Protected Blog

| 6 Comments
It is our plan to provide Protected Blog to the PSU community in the next semester.  In implementing the protection scheme, we have encountered a few very interesting issues that made us re-think again and again what Protected Blog means, or should mean.

1. Protected?  Blog?

The first issue is the the name itself.  Are the term protected, private, and personal interchangeable?  For developers like us, we use them to describe the primary features of a product, as opposed to define them.  The problem emerges because of our prior experiences with some users assuming PSU Personal Web Space means materials put in that space is, well, personal, in the sense that nobody else has access to them.

Even the word Blog could be confusing for some.  The Movable Type product we use supports two publication formats: static page (Pages) and Blogs.  One of the primary goals of incorporating MT as a tool into PSU's web space framework for the PSU community is to provide users a convenient tool to quickly publish, share, and discuss thoughts.  Since that corresponds to what a blog does, we decided to call the whole package "Blogs@PSU", in spite of the fact that one can also use MT to publish static pages.  In a meeting, one manager from the marketing side mentioned that it may be difficult for some to understand why one creates a blog and some static pages when pressing the button "Create Blog".

2. How protected is Protected?

Would it be useful if we publish all the materials into a downloadable zip file so the materials are totally private since the user is the only one to have that that file?  Such application is very similar to some online tools that generate organized/formatted files from user-provided materials: online PDF generator, Code Beautifier, etc.  What's the purpose of publishing something and make it private?  Perhaps one can argue the necessity of having a personal organizer or archive online.

The real challenge comes when we want our product to provide functions not only at the two ends of the spectrum but also somewheres in between.  What if we want a blog to be only readable, searchable, and commentable by a sub-community, say, a class, the family, or a specific group of friends?  What if we want a blog to be readable by some but commentable by only some of those some?

3. Who are we protect the contents from?

The most common scheme we use to distinguish users with access from the rest is login/password, or in our case, PSU access account, as opposed to, say, using cellular phones to dial (or text) security code (so we get very close to real identity).  The use of PSU access account implies the readers of such protected blogs must have some kind of PSU affiliation to have an account.  So far, we do have Friends Of Penn State (FPS) open to the public.  In the example above, family members can get an FPS account by registration, and then login every time to view a specific student's protected blog.

4. How many resources can we use?

One of the technical challenges we face for this product is the efficiency of data retrieval.  To provide more fine-grained access control, we will need more computer resources, both on the database replication side and the web server side.   In the real world, we simply need to allocated the precious resources for the most important features.  Even Google chose only to provide part of the full access control matrix in many of their services (e.g. Picasa does not allow co-owning an album, or have unlimited specific Google users to have access to an album, let alone access to specific pictures.  Blogspot does not have read access control at all.)



Almost all issues here can be approached with communication.  On the user side, better digital literacy can be achieved by education.  On the developer/management side, understanding what we have and making the best use of the resources can be done by in-depth discussion.  In this sense, the products we deliver is not a publishing software, but a complete package of how blogging enhances the teaching/learning experience, ready to use.

6 Comments

Great post, TK. I think you are hitting on some important ideas here -- the notion of blogging is at the core of this and what it means to "publish" a blog (or a page, or a post, or a comment). It is all really tricky and it is moving very quickly. It is smart to try and break it down into the parts that we need to understand as we go forward.

Might I add another dimension to this -- the idea of semi-protected. Imagine a student who really wants to write openly about a piece of work she has done, but feels important to protect the actual piece of work from public view/access. This scenario seems to be a great way to share reflection on artifacts, while still protecting the resulting artifact itself ... does that make sense? Essentially a public blog post that connects with a secured file that is managed by MT. I could see myself wanting functionality like this ... if I am on a committee I may want to make the reflection of the work I am doing open and discoverable, but the draft of the report protected so that only members of my committee can download it. New ways to think about open (and closed).

No reason to complicate such a system. That could be easily done by linking to a protected post that contains the content, and usually there is some additional protected message to go along with the content anyway.

The killer thing about the Blogs@PSU platform is that it takes the pain out of managing files (even if people don't see that). Being able to use the internal file manager to upload to a protected space is one less hurdle a newbie has to jump. I've taught undergrads (and grads) who just don't get the notion of SFTP, PASS Explorer, or even mounting shares (if you can believe it). Having a simple way to insert a protected file into a public post will be a small, but important feature.

Thanks for the comments, Cole!

I agree on that Blogs@PSU opens the publishing channel to a much wider range of writers. Take Brad's analogy, if developers still believe that whoever doesn't use vi to write HTML code are not qualified to create web pages, the digital conversion simply won't go forward.

What would it mean to have a protected file in a public post? Does it mean a post with an embedded picture that doesn't show to the public? Or a summary of a PDF article that's only downloadable by a few?

Jason, thanks for the solution. I think that would definitely make user experience much smoother. From the developer's point of view, keeping all relevant contents within the same blog is a good idea.

Brad also is thinking about providing a way for students to continue developing their blogs after they graduate. Having contents of one blog centralized in location will be a good design.

I think the protected/public hybrid that Cole describes is a case that we might see more and more of as time passes.

TK, you bring up the excellent point of resources. Right now, I would say we do not have the resources to protect portions of a blog. It is an all or nothing decision on the blog level, and that is how it will have to be for the foreseeable future. (Of course, in IT the foreseeable future isn't very far)

I could image a separate from blogs@psu "protected sharing" file upload tool. That would be dead simple return a URL for the protected file and a user could drop into their blogs@psu post.

This is a great post, TK. It clearly lays out the issues we are grappling with.

Leave a comment

Subscribe to receive notifications of follow up comments via email.
We are processing your request. If you don't see any confirmation within 30 seconds, please reload your page.

Search This Blog

Full Text  Tag

Recent Entries

Moving to Sites.PSU.EDU
I'm in the process of moving all contents to http://sites.psu.edu/edued/ . All new contents will only be found there.…
Visualize PSU Blogger Behavior
I'm presenting the contents in LDSC 12 poster session. 11:50 a.m.-12:30 p.m.: "Gallery opening" in Zoller Gallery in the Visual…
Open Source Bridge 2012
Attending Open Source Bridge 2012 (OSB) was an experience beyond my original expectation. Besides learning about new technologies and the…