This is an interesting problem. I was thinking about it several times already.
But first let me be sure, that my imagination of your usecase is similar to your usecase :)
---------------
If I understand your usecase right:- Your Students should be able to use TW as there Notebook.
- Your Students should be able to create there assignments / tests / questionnaires with TW, and send them back to you.
- Based on the TW content you want to grade the content (and the student)
- You want to be sure, that you can link a TW / tiddler to a student without of doubt.
- You want to be able to make notes and give them back to the students.
- You want to make sure, that your notes can't be changed, without you noticing it afterwards.
- I'm sure your students won't change your notes but just to be sure they can't, without you seeing it.
- You need a way to connect the content / every tiddler to a specific student.
- You need a way to connect the content / tiddlers to you, so your assignments / notes / questionnaires can't be changed.
- Sharing a whole TW and just changing the modifier / creator name should not be possible, without you seeing it.
- Since copy / pasting / export / import / can't be prevented, so you want to know, if 2 texts are the same, or very similar.
.... something missing :)
----------------
Some TW basics: Tiddlywiki itself is a single html file. Html is plain text. So with every text editor you can open and modify it.
So even if you would change the TW UI and hide buttons, tags, what not ... Your students will find a way to trick you :)
This
"hiding mechanism" has a name: "security by obscurity" [1] ... and it
is "no protection" here (and it never is), because TW is open source.
Everything is
open, transparent and can be easily changed.
If your class is IT, javascript, html or css related, imo this would have a great learning effect.
And imo it would be fun, to see who is smart enough to trick you. ... But that's probably not what you want :)
---------------
The possible mechanisms: If
you want to avoid, that users can copy paste content from one TW to an
other, without you recognizing it, you'll need a secure signing method.
The main problem here is, that from a security point of view, as soon as
you send out your TWs, the whole system is evil and against you.
You can't trust it (from a security point of view.)
mechanism A)
So you need an "end to end" signing method, where both ends is you :)
Your signing method has to be invulnerable against a "man in the middle" attack [3].
So you can be sure, that your content is yours and the initial students TW isn't manipulated.
mechanism B)
You need a signing method for your students, that lets them proof that they did create the content.
This signing method needs to be invulnerable against A) too.
C)
Importing tiddlers from an other TW needs to break the signature.
So students can't share whole TWs, because the TW is bound to a student.
They can't use TWs export / import / drag and drop functions, because this will break the signature.
D)
IMO the most complicated one.
You need to detect if 2 texts are similar enough, that they could have been shared and modified, to look different.
Machines and algorithms are already very good at this. But it would need a huge backend..
So for this point you'll need your experience as a teacher. ... Teachers are quite good at it too :)
I think A) B) C) can be implemented in way that is (almost) completely in the background.
Every user needs a "personalized" TW. So there will be some administration overhead. But this is the same, as with your initial proposal.
What we can achieve:
Imo it would be possible to create a system, where the only way to copy content is:
- Manual transcription from one TW to the other one. ... But see "manual" ..
- So if computers are involved it should break the signature.
- Manual copy / paste content and modify it in a way, that it looks different. see: D)
- But this is the same amount of work, if you use paper for your assignments.
- So TW is as strong as paper here :)
------------------
Some more signing basics:The built in TW encryption doesn't work. Since it is intended for a completely different usecase.
The second idea would be a "public" / "private" key signing method [2] for A) and B).
but ...
IMO a "public" / "private" key system _can't_ be used here. Since it depends on the "private" key to be secret.
So for method A) it may work, but imo is not practical because of the needed overhead.
A student (method B), that wants to borrow TW content, doesn't care about the secure key.
They'll give there private key to the one, that has made the assignment, so they can sign the content with the "evil users" key and you can't see this manipulation.
-------------
The mechanism I have in mind is based on "Visual Cryptography" and some "hashing",
which makes it possible, that you can immediately "see" if something is manipulated.
It should be possible to use the existing core encryption library, plus a new plugin for the "visual crypto" stuff.
!! Important: This is not a promise, that I'll implement it. !!
It's brainstorming what imo will be needed, to be allowed to base a students grade on TW content.
And for students it would be possible to proof, that they did the manual work to create the content.
have fun!
-mario
[1]
http://en.wikipedia.org/wiki/Security_through_obscurity[2]
http://en.wikipedia.org/wiki/Public-key_cryptography[3]
http://en.wikipedia.org/wiki/Man-in-the-middle_attack