Sharebar?

LTI Adoption Roadmap

Recommended LTI Adoption Roadmap and FAQ

Recommend LTI Roadmap Effective October 2017

Learning Tools Interoperability® (LTI®has emerged as the essential element for teaching and learning interoperability in educational technology architectures. Through the experience of hundreds of implementations, key principles have emerged for the evolution of the LTI standard: maintain a compact core, leverage well-defined extensions for services and messages, adopt an ecosystem-wide security model, and provide a smooth migration path for upgrade adoption.

Following these principles, IMS Global Learning Consortium is revising its recommended LTI adoption roadmap, updating its security model, and transitioning LTI 1.2 and LTI 2.0 to legacy status, effective January 2018.

What is Changing and Why?

While core LTI (launch with services) has been widely adopted and certified by hundreds of learning platforms and tools, the adoption of LTI 1.2 and LTI 2.0 in the market has been slow due to its relatively high effort to implement with benefits that help a small population of users, systems administrators.  

Based on input from its members—leaders in the edtech market—IMS Global has established an updated migration path built on the foundation of LTI 1.1 with low barriers to upgrading to future versions. IMS Global will continue to evolve LTI and is planning a LTI 1.3 release in the near term as well as a future LTI 2.x. See figure 1 and the FAQ below for more information.

In addition, IMS is planning the following changes to the future LTI evolution:

  • Security will not be embedded in each specification; the security requirement will be a separately published IMS-wide specification
  • LTI core and optional LTI extensions, which add specific features to match market and tool provider needs, will be distinguished as the two primary components of the LTI standard
  • Certain capabilities such as auto-registration will now be offered as LTI extensions, not bundled into LTI core
  • An ecosystem-wide strategy will emphasize LTI’s alignment and integration with other IMS standards

View the Legacy Path


LTI Roadmap Frequently Asked Questions

Is the LTI 2.x series dead?

Do I need LTI 2.0 to get all of the benefits of LTI?

What happens if I have already implemented LTI 1.2 or LTI 2.0?

How do I migrate from LTI 2.0 to the latest LTI core?

Isn’t the security model for LTI 2.0 better?

How long will the LTI 1.2 and LTI 2.0 specifications be supported by IMS?

What is the go-forward strategy for the evolution of LTI?

[top]

Is the LTI 2.x series dead?

Not at all. IMS will continue to evolve LTI and current plans include an LTI 2.x release, which will feature an IMS-wide security and identity framework based on OAuth2 along with an auto-registration optional extension that leverages the new security framework. Components of the new framework will first be implemented in LTI 1.3 and expanded for 2.x. A key requirement for LTI 2.x and future IMS specifications is the independent security framework which will be periodically updated as industry security best practices evolve.  

[top]

Do I need LTI 2.0 to get all of the benefits of LTI?

You do not need LTI 2.0 to get all of the end-user benefits of LTI extensions, which are compatible with LTI versions 1.1 and above. LTI 2.0 adds automated tool registration and a tool provider profile. Most LTI implementations are based on LTI 1.1, which is now being updated to LTI 1.3 to include OAuth 2 security requirements including JSON Web Token (JWT) signed messages.
 

What happens if I have already implemented LTI 1.2 or LTI 2.0?

IMS supports current implementations of all LTI versions through its certification program. Providers with existing LTI 1.2 or LTI 2.0 implementations will not be required to change. LTI Advantage is compatible with LTI 1.2 and LTI 2.0.

How do I migrate from LTI 2.0 to the latest LTI core?

The LTI technical workgroup is drafting a migration guide to help developers make a smooth transition to the recommended version. The first draft is planned for release January 2018.
 

Isn’t the security model for LTI 2.0 better?

No, industry best practices have evolved since the original publication of LTI 2.0 and with the adoption of OAuth 2.0 and JSON Web Token for message signing, IMS believes LTI 1.3 security represents current best practice. In any event, beginning in 2019 all recertifications of an implementation using OAuth 1.0a must be re-certified as SHA256-compliant at a minimum.

 

How long will the LTI 1.2 and LTI 2.0 specifications be supported by IMS?

For the foreseeable future, existing implementations can recertify. Effective 2Q 2018, IMS will no longer certify NEW implementations of LTI 1.2 and LTI 2.0. We expect the market adoption of LTI 1.3 and its successors, based on 1.x architecture,  to encourage migration to the recommended path. Once the market has moved sufficiently away from LTI 1.2 and LTI 2.0 a deprecation date will be announced.
 
 

What is the go-forward strategy for the evolution of LTI?

The key principles for LTI evolution are to maintain a compact core, to leverage well-defined extensions (services and messages), adopt an ecosystem-wide security model and provide a smooth migration path for adoption.