Follow

Digital Rights Management In SCORM

Avatar

Clients often ask us how they can limit access to their SCORM content, or if SCORM has any form of digital rights management. Unfortunately, the answer is that SCORM doesn't have any specific rights management functionality. The mainstream use case for SCORM relies on trust and business agreements to protect content rather than technical security (after all, the "s" stands for "sharable", not "secure"). There are ways to achieve some form of protection, but they require deviating from the traditional SCORM deployment model. Options include developing a cross domain solution and hosting your own content and delivering compiled assets that check in with a home server. If you would like help with these advanced deployment scenarios, please let us know.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    Prathap kumar

    Hello Mike,

    At present i am working on SCORM 1.2 and exploring ways to protect our SCORM content  I want to limit the course access with the max user count or cut off date. 

    Can you please throw more light on the advanced deployment scenarios specified above?

    I am much interested to know about that.

  • Avatar
    Mike Rustici

    Hi Prathap,

    I saw in your interactions with Tim that you don't have any way of connecting back out to a server on the internet. If that's the case, then there's not really much you can do. If that's an incorrect assumption, let us know.

    Mike

  • Avatar
    krishna.kishore bhavaraju

    Hi Mike,

    I'm working on a multi-tenant LMS that prefers to keep the SCORM content in our content server. Content is owned by our customers - and is, sometimes, not free!

    User gets access to play the content only after registering for the course through our LMS (pay, if needed). Problem is that the browser shows the URL of the html files to users, and the URLs can be pasted into a different browser too (not all URLs check for LMS context)

    While we're thinking of a solution involving container / blob level security using temporary programmatic access keys, isnt there any other way we could implement the same in the context of LMS and SCORM?

    while SCORM is about Shareable :), all we want is to ensure that the LMS knows which user is accessing the content, and deny access (if needed)

    Thanks in advance,

    kk

  • Avatar
    Mike Rustici

    Hi KK,

    The way we secure our content in SCORM Cloud is very similar to how any generic web content is secured. When the content is launched, SCORM Cloud checks the identity of the user and sends a cookie to that user's browser. Access to all of our content is depends on having a valid cookie. Thus, even if the URL is pasted into another browser, only the legitimate user can access it.

    Mike

  • Avatar
    krishna.kishore bhavaraju

    Thanks for your reply Mike!

    When user plays content through SCROM cloud, I'm sure you can check if user is logged in, and also if user has rights to access that

  • Avatar
    krishna.kishore bhavaraju

    Oops! Hit some button too early!

    Thanks for your reply Mike!

    When user plays content through SCROM cloud, I'm sure you can check if user is logged in, and also if user has rights to access that course.

    My qjuestion is more around how to prevent a user from accessing the content URL OUTSIDE of an LMS  player?

    Regards,

    kk

  • Avatar
    Mike Rustici

    Are you looking for a way to prevent a previously authorized LMS used from accessing the content again outside the context of the LMS?

Powered by Zendesk