Should a SCORM course be only able to be launched and run from via an LMS? We have SCORM courses that run just fine from our PeopleSoft Enterprise Learning Management system. However, the issue is with students being able to copy the course URL and use it outside of the LMS. In other words, they can share the URL address and the course can be accessed outside our LMS. Is the problem with how the SCORM course is packaged or is it with the LMS? My previous experience with SCORM courses did not allow direct access to course URLs outside the LMS.
The short answer: SCORM remains totally silent on this issue. A course that allows itself to be launched via URL is neither right nor wrong. In practice, our SCORM Driver can be configured to work with a particular standard or it can be configured to function with whatever standard it can manage. In the "just work" configuration, one of the options is "NONE", so that means that it will attempt to function even if it can't find an LMS.
In reality, this is an issue probably best left at the feet of the LMS provider. (Although I'll admit that there are many LMS providers that don't address it.) An LMS vendor could conceivably secure their "content directories" via an ISAPI filter or something along those lines. This would allow them to validate the authenticated session of a user prior to delivering the content to the learner. This would prevent the wrong user from accessing it.