Clyde Virtual University (CVU) is an educational web site initially funded by the Scottish Higher Education Funding Council. This paper reviews CVU using the conference theme, accessibility, to form a review framework. The authors believe that this framework could be usefully extended and reused by web site administrators who wish to review their own sites.
The Scottish Higher Education Funding Council (SHEFC) has installed in Scotland four ATM-based Metropolitan Area Networks (MANs). EastMAN covers the Edinburgh and Stirling area, AbMAN the area around Aberdeen, FaTMAN covers Fife and Tayside and ClydeNet covers the Greater Glasgow area. To encourage the use of these high speed networks SHEFC funded the Use of the MANs Initiative (UMI) in June 1995. The UMI funded 64 projects across the four MANs; details can be found at http://www.icbl.hw.ac.uk/ltdi/man-info/umi.html. One of the ClydeNet based projects to receive funding was Clyde Virtual University (CVU) http://cvu.strath.ac.uk. The CVU project abstract reads:
"This is a collaborative project between Glasgow, Glasgow Caledonian,
Paisley and Strathclyde Universities. It aims to deliver existing courseware
over what has rapidly become the most easily accessible entry point to the
Internet for staff and students alike: the World Wide Web. By making materials
available on virtually all machines connected to the Clydenet MAN, access
problems for students will be minimised. Access to this courseware will be
restricted to institutions connected to the MAN, reducing download times
Digitised video will be taken from selected lectures and made available within the Virtual University, complementing and enhancing existing multimedia courseware.
The incorporation of animation, sound, graphics and video from existing packages is a primary aim of Clyde Virtual University. The addition of Shockwave, the Macromedia Director plug-in, to the freely available Netscape WWW browser will facilitate the inclusion of high quality multimedia material within courses. The Virtual University will utilise the extensive expertise of its members in networking, multimedia and the fusion of these technologies.
Finally CVU will act as a forum for student discussions across the institutions connected to Clydenet."
The importance of evaluation and review, especially in education, is very well documented (Laurillard 93). Having a framework for the review procedure is also important, especially when reviewing your own work. Review or evaluation of web sites is currently carried out only on an ad hoc basis. No review or evaluation framework for web sites exists.
The evaluation of hypertext usability is well documented (Nielsen 89 and Nielsen 90) and Jacob Nielsen continues to champion the cause of evaluation in terms of `Usability'. However, most evaluation of web sites is driven purely by aesthetics. At last year's WWW conference in Paris the panel session "Good and Sensible Design is Crucial to the Success of the Web" very rapidly became an argument about what is good taste rather than what is good design. Is a good, well designed web site best measured by how many `cool site of the day' awards it has won?
A lot of very good work has gone into the development of style guides for web page and web site designers. Of particular note is the work of Jacob Nielsen, mentioned above, Tim Berners-Lee (Berners-Lee 95) and the International Standards Organisation (ISO 96). All these works are driven by style and usability and do not cover the broader issues discussed in this paper.
Rather than use how cool a site is as a quality indicator, the authors have taken the conference theme, `Accessibility', and used it to develop an evaluation framework that is then applied to the CVU web site.
Firstly the review framework is user based. It is important to look at the user profile in terms of internet connectivity (their bandwidth), their hardware and their software. Does any particular group of users have specific requirements? Blind users for example generally use a text mode browser called Lynx and should be offered an alternative textual front end. Registration of users, so that where they go and what they do can be logged, is important. As is the authentication of users, are they really who they say they are. Security of the site must be as important as the site's other features; access to sensitive information must be controlled. Copyright should also have a place in a review. Finally, how a site advertises itself through registration with search engines and which pages are indexed is looked at.
Not all these issues will be important to every site and there will be issues for some sites that are not yet included in this framework. It is hoped, however, that this work might prove a useful starting point for the development of a more general web site evaluation framework.
Figure 2: The Review Framework!
The CVU server is a Sun UltraSPARC connected directly to the ATM network running Apache httpd (http://www.apache.org). This is a fast machine with a very good connection.
How well is the user connected? Although the CVU server is very fast and very well connected there are no guarantees that high bandwidth is available to everyone who may potentially want to access CVU. CVU's target audience is the local academic community (the academic institutions connected to ClydeNet) and we can hopefully assume that users within these institutions have access to well connected equipment. CVU also wants to be visible, to some extent, to the rest of Internet community who certainly will not all have high bandwidth connections.
CVU's two main repositories of material are the library and the lecture theatre. The library, which contains mainly textual information, including various articles describing aspects of CVU, is open to anyone. The courseware held in the lecture theatre is much more demanding. For copyright reasons (see below) and to be sure our users get a reasonable response time, the material in the lecture theatre is normally available only to ClydeNet institutions. People outside ClydeNet can see what is available as we have begun to put an information page at the beginning of every piece of courseware that is accessible to all. This describes the material and may offer a link to a demo version.
Various research sites around the world have been interested in CVU and they have been added to the list of allowed domains on a temporary basis for review purposes.
In general, the material that requires a high bandwidth is available only to the local ClydeNet institutions.
The graphical front end, the clickable campus map, is delivered, by default, only to academic sites in the UK. All other sites and Lynx users (see Disability below) get a textual front end.
The information page at the beginning of each piece of courseware gives particular platform and browser requirements. To date, the policies we have adopted have received no criticism.
Lynx, a text mode browser, is widely used by the blind community to access the Web. Using braille readers and speech synthesis facilities alongside Lynx gives access to news, information, entertainment, shopping, and the whole range of web-based services that would not normally be accessible.
Neil Ballantyne, an academic producing Social Work and Information Technology (SWIT) material for CVU, wrote in an email message:
"Food for thought...one of our new students this year has severe visual
impairment and, whilst a proficient computer user and the owner of a
speech synthesiser, cannot access HTML documents with a [graphical] web
The answer, as I'm sure you have already guessed, is Lynx - which *can* be used with a speech synthesiser. However, as you know, many web pages are not designed with Lynx in mind and look a mess or are impossible to negotiate. I tried CVU and happily found my way to a welcoming menu. The SWIT material doesn't look too bad either, but my clickable arrows need ALT tags. However, some material, like the study skills material is impossible because of the graphical nature of many pages and no ALT tags."
Guidelines for designing accessible web pages are available at http://www.trace.wisc.edu/world/web/index.html. Also see Web Access '97 http://access.www6conf.org/.
CVU uses the standard Basic Protection Scheme system (http://www.w3.org/pub/WWW/AccessAuthorization) to track users. The courseware, the assessments and some parts of the library are available only to registered users (users who have an entry in the password file). A registration system that allows users to register themselves (and view/edit their existing entry) is housed in the admin office. The registration system is a CGI program written in C which maintains the password file.
Customised error messages (produced by the Basic Protection Scheme errors) allow linking directly to the registration system.
Registration allows users to identify themselves, but how can the server be sure someone is who they say they are? This is particularly important if the assessment results count towards a degree or other qualification.
To date CVU has offered only formative assessments and has not had to concern itself with authentication.
In the future CVU does intend to provide facilities for summative assessment (end of year tests, etc.) and discussions have taken place with institutions who already carry out online summative assessment. Current practice involves placing labs full of computers under examination conditions for the duration of the test (Zakrzewski 96).
Here is an example of a real attack. On August 4th someone using ts-b.bcc.ac.uk attempted to download the /etc/passwd file from the Web server cvu.strath.ac.uk. Here are the lines in the access.log file.
ts-b.bcc.ac.uk - - [04/Aug/1996:17:52:13 +0100] "GET /cgi-bin/phf?cat%20/etc/passwd HTTP/1.0" 404 - ts-b.bcc.ac.uk - - [04/Aug/1996:21:47:13 +0100] "GET /cgi-bin/phf?cat%20/etc/passwd HTTP/1.0" 404 -NB the lines have been edited for brevity and security.
The response from University College London was
ts.bcc.ac.uk is our main Unix "timesharing" system, who can be accessed by
around 20000 staff and students of UCL. On the day in question, a userid on
this system was seemingly accessed by someone other than its rightful owner.
For most of the day, a series of utilities were left running in a systematic
attempt to obtain passwd files from systems by exploiting a known security
problem in a CGI program. A number of passwd files were successfully obtained,
although we have limited knowledge of what sites were involved as they were
all deleted by the intruder at the end of their session.
The compromised userid was closed down on Monday morning and no further activity of this kind has been detected since. Unfortunately, the source of the unauthorized login was a dialup line and we have so far been unable to trace its origin any further.
The incident was logged with the JANET CERT with reference number 960808.1.
This was an attempted attack a via CGI script. In our case it was not successful, but UCL confirmed that the intruder had succeeded in obtaining some password files. The conclusion is: don't compile anything you don't need and be very careful to check what you do need for weaknesses. The attack was discovered, by accident, while generating some usage statistics from the access log. Perhaps a regular security scan of the access log would be useful? There is a lot of security advice on the Web http://www.genome.wi.mit.edu/WWW/faqs/www-security-faq.html
Author access - Root access is necessary for the maintenance of user accounts on the server, allowing staff and students to mount their own materials. Exceed and Admintool on a PC are used to allocate and update user account details. Some accounts have been set up temporarily for students; it is important to have a system in place for removing these accounts when they are no longer required.
The importance of copyright should not be underestimated. Sites need to be sure that they are not infringing the copyright of others and at the same time protect their own copyright. CVU was lucky enough to have access to graphic design services within the University of Strathclyde. The graphical front end and the navigation buttons were all designed in-house and CVU owns the copyright. Express permission was obtained where necessary, for instance from Sun Microsystems for the mounting of their Java Tutorial on our server.
It is advisable to display a copyright message prominently within your pages; if you do not do so, people may assume that your materials are in the public domain. [we don't do this yet - oh dear!]
It's no good having a great site if no one visits. One of the most obvious ways to make yourself known is to register your site with the multitude of search engines that exist. Care must be taken to install a robots.txt file (http://info.webcrawler.com/mak/projects/robots/norobots.html) to ensure that those areas of the site that you do not want to be indexed do not get indexed automatically.
It is worth mentioning that non-Internet based methods of dissemination can be highly effective in publicising your server. Increase in interest in CVU has been developed and maintained with the use of publicity events, flyers and media coverage.
As well as ensuring that there are links to your server from the outside World it is important to develop a policy on the links from your pages to other servers. Links can cause problems such as:
Links to other servers are, however, often dangerous. The policy at CVU is to minimise them and, where they exist, to check them regularly. CVU was recently faced with the embarrassing situation of having links to material on another less rigorously managed University server. When these links stopped functioning, due to an unnotified change in the structure of the other server, CVU users complained that some CVU material did not work. The links to this material have now been removed.
If any structural changes are made to your server it is good practice to search for outdated links to your pages on other servers using one or several of the common search engines and to notify their webmasters of the changes.
Looking at a Web site in terms of access has brought to light issues which might otherwise have been overlooked. This paper has set out the issues as they relate to an educational site but most of them will probably relate to other sites. Web site administrators should be able to answer questions such as
The framework for evaluation proposed in this paper has, so far, only been applied to one web site. However, unlike evaluation based on the style or usability of a site, the framework the authors are proposing can be applied only from the inside by the site administrators. The authors would welcome discussion from other web developers on the application of the framework to their sites.
Berners-Lee 95 - Tim Berners-Lee. Style Guide for Online Hypertext http://www.w3.org/pub/WWW/Provider/Style/Overview.html
ISO 96 - ISO Central Secretariat Guidelines on the Creation and Maintenance of Web Servers and Pages - Draft Version 4.0 (1996-08-21) ISO/IEC JTC 1/SC 29
Laurillard 93 - Diana Laurillard. Rethinking University Education. Routledge 1993.
Nielsen 89 - Jakob Nielsen. The Matters That Really Matter for Hypertext Usability in Hypertext '89 Proceedings, ACM 1989.
Nielsen 90 - Jakob Nielsen. Evaluating Hypertext Usability in Designing Hypermedia for Learning, edited by David H. Jonassen and Heinz Mandl. Springer-Verlag 1990, pages 147-168.
Zakrzewski 96 - Stan Zakrzewski. Summative and Formative Computerised Assessment: The Luton Experience, Northumbria Assessment Conference. 4-6 September 1996.