Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

xAPI 201: Move from Experimentation to Mastery


Published on

DevLearn 2018 Presentation by Rustici Software CEO TJ Seabrooks

Published in: Technology
  • Be the first to comment

  • Be the first to like this

xAPI 201: Move from Experimentation to Mastery

  1. 1. xAPI 201: Move from Experimentation to Mastery TJ Seabrooks, CEO at Rustici Software October 26, 2018
  2. 2. Common beginner xAPI features ● xAPI Basics ● Code ● How to track learner experiences What we won’t be talking about
  3. 3. What we will be talking about Advanced and underutilized xAPI features ● OAuth ● Statement signing ● xAPI Profiles ● cmi5 ● Authorization ● Trust ● Security
  4. 4. The scenario: moving to mastery
  5. 5. We’d like to build a report based on xAPI data The report’s quality is governed by these key questions: 1. Where did the data come from? 2. Do we trust this data? 3. What does this data mean?
  6. 6. 1. Where did this data come from?
  7. 7. Authentication and Authorization Two important but different jobs Who are you? (Authentication) Can you say that? (Authorization)
  8. 8. Authentication and Authorization ● Implementation dependant behavior ● Authorization based on launch time token ● Credential can be inspected and reused for nefarious purposes ● No guarantee the statement sent is about the learner we expect Option one: xAPI Package Launch
  9. 9. Authentication and Authorization ● Tightly defined behavior ● Authorization token is fetched after launch ● Depending on implementation, Authorization token can be kept securely ● Statements must be about the expected registration and actor Option two: cmi5 Launch
  10. 10. Authentication and Authorization Option three: Generated credentials for a Learning Record Provider ● Learning Record Provider (LRP) may be able to send data about any Activity and Actor ● Updating credentials may require modifying the LRP ● May pose a security risk when used in course packages
  11. 11. Authentication and Authorization ● More secure ● Requires a set of credentials for the LRP and the learner ● Creates a unique session for the LRP to communicate data only about the specific learner ● Can be more complicated to implement Option four: OAuth
  12. 12. 2. Do we trust this data?
  13. 13. Trust What does trust mean? ● Is this data exactly as it was when we received it? ● How does it compare to Authentication and Authorization?
  14. 14. Trust Statement Signing helps us verify trust ● Using Public / Private key pairs to create a unique signature ● LRS can validate signature at reporting time ● Provides support for data audits
  15. 15. 3. What does this data mean?
  16. 16. Making Meaning Why do we need profiles? ● xAPI verbs can be confusing ● We don’t know what to expect from our courseware ● We have specific questions in mind
  17. 17. xAPI Profiles Profiles describe the “Rules of Engagement” ● Describes an expected vocabulary ● Describes specific actions that correlate to specific verbs ● Describes sequences of actions that must be done in a particular order
  18. 18. xAPI Profiles Benefits of xAPI profiles: ● Allows for more advanced reporting ● Ensures content procured from different vendors behaves similarly
  19. 19. In summary 1. Where did this data come from? Select xAPI package launch, cmi5 package launch, LRP credentials or OAuth to ensure Authentication and Authorization. 2. Do we trust this data? Statement Signing can help us verify trust. 3. What does this data meaning? xAPI Profiles can help us ensure consistency across vendors and offers more advanced reporting.
  20. 20. Bonus: Use attachments to capture meaningful artifacts
  21. 21. Questions? Ask me anything. Email me: Learn more: | Images from Freepik