Skip to main content

Assignment Security strategy

This document outlines our unified invitation‑token approach for both low‑stakes and high‑stakes evaluations. By layering on configurable security checks, we keep the core flow simple while enabling rigorous safeguards when needed.

Decision Overview

  • Single public endpoint (POST /assignments) driven by a signed, one‑time JWT invitation.
  • TLS enforcement, JTI revocation, and audit logging ensure unforgeability and traceability.
  • Security layers are toggled per‑evaluation via metadata flags, avoiding multiple flows.
  • Runtime chain is explicit: invitation → assignment → security checks → delivery_session (with assignment_id) → submission (freezes assignment_id, evaluation_version_id, feedbackMode, feedbackTagKeys) → reporting.
  • Version pinning: assignments always reference a specific evaluation_version_id; if authoring changes, create a new version and new assignments. Existing assignments stay pinned.

Low‑Stakes Mode (Default)

  • Invitation‑only: token validity, scheduled window, seat limits.
  • No additional friction: instant assignment creation and access.
  • Ideal for surveys, quick quizzes, or non‑critical checks.
  • Guest path: if requireAccount=false, create/attach a guest user so sessions/submissions always have user_id; allow later upgrade/merge.

High‑Stakes Mode (Configurable Layers)

Toggle any of the following in evaluation metadata:

  1. Account Binding (requireAccount):

    • Candidate must sign up or SSO after redeeming token.

  2. Two‑Factor (OTP) (require2FA):

    • After token redemption, send email/SMS OTP before issuing assignment.

  3. Environment Lockdown (proctoring):

    • Integrate webcam/audio monitoring or lockdown‑browser checks.

  4. IP/Geo‑Restrictions (ipAllowList):

    • Enforce candidate IP within allowed ranges.

  5. Short‑TTL & Replay Guard (tokenTTLMinutes):

    • Tokens expire quickly; jti marked consumed on first use.

Configuration Example

metadata:
  security:
    requireAccount: true
    require2FA: true
    proctoring: ["webcam", "audio"]
    ipAllowList: ["203.0.113.0/24"]
    tokenTTLMinutes: 30

Extensibility

  • New checks (e.g. face‑recognition, keystroke analysis) can be added as middleware.
  • Core assignment flow remains untouched—just extend the metadata‑driven guard pipeline.

By centralizing the assignment logic and layering security per evaluation, we achieve a clear, maintainable API that scales from casual quizzes to fully audited, high‑stakes exams.