In 2012 I completed my Master’s degree in web applications development and received a distinction which was largely due to the strength of my dissertation. The contents of the paper that accompanied the dissertation are shown below, if you have an interest in the full dissertation it can be made available on request.
Improving Online Collaboration within the IFIP Working Group on Human Aspects of Information Security and Assurance
O. Burton and N. Clarke
University of Plymouth, Plymouth UK
In this paper a study into online collaboration methods has been carried out. Starting with the types of online collaboration, research was carried out into the existing methods of collaboration for the International Federation for Information Processing (IFIP) working group on the Human Aspects of Information Security. A bespoke online collaboration platform was designed and built taking into account the requirements of this working group. Feedback on the bespoke platform was provided continually by the working group and helped to create a solution that exceeded their requirements and expectations.
The growth of the Internet has enabled people to communicate quickly across large geographic distances and access huge quantities of information. Before this time if researchers wanted to collaborate with their international colleagues they would have to communicate by telephone, post or by regular on site visits. Each of these methods has issues such as; the time differences when considering telephone calls, the delay in postal delivery and the cost of on-site visits. It can therefore be seen that the internet can help to overcome these problems and provide an effective solution for collaborating with geographically distributed colleagues.
The topic of online collaboration is becoming more important in the modern world, as technology progresses and computers are able to produce more complex data file size have increased and it has become less feasible to rely on email as the primary method of collaborating online. File size limits imposed by email service providers have made it impossible to attach certain file types to emails. In addition to this the growth of social networking has given rise to improved online collaboration software.
The International Federation of Computing and Informatics (IFIP) working group on Human Aspects of Information Security and Assurance currently owns a public facing website with limited functionality. Unfortunately this website suffers from frequent SQL injection attacks that require manual removal from the database. Furthermore, the existing website does not allow members to communicate with each other directly or share information with other member. The online collaboration within the working group is limited to existing members who already know each other and have their email addresses; the information present on the website is uploaded by one person.
For the reasons that were previously highlighted it was decided that the working group required a solution that would help to attract new member and allow members to improve their online collaboration efforts. This would help to build relationships between researchers and therefore help to make communication between them more efficient and productive.
In this paper we will concentrate on the application of online collaboration methods to the IFIP working group’s requirements for improving their collaborative work. We will describe the process of gathering their requirements, finding the correct solution to fit the working group, its implementation and evaluate the performance of the solution.
2. Online Collaboration
There are many examples of online collaboration that takes place in unique ways for example, the re-captcha system makes use of massive scale online collaboration in order to digitise the world’s books (Ahn 2011), the open source movement has produced software that rivals and in some cases exceeds its commercial rivals (Bird, 2011). This project however looks at some of the more regular methods of collaboration such as wikis, social networks and bespoke software platforms as these are more closely related to the aims of the project. There are some disadvantages to online collaboration such as the issues present in emails where a user is relying on the other user to answer before they can continue the discussion. This poses a particular problem when it takes one party some time to reply to their emails. Further issues arise with users treating this mode of communication informally which can negatively affect their professional relationships.
One method of collaboration is through the use of a wiki, there are many open source software packages available for the creation of this. A wiki is a an interactive software that allows members to create and edit articles about a subject as part of a collaborative conduction. This allows for the rapid creation of a large knowledge base by a community of members however does suffer from issues related to the quality of information in the articles. Furthermore as articles go through various iterations it is difficult to tell whether an article is complete when reading through it.
The modern age of mass communication and sharing online has given rise to a new type of social website known as social networks. These website allow users to connect with people they know and share information. There are hundreds of millions of members worldwide and have become an important part of modern internet usage, they allow rapid sharing of information and in some cases they can spread news more quickly than through traditional news channels (Murphy, 2012)
Github is an example of a code repository that has evolved to enable faster and more efficient sharing of code between developers, it allows users to create their own profile page and (Github, 2012) claims that “many developers have started referring to GitHub Profiles as the new résumé. This highlights the importance of member profiles and shows how social networking can be used within a research environment. One disadvantage with social networks is that users often expect other users to be available instantly D’andrea et al. (2012, p.151). However this is often not the case for researchers and developers who may not have much time to devote to social networking.
Another method for online collaboration is provided by bespoke software solutions, these solutions overcome the file size limits imposed by e-mail providers by providing their own file uploading and sharing facilities. ActiveCollab is one such software that allows users to upload the software on their own server which gives them control over the software and the security of the system (ActiveCollab, 2012). This means that the users are not tied to the updates and changes made by the software provider as would happen with social networks however it does mean that they have to implement any features or purchase additional modules to extend the functionality of the software.
Other methods of online collaboration based on cloud technology are now in existence. Google docs and skydrive allow users to create and edit files online and share them with others, the cloud technology means that the software is not run on the local machine; this provides them with the ability to access and edit their files from any computer. This is useful for sharing information and work between researchers who may not have compatible software which is often a problem found in online collaboration. Further solutions exist such as video conferencing software and instant messaging programs. With websites such as Facebook adding instant chat and video calling features BBC (2011) it is clear that the future of online collaboration lies in the integration of different collaborative software.
3. User Requirements
The IFIP working group were very clear on their requirements for the solution to their particular online collaboration problem; these requirements were gathered during an informal meeting with the project supervisor. The following are the resultant requirements of the working group:
The requirements for this solution were very clear and fortunately the working group knew exactly the functionality that they required, this helped to eliminate certain software solutions. The wiki, whilst being useful for producing public facing content, would not provide the projects and survey functionality that was required. Furthermore, the focus of a wiki is on producing articles by editing another person’s work which does not allow for the social element required by the working group. It is important that the working group can build professional relationships with other researchers in order to produce quality research, as a wiki is somewhat anonymous it does not allow for this. Social networks may therefore seem like an ideal solution but they also have the limitation that they do not allow members to contribute towards a public facing website which is vitally important for the working group. The working group needs to build a relationship with the public and inform them of the latest research and ideas which makes a public facing website extremely important. Video conferencing or instant messaging software would be a useful way to ensure that members can communicate and share information but they rely on members being online at the same time which may be very difficult when members are geographically distributed across different time zones.
The solution decided upon by this project was a fully bespoke system that would allow the functionality required by the working group. This decision was made based on the limitations of the existing solutions and further influenced by the desire to utilise the working group’s own branding for their public facing website.
The development methodology used for this project was a custom agile method, this approach extended to design documentation. At the beginning of the project basic use case diagrams, class diagrams, database diagrams and page flow diagrams were produced. These were high level diagrams that became complex very quickly which was a deciding factor in the selection of the agile methodology.
The IFIP working group had an existing web presence that appeared dated however it was decided to retain some of the features in the new design to ensure that the branding was consistent. The decision was made to make use of a large amount of white, blue and grey in the design to reflect the professional image of the working group. Figure 1 shows the old website design and the new design for the website.
Figure 1. Old Website vs New Design
During the design phase it was decided that all uploaded files and images would be stored on the server instead of inside the actual database, this is not considered to be portable however this software will only require one deployment and will therefore not require a great deal of portability. Furthermore, storing images on the server allows the software to generate thumbnail and image and also allows for the future expansion of the website to allow members to upload many images.
The main technological decisions led to the adoption of PHP and MySQL for the programming languages due to the author’s familiarity with these, this was an important factor as it would reduce the risk of errors in the project. It was further decided to use the Codeigniter Model View Controller (MVC) framework as this allowed for the separation of the processing logic, database operations and display. The advantage of this is that it greatly simplifies the coding required in files and allows for the design to be easily edited without affecting the functionality. There are other MVC frameworks for PHP but Codeigniter was chosen as it has a simple install procedure and small footprint.
Another design decision was to produce an administration panel that had completely separate set of views, controllers and models from the public facing website. This separation was important as it reduced the risk of a public facing user executing a delete or administration function. The separation also helped to simplify the content as the software did not need to display different page elements for administrator and regular users.
A key feature of the agile method utilised in this project was the use of regular feedback meeting with the project supervisor. This helped to ensure that the project was on course to meet the user requirements and also helped to guide the inclusion and modification of planned features. As a result of one of these meetings it was decided that the design of the website would be changed, the new design was created by another student. Figure 2. Shows the design image produced:
The membership module of the software was considered to be the most important as many modules required members to be logged in before accessing certain functionality; it was for this reason that it was implemented first. The membership module allowed people to sign up and create a profile; they were then prohibited from doing anything on the website until they had been approved by the administrator. This also meant the inclusion of approval functionality on the administrator’s interface.
In order to meet the user requirements and allow members to create resources, publications and projects it was important that these were implemented in separate modules. These modules allowed logged in users to upload and share files and information with other members as well as forming research groups around particular subject. These research groups allowed members to post files in a similar way to websites such as megaupload and also allowed them to comment and create discussions on the project page. Furthermore, the project creator had control over who could join the project and also had the facility to delete inappropriate content.
In order to promote online collaboration and attract new members to join in the research it was important to create social elements to the website. These elements allowed members to communicate with each other and build new professional relationships. One key feature was the inclusion of a user profile, this allowed members to see information about other members and the profile picture makes the profile feel more social and less anonymous. Other social elements included a comments function on each member’s profile, this allowed members to leave messages and have a public discussion. Alongside this is the functionality that enables the users to send private messages to each other, this is not implemented in the regular inbox, outbox and sent box formats but consists of conversations. A member messages somebody to start a conversation and once they have replied this appears in the conversations list. Each message sent between the users is then added to the conversation and the user can view all messages in the conversation from one page. This is important as it allows people to quickly review the messages that have gone before in order to compose their reply, this overcomes some of the problems posed by email exchanges.
Figure 3. Profile Page
The survey element of this project was the most complex feature of development and provided the most significant challenge. This feature could have used an existing solution such as surveymonkey or another survey platform however the survey supervisor indicate that these were not customisable enough to allow the correct branding. Therefore the feature was implemented using custom code. This solution also allowed for the building of a survey management feature for the administrator which allowed them to add, edit and delete questions and answers. This also allowed the admin panel to display the survey results to the administrator in a simple and user friendly way.
Security is an important aspect of any website development project. It was more important in this project as the working group’s focus was on security issues and they frequently suffer from SQL injection attacks. SQL injection is the process by which an attacker exploits vulnerabilities in a system by injecting SQL code into form fields to perform malicious actions such as emptying or dumping a database. Codeigniter provides security against SQL injection attacks as it escapes any special input characters and ensures that they are not executed as SQL. Codeigniter also provides protection against cross site scripting attacks by converting any inserted elements into character entities which are not executed. Further security is provided through the encryption of session data, this makes it more secure than storing sensitive data in a browser cookie. This allows the use of session data for functionality but secures it from anybody with malicious intent.
This project showed that an agile methodology working in conjunction with regular feedback from the end user can be an effective way to produce software that is fit for purpose. It was important to have very clear user requirements as these helped to decide the type of software required. For this project bespoke software was chosen however with different requirements it may have been more effective to produce a wiki or social networking solution.
This project sought user feedback from the project supervisor (a member of the working group) in the form of a short questionnaire. The results of this were very positive and indicated that the working group would be adopting this solution as its primary online collaborative tool. They also suggested that the working group believed that this project would encourage more members to join the research efforts.
The software produced in this project could be improved by allowing users to upload different types of content such as videos and sound clips however due to time constraints and no initial requirements to implement this it was not implemented. Further improvements could be made to this project through the improved use of AJAX which would help to make feedback from the site more instant and help the website become more easy to use. Garrison (2006, p.26) states that “the goal is to establish a comfort and willingness to collaboratively engage with the community” this software goes a long way towards establishing this. The feedback from the supervisor shows that the software will be an enabler of online collaboration.
The knowledge gained from this project points to the idea that inclusion of the best aspects of online collaboration software into a single software solution can be an ideal way to provide a new bespoke software platform. Furthermore, the main knowledge gained from this project is that user requirements should guide the selection of the software solution rather than trying to fit the requirements into existing software. It is also important that regular feedback is sought in agile development in order to ensure that the software matches exactly what is required.
Bird,C.,2011, “ Sociotechnical coordination and collaboration in open source software”, IEEE,27th IEEE international conference on software maintenance, (p.p.568 – 573)
TEDxCMU , 2011. Luis von Ahn: “Massive-scale Online Collaboration” [Video online] Available at: <www.ted.com/talks/luis_von_ahn_massive_scale_online_collaboration. html >
[Accessed 7th December 2011]
GitHub, 2012. The Company Information. [online] Available at: <https://github.com/about>[Accessed 29 Jan 2012 ].
ActiveCollab, 2012. Welcome. [online] Available at: <http://www.activecollab.com/>
[Accessed 24 Jan 2012 ].
Murphy, S., 2012. Twitter Breaks News of Whitne Houston Death 27 Minutes Before Press. Mashable.com Entertainment blog, [blog] 12 Feb. Available at: < http://mashable.com/2012/02/12/whitney-houston-twitter/> [Accessed 20 August 2012].
D’Andrea, A., Ferri, F., Grifoni, P., Guzzo, T., 2010 , “Multimodal Social Networking for
Healthcare Professionals,” Database and Expert Systems Applications (DEXA),(p.p.147-153)
BBC, 2011. Facebook Adds Skype Video Chat Feature. [online] Available at:
<http://www.bbc.co.uk/news/technology-14054860> [Accessed 30 January 2012 ].
Garrison,D.,2006, “Online Collaboration Principles”,[online] Available at:
<http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.96.4536&rep=rep1&type=pdf>[Accessed 12 Jan 2012]