Update: The Output of Project Tin Can is Experience API.

next generation scorm evolution project tin can
 

Ready to really dive in?
View the full
Tin Can API spec.

View the Tin Can API
“quick start” guide.


Security/Privacy Complexity

scorm tin can security privacy permissions The Tin Can API allows for the collection of a lot of data — so much data that it’s hard to draw the line between powerful reporting and what would be considered a breach of privacy. The natural question to ask is “who has access to the data, and how do we protect the privacy of learners?”

The accountability will largely be on the LRSs. Multiple user levels with different privileges will most likely be necessary, and an industry-wide list of best practices should be created. There should be a clear line between LRSs being too open, but not too restrictive.

Permissions get more complex when you look at team-based and collaborative learning. Should learners have access to each other’s data? How much access?

SCORM 2.0 next generation project tin can

  • Ryan Sorgnard

    Breech should be “breach” in the first paragraph.

  • Michael S

    See my comment under Team Based Learning in the previous section. The hierarchies generally already exist for most organizations (faculty teaches a class, class contains students, students form a team). This is simplistic since you might want teams from different classes to collaborate. The protocol would just need to support a dynamic group construct and then allow the instructor to define a default access control for the class and groups within the class. I suggest adopting the Google+ Circles style construct which shares a certain amount of information by default, but then allows the user to tighten/loosen access on demand. You also want to support dynamic creation/destruction of groups on demand.

  • Correct me if I’m wrong, but based on what I’m seeing in the spec, it seems like if an LRS launches a Tin Can experience then they’re exposing the access token to the end user, which means the user can make send any statements they want to the LRS. Am I missing something?