Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication #1

Closed
MrBillMcDonald opened this issue May 25, 2012 · 1 comment
Closed

Authentication #1

MrBillMcDonald opened this issue May 25, 2012 · 1 comment
Labels
question

Comments

@MrBillMcDonald
Copy link
Contributor

No description provided.

@MrBillMcDonald
Copy link
Contributor Author 

 John,

If I understand correctly the Entitlement Data elements are intended to address #1. EntitlementIdentifier is intended as a "license key" to identify the LMS to the content server to determine if the LMS is authorized to use the content.

#2 is an issue that could addressed by running over SSL. The Session ID could be a "shared secret" to authenticate each request. The actual allocation of session id values is outside of the specification. The LMS must provide it on the launch URL for HTTP based content. SSL will protect the value during transport. However, it would appear in browser address bar and history and could be sent as the http "referer".

As I recall, the reason we left authentication out of the specification is that there are many different approaches. If we were to specify one then all clients and servers would have to support that approach.

Some possible scenarios:

  1. Default (same as HACP):

•Student logs on.
•Selects a learning activity to launch.
•LMS generates a session id and launches the content.
•Service calls are "authenticated" by checking the validity of the session id.
•Session id is inactivated when Exit request is received.

  1. Same as Authentication #1 but run under SSL.
  2. Web Session based.

•Student logs on.
•Selects a learning activity to launch.
•LMS generates a session id and launches the content.
•Service calls are "authenticated" by checking the student's login session information against student information associated with the session id (service will need to support the same session identification mechanism as the LMS uses to maintain student login). Requests with invalid session ids will still be rejected.
•Session id is inactivated when Exit request is received.

Some of the ws-security extensions could be used but they require SOAP 1.2 and need close conformance between client and server.

I'm not enough with oauth. If it involves adding a field to each request for authentication then I don't see a problem with that. I'll try to take a quick look.

Mark Schupp - Integrity eLearning

MrBillMcDonald pushed a commit that referenced this issue Feb 28, 2013
Merge pull request #1 from AICC/master
4e35259 
Get updates made by me
@andyjohnson andyjohnson mentioned this issue May 3, 2013
Closed
@MrBillMcDonald MrBillMcDonald mentioned this issue May 11, 2013
Closed
MrBillMcDonald pushed a commit that referenced this issue Dec 2, 2013
Update cmi5_runtime.md
dea492a 
#1 - Organizations changes to closer match XAPI API structure (Statements and State, Profile data(
#2 - Reformatted tables for URL launch line
#3 - Updated Actor definition and examples
#4 - Added more detail for extensions and their usage
This was referenced Apr 11, 2014
Closed
Closed
MrBillMcDonald pushed a commit that referenced this issue Apr 15, 2015
Update cmi5_runtime.md
3920c04 
errata changes #1 from April 15th Meeting
@MrBillMcDonald MrBillMcDonald mentioned this issue Jan 22, 2016
Closed
@MrBillMcDonald MrBillMcDonald mentioned this issue Aug 15, 2016
Closed
@sdwarwick sdwarwick mentioned this issue Feb 21, 2017
Closed
@MrBillMcDonald MrBillMcDonald mentioned this issue Apr 21, 2017
Closed
@MrBillMcDonald MrBillMcDonald mentioned this issue Jun 30, 2017
Open
MrBillMcDonald added a commit that referenced this issue Nov 17, 2018
@MrBillMcDonald
Update Objectives Best Practice #1 (per Nov 16 mtg)
5ab921d 
Update Objectives Best Practice #1 (per Nov 16 mtg)

Add parent for context activities
@brianjmiller brianjmiller mentioned this issue Jul 28, 2021
Closed
@brianjmiller brianjmiller mentioned this issue Aug 6, 2021
Merged
MrBillMcDonald pushed a commit that referenced this issue Aug 13, 2021
@brianjmiller
Update to best practice #1
8d0854a 
Switches from BP #1 from including objectives in `parent` to including them in `grouping` and removes parenthetical around the activity type to be used and codifies it instead
MrBillMcDonald added a commit that referenced this issue Aug 13, 2021
@MrBillMcDonald
Merge pull request #747 from brianjmiller/patch-9
054a0c1 
Update to best practice #1
@MrBillMcDonald MrBillMcDonald mentioned this issue Jun 24, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MrBillMcDonald