another.  A web based white board will also allow users to share presentation material and author and highlight any application document in real time.

Recording facilities will also be available to allow collaboration sessions to be recorded and played back as necessary.  This later feature can be used to provide evidence of collaborative work done by pupils and also to record lessons/tutorials so that pupils can play them back at a later time.

4.3. Asynchronous communications
The system also supports threaded discussion system which can support long term conversations with contributions being possible as and when the users have the opportunity to access the system.  Any such discussions can be indexed so that the global search engine can see contents and returns links to discussion forums when user conduct content searches.

4.4. Personal Calendar
Each user will have their personal calendar, which they can manage directly by adding and editing events.  It will also be linked to the community at large so that group meetings/events can be setup and resources such as rooms and real time collaboration tools can be added to the event.  Important deadline events such as assignment submission dates will also be automatically added to a user calendar based on their activities elsewhere in the system – such as the VLE etc.

4.5. Twitter, Facebook and Instant messaging
These tools which are now in daily as generic internet communication services will also be available within the environment but subject to moderation measures for young users.  As a user develops their knowledge and experience of using these communication tools, it will be possible for them to graduate to a more open environment and eventually to the internet based equivalents.  It is recognised that users will be able to access the Internet versions of these services at any time separate from the Cisco based service.

4.6. Email
The email service will provide users with a web based solution which allows them to exchange email messages subject to filter policies which can be setup by the system administrator.  Very young pupils may be restricted to sending email within their own school, subject to the approval their teacher.  The mail system will also feature protocols which allow users to use a rich mail client if they require additional functionality.

4.7. Cloud Based Content creation tools
A range of content creation tools are now available which can be access for free these should be accessible for users via the SSO and the Federation or a supported authenticator.  Google Apps for Education is a service which could be popular in this repect.

5.    Safety
In any ICT service that is designed for young children, safety is a prime concern.  For this reason a number of services can be deployed to ensure that any possibility of user abuse is minimized.  Typically local policies can dictate whether the safety regime is applied to certain types of users.

  • All text based communication modules will be subjected to a banned words filter service.  So if a pupil uses inappropriate language in either a real time chat session or in an email the offending message will be stopped and an alarm will be set to notify either the responsible class teacher or system administrator.  The list of banned words can configured to take account of regional variations in the use of language
  • All systems what involve user interactions will have all communications logged in files that can be analysed.  These system logs will be retained for a time which can be configured by the system administrator according to local policies.
  • Real Time systems are configured so that communication can only take place when a responsible user is present.  This might be a teacher or school support worker.
  • Any abuse pattern which can be detected by system monitors will raise alarms which the system administrators can then deal with according to the relevant acceptable use policy.6.Safe Access to the Internet
    Any schools network should have a part of its facilities onward access to the internet to allow users to access the wide range of resources which exist throughout the wider education community in the local country and throughout the rest of the world.  The range the quality of resources on the internet can vary in quality so it is essential to ensure that only appropriate resources are made available to schools users.  Some content available on the internet is known to be unsuitable for use in schools.  This can include in the worst cases pornography, politically inappropriate content and morally questionable content.  Some sites have been identified by the Internet Watch Foundation (IWF) as inappropriate where the content is likely to be illegal in most countries.  Because of these conditions, it essential that the schools internet gateway be subject to filter policies which can protect schools users from these unacceptable content sources.

The schools user base will also consist of a diverse set of users ranging from very young children to older children and adults.  The internet content filter should have the capacity to take account of this entire user base by allowing filter policies to be applied based on the group to which the browsing user belongs.

In any case the internet access filter should apply the IWF black list to all traffic and then supplement this with additional filter policies which are applied according to the actual user identity.


Be Sociable, Share!
This entry was posted in Glow, Uncategorized and tagged , , . Bookmark the permalink.

6 Responses to Learning Environment – Components #EduScotICT #Glow2 #Glew

  1. Jim,

    Thank you for raising issues and many valuable ideas. In the spirit of discussion…

    You have raised a lot of detailed issues here, but in doing so you have also raised broader issues about what a learning environment should be and what it should aim to achieve.

    As I read through the detail of the post I couldn’t help but find myself feeling that this vision places a lot of quite demanding and constraining requirements on the system. These requirements would mean that the resulting system would involve a lot of development work quite specific to this use rather than allowing the use of applications that are already out there. Are we are over-emphasising the specific needs of education?

    For example, a “trusted user base” is valuable but, if it includes every pupil, parent and teacher how can it be trusted any more than any other group of individuals. Like the adage goes, you can never join a perfect organisation because as soon as you join it it won’t be perfect any more! So, is education any different than the internet as a whole?

    The idea of universal search is valuable, but it doesn’t exist in the real world and so we have to learn how to search with the tools that are available. Is it more important to constrain the tools children can use in order to maintain universal search, or is more important to provide the tools and teach children how to navigate around the whole problem of data storage, filing, retrieval and search?

    User interfaces should be instinctive but do they need to be customisable? Perhaps we mean the same thing when I envisage an environment where the tools are chosen to suit the differing needs of individuals and different ages and stages.

    I ask these questions because “Future Glow” could be a new version of a traditional system implementation that is procured and developed and installed and configured or it could be something more ‘agile’. The former is unlikely to be developed and put in place within less than 2 years, the latter could almost start be used tomorrow: refined and adapted as we go along: constantly on a journey because that journey never stops. Charlie Love’s work is a perfect example of the kind of tools that could facilitate / ‘glew’ the pieces together. But if we place too many constraints on those pieces and their seamless integration, we will place constraints which may become barriers that hold everything back.

  2. Jim Buchan says:

    Thanks for your comment Stuart. Absolutely in the spirit of discussion.

    I agree that this is a fairly comprehensive vision which is to some extent my ideal.
    Regarding the matter of establishing a trusted user base! I still hold fast to this on the basis that we are discussing a service which is designed for use with a very special community of users which includes young and sometimes vunerable people. For this reason I believe that it makes good sense to build some protections which, as far as is reasonably possible, guarentee that the users are who they say they are.

    I believe that the current approach to this in Glow meets this criteria ( but safe to say I am not advocating that we stick with that method for ever – but at lest untill a better method can be designed )

    The point of my Universial Search capabilty is intended to give users the confidence that that can discover content accross the platform. This was something that originally failed in Glow as the VLE and the Portal were separate respositories which had their own search engines. I think that was a lesson learned which should not be ignored for any future platform.

    On User interfaces, there has been a great deal of comment around the “clunkyness” of Glow as it currently is. For this reason I think that UI is actualy one of the most important feature of any new platform. This is not about functionality its about ease of use. If this can be achieved through one UI that there will be no need for customisation. But this said I believe that we need to address access for impaired users as far as is possible – that alone implies a need for some degree of customisation that can be linked to ther UID so that it is persistent. Making the product compliant with user access standards can be complex and hard to do – this as you probibly know was achieved to a limited extent in the original Glow implementation.

    I completely agree with your point about the new product/solution being more ‘agile’ – that for me is another lesson learned from Glow 1. I also think that we should not be naive about the time needed to build, roleout and transition to any new product. I think this has been a recurring theme in my other posts on the topic.

    I stick with the view that as Glow is a national platform, the government carries a responsibly for managing the move from Glow1 to Glow2 and that a reasonable amount of time will be needed to make a smooth transition. Ideally, this will be a well planned staged move which will allow users to experiecne continuity of service coupled with incremental improvement of capablity.

    Charlie’s work has certinaly illustrated what is possible using an open source platform and it great to see this being exposed and discussed in the open.

    I want to come back to my early point about the trusted user base – I truely believe that this should be a core characteristic any national platform which has been desgned for use by children. I do not consider this to imply that Glow should be a closed communty with its members prevented from publishing to the rest of the world – I feel that its members should have the ability to interact with the internet as a whole in an appropriate manner and further more that capabilty should be extended to them as they mature their skill set.

    • Jim, thanks again. It is refreshing to be able to having meaningful discussions, something that I have found very hard within the more general area of public sector ICT outside of education.

      I certainly agree that it would be extremely valuable if the identity of users could be guaranteed / enforced. This doesn’t universally prevent misuse, but it would provide a significant discouragement and it would ensure that issues could be followed up with the perpitrators.

      But how would we implement such a system in practice without creating a new self-contained system quite separate from the Internet community? This is probably one of those cases where it is worth diving down into the specifics.

      If every every member of the Glow2 community has an email address issued with controls (so that the ownership of an address confirms membership of the trusted community) then it would not be hard to place controls on the flow of emails, such a system could also allow for parents to register email addresses with the system. A dedicated, and indeed open source based, Glow2 email server should be neither difficult to host, configure or maintain and would place very few constrains on the associated components of Glow2.

      File sharing, document sharing and such could all be invited or carried out through email which would work with the above. Blogging and the generation of web sites and wider sharing of content could be controlled by the use of a dedicated search tool (see below). THe hardest tool to use within such an environment would be something like Twitter which currently does not have provisions that would allow constraints whilst still allowing the use of standard tools. Twitter does have good APIs that would allow a third party to produce a web based Twitter client that could filter out all entries outside of a closed community. This might be a nice compromise that would then allow older pupils to move to seamlessly move to an unrestricted environment.

      With regard to universal search, on further thought I can see that this could be an enabler rather than a constraint. If a dedicated Glow2 search tool was put together in the same model as “gov.uk” then it would be entirely practical and possible to implement without constraining the tools being used. “gov.uk” provides a central interface to multiple government web sites by using the APIs of the various sites to index across all the sites and the code for this work is open source and sitting in GitHub. By providing a dedicated search tool which could also incorporate a controlled subset of standard internet search results, a trusted environment could be created without putting users in a closed box.

      Given my brief experiences of Glow I completely agree that it is seriously “clunky” and that the UI is really important.

      I also completely agree that government carries a responsibility for managing the move. In general terms I believe that the public should own what it pays for and not ‘locked in’ to systems and suppliers. I therefore believe that Glow2 should not be a proprietary system only understood by a third party supplier: instead I believe it should be, wherever possible, an open sourced system with components that are either free or owned by the public(/government). Such a system would therefore require to be managed by an expert ‘government’ team that could provide long term continuity of management and delivery.

  3. David Ramsay says:

    A couple of points on the comments based on discussion of course;

    1. The contract was for £37.5M, but as I recall a fine for late delivery of some components was imposed and I believe that fine was £2.5M so the final cost is £35M.

    On top of this the hardware cost was a capital cost and it is owned by Scotland, the cost of the hardware was circa £5M, so the actual cost was about £30M for the first 5 years.

    2. As for the UI, RM entered into a tender process based on a requirements specification which had a wide base of user interface requirements in as much that it would need to support (originally) Netscape, Safari, Firefox, IE 5. This meant that compromises had to be made on what could be done.

    I admit (as Jim knows) I have a heavy investment in Glow, clunky or not the product was and is in reality still first of its kind. I am very proud of the achievement of the product to date and I sincerely hope that the delays being imposed in the procurement process for Glow 2 do not harm those that the product is designed for.

    • Jim Buchan says:

      Thanks for these clarifications which of course show that Glow in the end cost a bit less than I had budgeted for. Glad you make the point about Glow being a first of its kind which is absolutely true of course. I am not about to try and suggest that it was perfect in every way – but it was a step we needed to take to learn more about what was possible and and what it could lead to. I, and others who I have discussed this with, always felt that Glow was stage one of a much linger term process. The real value of Glow for me will also be the lessons learned from executing it the way we did. These lessons should be the building blocks for Glow futures. Of course I say this as one who is no longer intimitely involved in the project. But I do still feel a sense of afinity to it which I hope has been evident from thinking I have embedded in the various posts I have constructed around the topic.

      Thanks again David

  4. David Ramsay says:

    Thanks Jim,

    I think the real value for all of us developing the solution was the experience of delivering a unique product across so many platforms.

    The challenge was the timescale and the difficulty in solving the SSO across the diverse range of chosen sub-products. I agree wholeheartedly with you that this is paramount as is the security of the personal data which forms the education output of so many in Scotland.

    One worrying factor of the future for Glow is that there seemed to be a suggestion (in documents/proposals I have read) that not ALL of a persons work would be transferred to a new system and it would be up to the teachers to decide what would be transferred.

    Putting myself in the position of a child who has laboured over his/her projects and stored it on Glow to find that it had all been lost on the way to Glow2, I can imagine the teachers face when they have to tell those children what has happened! This must NOT be allowed to happen, all data in the current data centres from all the varieties of platforms must be transferred and be immediately available once the system goes live.

    Having been the Apple evangelist and suffering the angst of the dev team on my insistence on the look, feel and operation being common across all supported platforms I look forward to the definition of any new product (if it is from MS) meeting this requirement since MS have stated that only IE will provide the full feature range in 365!

    BTW since it is now June have you heard what the outcome of the procurement is yet?


Leave a Reply

Your email address will not be published. Required fields are marked *