GC Integration Plan (Part I)

RoadMap

  • Learning Learning Tools Interoperability - Launch Link

 

  • Single Sign On (SSO)

 

  • Learning Learning Tools Interoperability - Transfer Grade

 

  • Learning Information Services

IMS Global Learning Consortium

(IMS: Instructional Management Systems, found by Educause, 1997)

 

http://www.imsglobal.org/

IMS Alliances

  • Common Cartridge/ Learning Tools Interoperability
  • Learning Information Services
  • Question and Test Interoperability (QTI2) and Accessible Portable Item Protocol (APIP)
  • Interactive Whiteboard / Common File Format (IWB/CFF)

 

http://www.imsglobal.org/joinims.html

Learning Tools Interoperability

  • Membership Services v1.0 Public Draft (16 February 2015)
  • Content-Item Message v1.0 Public Draft (3 February 2015)
  • LTI v1.2 Final (5 January 2015)
  • LTI Outcomes Management v2.0 Public Draft (15 December 2014)
  • LTI v2.0 Final (6 January 2014)
  • LTI v1.1.1 Final (29 August 2012)
  • LTI v1.1 Final (13 March 2012)
  • LTI v1.0 Final (17 May 2010)

Learning Tools Interoperability

 

  • LTI v1.0 Final (17 May 2010)
    • how Basic LTI connects to IMS Common Cartridge (CC) and IMS Learning Information Services (LIS)
  • LTI v1.1 Final (13 March 2012)
    • includes updates and clarifications as well as support for an outcomes service. lis_outcome_service_url
  • LTI v1.1.1 Final (29 August 2012)
    • support for the role_scope_mentor launch parameter
  • LTI v2.0 Final (6 January 2014)
    • supports rich and complex REST based two way communication between LTI Consumer and Provider

Learning Tools Interoperability

Tool Consumer: BlackBoard, Canvas, Moodle, ...

Tool Provider: GC, ...

Tool Consumer       ->         Tool Provider

Signed post request (Using iframe or new tab)

Tool Provider       ->         LIS (LMS/SIS)

Signed post request

1. Open Learning Tools Mode

2. Outcome Service Mode

Sign: OAuth 1.0a signature,  https://github.com/instructure/ims-lti

Problem I User Identification

  • LTI does not have to ask user to login (resource_link_id)
  • LTI does not have to send any user info by itself (related parameters optional)
  • GC needs user to login, at least needs an identification

Problem I User Identification

Solution I: Ask user to login when user access GC through LTI if user not logged in. (Lightweight)

 

Solution II: Build a LTI API in GC, refactor GC database to align assignments to resource_link_id, not user. (Very Heavyweight)

 

Solution III: Single Sign On. (Heavyweight)

Problem II Security

  • LTI open tools through iframe/new tab.
  • iframe needs a X-Frame-Options to avoid Clickjacking Attack.

 

  • GC Assignment mainly based on Iframe.
  • X-Frame-Options can only Deny/AllowALL/SAMEORIGIN.
  • Rails use SAMEORIGIN by default.
  • X-Frame-Options Allow-From can only include one origin. (Not work for Chrome)

Problem II Security

Solution:

    1. Ask admin to config origin limitation.

    2. Remove X-Frame-Options when accessing LTI page (lightweight) and related resources. (heavyweight)

    3. Use Content-Security-Policy Level 2: frame-ancestors (Not work for IE & Safari).

    4.  Still have risk.

Problem III User Experience

LTI does not define what's next after learning tools finished. (launch_presentation_return_url)

GC is an complete platform independently.

 

Solution: User can only access/view target assignment through LTI.

Dev & Deployment Plan

1. IMS LTI Consumer demo for development. (http://consumer.azurewebsites.net/)

 

2. Canvas LMS for Development & local QA.

 

3. AWS Canvas LMS/Moodle for online QA & Showcase.

 

4. LiveText BlackBoard for final review.

Demo

Made with Slides.com