Comprehensive Learner Record Conformance and Certification Guide 1.0 IMS Candidate Final

Comprehensive Learner Record Conformance and Certification Guide

IMS Candidate Final
Version 1.0
IMS Candidate Final
Date Issued: February 7, 2020
Status: This document is for review and adoption by the IMS membership.
This version: https://www.imsglobal.org/spec/clr/v1p0/
Latest version: https://www.imsglobal.org/spec/clr/latest/
Errata: https://www.imsglobal.org/spec/clr/v1p0/errata/

IPR and Distribution Notice

Recipients of this document are requested to submit, with their comments, notification of any relevant patent claims or other intellectual property rights of which they may be aware that might be infringed by any implementation of the specification set forth in this document, and to provide supporting documentation.

IMS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on IMS's procedures with respect to rights in IMS specifications can be found at the IMS Intellectual Property Rights web page: http://www.imsglobal.org/ipr/imsipr_policyFinal.pdf.

Use of this specification to develop products or services is governed by the license with IMS found on the IMS website: http://www.imsglobal.org/speclicense.html.

Permission is granted to all parties to use excerpts from this document as needed in producing requests for proposals.

The limited permissions granted above are perpetual and will not be revoked by IMS or its successors or assigns.

THIS SPECIFICATION IS BEING OFFERED WITHOUT ANY WARRANTY WHATSOEVER, AND IN PARTICULAR, ANY WARRANTY OF NONINFRINGEMENT IS EXPRESSLY DISCLAIMED. ANY USE OF THIS SPECIFICATION SHALL BE MADE ENTIRELY AT THE IMPLEMENTER'S OWN RISK, AND NEITHER THE CONSORTIUM, NOR ANY OF ITS MEMBERS OR SUBMITTERS, SHALL HAVE ANY LIABILITY WHATSOEVER TO ANY IMPLEMENTER OR THIRD PARTY FOR ANY DAMAGES OF ANY NATURE WHATSOEVER, DIRECTLY OR INDIRECTLY, ARISING FROM THE USE OF THIS SPECIFICATION.

Public contributions, comments and questions can be posted here: http://www.imsglobal.org/forums/ims-glc-public-forums-and-resources.

© 2020 IMS Global Learning Consortium, Inc. All Rights Reserved.

Trademark information: http://www.imsglobal.org/copyright.html

Abstract

The IMS Comprehensive Learner Record (CLR) specification has been designed to create, transmit, and render an individual's set of achievements, as issued by multiple learning providers, in a machine-readable format that can be curated into verifiable digital records of achievement.

1. Introduction

The IMS Comprehensive Learner Record (CLR) specification supports interoperability in that CLR publishers and consumers can consistently send, receive, and verify records among conformant systems. The CLR specification describes an information model, service definition, and implementation guide to allow institutions, suppliers, and others to 'extend' the traditional transcript with records and types of information that are typically not found in a traditional transcript, such as competency attainment, co-curricular activities, Open Badges, and to define and facilitate an institution's learner achievements record store for collection of CLRs.

CLR data can be consumed by other schools, institutions, employers, and any other entities that are conformant as CLR consumers. In this machine readable format, CLR data enables granular and expansive discoverability of learning achievements and competencies that was not previously possible.

1.1 Status of this Document

This document is the Candidate Final release, meaning the technical specification is also in Candidate Final status. IMS members are currently working towards successful completion of conformance certification.

IMS strongly encourages its members and the community to provide feedback to continue the evolution and improvement of the CLR standard. To join the IMS developer and conformance certification community focused on CLR please visit the IMS Digital Credentials and Badging Alliance online here: https://www.imsglobal.org/digital-credentials-and-badging-alliance

1.2 Specification Documents

CLR specification documents are available on the IMS website:

1.3 Where Can I Get Help?

If you have questions or need help with implementing CLR or achieving conformance certification, here are some available resources:

  • Public Forum for all parties interested in CLR.
  • Affiliates Forum for IMS Digital Credentials and Badging Alliance Members, Affiliate, and Contributing Members.
  • Reference Implementations for a CLR Client Application, a Resource Server, and an Authentication Server.
  • IMS Contributing Members have access to private GitHub repositories and a Slack channel for CLR Project Group discussions and collaborations. Contact an IMS staff member to gain access.

Conformance Certification

IMS offers a process for testing the conformance of products using the IMS certification test suite. Certification designates passing a set of tests that verify the standard has been implemented correctly and guarantees a product’s interoperability across hundreds of other certified products. The CLR Conformance Certification Guide [CLR-CERT-10] provides details about the testing process, requirements, and how to get started.

Conformance certification is much better than claims of “compliance," since the only way IMS can guarantee interoperability is by obtaining certification for the latest version of the standard. Only products listed in the official IMS Certified Product Directory can claim conformance certification. IMS certification provides the assurance that a solution will integrate securely and seamlessly into an institution's digital learning ecosystem.

In order to become certified a paid IMS membership is necessary. Here's why: while conformance certification provides a "seal" for passing prescribed tests it is much more than that. It is a commitment by a supplier to the IMS community for continuous support for achieving "plug and play" integration. Certification implies ongoing community commitment to resolve problems, revise implementations and retest as need. For that reason, only IMS Contributing Members, Affiliate Members and Alliance members are eligible to apply for conformance certification. Details and benefits of membership are listed here: https://www.imsglobal.org/imsmembership.html.

As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.

The key words "MAY", "MUST", "MUST NOT", "OPTIONAL", "RECOMMENDED", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", and "SHOULD NOT" in this document are to be interpreted as described in [RFC2119].

An implementation of this specification that fails to implement a MUST/REQUIRED/SHALL requirement or fails to abide by a MUST NOT/SHALL NOT prohibition is considered nonconformant. SHOULD/SHOULD NOT/RECOMMENDED statements constitute a best practice. Ignoring a best practice does not violate conformance but a decision to disregard such guidance should be carefully considered. MAY/OPTIONAL statements indicate that implementers are entirely free to choose whether or not to implement the option.

1.4 Product Directory Listing

The IMS Certified Product Directory is the official listing of products that have passed IMS Global conformance certification testing. Products that are listed in this directory are guaranteed to meet the IMS standards for which they have passed testing. If you experience an integration issue with a product listed here, IMS will work with the supplier to resolve the problem. If a product is NOT listed here it has either not passed IMS testing or its certification has expired.

1.5 Key Terms and Definitions

CLR
A document of structured data created by a Publisher containing one or more Assertions about one Learner.
Achievement
An accomplishment such as a degree, evidence of competency mastery, a course completion, or other accomplishment. An achievement may be asserted about one or more Learners (though a CLR contains records for only one Learner). Achievements may include a label (e.g. certificate, competency, course, degree, etc.) and type (e.g. CTDL credential, CASE competency, Open Badge, IMS assessment result, etc.).
Assertion
The attestation made by an Issuer about a Learner regarding an Achievement. The Assertion may also include associated evidence, results, or other metadata regarding a specific Achievement.
Association
A relationship (e.g. isChildOf, precedes, etc.) between multiple achievements.
Consumer
A REST API actor that makes requests to CLR endpoints on a Provider.
Evidence
Information supporting the issuance of an assertion such as URL to an artifact produced by the Learner.
Inspector
A Consumer that inspects a CLR to verify or validate the data.
Issuer
The profile of an organization or entity that has made a particular Assertion about a Learner. The Issuer of an Assertion is the authoritative source for that specific Assertion.
Learner
The profile of the person who is the subject of the CLR and assertions contained in a CLR.
Protected Information
In the United States, the Family Educational Rights and Privacy Act (FERPA) is a Federal Law that protects personally identifiable information (PII) from students' educational records from unauthorized disclosure. CLRs fall within the definition of educational records; and the CLR Learner Profile contains PII. Therefore FERPA may apply to some uses of the CLR spec.
Provider
A REST API actor that responds to requests to CLR endpoints from a Consumer.
Publisher
The profile of the organization providing the CLR (typically the educational institution, a 3rd-party agent, or the learner). The Publisher is the official record keeper for Assertions in a CLR. In the majority of cases, the Publisher is also the Issuer of some or all of the Assertions in a CLR. Except in the case of a self-curated CLR, the publisher is either the issuer or has a trusted relationship with the issuer of all the Assertions in the CLR. In the case of a self-curated collection of Assertions, the Learner is the Publisher of the CLR.
Verification
Instructive information for third parties to verify Assertions.

2. The Conformance Process

The goal of IMS certification for CLR is to ensure interoperable implementations of systems that securely exchange CLRs.

2.1 Certification Prerequisites

The following prerequisites MUST be met before your organization can begin the process of getting your product CLR certified.

  • Your organization MUST be an IMS Contributing or Affiliate Member.
  • You MUST pass the tests using the CLR Certification System.
  • The tests MUST be completed by a designated representative of the member organization and you MUST agree that there is no misrepresentation or manipulation of the results in the submitted report.
  • You MUST submit your report via the CLR Certification System.

2.2 Conformance Testing Process

Visit the CLR Certification System at https://www.imsglobal.org/sso/launch.php/clr-cert. You MUST be logged in to the IMS Global website to access the CLR Certification System. If you do not have an account, please register at https://www.imsglobal.org/user/register.

The certification system provides an environment for testing your CLR product. Click the "Start Testing" link under Test Your Product to access the testing environment.

Once you are ready to commence certification testing, click the "Certify Your Product" link under Certify Your Product to commence testing. The following steps will guide you through the process. A screencast of the certification workflow is available for review.

  1. Complete the online form by providing the following information:

    • Product name
    • Product version
    • Product URL
    • Product description
    • CLR specification version
    • CLR role or roles
    • OAuth security role or roles
    • Member name
    • Member email address
    • Member organization
  2. Click the green "Start Certification" button. To terminate testing click the white "Cancel" button.

  3. @@@TBD

  4. Once testing is complete click the "Complete Certification" button.

  5. Read the confirmation statement and then click the "Submit Certification Results" button.

  6. Repeat the test as necessary in order to certify against additional roles or address previous failed tests.

2.2.1 Certification Mark

After submitting your successful conformance information and receiving confirmation and a registration number from IMS Global you may then apply the appropriate conformance mark. The IMS Global conformance chart will list your conformance details. If you have any questions, please feel free to contact us at any point. Products without an IMS conformance registration number are not considered compliant by IMS Global.

2.2.2 Certification Expiration and Renewal

CLR certification is scoped to the specific version of the CLR specification tested. Major or minor releases of the CLR specification and/or associated metric profiles will require recertification of your upgraded platform, application or service. All IMS Certifications require that you renew and retest your certification after one year.

2.3 CLR Certification Roles

Certification may be achieved in either or both of the following roles:

  • CLR Provider - An application that has implemented the Provider side of the CLR operation endpoints (responds to HTTP requests)
  • CLR Consumer - An application that has implemented the Consumer side of the CLR operation endpoints (makes HTTP requests)

3. CLR Provider Conformance

For certification, the CLR Provider MUST respond to the required endpoints. Note that the CLR Provider MUST act as an OAuth Resource Server for the "deleteClr", "getClrs", and "postClr" operations. That means the CLR Provider MUST require that each request includes a valid access token with the appropriate scope. The other endpoints do not require authorization. For all of these tests, the IMS Conformance System will act as the CLR Consumer and the OAuth Authorization Server.

Endpoint / Authorization Scope Required
URL: GET /ims/clr/v1p0/clrs

Scope: https://purl.imsglobal.org/spec/clr/v1p0/scope/readonly

Required
URL: DELETE /ims/clr/v1p0/clrs/{id}

Scope: https://purl.imsglobal.org/spec/clr/v1p0/scope/delete

Required

If not supported, respond with 405 Method Not Allowed

URL: POST /ims/clr/v1p0/clrs

Scope: https://purl.imsglobal.org/spec/clr/v1p0/scope/replace

Required

If not supported, respond with 405 Method Not Allowed

URL: GET /ims/clr/v1p0/assertions/{id}

No authorization required

Optional

Required if you include a Hosted verification Assertion in your "getClrs" response

URL: GET /ims/clr/v1p0/endorsements/{id}

No authorization required

Optional

Required if you include a Hosted verification Endorsement in your "getClrs" response

URL: GET /ims/clr/v1p0/keys/{id}

No authorization required

Optional

Required if you include a Signed verification Assertion or Endorsement in your "getClrs" response and do not include a public key in the issuer's profile

URL: GET /ims/clr/v1p0/revocationLists/{id}

No authorization required

Optional

Required if you include a Signed verification Assertion or Endorsement in your "getClrs" response

If not supported, return 405 Method Not Allowed

URL: GET /ims/clr/v1p0/discovery

No authorization required

Optional

Required if you support Dynamic Client Registration

4. CLR Consumer Conformance

For certification, the CLR Consumer MUST make valid requests to the required endpoints. Note that the CLR Consumer MUST act as an OAuth Client Application for the "deleteClr", "getClrs", and "postClr" operations. That means the CLR Consumer MUST include a valid access token with the appropriate scope. The other endpoints do not require authorization. For all of these tests, the IMS Conformance System will act as the CLR Provider and the OAuth Authorization Server.

Endpoint / Authorization Scope Required
URL: GET /ims/clr/v1p0/clrs

Scope: https://purl.imsglobal.org/spec/clr/v1p0/scope/readonly

Required

The response from the IMS Conformance Test System will include both Signed and Hosted Assertions and Endorsements

URL: DELETE /ims/clr/v1p0/clrs/{id}

Scope: https://purl.imsglobal.org/spec/clr/v1p0/scope/delete

Optional
URL: POST /ims/clr/v1p0/clrs

Scope: https://purl.imsglobal.org/spec/clr/v1p0/scope/replace

Optional
URL: GET /ims/clr/v1p0/assertions/{id}

No authorization required

Required

The id must match a Hosted verification Assertion included in the "getClrs" response

URL: GET /ims/clr/v1p0/endorsements/{id}

No authorization required

Required

The id must match a Hosted verification Endorsement included in the "getClrs" response

URL: GET /ims/clr/v1p0/keys/{id}

No authorization required

Required

The id must match a public key included in the "getClrs" response

No authorization required

URL: GET /ims/clr/v1p0/revocationLists/{id}
Required

The id must match an Issuer Profile included in the "getClrs" response

No authorization required

URL: GET /ims/clr/v1p0/discovery
Optional

Required if you support Dynamic Client Registration

4.1 OAuth Security Conformance

The CLR Consumer also MUST make valid requests to the required OAuth Authorization Server endpoints.

CLR Consumers MUST implement the appropriate OAuth 2.0 authorization flows defined in the specification [CLR-REST-10]. The CLR Specification allows CLR Consumers to adopt either of two authorization grant flows: Client Credentials and/or Authorization Code. The Authorization Code flow MUST be used if the CLR Provider must explicitly ask the learner for permission to let the CLR Consumer access their protected information.

Operation Endpoint Required or Optional Request
OAuth 2.0 Dynamic Client Registration use registrationUrl from the getDiscoveryDocument response Required if you support Dynamic Client Registration
OAuth 2.0 Authorize use authorizationUrl from the getDiscoveryDocument response or from test configuration Required if you support the Authorization Code Grant Flow
OAuth 2.0 Token use tokenUrl from the getDiscoveryDocument response or from test configuration Required
OAuth 2.0 Refresh use tokenUrl from the getDiscoveryDocument response or from test configuration Optional

5. About this Document

A. Revision History

This section is non-normative.

A.1 Version History

Version No. Release Date Comments
Version 1.0 DRAFT January 9, 2020 Filled in Consumer and Provider tests.
Version 1.0 DRAFT August 26, 2019 The first draft.

B. References

B.1 Normative references

[CLR-10]
IMS Comprehensive Learner Record (CLR) Specification Version 1.0. IMS Global. February 7, 2020. IMS Candidate Final. URL: https://www.imsglobal.org/spec/clr/v1p0/
[CLR-CERT-10]
IMS Comprehensive Learner Record (CLR) Conformance and Certification Guide Version 1.0. IMS Global. February 7, 2020. IMS Candidate Final. URL: https://www.imsglobal.org/spec/clr/v1p0/cert/
[CLR-IMPL-10]
IMS Comprehensive Learner Record (CLR) Implementation Guide Version 1.0. IMS Global. February 7, 2020. IMS Candidate Final. URL: https://www.imsglobal.org/spec/clr/v1p0/impl/
[CLR-INFO-10]
IMS Comprehensive Learner Record (CLR) Information Model Version 1.0. IMS Global. February 7, 2020. IMS Candidate Final. URL: https://www.imsglobal.org/spec/clr/v1p0/InfoModel/clr_InfoModel.html
[CLR-JSON-10]
IMS Comprehensive Learner Record (CLR) JSON Schema Version 1.0. IMS Global. February 7, 2020. IMS Candidate Final. URL: https://purl.imsglobal.org/spec/clr/v1p0/schema/json/
[CLR-JSONLD-10]
IMS Comprehensive Learner Record (CLR) JSON-LD Context Version 1.0. IMS Global. February 7, 2020. IMS Candidate Final. URL: https://purl.imsglobal.org/spec/clr/v1p0/context/
[CLR-OPEN-10]
IMS Comprehensive Learner Record (CLR) OpenAPI Schema Version 1.0. IMS Global. February 7, 2020. IMS Candidate Final. URL: https://purl.imsglobal.org/spec/clr/v1p0/schema/openapi/
[CLR-REST-10]
IMS Comprehensive Learner Record (CLR) REST/JSON Binding Version 1.0. IMS Global. February 7, 2020. IMS Candidate Final. URL: https://www.imsglobal.org/spec/clr/v1p0/RESTBinding/clr_RESTBind.html
[RFC2119]
Key words for use in RFCs to Indicate Requirement Levels. S. Bradner. IETF. March 1997. Best Current Practice. URL: https://tools.ietf.org/html/rfc2119
[rfc6749]
The OAuth 2.0 Authorization Framework. D. Hardt, Ed.. IETF. October 2012. Proposed Standard. URL: https://tools.ietf.org/html/rfc6749

C. List of Contributors

The following individuals contributed to the development of this document:

Name Organization Role
Tamer AbuelsaadIBM
Jeff BohrerIMS Global
Sherri BraxtonUniversity of Maryland, Baltimore County
Deb EverhartLearning Objects
Steve GraceWA Comm & Tech Colleges
Matthew HailstoneBrigham Young University
Chris HoustonCapella UniversityCo-Chair
Alex HripakCredly
Mark LeubaIMS Global
Jeff McNealState of Michigan Department of Education
Andy MillerIMS Global
Greg NadeauPublic Consulting GroupCo-Chair
Nate OttoConcentric Sky
Ozgur YogurtcuAEFIS

IMS Global Learning Consortium, Inc. ("IMS Global") is publishing the information contained in this document ("Specification") for purposes of scientific, experimental, and scholarly collaboration only.

IMS Global makes no warranty or representation regarding the accuracy or completeness of the Specification.

This material is provided on an "As Is" and "As Available" basis.

The Specification is at all times subject to change and revision without notice.

It is your sole responsibility to evaluate the usefulness, accuracy, and completeness of the Specification as it relates to you.

IMS Global would appreciate receiving your comments and suggestions.

Please contact IMS Global through our website at http://www.imsglobal.org.

Please refer to Document Name: Comprehensive Learner Record Conformance and Certification Guide 1.0

Date: February 7, 2020