CMI 5 Working Group Meeting Minutes – September 18th - AICC/CMI-5_Spec_Current GitHub Wiki
cmi5 Working Group Meeting Minutes – September 18th
Attendees
- Bill McDonald (Working Group Leader)
- Andy Johnson (ADL)
- Florian Tolk (ADL)
- Art Werkenthin (RISC, inc)
- Dennis Hall (Learning Templates)
- Brian Miller (Rustici Software)
- Henry Ryng (InXSOL)
- Christopher Thompson (Medcom, Inc.)
- Mike Hernandez (Design Interactive)
Notes
cmi5 best practices for preserving local AU State
The group discussed best practices to prevent cmi5 errors related to browser refresh situations. Certain operations can only be performed once during a cmi5 session and the AU needs to preserve a record/state of these operations should a browser refresh occur.
The group approved the following changes to best practices:
Add Persist AU Session State best practice
Best Practice #17 – Persist AU Session State
There are certain situations, such as browser window refresh, that may inadvertently cause cmi5 errors related to operations that must occur only once in a session. To prevent such issues, AU’s should be designed to use non-volatile storage (local to AU) to preserve the state of following operations that have been performed during the session:
- Fetch URL token retrieval (which can only be called once in session)
- All cmi5 defined statements that can only be sent once in a session.
Update Fetch URLs best practice
Best Practice #3 – Fetch URLs
- The Fetch URL should be unique for each session.
- The Fetch URL must only return an auth token on the first call. (Subsequent calls must return an error – i.e. it should be a “one time use” URL)
- The Fetch URL should not reuse auth tokens.
- The Fetch URL should return a 4xx HTTP error if an HTTP method other than POST is used.
- Since the Fetch URL can only be called once, the auth token should be stored in non-volatile storage (see best practice “Persist AU Session State”)
See http://aicc.github.io/CMI-5_Spec_Current/best_practices/ for all cmi5 best practices.