ADL Guidelines for Creating Reusable Content with SCORM 2004
The ADL Guidelines for Creating Reusable Content with SCORM 2004 (For Public Comment) supplements the SCORM 2004 documentation suite; MIL-PRF-29612B Performance Specification, Training Data Products; Department of Defense Instruction (DoDI) 1322.20 Development and Management of Interactive Courseware (ICW) for Military Training; and 1322.26 Development, Management, and Delivery of Distributed Learning. It provides guidance for instructional designers in implementing SCORM 2004 and registering content in the ADL Registry. You can apply many of the concepts in this Guide to other versions of SCORM content as well, with the exception of Section 7–Sequencing Your SCORM Content, which only applies to SCORM 2004. This document incorporates much of the "SCORM Best Practices Guide for Content Developers" published by Carnegie Mellon's Learning Systems Architecture Lab (LSAL) and includes assessment guidelines from the "Best Practices Guide for the Design and Development of SCORM Assessments" also published by Carnegie Mellon.
SCORM Content Vulnerability Exposed
Several blogs, forums, and Web sites recently highlighted a SCORM content vulnerability. The vulnerability they highlight is not new, nor did it originate with SCORM. It exists within the SCORM Run-Time API, which is based on an IEEE Standard(1). Some version of an ECMAScript based API has existed in all versions of SCORM since SCORM 1.2 was released in 2001. Given the flexibility of ECMAScript within the browser environment, this vulnerability allows technologically advanced users to potentially interfere with learner tracking data communicated from content by directly overriding and/or setting various SCORM data model elements.
ADL contacted the IEEE LTSC about this issue to discuss what actions can be taken to update the current standard or develop a complementary standard that would better enforce data integrity for delivered content. Several SCORM LMS vendors are investigating ways to prevent or detect individuals who leverage this vulnerability. Please contact your vendor directly to determine the actions they are taking.
Like online banking or any other online activity that you want to be secure, you can increase security in your SCORM content, but there is no way to guarantee security. Un-proctored online assessments should be considered a form of “open-book exams” since learners may have technical manuals, books, job aids, Google, or other resources in front of them while they are taking tests.
Content developers who are concerned about SCORM data integrity can take some actions to mitigate this vulnerability. Two ADL community members, Bill Blackmon and Jonathan Poltrack, have provided workarounds that may be applied to current and previous versions of SCORM content. Details for these workarounds can be found in the downloads below.
(1) 1484.11.2-2003 IEEE Standard for Learning Technology – ECMAScript Application Programming Interface for Content to Runtime Services Communication.
Downloads
| Name |
Date |
Issues |
Download |
| ADL Guidelines for Creating Reusable Content with SCORM 2004 (For Public Comment) |
08/01/2008 |
|
 |
| SCORM Content Vulnerability Workarounds by Jonathan Poltrack |
04/02/2009 |
|
|
| Securing Your Assessments, Excerpt from Carnegie Mellon Best Practices Guide for the Design and Development of SCORM Assessments |
04/02/2009 |
|
|