Data Integration, SCORM, Security and Open Standards

The PowerCPD LMS platform has been developed to operate a complete hosted solution that delivers all of the required induction program functions and stores all reporting data in the system database. The platform has been developed on a PHP MVC framework integrates with a MySQL database. Each client is provided with their own database and the data that they upload remains their Intellectual Property and is protected by privacy legislation.

Database Integration: API and Web Services

The agility in the technical design of the platform provides the ability for clients to access the PowerCPD LMS API to integrate specific datasets with their existing employee or contractor database. Mediasphere provides the technical team to build custom webservices and also deliver Single Sign On (SSO) services between existing web systems including Microsoft SharePoint.

Automated Access with Single Sign-On Technologies

In addition to APIs and webservices, PowerCPD offers a range of Single Sign-On (SSO) technologies to deliver a seamless login for your learners. The most common SSO technologies include:

  • Web based SSO (i.e. using technology like Open ID)
  • LDAP SSO

Web SSO

PowerCPD SSOWithin the PowerCPD LMS, we can integrate with Web SSO as part of our data integration services. This allows an end user to login once and seamlessly move from our portal to another portal without the need to re-authenticate. The same workflow access can also happen from a client portal to our LMS.

The requirements for this is that the client provide the centralised login page (usually created from a SharePoint service) and also host the database of users and their permissions (usually an LDAP database). There also needs to be a webservice setup for Mediasphere to validate user data and permissions.

The general process of how SSO works:

  • User accesses a portal and clicks the login button.
  • That login button loads the centralised login page (hosted by the client).
  • The login page will ask for the end users login.
  • If the login passes, the user will be redirected back to the portal
  • The portal gets passed a hidden token within the redirect and allows the portal to create an authenticated user.
  • At the same time (behind the scenes) the portal calls the web service and synchronises the users details as well as group permissions.
  • The requested content is loaded and shown to the end user
  • When the end user navigates to another page within the logged in area, before the page is loaded a call is made to the central login page. If they are still authenticated they will seamlessly transition to the page they requested.
  • If their authentication failed (expired, they logged out on another portal, etc) it will prompt the centralized login page to display and request login.

LDAP SSO

The PowerCPD LMS is LDAP (Lightweight Directory Access Protocol) compliant and supports integration with Active Directory to streamline learner data and access protocols.

active directory

API and Web Services

PowerCPD APIThe agility in the technical design of the platform provides the ability for clients to access the PowerCPD LMS API to integrate specific datasets with their existing employee or contractor database.

Mediasphere provides the technical team to build the database integration webservices and also deliver Single Sign-On (SSO) services between existing web systems including Microsoft SharePoint and enterprise systems.

PowerCPD SCORM Compliancy

SCORM is the industry standard for e-learning interoperability. Sharable Content Object Reference Model (SCORM) is a collection of standards and specifications for web-based e-learning. It defines communications between client side content and the PowerCPD Learning Management System. SCORM also defines how content may be packaged into a transferable ZIP file called "Package Interchange Format".

The PowerCPD LMS training platform supports SCORM 1.2 and SCORM 2004 Edition 3. This means that when creating your own induction courses, you can import an existing course from another platform if it has been imported in the SCORM format. The PowerCPD LMS also allows you to add a SCORM object to a course page and you have the option to build your own courses with the PowerCPD Course Editor and export the courses in SCORM format. The addition of SCORM to training platform provides your organisation with open source integration and the flexibility to import and export your courses as you require.

Your Data Security

Security of Your Training Data

Mediasphere understands the critical importance of protecting your data. As Mediasphere, an approved government provider, delivers secure online training solutions for major corporations, governments, organisations and education institutions, we provide a high level of security on three levels, hardware, application and database.

Our Best Practice security protocols include:

Identity Theft Protection

Identity theft refers to fraud that involves someone pretending to be someone else for their own gain. We apply the current best practice to protect your users’ identity theft including:

  •   Encrypted user password in database with strong encryption technique such as MD5 or SHA-1
  •   Use alpha numeric combination and case sensitive for user passwords.
  •   Minimalist approach in storing and displaying user private information.

Access Policy

All users on your training website will be assigned the privileges based on their user level. This protection is to avoid users to have access to administration portal or execute administration rights.

Session Hijacking Protection

Mediasphere use the file system based tracking for all users’ sessions to address session hijacking potential. This means that every time a user logs on to your portal, it generates a new session value and stores the value in the database. On every page of training portal where authentication is required, the user session will be compared with the one stored in database. As the session is renewed, this guarantees a user dynamic session value, which makes it harder to duplicate or followed, thus providing a higher level of security for your organisation.
Data validation

We ensure that all forms on your training portal are to accept only correct data type. This data filter checks against numbers, letters or alphabet or non-numeric characters.

Defamation of site

Mediasphere protects against defamation of the site by preventing unauthorised access to file servers. Our systems feature data validation on all forms and write access on files and folders permission (executable, read and write). The file upload directory has read / write access permissions to prevent malicious users from executing code remotely to gain access to the site.

IP Tables

IP Tables is a software firewall that provides a key layer of security. The software firewall controls all access to and from the server on designated ports, IP addresses and TCP and UDP layers. The firewall allows certain users from range of IP addresses to make requests to a designated port on the server or alternatively from server to IP addresses.

Load Balancing

If your training portal is an enterprise solution with high volumes of traffic, Mediasphere can provide access to load balancing technology for annual upgrade. Load balancing technology provides two identical servers that are configured with identical specification and capacity. With the layer technology, it automates the distribution of website traffic between both servers. With this technology, it is capable to serve millions of user with static HTML request. When it comes to database interaction, generating image, and streaming video we can provide high quality streamed traffic to your users.

SQL injection

SQL injection is a form of attack on a database-driven web site in which the attacker executes unauthorized SQL commands by taking advantage of insecure code on a system connected to the Internet. SQL Injection is a very common attack on search forms, login forms and most forms that send requests to server to access the server database. Mediasphere guards the input data submitted by user to eliminate unwanted code or SQL commands to be passed into the processing script.

Learn More About the PowerCPD LMS - Register for a Free Trial

To learn more about how we can integrate data from the PowerCPD LMS with your existing system, please contact our technical team. We can help you with white papers, case studies, formal proposals and free PowerCPD software trials.

Call us on (Aust): 1300 787 611, (UK): 0208 973 2377 or (International)  +617 5555 0180. Email us on sales@mediasphere.com.au