There appears to be more than one way to authenticate a user with an xAPI published title and some of the research I’ve done indicates:
The title is expected to do the authentication
Titles must be capable of supporting OAuth
Users would need an account on the LRS to use 3-legged OAuth
So if a published xAPI title is launched by a user and the title is not within an LMS is the title expected to do the authentication? That is how does a Lectora title know what type of authentication an LRS will require when the title is published for xAPI (Tincan)?
Even is I decide the title is launched with a launch link eg
how can the link be created without some login procedure:
Hi I’m Antonia
Hi Antonia, what’s you password
My password is “blah”
Ok, the courses I can offer you are…
Thanks, give me course 3
Course 3 is launched with an appropriate link
As you can probably tell I’m struggling a bit here with creating an xAPI course that I can just give to the client without needing to deal with lots of other problems. [In the scorm days all I asked was for what version of scorm, what LMS they were intending to use, and whether the LMS opened courses in a new window.]
I’m working my way slowly through the xAPI spec and comparing it to what Lectora publishes and (not surprising) it appears it would only work in two of at least four circumstances xAPI is supposed to support: mbox; mbox_sha1sum; account; and, openid.
Is the belief that those that still use “ancient” browsers won’t be wanting xAPI?