CMI 5 Working Group Meeting Minutes – September 4th - AICC/CMI-5_Spec_Current GitHub Wiki

cmi5 Working Group Meeting Minutes – September 4th

Attendees

  • Bill McDonald (Working Group Leader)
  • Andy Johnson (ADL)
  • Florian Tolk (ADL)
  • Brian Miller (Rustici Sofware)
  • Ben Clark (Rustici Sofware)
  • Henry Ryng (InXSOL)
  • David Pesce (Exputo)
  • Henry Ryng (inXSOL)
  • Christopher Thompson (Medcom, Inc.)
  • Mike Hernandez (Design Interactive)

Notes

cmi5 Authentication

The group continued its discussion regard to authentication (see Issue #609 - https://github.com/AICC/CMI-5_Spec_Current/issues/609 ). cmi5 currently specifies "basic auth" which is considered problematic by some developers.

The following topics were discussed:

  • Although xAPI does not explicitly require a specific authentication header, cmi5 must in order to ensure interoperability.

  • Regardless of which authorization headers are supported, the overall of flow of retrieving authentication token (using the Fetch URL, etc), should be kept the same.

  • Defining new authorization headers may affect support for cmi5 legacy content.

  • Support for "Basic Auth" may be problematic for some developers software library/framework limitations. (Basic Auth may have obsolescence issues)

  • If different authentication header types are required, the requirement for supporting them should be levied on the AU authoring tools/AU designers (not the LMS).

  • The authentication token's duration is specifically indicated for the length of a cmi5 sessions. It would be good to define a best practice for determining/specifying token duration.

All Previous cmi5 Meeting Minutes

https://github.com/AICC/CMI-5_Spec_Current/wiki

cmi5 on GitHub:

http://aicc.github.io/CMI-5_Spec_Current/