Sharebar?

LTI Adoption Roadmap

Recommended LTI Adoption Roadmap and FAQ

Recommend LTI Roadmap Effective October 2017

Learning Tools Interoperability® (LTI®has emerged as the essential element for teaching and learning platform and tool interoperability. Through the experience of hundreds of implementations, four key principles have emerged for the future evolution of the LTI standard:

  • Maintain a compact core 
  • Leverage well-defined extensions for services and messages
  • Adopt an ecosystem-wide security model
  • Provide a smooth migration path for upgrade adoption
What is Changing and Why?
IMS Global Learning Consortium Contributing Members who are leading the evolution of LTI have responded to market concerns about student data privacy and security by adopting the industry standard protocol OAuth2 for authenticating services along with JSON Web Tokens (JWT) for secure message signing.
 
During the security policy analysis it was determined that the architecture of LTI 2.x as currently constituted was not the most suitable basis to upgrade. This conclusion—based on the key principles for future evolution—was reached by the LTI workgroup and supported by the LTI Product Steering Committee and IMS architects. It was decided that the best framework to build the updated security model upon would be the LTI 1.1 baseline.  
 
A result of this decision is the designation of LTI 1.2 and LTI 2.0 as “legacy” specifications; both will still be supported and recertified but will not be on the recommended upgrade path. (see Figure 1 and the FAQ below for more information).
 
The recommended LTI upgrade path is from LTI 1.1 to LTI 1.3 (the OAuth2/JWT enabled version will be available January 2018).  Future versions will be built upon the updated LTI 1.x framework and which provides a compact core, well-defined extensions, separate security model, and simpler migration from version to version moving forward.
 
The separate security model is essential to allow for anticipated future updates that will be needed to keep up with the best student data privacy and security practices. The strength of the market demand for OAuth2/JWT is such that platform companies are indicating LTI 1.3 will be their minimum requirement for integrating with tools that exchange sensitive and personally identifiable information (PII).

View the Legacy Path


LTI Roadmap Frequently Asked Questions

Is the LTI 2.x series dead?

Do I need LTI 2.0 to get all of the benefits of LTI?

What happens if I have already implemented LTI 1.2 or LTI 2.0?

How do I migrate from LTI 2.0 to the latest LTI core?

Isn’t the security model for LTI 2.0 better?

How long will the LTI 1.2 and LTI 2.0 specifications be supported by IMS?

What is the go-forward strategy for the evolution of LTI?

[top]

Is the LTI 2.x series dead?

Not at all. IMS will continue to support LTI 2.0 recertification.   Newer versions of LTI which will feature an IMS-wide security and identity framework based on OAuth2 and JSON web tokens.  Components of the new security framework will first be implemented in LTI 1.3 and expanded in time to future versions. A key requirement for future IMS specifications is the independent security framework which will periodically be updated as industry security best practices evolve, while providing stability for the core specification and extensions.  

[top]

Do I need LTI 2.0 to get all of the benefits of LTI?

You do not need LTI 2.0 to get all of the end-user benefits of LTI extensions, which are compatible with LTI versions 1.1 and above. LTI 2.0 adds automated tool registration and a tool provider profile. Most LTI implementations are based on LTI 1.1, which is now being updated to LTI 1.3 to include OAuth 2 security requirements including JSON Web Token (JWT) signed messages.
 

What happens if I have already implemented LTI 1.2 or LTI 2.0?

IMS supports current implementations of all LTI versions through its certification program. Providers with existing LTI 1.2 or LTI 2.0 implementations will not be required to change. LTI Advantage is compatible with LTI 1.2 and LTI 2.0.

How do I migrate from LTI 2.0 to the latest LTI core?

The LTI technical workgroup is drafting a migration guide to help developers make a smooth transition to the recommended version. The first draft is planned for release March 2018.
 

Isn’t the security model for LTI 2.0 better?

Industry best practices have evolved and matured since the original publication of LTI and with the adoption of OAuth 2.0 and JSON Web Token for message signing, IMS is adopting current best practice for data privacy and security.   OAuth 2 offers additional advantages in simplicity, support for mobile applications and server to server authentication - all increasingly important to IMS' members. 

How long will the LTI 1.2 and LTI 2.0 specifications be supported by IMS?

For the foreseeable future, existing implementations can recertify. Effective 2Q 2018, IMS will no longer certify NEW implementations of LTI 1.2 and LTI 2.0. We expect the market adoption of LTI 1.3 and its successors, based on 1.x architecture,  to encourage migration to the recommended path. Once the market has moved sufficiently away from LTI 1.2 and LTI 2.0 a deprecation date will be announced.
 
 

What is the go-forward strategy for the evolution of LTI?

The key principles for LTI evolution are to maintain a compact core, to leverage well-defined extensions (services and messages), adopt an ecosystem-wide security model and provide a smooth migration path for adoption.
 

Tags: