CMI 5 Working Group Meeting Minutes – September 11th - AICC/CMI-5_Spec_Current GitHub Wiki
cmi5 Working Group Meeting Minutes – September 11th
Attendees
- Bill McDonald (Working Group Leader)
- Andy Johnson (ADL)
- Florian Tolk (ADL)
- Art Werkenthin (RISC, inc)
- Dennis Hall (Learning Templates)
- Brian Miller (Rustici Sofware)
- Henry Ryng (InXSOL)
- David Pesce (Exputo)
- Christopher Thompson (Medcom, Inc.)
- Mike Hernandez (Design Interactive)
- Scott Powers (Meridian Knowledge Solutions)
Notes
cmi5 Authentication
The group discussed possible future spec changes to allow different types of authentication headers by the AU in xAPI messages.
Possible solutions include:
- cmi5 Version for course structure
- Fetch URL data returned would specify Authorization Header scheme
These solutions would still be problematic for legacy cmi5 AUs (content).
The issue that raised this discussion initially was that a developer did not have a tool set that could create listeners that accept would Basic authorization headers. This issue is not widespread and providing for alternative authorization header schemes does not enhance security or appear to provide any other substantive advantages. Should the situation change, the group will re-assess alternative authorization header schemes for future spec versions.