skip to main page content CETIS: Click here to return to the homepage
the centre for educational technology interoperability standards

skip over the long navigation bar
Press centre

Inside Cetis
what is Cetis?
Contact us
Cetis staff
Jobs at CETIS


XML: Click here to get the news as an RSS XML file XML: Click here to get the news as an Atom XML file iCAL: Click here to get the events as an iCalendar file

what are learning technology standards?
who's involved?
who's doing what?

CETIS Groups
what are cetis groups?
what difference can they make?
Assessment SIG
Educational Content SIG
Enterprise SIG
Metadata SIG
Life Long Learning Group
Portfolio SIG
Accessibility Group
Pedagogy Forum
Developer's forum

Accessibility (310)
Assessment (74)
Content (283)
Metadata (195)
Pedagogy (34)
Profile (138)
Tools (197)
For Developers (569)
For Educators (344)
For Managers (339)
For Members (584)
SCORM (118)
AICC (18)
CEN (34)
DCMI (36)
EML (47)
IEEE (79)
IMS (302)
ISO (21)
OAI (24)
OKI (20)
W3C (37)

AICC HACP not insecure if calling content at server

Posted on October 07 2004 by John Kleeman in reponse to 'QTI Ready' almost ready

This is an interesting article, and this comment is not on QTI Ready. But you mention that you feel that AICC HACP was unsafe.

But I'm not sure that this is generally true. Questionmark supports AICC HACP and SCORM and other means of interfacing, and we have quite a good view of this from practical use.

But although there may be cases where AICC isn't secure (e.g. if the content is local), there are some cases where it is quite secure and probably more secure than SCORM.

Here is what happens when an LMS like Saba or Thinq or Plateau or any other AICC HACP LMS calls an assessment engine like Questionmark Perception:

1. The user navigates to the place in the LMS where a call is made to the assesssment
2. The LMS calls the assessment server using HTTP to communicate from one server to another (not via the browser)
3. The LMS and assessment server privately exchange data (e.g. who the student is)
4. The assessment is then run from the assessment server to the student browser
5. Results are then passed back from server to server, again without going through the participant browser
6. The LMS takes control

So whereas in SCORM, results go via the participant browser, in AICC HACP when content is delivered from a server, the two servers talk to each other and this is pretty secure. AICC is old fashioned, it doesn't use XML, but in the server to server case, it's more secure than SCORM. You can see a copy of a paper from our technical director Paul Roberts at an AICC meeting in 2002 at which explains this more.

Although we like others thought that AICC HACP might be dying, in fact it is used very widely and increasingly, and it looks like it is here to stay as a de facto and very useful standard.


Replies to this post:

Creative Commons License This work is licensed under a Creative Commons License.

syndication |publisher's statement |contact us |privacy policy

 go to start of page content