Note that when they finish version 2.0 of SEB, there will be a much more robust way of verifying that the student is using SEB. See the code in https://github.com/moodleou/moodle-quizaccess_safeexambrowser
Security and privacy
I don't know enough about the SCORM code to comment on that.
It has occurred to me that some of the things done by quiz access rule plugins would be useful for other types of activity, but at the moment the access rules are specific to the quiz.
I did write the SEB access rule is such a way that you could call the basic "check the user is using the right web browser" check from anywhere. This is because we have one system at the OU where we want all users to be using SEB all the time (not just for attempting quizzes) so I call the access rule logic from within the theme to ensure it applies on every page.
That's a good starting point Tim!
What I'm just thinking is a new setting, per activity, that could be included by any activity interested in providing some access rules, those already defined for quiz.
In case of SCORM, the implementation of this setting could mean:
- avoid the access to the main entry to the content, preventing the user to see the TOC of the SCORM course or;
- avoid deliverying the content, allowing users to see the TOC of the SCORM course without having the possibility to see the content, where all the quiz logics are defined - SCORM == HTML app talking with the LMS using a Data Model via JS calls.
While the implementation of the "deny action" is pretty simple regardless the selected option above, it could be "less" easy to provide a new general activity setting to configure the access rules. Spare time permitted I'll dive into the code, maybe to propose something for 2.6.