We don’t like personal exam key forms for numerous reasons:

• you need to print them
• printing them per room, grouped/ordered alphabetically by surame (but what about prefixes “van der …”) is non-trivial, especially when using Osiris participants lists
• distribution at the start of the exam takes time (30 min easily with larger groups)

Also, personal exam keys don’t prevent participants from logging in to someone else’s account, and taking the key form from the owner of that account. It only guarantees that the participant with the key form is in the room where the forms were distributed.

Instead of using personal exam keys, we can restrict the tickets to be valid only for specified IP addresses. This can be combined with access using a personal key, in case somebody starts working from an IP address outside the allowed IP ranges.

Idea:

• add exam tickets option: restricted IP access, which is a selection of named IP Ranges
• an IP Range:
  • has a name (e.g. Drebbelweg TZ-1)
  • has a regular expression to match the IP addresses against (bit harder to setup, but easier to implement, it has more flexible matching, and supports ipv4 and ipv6)
  • is configured at the system level by WebLab administrators
• activating the exam ticket (= entering the exam) can be done only from the allowed IP Ranges -or- by entering a personal exam key as the fall-back for students that work on devices without an allowed IP address.

In case of last minute issues with IP addresses (i.e. being different than expected), the option can always be disabled, so students can activate their ticket without the IP-check (and without personal exam key).

Later we may also use this configuration to put accounts into restricted weblab-exam mode automatically at login, based on IP, and only allow access to (upcoming) exams. This way, students can no longer open tabs with non-exam content just before the exam starts. But this would only be required for “closed book” exams.

Submitted by Elmer van Chastelet on 1 November 2021 at 17:27