{\rtf1\ansi\ansicpg1252\uc1\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang4105\deflangfe4105{\fonttbl{\f0\froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f1\fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}
{\f2\fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New;}{\f3\froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol;}{\f10\fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings;}
{\f83\froman\fcharset238\fprq2 Times New Roman CE;}{\f84\froman\fcharset204\fprq2 Times New Roman Cyr;}{\f86\froman\fcharset161\fprq2 Times New Roman Greek;}{\f87\froman\fcharset162\fprq2 Times New Roman Tur;}
{\f88\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f89\froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f90\froman\fcharset186\fprq2 Times New Roman Baltic;}{\f91\froman\fcharset163\fprq2 Times New Roman (Vietnamese);}
{\f93\fswiss\fcharset238\fprq2 Arial CE;}{\f94\fswiss\fcharset204\fprq2 Arial Cyr;}{\f96\fswiss\fcharset161\fprq2 Arial Greek;}{\f97\fswiss\fcharset162\fprq2 Arial Tur;}{\f98\fswiss\fcharset177\fprq2 Arial (Hebrew);}
{\f99\fswiss\fcharset178\fprq2 Arial (Arabic);}{\f100\fswiss\fcharset186\fprq2 Arial Baltic;}{\f101\fswiss\fcharset163\fprq2 Arial (Vietnamese);}{\f103\fmodern\fcharset238\fprq1 Courier New CE;}{\f104\fmodern\fcharset204\fprq1 Courier New Cyr;}
{\f106\fmodern\fcharset161\fprq1 Courier New Greek;}{\f107\fmodern\fcharset162\fprq1 Courier New Tur;}{\f108\fmodern\fcharset177\fprq1 Courier New (Hebrew);}{\f109\fmodern\fcharset178\fprq1 Courier New (Arabic);}
{\f110\fmodern\fcharset186\fprq1 Courier New Baltic;}{\f111\fmodern\fcharset163\fprq1 Courier New (Vietnamese);}}{\colortbl;\red0\green0\blue0;\red0\green0\blue255;\red0\green255\blue255;\red0\green255\blue0;\red255\green0\blue255;\red255\green0\blue0;
\red255\green255\blue0;\red255\green255\blue255;\red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0;\red128\green0\blue128;\red128\green0\blue0;\red128\green128\blue0;\red128\green128\blue128;\red192\green192\blue192;}{\stylesheet{
\ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 \snext0 Normal;}{\s1\ql \li0\ri0\sb240\sa60\keepn\widctlpar\aspalpha\aspnum\faauto\outlinelevel0\adjustright\rin0\lin0\itap0 
\b\f1\fs32\lang1033\langfe1033\kerning32\cgrid\langnp1033\langfenp1033 \sbasedon0 \snext0 heading 1;}{\*\cs10 \additive \ssemihidden Default Paragraph Font;}{\*
\ts11\tsrowd\trftsWidthB3\trpaddl108\trpaddr108\trpaddfl3\trpaddft3\trpaddfb3\trpaddfr3\tscellwidthfts0\tsvertalt\tsbrdrt\tsbrdrl\tsbrdrb\tsbrdrr\tsbrdrdgl\tsbrdrdgr\tsbrdrh\tsbrdrv 
\ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs20\lang1024\langfe1024\cgrid\langnp1024\langfenp1024 \snext11 \ssemihidden Normal Table;}{\s15\ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 
\f1\fs20\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 \sbasedon0 \snext15 Body Text;}{\*\cs16 \additive \ul\cf2 \sbasedon10 \styrsid532240 Hyperlink;}}{\*\listtable{\list\listtemplateid1459244576\listhybrid{\listlevel\levelnfc23\levelnfcn23\leveljc0
\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\leveltemplateid-1850941280\'01\u-3913 ?;}{\levelnumbers;}\f3\fbias0 \fi-284\li568\jclisttab\tx568\lin568 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0
\levelstartat1\levelspace0\levelindent0{\leveltext\leveltemplateid269025283\'01o;}{\levelnumbers;}\f2\fbias0 \fi-360\li1724\jclisttab\tx1724\lin1724 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0
{\leveltext\leveltemplateid269025285\'01\u-3929 ?;}{\levelnumbers;}\f10\fbias0 \fi-360\li2444\jclisttab\tx2444\lin2444 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext
\leveltemplateid269025281\'01\u-3913 ?;}{\levelnumbers;}\f3\fbias0 \fi-360\li3164\jclisttab\tx3164\lin3164 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\leveltemplateid269025283
\'01o;}{\levelnumbers;}\f2\fbias0 \fi-360\li3884\jclisttab\tx3884\lin3884 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\leveltemplateid269025285\'01\u-3929 ?;}{\levelnumbers;}
\f10\fbias0 \fi-360\li4604\jclisttab\tx4604\lin4604 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\leveltemplateid269025281\'01\u-3913 ?;}{\levelnumbers;}\f3\fbias0 \fi-360\li5324
\jclisttab\tx5324\lin5324 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\leveltemplateid269025283\'01o;}{\levelnumbers;}\f2\fbias0 \fi-360\li6044\jclisttab\tx6044\lin6044 }{\listlevel
\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\leveltemplateid269025285\'01\u-3929 ?;}{\levelnumbers;}\f10\fbias0 \fi-360\li6764\jclisttab\tx6764\lin6764 }{\listname ;}\listid795298307}
{\list\listtemplateid1694418650\listhybrid{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'01o;}{\levelnumbers;}\f0\fbias0 \fi-360\li720\jclisttab\tx720\lin720 }{\listlevel\levelnfc23
\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'01o;}{\levelnumbers;}\f0\fbias0 \fi-360\li1440\jclisttab\tx1440\lin1440 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1
\levelspace0\levelindent0{\leveltext\'01o;}{\levelnumbers;}\f0\fbias0 \fi-360\li2160\jclisttab\tx2160\lin2160 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'01o;}{\levelnumbers;}
\f0\fbias0 \fi-360\li2880\jclisttab\tx2880\lin2880 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'01o;}{\levelnumbers;}\f0\fbias0 \fi-360\li3600\jclisttab\tx3600\lin3600 }{\listlevel
\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'01o;}{\levelnumbers;}\f0\fbias0 \fi-360\li4320\jclisttab\tx4320\lin4320 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0
\levelstartat1\levelspace0\levelindent0{\leveltext\'01o;}{\levelnumbers;}\f0\fbias0 \fi-360\li5040\jclisttab\tx5040\lin5040 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext
\'01o;}{\levelnumbers;}\f0\fbias0 \fi-360\li5760\jclisttab\tx5760\lin5760 }{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'01o;}{\levelnumbers;}\f0\fbias0 \fi-360\li6480
\jclisttab\tx6480\lin6480 }{\listname ;}\listid2050450055}}{\*\listoverridetable{\listoverride\listid2050450055\listoverridecount0\ls1}{\listoverride\listid795298307\listoverridecount0\ls2}}{\*\rsidtbl \rsid532240\rsid3686807\rsid4861537\rsid6826446
\rsid11565128\rsid15274606}{\*\generator Microsoft Word 10.0.2627;}{\info{\title Themes}{\author Pat Lougheed}{\operator bbogyo}{\creatim\yr2004\mo7\dy14\hr15\min30}{\revtim\yr2004\mo7\dy14\hr15\min30}{\version2}{\edmins0}{\nofpages2}{\nofwords945}
{\nofchars5387}{\nofcharsws6320}{\vern16437}}\margl1440\margr1440 \widowctrl\ftnbj\aenddoc\noxlattoyen\expshrtn\noultrlspc\dntblnsbdb\nospaceforul\formshade\horzdoc\dgmargin\dghspace180\dgvspace180\dghorigin1440\dgvorigin1440\dghshow1\dgvshow1
\jexpand\viewkind1\viewscale144\viewzk2\pgbrdrhead\pgbrdrfoot\splytwnine\ftnlytwnine\htmautsp\nolnhtadjtbl\useltbaln\alntblind\lytcalctblwd\lyttblrtgr\lnbrkrule\rsidroot15274606 \fet0\sectd 
\linex0\endnhere\sectlinegrid360\sectdefaultcl\sectrsid532240\sftnbj {\*\pnseclvl1\pnucrm\pnstart1\pnindent720\pnhang {\pntxta .}}{\*\pnseclvl2\pnucltr\pnstart1\pnindent720\pnhang {\pntxta .}}{\*\pnseclvl3\pndec\pnstart1\pnindent720\pnhang {\pntxta .}}
{\*\pnseclvl4\pnlcltr\pnstart1\pnindent720\pnhang {\pntxta )}}{\*\pnseclvl5\pndec\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}{\*\pnseclvl6\pnlcltr\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}{\*\pnseclvl7\pnlcrm\pnstart1\pnindent720\pnhang 
{\pntxtb (}{\pntxta )}}{\*\pnseclvl8\pnlcltr\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}{\*\pnseclvl9\pnlcrm\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}\pard\plain 
\ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid532240 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {\f1\fs20\insrsid532240\charrsid532240 Theme #9: ePortfolio Issues; Privacy, Protecting Personal Data
\par }\pard \qc \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid532240 {\b\f1\fs32\insrsid532240 
\par }{\b\f1\fs32\insrsid532240\charrsid532240 Securing Electronic Portfolios
\par }{\f1\fs20\insrsid15274606\charrsid532240 Lougheed, P., Johnson, R., Jordanov, M., Bogyo, B., Kumar, V., and Fee, J.
\par Simon Fraser University Surrey
\par }\pard \ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid532240 {\f1\fs20\insrsid532240\charrsid532240 
\par 
\par 
\par }\pard \ql \li0\ri0\widctlpar\brdrb\brdrs\brdrw10\brsp20 \aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid532240 {\b\f1\fs20\insrsid532240\charrsid532240 Background
\par }\pard \ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid532240 {\f1\fs20\insrsid532240\charrsid532240 As ePortfolios grow in popularity and imp
ortance, as they are expected to do over the next few years, security will play a larger and larger role in their implementation and delivery. Protecting people\rquote 
s personal data, making sure that only those authorized to do so may view portfolios, and insuring the authenticity of artifacts are all issues that must be addressed before electronic portfolios can take a leading role in the online environment.
\par 
\par }\pard \ql \li0\ri0\widctlpar\brdrb\brdrs\brdrw10\brsp20 \aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid532240 {\b\f1\fs20\insrsid532240\charrsid532240 Objectives
\par }\pard \ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid532240 {\f1\fs20\insrsid532240\charrsid532240 The objectives of this paper are primarily to present forthcoming or existing problems with 
ePortfolio security, and to lay out a path to address these issues.
\par 
\par There are six main areas of security we need to be interested in with regards to ePortfolios:
\par {\listtext\pard\plain\f3\fs20\lang1033\langfe1033\langnp1033\langfenp1033\insrsid532240\charrsid532240 \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \ql \fi-284\li568\ri0\widctlpar
\jclisttab\tx568\aspalpha\aspnum\faauto\ls2\adjustright\rin0\lin568\itap0\pararsid532240 {\f1\fs20\insrsid532240\charrsid532240 End-to-end security;
\par {\listtext\pard\plain\f3\fs20\lang1033\langfe1033\langnp1033\langfenp1033\insrsid532240\charrsid532240 \loch\af3\dbch\af0\hich\f3 \'b7\tab}Confidentiality of interactions;
\par {\listtext\pard\plain\f3\fs20\lang1033\langfe1033\langnp1033\langfenp1033\insrsid532240\charrsid532240 \loch\af3\dbch\af0\hich\f3 \'b7\tab}Confidentiality of assessment;
\par {\listtext\pard\plain\f3\fs20\lang1033\langfe1033\langnp1033\langfenp1033\insrsid532240\charrsid532240 \loch\af3\dbch\af0\hich\f3 \'b7\tab}Security of published portfolios;
\par {\listtext\pard\plain\f3\fs20\lang1033\langfe1033\langnp1033\langfenp1033\insrsid532240\charrsid532240 \loch\af3\dbch\af0\hich\f3 \'b7\tab}Security of portfolio transfers;
\par {\listtext\pard\plain\f3\fs20\lang1033\langfe1033\langnp1033\langfenp1033\insrsid532240\charrsid532240 \loch\af3\dbch\af0\hich\f3 \'b7\tab}Verification of artifact authenticity.
\par }\pard \ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid532240 {\f1\fs20\insrsid532240\charrsid532240 
\par While some of these are trivial to solve, others cannot be concretely solved at present, and require partial solutions and future research. 
\par 
\par End-to-end security \endash  that is, security between the ePortfolio server and the client, whether that be the portfolio\rquote s owner or a viewer \endash 
 is a simple problem to solve. The use of Secure Sockets Layer (SSL) or Transport Layer Security (TLS) allows for secure communication
 between client and server, with little possibility for attack. However, our main points of insecurity are now at the client (over which we likely have little to no control, in existing applications) and the server (over which we have complete control).

\par 
\par W
ithin the system, there are certain things which must be kept confidential at all times. The first of these is interactions between the portfolio owner and those helping him along: tutors, teachers, professors, reviewers, recruiters, and others that may b
e
 giving feedback on the portfolio over times. These conversations must remain solely between the two parties, visible and updatable to them but invisible to others. It may be a desirable feature to allow these interactions to be viewed, parallel to or as 
part of the portfolio, to show improvement in the portfolio or in the owner\rquote s work over time, but this should be done only with the consent of both parties.
\par 
\par In cases where the interactions are assessment \endash  where it is implemented - the case is different. O
thers may require access to the assessment information, such as a school administrator, and as such the data cannot be restricted to just two members of the system. Conversely, assessment information should never be visible to anyone aside from the portfo
lio owner and the teachers/administrator that require the information. 
\par 
\par A portfolio owner may, in fact, have several different portfolio views they wish to present to the outside world, all viewpoints on the content of a single portfolio. For example, they
 may have several views for job applications at different companies, emphasizing different parts of the portfolio; a view for assessment for coursework; a view for presenting some of their hobbies to others similarly interested; or any number of other pos
sibilities. In many of these cases, we need to make sure that only the intended audience may view a certain aspect of the portfolio. 
\par 
\par As portfolio system interoperability is increased, the community is going to face problems here, as well. Transfers betwee
n portfolio systems are easily secured; the problem is how to find those systems and whether or not we trust them to represent those say they do. We can either place the onus on the portfolio owner - make them find the appropriate server manually and ente
r it into the system \endash  or create a framework that allows for automatic discovery of other portfolio systems. In such a system, likely peer-to-peer, we don\rquote 
t want to transfer a portfolio without verifying that a server belongs to the correct people, else we 
could face methods of attack this way. This is different from most peer-to-peer systems; many, indeed, go out of their way to ensure that the end-user cannot be identified. 
\par 
\par If portfolios aren\rquote t transferred directly system-to-system, but instead, an archive sits in the portfolio owner\rquote 
s hands for some period of time before being uploaded to a new system, we have another set of problems to deal with. How, for exactly, do we assure ourselves the portfolio hasn\rquote t been tampered with? In most cases this is a no
n-issue - it is, after all, the owner\rquote s portfolio \endash  but may be with regards to making sure that system-generated artifacts haven\rquote 
t been tampered with. If, for example, the owner attaches a high-school transcript to their portfolio and then moves it, indirectly, to another system, how can we verify that the transcript hasn\rquote t been altered to show higher marks?
\par 
\par This problem \endash  verification of artifact authenticity \endash  is the final major issue with regards to ePortfolio security. As ePortfolios become more preval
ent, attaching documents or other artifacts generated by other computer based systems, such as a university student information system, will become more common. When applying for a job or further education, it may be beneficial to be able to automatically
 
determine if an artifact is authentic. In most cases this is impossible, or at the very least impractical; we cannot, for instance, determine whether a portfolio owner did, in fact, create the object depicted in a photograph attached to their portfolio. W
ith system-generated items, however, we can, but there are a number of obstacles to overcome. Did the right authority sign the artifact? Has the artifact been tampered with?
\par 
\par }\pard \ql \li0\ri0\widctlpar\brdrb\brdrs\brdrw10\brsp20 \aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid532240 {\b\f1\fs20\insrsid532240\charrsid532240 Potential Solutions
\par }\pard \ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid532240 {\f1\fs20\insrsid532240\charrsid532240 Future research directions in security being undertaken by the
 SPARC ePortfolios project will be discussed, as well as other potential solutions, and an overview of the security measures undertaken in other projects.
\par }{\f1\fs20\insrsid532240 
\par }{\f1\insrsid532240 
\par }{\b\f1\fs20\insrsid532240 Submission Format: Full Paper (10-14 pages)
\par 
\par Contact Information: 
\par }{\f1\fs20\insrsid532240 Simon Fraser University Surrey
\par }{\f1\fs20\insrsid532240\charrsid1471053 2400 Central City\line Surrey}{\f1\fs20\insrsid532240 ,}{\f1\fs20\insrsid532240\charrsid1471053  BC}{\f1\fs20\insrsid532240  (Canada)}{\f1\fs20\insrsid532240\charrsid1471053  }{\f1\fs20\insrsid532240 
\par }{\f1\fs20\insrsid532240\charrsid1471053 V3T 2W1\line }{\f1\fs20\insrsid532240 
\par P}{\f1\fs20\insrsid532240\charrsid1471053 hone: 604.268.}{\f1\fs20\insrsid532240 7423 
\par Email: }{\field{\*\fldinst {\f1\fs20\insrsid532240  HYPERLINK "mailto:patl@alumni.sfu.ca" }{\f1\fs20\insrsid532240\charrsid483286 {\*\datafield 
00d0c9ea79f9bace118c8200aa004ba90b0200000017000000130000007000610074006c00400061006c0075006d006e0069002e007300660075002e00630061000000e0c9ea79f9bace118c8200aa004ba90b340000006d00610069006c0074006f003a007000610074006c00400061006c0075006d006e0069002e007300
660075002e00630061000000}}}{\fldrslt {\cs16\f1\fs20\ul\cf2\insrsid532240\charrsid483286 patl@alumni.sfu.ca}}}{\f1\fs20\insrsid532240 , }{\field\flddirty{\*\fldinst {\f1\fs20\insrsid532240  HYPERLINK "mailto:vive@sfu.ca" }{
\f1\fs20\insrsid532240\charrsid483286 {\*\datafield 
00d0c9ea79f9bace118c8200aa004ba90b02000000170000000c000000760069007600650040007300660075002e00630061000000e0c9ea79f9bace118c8200aa004ba90b260000006d00610069006c0074006f003a00760069007600650040007300660075002e00630061000000}}}{\fldrslt {
\cs16\f1\fs20\ul\cf2\insrsid532240\charrsid483286 vive@sfu.ca}}}{\f1\fs20\insrsid532240  }{\f1\fs20\insrsid532240\charrsid1471053 
\par }{\f1\fs20\insrsid532240\charrsid532240 
\par }}