Keeping Your Shareable Dashboards Secure
You know and love them as a handy way to track and display the learning KPIs that matter in your organisation. A staple of the Learning Technologist’s digital diet.
‘But how can the humble learning analytics dashboard be improved?’ I hear you ask.
Well, some of you may remember that in April we introduced the ability to create multiple shareable links for your Learning Locker dashboards.
Our customers were now able to share the results of their learning analytics with the rest of their business, without the need of creating several user accounts.
This meant that the tedium of creating a huge number of visualisations with different filters alongside a never ending sum of individual dashboards was now a thing of the past!
So What’s New?
After releasing this update, we began to receive a stream of customer queries asking whether they were able to use the dashboards to dynamically filter the data in an individual learner’s space within another site.
We knew the way to do this would be to allow an additional filter to be passed in the dashboards URL, returning only the data expected for that individual user.
So, that’s exactly what we did!
Whether you’re an experienced Learning Locker user or, whether you’re just getting started, I can tell you it wasn’t strictly as easy as it sounds.
We knew we couldn’t simply provide all users with the ability to pass through visible filters in the URL, given the potential for malicious users to edit or change these values to display data that shouldn’t be available.
How Did We Solve the Problem?
Hope wasn’t completely lost.
To overcome this, we decided to go down the route of using JSON Web Tokens of JWTs. Now, for those of you who are unfamiliar with this, a JSON Web token is essentially a safe way of sharing information between two parties.
By doing this, admins were then able to set a “secret” on each shareable link [a bit like a password], which is used to create an encoded URL that cannot be modified by a third party.
Figure 1 indicates the security options available for shareable links within the new URL filter mode.
Of course, it is possible for someone to take a JWT and decode it to see the filter. However, they cannot construct their own filter without knowing the “secret”.
Any attempt to change or remove the filters in the URL will cause the request to fail as the “secret” signature will not match.
This now ensures that only the filter added when the token was created will return any data, removing any worry on your part about users accessing information that shouldn’t be exposed.
So What’s Next for Visualisations?
Over the next few months, the Learning Locker team are going to be working hard on a series of releases that aim to add a variety of options for the visualisations of data. This will include new charts, the option to customise the look of them and, add additional insight into what is currently available.
We have recently coming up with a whole shopping list of ideas, some of which have been our own, others inspired by our valued customers.
Learning Locker looks forward to some aesthetic improvements, including a clean table view available in the dashboard and chart options that add additional customisation to the visualisations.
Watch this space for more exciting developments!
If you’d like to learn more about the dashboards within Learning Locker, check out our post Enhancing xAPI Insights With Shareable Dashboards.