Here's an overview of how your LMS interacts with Content Controller. It is notable that "authentication" in the normal sense isn't happening here - the SCORM standard has no concept of users or passwords, and the learners are not "authenticating" against Content Controller in any meaningful sense: your LMS handles authentication chores. All we are doing is making a set of content available if an learner is in possession of an appropriate Dispatch package.
Here's how the process works:
- You import a course into Content Controller.
- Content Controller generates a SCORM Dispatch package. For an overview of how dispatch packages work, please see this article.
- You load the Dispatch package into your LMS.
- When a learner elects to take a course, your LMS gives them the Dispatch package, which they launch.
- This Dispatch package contains a set of tokens which are passed via a URL to Content Controller. Content Controller then uses the tokens to determine if the learner has access to the course content. Content Controller tracks the number of users / launches / and the dates of access to content via the dispatch package. Content Controller is designed to gate this access upon hitting configurable preset limits across all 3 of these dimensions. Additionally, Dispatch packages (Content that has been shared) can have their access revoked at anytime by deactivating the course in the Account/ Content userinterface
The learners at no time have access to any interactive functions of the Content Controller administrative interface or API - all that Content Controller is doing is determining whether they're able to download the course content, launch the course, and record the results of their course.
The tokens are static, and are passed via a URL - they're bound to the dispatch package that you generate.