1EdTech Proctoring Services Specification
Version 1.0
Document Version: | 2 |
Date Issued: | July 2019 |
Status: | This document is for review and adoption by the IMS membership. |
This version: | https://www.imsglobal.org/spec/proctoring/v1p0/ |
Latest version: | https://www.imsglobal.org/spec/proctoring/latest/ |
Errata: | https://www.imsglobal.org/spec/proctoring/v1p0/errata/ |
IPR and Distribution Notice
Recipients of this document are requested to submit, with their comments, notification of any relevant patent claims or other intellectual property rights of which they may be aware that might be infringed by any implementation of the specification set forth in this document, and to provide supporting documentation.
1EdTech takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on 1EdTech's procedures with respect to rights in 1EdTech specifications can be found at the 1EdTech Intellectual Property Rights web page: http://www.imsglobal.org/ipr/imsipr_policyFinal.pdf.
The following participating organizations have made explicit license commitments to this specification:
Org name | Date election made | Necessary claims | Type |
---|---|---|---|
Questionmark | July 30, 2019 | No | RF RAND (Required & Optional Elements) |
Use of this specification to develop products or services is governed by the license with 1EdTech found on the 1EdTech website: http://www.imsglobal.org/speclicense.html.
Permission is granted to all parties to use excerpts from this document as needed in producing requests for proposals.
The limited permissions granted above are perpetual and will not be revoked by 1EdTech or its successors or assigns.
THIS SPECIFICATION IS BEING OFFERED WITHOUT ANY WARRANTY WHATSOEVER, AND IN PARTICULAR, ANY WARRANTY OF NONINFRINGEMENT IS EXPRESSLY DISCLAIMED. ANY USE OF THIS SPECIFICATION SHALL BE MADE ENTIRELY AT THE IMPLEMENTER'S OWN RISK, AND NEITHER THE CONSORTIUM, NOR ANY OF ITS MEMBERS OR SUBMITTERS, SHALL HAVE ANY LIABILITY WHATSOEVER TO ANY IMPLEMENTER OR THIRD PARTY FOR ANY DAMAGES OF ANY NATURE WHATSOEVER, DIRECTLY OR INDIRECTLY, ARISING FROM THE USE OF THIS SPECIFICATION.
Public contributions, comments and questions can be posted here: http://www.imsglobal.org/forums/ims-glc-public-forums-and-resources.
© 2021 1EdTech Consortium, Inc. All Rights Reserved.
Trademark information: http://www.imsglobal.org/copyright.html
Abstract
The 1EdTech Proctoring Services specification is based on the Learning Tools Interoperability (LTI)® Core v1.3 specification and LTI™ Advantage services [LTI-13]. LTI works on the concept of a browser-based launch from a platform into an external tool or application. For proctoring, a test delivery or assessment management system would be the platform and the proctoring service the tool.
1. Introduction
Overview
1EdTech is developing the Proctoring Specification to allow platforms used for assessment to integrate more easily with tools used for proctoring candidates taking assessments on those platforms. Using the Proctoring Specification a candidate can launch out from their assessment platform to the proctoring tool, initiate a proctored session with that tool, and be returned securely back to the assessment platform to take the assessment while being proctored by the proctoring tool.
The Proctoring Specification also provides a method for proctoring tools to send messages to the assessment platform during the assessment to control a candidate's progression including, if necessary, a facility to terminate the assessment.
This document uses terminology and concepts introduced in the LTI 1.3 specification [LTI-13], specifically:
- Platforms and Tools as participants in an LTI workflow
- An LTI Launch
- Users and Roles
- Authentication
- Messages and services
In the context of this specification the Platform is defined as the system that contains the assessment content and is referred to as the Assessment Platform. This could be an LMS with an integrated quizzing tool or it could be a dedicated Assessment Management System (AMS).
In this specification, the Tool is defined as the system that provides additional proctoring services used in conjunction with the Assessment Platform and is referred to as the Proctoring Tool.
Document Set
Normative Documents
Start Proctoring Message JSON Schema The Start Proctoring Message JSON Schema defines syntactical restrictions on the Start Proctoring Message JSON payload. URL: https://purl.imsglobal.org/spec/lti-ap/v1p0/schema/json/startproctoringmessagev1p0.json
Start Assessment Message JSON Schema The Start Assessment Message JSON Schema defines syntactical restrictions on the Start Assessment Message JSON payload. URL: https://purl.imsglobal.org/spec/lti-ap/v1p0/schema/json/startassessmentmessagev1p0.json
End Assessment Message JSON Schema The End Assessment Message JSON Schema defines syntactical restrictions on the End Assessment Message JSON payload. URL: https://purl.imsglobal.org/spec/lti-ap/v1p0/schema/json/endassessmentmessagev1p0.json
Assessment Control Request Message JSON Schemas The Assessment Control Request Message JSON Schema defines syntactical restrictions on the Assessment Control Request Message JSON payload. URL: https://purl.imsglobal.org/spec/lti-ap/v1p0/schema/json/assessmentcontrolrequestmessagev1p0.json
Assessment Control Response Message JSON Schemas The Assessment Control Response Message JSON Schema defines syntactical restrictions on the Assessment Control Response Message JSON payload. URL: https://purl.imsglobal.org/spec/lti-ap/v1p0/schema/json/assessmentcontrolresponsemessagev1p0.json
1.1 Terms and Definitions
1.1.1 Terminology
1.1.1.1 Actors and Domain
- Academic Integrity Officer
- Officer responsible for Test Integrity who may need to review information generated by both the Assessment Platform and the Proctoring Tool in order to ensure that assessment process is fair. For the purposes of this specification, a specialized Reviewer.
- Assessment
- The instrument created within the platform system to evaluate candidate.
Also known as a test, exam or examination. - Assessment Administrator
- Role within an institution responsible for the running of a specific assessment within an assessment program; may also be known as Test Administrator.
- Assessment Platform
- The system that the candidate logs in to, for example, a learning management system, and where the candidate launches the assessment.
- Candidate
- Test taker. The person that is taking an assessment. Often used to differentiate between a generic user of a presentation system (which could be a proctor or administrator), and the actual candidates taking the assessment.
- Examinations Officer
- See Academic Integrity Officer.
- Proctor
- Also known as an Invigilator. A person supervising the candidate during the assessment either in person or via remote conferencing technology.
- Program Administrator
- Role within an institution responsible for the day to day running of (part of) an assessment program.
- Program Manager
- Role within an institution responsible for the overall running of an assessment program.
- Reviewer
- Person responsible for reviewing data (evidence) collected by the Proctoring Tool in order to verify that the assessment was conducted fairly.
- Test Center Administrator
- When Proctoring is being performed in person, at a Test Center the Test Center Administrator is responsible for the operation of the Test Center and the equipment that will be used during the assessment.
1.1.1.2 Technical Terminology
2. Proctoring Use Cases
The use cases in the following sections are arranged in priority order. These priorities have been used to guide the development of the specification. High priority use cases generally give rise to requirements (the system MUST do something) whereas the lower priority use cases are more likely to be optional (the system SHOULD do something or MAY do something).
The following diagram has been provided to help visualize these use cases in the context of the assessment delivery process.
The following are brief descriptions of the use cases defined and addressed in this specification. For full use case descriptions, see Appendix A.
- Proctoring-01: Launch the Assessment Launch the assessment through the proctoring service.
- Proctoring-02: Add Proctoring Requirement Add proctoring requirement to an assessment.
The protocol documented by this specification does not cover the method by which the Proctoring Tool is made active for an assessment within the Assessment Platform.
- Proctoring-03: Proctor Intervenes Control a running assessment to protect integrity of the process.This use case presupposes that the Proctor is able to interact with the Proctoring Tool through their own device. This does not exclude local 'in person' proctoring as a local proctor may still have access to a device used to manage the assessment session. A local proctor may also be able to intervene directly, e.g., by powering off the Candidate's computer to prevent them cheating or stealing assessment content.
- Proctoring-04: Validate User System Check technology requirements for a specific PC, laptop or other device prior to the scheduled assessment time.Most Proctoring Tools do some form of technical system checking process to ensure that the necessary software and hardware is available during the assessment launch. In addition to these just-in-time checks some Proctoring Tools provide a way for candidates to 'dry run' their technology well in advance of the scheduled assessment to give them plenty of time to install required software or change system configuration. This use case refers to these advanced checks only.
- Proctoring-05: Site-Wide Proctoring Options Configure proctoring options that will apply to all assessments delivered within the institution.
- Proctoring-06: Assessment Specific Proctoring Options Modify default proctoring options for an individual assessment.
- Proctoring-07: External Reviewer Launch of Proctoring System Review audit information for entire assessment program.
2.1 Conformance Statements
As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.
The key words "MAY", "MUST", "MUST NOT", "OPTIONAL", "RECOMMENDED", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", and "SHOULD NOT" in this document are to be interpreted as described in [RFC2119].
An implementation of this specification that fails to implement a MUST/REQUIRED/SHALL requirement or fails to abide by a MUST NOT/SHALL NOT prohibition is considered nonconformant. SHOULD/SHOULD NOT/RECOMMENDED statements constitute a best practice. Ignoring a best practice does not violate conformance but a decision to disregard such guidance should be carefully considered. MAY/OPTIONAL statements indicate that implementers are entirely free to choose whether or not to implement the option.
The Conformance and Certification Guide for this specification may introduce greater normative constraints than those defined here for specific service or implementation categories.
3. Proctoring Launch Workflow
- The Assessment Platform redirects the candidate's browser to an endpoint hosted by the Proctoring Tool, as with the core LTI resource link launch request, initiating the proctoring process provided by the tool
- The Proctoring Tool provides a user interface allowing the candidate to initiate the proctoring process, including interaction with a live proctor if required by the tool.
- Once the candidate's browsing environment has been secured by the Proctoring Tool the tool redirects the user's browser back to the Assessment Platform using a special form that allows them to start the assessment.
- During the assessment the Proctoring Tool may use the service defined by this specification to interact directly with the Assessment Platform in order to control the assessment (not shown in this diagram).
The diagram shows all interactions taking place in the same browser (UA) session. This is critical to the security model underlying the LTI protocol. Proctoring Tools that require a specific browser must ensure that the candidate starts their session with the Assessment Platform in that browser. Proctoring Tools MUST NOT attempt to create a new browser session during the proctoring-specific security flow.
3.1 Transferring from Platform to Tool
When the user initiates the assessment process in the Assessment Platform their browser session (user agent) is transferred to the Proctoring Tool by sending the Start Proctoring message using the message security and signing protocol defined in [SEC-10] (Platform-Originating Messages) which is based on OpenID Connect.
The platform sends the same message parameters in the Start Proctoring message as it would in the resource link launch request message defined in [LTI-13], along with some additional parameters.
The
message_type
of this new message has a value of
LtiStartProctoring
. Given the intended workflow implied by this message
type, the platform may open the Proctoring Tool in a new window or replace the current
UI context completely. The Proctoring Tool MUST support both modes.
In the OpenID Connect exchange, the Assessment Platform plays the role of the Identity Provider or OpenID Provider (OP) and the Proctoring Tool plays the role of the Relying Party (RP). The detailed flow is summarized below:
- The Assessment Platform triggers a Third-party Initiated Login sending a small GET or auto-submitted POST request to the Proctoring Tool's login endpoint identifying the Assessment Platform (the OP, also known as the issuer and sent in the iss parameter), the user logged in to the platform (the login_hint parameter) and the Tool's launch endpoint (target_link_uri parameter).
- The Proctoring Tool then creates an authentication request which it sends back to the Assessment Platform along with the identity of the tool (client_id parameter), the identity of the user (the login_hint as received above) and a number of other protocol parameters as defined in [SEC-10] and [OPENID-CCORE].
- Finally, the Assessment Platform passes control back to the Proctoring Tool using an auto-submitted POST request containing the authentication response along with the full set of claims for the Start Proctoring message defined in this specification.
Although this flow is more complex than a simple signed URL or form POST the additional steps are required to mitigate the threat posed by an attacker initiating a session with the Assessment Platform in their own browser and then transferring that session to the victim's browser, thereby tricking the victim in to taking the assessment on their behalf (the so-called “Login-CSRF” [OWASP-CSRF] attack).
3.2 Proctoring Tool User Experience
The Proctoring Tool entirely controls the user experience for interacting with the Proctor or automated proctoring tools. The tool may go through a number of technical and environmental checks the scope of which is likely to go beyond the user's current browser and may include an audit of the user's device and their surrounding environment.
The identity of the user that logged in to the Assessment Platform is passed to the Proctoring Tool in the Start Proctoring message. The only required identity attributes are the Issuer (iss) and the Subject (sub) claims. The Subject is an opaque identifier within the Assessment Platform.
The Proctoring Tool may endeavour to verify the identity of the candidate (the logged in user), by asking the them to present a government issued document to their webcam, asking them to answer special identity questions, or by more sophisticated means. The methods used by the Proctoring Tool to verify identity claims are beyond the scope of this specification.
Identity verification is not required by this specification, the Proctoring Tool may simply record the candidate's identity by collecting attributes such as a webcam picture, details from any ID document presented, their answers to simple demographic questions, acceptance of rules of conduct, and so on. This information could be compared with the information held on file by the Assessment Platform at a later date.
The Proctoring Tool may reject the candidate's request to launch the assessment aborting the workflow if the candidate fails to meet the proctoring requirements. For example, the candidate may not be in a suitable environment or they may be unable to present a satisfactory identity document.
3.3 Transferring the Candidate Back to the Assessment Platform
Once the Proctoring Tool is satisfied that the assessment session is being proctored securely it transfers the candidate's browser back to the Assessment Platform using the Start Assessment message.
The Proctoring Tool transfers the candidate back to the Assessment Platform using the Tool-Originating Messages protocol defined in [SEC-10]. This is a single HTTP POST of a JWT payload containing the Start Assessment message.
The
message_type
of this new message has a value of
LtiStartAssessment
.
The URL used for the
Start Assessment message MUST be sent to the Proctoring Tool by the Assessment
Platform in the
Start Proctoring message (see the
assessment_start_url
property of the
https://purl.imsglobal.org/spec/lti-ap/claim/assessment_proctoring_settings
claim).
The Assessment Platform MUST also include some session-specific data (
session_data
) that is opaque to the Proctoring Tool in the
Start Proctoring message. This will be returned in the
Start Assessment message and acts as an anti-CSRF token, the Assessment
Tool MUST verify that this data matches the expected browser session before actually
starting the assessment.
The tool MUST only redirect the user's browser to the
assessment_start_url
if it is satisfied that the assessment may proceed.
If the Candidate is unable to proceed with the test for any reason then the
Proctoring Tool SHOULD use the
return_url
property of the
https://purl.imsglobal.org/spec/lti/claim/launch_presentation
claim
to redirect the Candidate back to the Assessment Platform with appropriate error
information.
Although [SEC-10] implies that Tool-Originating messages “do not assert the user identity” this this specification extends this protocol with additional claims to ensure that the Assessment Platform can determine which of the optional identity claims it provided in the Start Proctoring message have been verified by the Proctoring Tool (see below).
To ensure that the role of the Proctoring Tool in any identity verification process is unambiguous any optional user identity claims provided by the Assessment Platform in the Start Proctoring message that have been verified by the Proctoring Tool SHOULD be included in the subsequent Start Assessment message. Unverified claims MUST NOT be included.
For example, if a Proctoring Tool verifies the candidate's identity by examining
a passport presented to a webcam and the Assessment Platform provided a
family_name
claim in the
Start Proctoring message then the Proctoring Tool SHOULD verify that the
candidate has that family name (by examining the passport) and echo the
family_name
claim back in the
Start Assessmentmessage. In contrast, if the Assessment Platform provides
an
address
claim in the
Start Proctoring message the Proctoring Tool MUST NOT return the
address
claim in the
Start Assessment message because the candidate's passport
does not contain verified address information.
An Assessment Platform MAY reject the
Start Assessment message if a required identity claim is missing (indicating
that it has not been verified by the Proctoring Tool). Which identity claims
a Proctoring Tool will verify is subject to agreement outside of the scope of this
specification but, at a minimum, it is recommended that Proctoring Tools performing
identity verification are able to verify the
given_name
,
family_name
and
name
claims.
3.4 Proctor Actions
During the assessment the Proctoring Tool may wish to communicate with the Assessment Platform directly, that is not through the browser session, to control the progress of the assessment. For example, if a proctor observes a candidate talking on their mobile phone during their assessment the proctor might be instructed to terminate the assessment. To achieve this, the Assessment Platform may optionally expose an Assessment Control Service endpoint in the Start Proctoring message that would allow the Proctoring Tool to issue control messages to the Assessment Platform such as pause and stop.
Service calls are secured according to the requirements of section 1.8 of [LTI-13] Interacting with Services. The security protocol is summarized in this extract from that document:
Access tokens MUST protect all the services described by the platform; tools MUST retrieve these access tokens using the JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants as specified in the LTI Security Framework - Using JSON Web Tokens with OAuth 2.0 [SEC-10].
The access token endpoint is communicated during the tool registration and used to access all services (unless explicitly stated otherwise in the service definition).
Service calls also include the session
data
claim received in the Start Proctoring message to identify the
assessment session that is subject to the control message.
3.5 LTI Resource Link Launch
The Assessment Platform MAY also issue an LTI Resource Link Request message to the Proctoring Tool to enable the user of the Assessment Platform to interact with the Proctoring Tool outside the context of a specific Assessment Launch.
The behavior of the Proctoring Tool in response to an LTI Resource Link Request is determined by the role of the user:
Program AdministratorThe Proctoring Tool MAY provide the Program Administrator with a user interface that allows them to set site-wide configuration settings.
Assessment AdministratorThe Proctoring Tool MAY provide the Assessment Administrator with a user interface that allows them to override configuration settings for a specific assessment.
CandidateThe Proctoring Tool SHOULD present the Candidate with a method of validating their system, such as checking browser version, required plug-ins, the operation of their webcam, microphone and speakers, and any other compatibility requirements.
ReviewerThe Proctoring Tool MAY present the reviewer with a way of examining the evidence collected during the assessments.
4. Assessment Proctoring Messages
LTI platforms and tools use messages to transfer the user agent from one host to the other through an HTML form POST redirection containing the message payload. The Assessment Proctoring specification defines a bi-directional workflow using both Platform-Originating messages and Tool-Originating messages:
- The Start Proctoring message flows from the Assessment Platform to the Proctoring Tool to initiate the proctoring of the candidate
- The Start Assessment message flows from the Proctoring Tool back to the Assessment Platform to authorize the candidate to start taking the assessment
- The End Assessment message flows from the Assessment Platform back to the Proctoring Tool to allow the Proctoring Tool to perform closeout tasks post completion of the assessment
In addition to the the three new messages defined by this specification guidance is
given on how the Proctoring Tool SHOULD behave in response to the unidirectional
LtiResourceLinkRequest
message defined by [LTI-13].
4.1 General Message Details
4.1.1 lti_message_hint login parameter
The Assessment Platform MAY use the optional
lti_message_hint
parameter defined by [LTI-13]. If provided,
the Proctoring Tool MUST include this parameter (and the
login_hint
) in the authentication request sent as part of the OpenID Connect
workflow used to transfer the user to the Proctoring Tool with the
Start Proctoring message.
4.1.2 JSON Web Token
As with the core resource link launch request, the Start Proctoring and End Assessment messages are sent as an OpenID Token whereas the Start Assessment message is sent as a plain JSON Web Token (JWT) [RFC7519]. For details on the process by which message senders encode messages into JWTs, see the 1EdTech Security Framework specification [SEC-10].
4.1.3 Message claims
All three proctoring message types consist of a set of claims that supplement the ones mandated by the 1EdTech Security Framework [SEC-10] specification. Additionally, many of the claims defined here are reused from the LTI resource link launch request. For full details of those claims refer to [LTI-13].
For forwards compatibility receivers of messages MUST ignore any claims in messages they do not understand and not treat the presence of such claims as an error.
4.1.3.1 Message type and schemes
Each proctoring message's
https://purl.imsglobal.org/spec/lti/claim/message_type
claim value declares
the appropriate message type. Both proctoring message types have associated
JSON schemas that formally define all their claims, which claims are required, and
which are optional.
Name | Message type value | Schema |
Start Proctoring Message | LtiStartProctoring | |
Start Assessment Message | LtiStartAssessment | |
End Assessment Message | LtiEndAssessment |
4.2 Start Proctoring Message
This section describes the composition of the Start Proctoring message. This message is used to trigger the workflow that launches a proctored assessment. Prior to this message the candidate will have logged in to the Assessment Platform and established a session with it in their browser. When the candidate indicates that they are ready to take the assessment, for example by clicking a “Launch Exam” button, the Assessment Platform transfers the candidate's browser session to the Proctoring Tool using the OpenID connect workflow as described above ultimately sending the Start Proctoring message.
4.2.1 Required Message Claims
4.2.1.1 Message type claim
Ad defined in the LTI Core specification [LTI-13], the required
https://purl.imsglobal.org/spec/lti/claim/message_type
claim must have
the value
LtiStartProctoring
.
4.2.1.2 LTI version claim
As defined in the LTI Core specification [LTI-13], the required
https://purl.imsglobal.org/spec/lti/claim/version
claim must have the
value
1.3.0
.
4.2.1.3 Deployment ID claim
As defined in the LTI Core specification [LTI-13], the required
https://purl.imsglobal.org/spec/lti/claim/deployment_id
claim identifies
the platform-tool integration governing the message.
4.2.1.4 Target link URI
As defined in the LTI Core specification [LTI-13], the required
https://purl.imsglobal.org/spec/lti/claim/target_link_uri
claim MUST
be the same as the target_link_url parameter passed by the Assessment Platform when
it initiatiated the OpenID Connect workflow.
A Proctoring Tool should rely on this claim rather than the initial
target_link_uri
parameter to do the final redirection within the Proctoring
Tool, since the login initiation request is unsigned.
4.2.1.5 Resource link claim
As defined in the LTI Core specification [LTI-13], the
required
https://purl.imsglobal.org/spec/lti/claim/resource_link
claim composes
properties for the resource link from which the
Start Proctoring message occurs. The resource link represents the
assessment within the Assessment Platform. Messages that share the same resource
link MUST be treated by the Proctoring Tool as relating to the same Assessment. The
Proctoring Tool MAY use the resource link to group information gathered during proctored
sessions for the purposes of reporting or analysis.
To assist the Proctor's' communication with the Candidate the Assessment Platform SHOULD provide a value for the title attribute of the resource link claim. The use of the description attribute is also recommended.
4.2.1.6 Attempt number claim
The
https://purl.imsglobal.org/spec/lti-ap/claim/attempt_number
claim MUST
specify the candidate's attempt number. Used in conjunction with the resource
link claim this information can be used by the Proctoring Tool to determine if the
candidate is starting a new attempt at the assessment or is returning to resume a
previous attempt. The value SHOULD be simple integer with the first attempt
having attempt number 1. This will be passed as an integer in the JWT claim.
This specification imposes no limits on the number of times a Candidate can initiate the proctoring process for a given attempt at an assessment. A Proctoring Tool MAY impose a limit of one successful launch per assessment (resource_link) per user. Multiple attempts at the same assessment SHOULD NOT be assumed without prior arrangement with the Proctoring Tool.
Example 4.2.3.6.1: the Candidate initiates the exam launch workflow and is transferred to the Proctoring Tool. Once connected with the proctor they are asked to present their government issued ID document but are unable to provide anything suitable. They return the following day and initiate the exam launch workflow a second time. The Assessment Platform sends the sameattempt number in both Start Proctoring messages.
Example 4.2.3.6.2: the Candidate initiates the assessment launch workflow for their first attempt at their certification exam. The Assessment Platform sets the attempt number to 1 in the Start Proctoring message. The proctor is satisfied that the candidate's environment is secure and the candidate is allowed to start the assessment. The candidate fails the exam and returns one month later. When they initiate the launch workflow again the Assessment Platform sends attempt number 2.
4.2.1.7 User identity claims
Since the Start Proctoring message is a platform-originating message [SEC-10] the user identity is contained the corresponding Open ID Token. Refer to [OPENID-CCORE] for a full list of permitted attributes. The only required identity attributes are the Issuer (iss) and the Subject (sub) claims.
sub (required): the
sub
(Subject) MUST be a stable, locally unique to the iss (Issuer),
identifier for the actual, authenticated candidate that initiated the launch.
given_name (recommended): the given/first name(s) of the candidate. Names may contain space separators.
family_name (recommended): the surname/last name(s) of the candidate. Names may contain space separators.
name (recommended): the candidate's full name in displayable form.
email (optional): the candidate's email address. The Proctoring
Tool should ignore this value unless
email_verified
is also provided and is true.
email_verified (optional): whether or not the Assessment Platform
has verified the candidate's
email
address.
picture (optional): the
picture
claim is defined to be an image file that SHOULD reference a
profile photo of the user and SHOULD NOT be an arbitrary photo taken or provided
by the end-user. Given this uncertainty the Proctoring Tool MUST NOT use this
picture for identification purposes except by prior arrangement with the Assessment
Platform.
locale (optional): the Assessment Platform SHOULD use the locale attributed defined in the launch presentation claim to indicate the candidate's preferred locale instead of this attribute. The Proctoring Tool is not required to support multiple locales and MUST NOT treat an unknown or unsupported locale as an unsuccessful launch.
Further information about the user may be provided in associated claims defined
in the OpenID Connect Core specification [OPENID-CCORE] such as
gender
,
birthdate, address
etc. In the interests of minimizing the personal
information exposed by the Assessment Platform any additional fields SHOULD only
be included when the Proctoring Tool is known to require them for ID verification.
4.2.1.8 Roles claim
As defined in the LTI Core specification [LTI-13], the
https://purl.imsglobal.org/spec/lti/claim/roles
claim is required but
MAY be empty. The
Start Proctoring message always initiates the proctoring process (and
corresponding assessment launch) regardless of any value specified for this claim,
the Proctoring Tool MUST ignore this value. If the Assessment Platform provides
a non-empty value it SHOULD include
http://purl.imsglobal.org/vocab/lis/v2/membership#Learner
.
4.2.1.9 Start assessment url claim
Once the Proctoring Tool has secured the candidate's environment and performed any
required identity checks successfully it transfers the browser session back to the
Assessment Platform with the
Start Assessment message. This message is sent to the URL provided
in the required
https://purl.imsglobal.org/spec/lti-ap/claim/start_assessment_url
claim.
4.2.1.10 Session data claim
The required
https://purl.imsglobal.org/spec/lti-ap/claim/session_data
claim contains data
that is opaque to the Proctoring Tool but MUST be stored and sent to the Assessment
Platform when transfering the candidate's browser back with the
Start Assessment message.
The data in this claim provides an important defence against CSRF attacks against the Assessment Platform and MJST be chosen in a way that makes it suitable for use as an anti-CSRF token.
4.2.2 Optional Message Claims
Start Proctoring messages MAY contain any of the following claims. Each group of claims is defined using its own JSON Schema.
4.2.2.1 Context claim
As defined in the LTI Core specification [LTI-13], the optional
https://purl.imsglobal.org/spec/lti/claim/context
claim composes properties
for the platform context from within which the
Start Proctoring message was sent. The context typically represents
a course or course section.
Although optional, the context may be useful and even required by some Proctoring
Tools as it provides a grouping or
cohort of Candidates that can be helpful when analyzing data captured
during the proctoring process. If the context claim is present, the only required
attribute is
id
.
4.2.2.2 Platform instance claim
As defined in the LTI Core specification [LTI-13], the optional
https://purl.imsglobal.org/spec/lti/claim/tool_platform
claim composes
properties associated with the platform initiating the launch. An example is
given in the Appendix.
4.2.2.3 Launch presentation claim
As defined in the LTI Core specification [LTI-13], the optional
https://purl.imsglobal.org/spec/lti/claim/launch_presentation
claim
SHOULD be used to provide a
return_url
for use when the the Proctoring Tool needs to reject the
Candidate's request to start the test (using the
lti_errormsg
and
lti_errorlog
parameters).
The
document_target
,
height
and
width
properties SHOULD NOT be specified, if specified the
document_target
MUST be set to window.
The optional
locale
property SHOULD be used to indicate the user's preferred language
for communication with the Proctoring Tool, including the preferred language for
communicating with a live proctor. If not provided, the
locale
claim defined by OpenID Connect Core [OPENID-CCORE] MUST be used
instead (but note the uncertainty around the format of that value). If neither
are provided then a default locale for the Proctoring Tool MUST be used. The
Proctoring Tool MUST NOT treat an unknown or unsupported locale as an unsuccessful
launch.
4.2.2.4 Learning Information Services (LIS) claim
As defined in the LTI Core specification [LTI-13], the optional
https://purl.imsglobal.org/spec/lti/claim/lis
claim composes properties
that correspond to values otherwise obtainable from a Learning Information Services
(LIS) endpoint. The use of LIS in conjunction with Assessment Proctoring is NOT recommended.
4.2.2.5 Custom properties and variable substitution claim
Custom properties allow a message sender (in this case, the Assessment Platform) to send key-value pairs defined outside of this specification. There are no custom properties defined in this specification and no defined variable substitutions. The Proctoring Tool MUST ignore any unrecognized custom properties that it does not understand.
4.2.2.6 Assessment control service claim
During the assessment the Proctoring Tool may need to send a service message to
the Assessment Platform to control the assessment in response to an incident detected
by the proctor. These messages are sent directly to the Assessment Platform
using the Assessment Control Service specified in the
https://purl.imsglobal.org/spec/lti-ap/claim/acs
claim. Support
for Assessment Control Service is optional, an Assessment Platform is not required
to provide a service endpoint and a Proctoring Tool is not required to use it if
it is provided.
assessment_control_url (required): the URL of the Assessment Control Service endpoint.
actions (required): an array of the actions supported by the service. An array of values as defined by the action parameter of the service request object (see below).
4.2.2.7 Proctoring settings claim
The optional
https://purl.imsglobal.org/spec/lti-ap/claim/proctoring_settings
claim
has the following properties:
data (optional): an opaque value which is tool-specific and can be interpreted as controlling settings not defined elsewhere
4.3 Start Assessment Message
The Start Assessment message covers the last part of the overall assessment launch workflow: once the Proctoring Tool's controls are in place the Proctoring Tool transfers the candidate's browser session back to the Assessment Platform.
The
Start Assessment message follows the protocol for Tool-Originating Messages
[SEC-10] and comprises a signed JWT using the JSON Web Signature (JWS) defined in
[RFC7515]. The JWT is sent via an HTTP POST with a single required parameter:
JWT. To prevent CSRF attacks against the Assessment Platform the
JWT contains the
session_data
set by the Assessment Platform in the Start Proctoring
message. This data, opaque to the Proctoring Tool, acts as an anti-CSRF token.
The Proctoring Tool MUST ensure that the Start Assessment message is sent in the same browser session as the Start Proctoring message. The Proctoring Tool MUST NOT require the candidate to clear cookies, reset their browser, open a private browsing window, or any similar action that disrupts the browser session.
4.3.1 Required Message Claims
4.3.1.1 Message type claim
Ad defined in the LTI Core specification [LTI-13], the required
https://purl.imsglobal.org/spec/lti/claim/message_type
claim must have
the value
LtiStartAssessment
.
4.3.1.2 LTI version claim
As defined in the LTI Core specification [LTI-13], the required
https://purl.imsglobal.org/spec/lti/claim/version
claim must have the
value
1.3.0
.
4.3.1.3 Deployment ID claim
As defined in the LTI Core specification [LTI-13], the required
https://purl.imsglobal.org/spec/lti/claim/deployment_id
claim identifies the
platform-tool integration governing the message.
4.3.1.4 Session data claim
The required
https://purl.imsglobal.org/spec/lti-ap/claim/session_data
claim contains the
value sent to the Proctoring Tool in the
Start Proctoring message. The data in this claim provides an important
defence against CSRF attacks against the Assessment Platform: the Assessment Tool
MUST validate this value against the user's browser session before allowing them
to start the assessment.
4.3.1.5 Resource link claim
As defined in the LTI Core specification [LTI-13] and further defined above, the
required
https://purl.imsglobal.org/spec/lti/claim/resource_link
claim represents
the Assessment within the Assessment Platform. The Proctoring Tool MUST copy
this value to the
Start Assessment message unchanged.
4.3.1.6 Attempt number claim
The
https://purl.imsglobal.org/spec/lti-ap/claim/attempt_number
claim specifies
the candidate's attempt number, as set by the Assessment Platform. The Proctoring
Tool MUST copy this value to the
Start Assessment message unchanged.
4.3.1.7 End assessment return claim
When the
The optional
https://purl.imsglobal.org/spec/lti-ap/claim/end_assessment_return
claim value is a
Boolean that should be set to true if the Proctoring Tool wishes the Assessment Platform to call
the LTIEndAssessment message to the Proctoring Tool placement after the assessment has been submitted.
If this is not set or is set to false the Assessment Platform will follow it's normal post completion flow.
4.3.2 Optional Message Claims
4.3.2.1 Verified user claim
The optional
https://purl.imsglobal.org/spec/lti-ap/claim/verified_user
claim is used to
indicate which of the user's attributes passed in the
Start Proctoring message have been
verified by the Proctoring Tool. Verification does not mean merely
recorded but confirmed (by automated means or manual inspection) as matching the
values sent by the Assessment Platform within the limits of the methods supported
by the proctoring tool itself. The
iss
and
sub
attributes SHOULD NOT be included as they are opaque to the Proctoring
Tool and cannot be independently verified.
If the
picture
attribute is provided it MUST point to a picture taken by the
Proctoring Tool. It MUST NOT be the same picture provided by the Assessment
Platform in the
Start Proctoring message. The Proctoring Tool MAY include this picture
even if the Assessment Platform did not provide a URL for the user's profile picture
in the
Start Proctoring message.
4.4 End Assessment Message
The
End Assessment message covers the last part of the overall assessment
submission workflow. This message type MUST be called by the Assessment Platform upon attempt
completion IF the
end_assessment_return
claim is set to true as part of the Start Assessment launch.
If the assessment needs to close due to an error NOT handled by the Assessment Platform that error MUST
be passed along using the
LtiEndAssessment
message and the
errormsg
and
errorlog
claims. The message utilizes the OpenID connect workflow prior to sending the message.
4.4.1 Required Message Claims
4.4.1.1 Message type claim
Ad defined in the LTI Core specification [LTI-13], the required
https://purl.imsglobal.org/spec/lti/claim/message_type
claim must have
the value
LtiEndAssessment
.
4.4.1.2 LTI version claim
As defined in the LTI Core specification [LTI-13], the required
https://purl.imsglobal.org/spec/lti/claim/version
claim must have the
value
1.3.0
.
4.4.1.3 Deployment ID claim
As defined in the LTI Core specification [LTI-13], the required
https://purl.imsglobal.org/spec/lti/claim/deployment_id
claim identifies
the platform-tool integration governing the message.
4.4.1.4 Target link URI
As defined in the LTI Core specification [LTI-13], the required
https://purl.imsglobal.org/spec/lti/claim/target_link_uri
claim MUST
be the same as the target_link_url parameter passed by the Assessment Platform when
it initiatiated the OpenID Connect workflow.
A Proctoring Tool should rely on this claim rather than the initial
target_link_uri
parameter to do the final redirection within the Proctoring
Tool, since the login initiation request is unsigned.
4.4.1.5 Attempt number claim
The
https://purl.imsglobal.org/spec/lti-ap/claim/attempt_number
claim MUST
specify the candidate's attempt number. Used in conjunction with the resource
link claim this information can be used by the Proctoring Tool to determine if the
candidate is starting a new attempt at the assessment or is returning to resume a
previous attempt. The value SHOULD be simple integer with the first attempt
having attempt number 1.
This specification imposes no limits on the number of times a Candidate can initiate the proctoring process for a given attempt at an assessment. A Proctoring Tool MAY impose a limit of one successful launch per assessment (resource_link) per user. Multiple attempts at the same assessment SHOULD NOT be assumed without prior arrangement with the Proctoring Tool.
4.4.1.6 User identity claims
Since the End Assessment message is a platform-originating message [SEC-10] the user identity is contained the corresponding Open ID Token. Refer to [OPENID-CCORE] for a full list of permitted attributes. The only required identity attributes are the Issuer (iss) and the Subject (sub) claims.
sub (required): the
sub
(Subject) MUST be a stable, locally unique to the iss (Issuer),
identifier for the actual, authenticated candidate that initiated the launch.
given_name (recommended): the given/first name(s) of the candidate. Names may contain space separators.
family_name (recommended): the surname/last name(s) of the candidate. Names may contain space separators.
name (recommended): the candidate's full name in displayable form.
email (optional): the candidate's email address. The Proctoring
Tool should ignore this value unless
email_verified
is also provided and is true.
email_verified (optional): whether or not the Assessment Platform
has verified the candidate's
email
address.
picture (optional): the
picture
claim is defined to be an image file that SHOULD reference a
profile photo of the user and SHOULD NOT be an arbitrary photo taken or provided
by the end-user. Given this uncertainty the Proctoring Tool MUST NOT use this
picture for identification purposes except by prior arrangement with the Assessment
Platform.
locale (optional): the Assessment Platform SHOULD use the locale attributed defined in the launch presentation claim to indicate the candidate's preferred locale instead of this attribute. The Proctoring Tool is not required to support multiple locales and MUST NOT treat an unknown or unsupported locale as an unsuccessful launch.
Further information about the user may be provided in associated claims defined
in the OpenID Connect Core specification [OPENID-CCORE] such as
gender
,
birthdate, address
etc. In the interests of minimizing the personal
information exposed by the Assessment Platform any additional fields SHOULD only
be included when the Proctoring Tool is known to require them for ID verification.
4.4.1.7 Roles claim
As defined in the LTI Core specification [LTI-13], the
https://purl.imsglobal.org/spec/lti/claim/roles
claim is required but
MAY be empty. The
End Assessment message allows for close-out of the proctoring process
regardless of any value specified for this claim, the Proctoring Tool MUST ignore this value.
If the Assessment Platform provides a non-empty value it SHOULD include
http://purl.imsglobal.org/vocab/lis/v2/membership#Learner
.
4.4.2 Optional Message Claims
End Assessment messages MAY contain any of the following claims. Each group of claims is defined using its own JSON Schema.
4.4.2.1 Context claim
As defined in the LTI Core specification [LTI-13], the optional
https://purl.imsglobal.org/spec/lti/claim/context
claim composes properties
for the platform context from within which the
End Assessment message was sent. The context typically represents
a course or course section.
Although optional, the context may be useful and even required by some Proctoring
Tools as it provides a grouping or
cohort of Candidates that can be helpful when analyzing data captured
during the proctoring process. If the context claim is present, the only required
attribute is
id
.
4.4.2.2 Platform instance claim
As defined in the LTI Core specification [LTI-13], the optional
https://purl.imsglobal.org/spec/lti/claim/tool_platform
claim composes
properties associated with the platform initiating the launch.
4.4.2.3 Launch presentation claim
As defined in the LTI Core specification [LTI-13], the optional
https://purl.imsglobal.org/spec/lti/claim/launch_presentation
claim
SHOULD be used to provide a
return_url
for use when the the Proctoring Tool has finished its closeout tasks.
The
document_target
,
height
and
width
properties SHOULD NOT be specified, if specified the
document_target
MUST be set to window.
The optional
locale
property SHOULD be used to indicate the user's preferred language
for communication with the Proctoring Tool, including the preferred language for
communicating with a live proctor. If not provided, the
locale
claim defined by OpenID Connect Core [OPENID-CCORE] MUST be used
instead (but note the uncertainty around the format of that value). If neither
are provided then a default locale for the Proctoring Tool MUST be used. The
Proctoring Tool MUST NOT treat an unknown or unsupported locale as an unsuccessful
launch.
Example 4.4.2.3.1: on completing a remotely-proctored assessment the Assessment
Platform redirects the candidate's browser back to Proctoring Tool (via an LTI launch with
the message type
LtiEndAssessment
assuming
end_assessment_return
was set to true in the Start Assessment launch). In response,
the Proctoring Tool alerts the remote proctor who makes any required closing remarks to the
candidate before disabling all automated monitoring of the candidate's device and terminating the
remote video conference session. Finally, the Proctoring Tool redirects the
candidate's browser back again to the Assessment Platform using the
return_url
given in the
launch_presentation
claim. In response to this final redirect the
Assessment Platform presents the candidate with an evaluation questionnaire to provide
feedback to the Program Manager on their experience during the proctored assessment.
4.4.2.4 Learning Information Services (LIS) claim
As defined in the LTI Core specification [LTI-13], the optional
https://purl.imsglobal.org/spec/lti/claim/lis
claim composes properties
that correspond to values otherwise obtainable from a Learning Information Services
(LIS) endpoint. The use of LIS in conjunction with Assessment Proctoring is NOT recommended.
4.4.2.5 Custom properties and variable substitution claim
Custom properties allow a message sender (in this case, the Assessment Platform) to send key-value pairs defined outside of this specification. There are no custom properties defined in this specification and no defined variable substitutions. The Proctoring Tool MUST ignore any unrecognized custom properties that it does not understand.
4.4.2.6 Proctoring settings claim
The optional
https://purl.imsglobal.org/spec/lti-ap/claim/proctoring_settings
claim
has the following properties:
data (optional): an opaque value which is tool-specific and can be interpreted as controlling settings not defined elsewhere
4.4.2.7 Error message claim
The optional
https://purl.imsglobal.org/spec/lti-ap/claim/errormsg
claim value is a plain
text string of a message the Proctoring Tool may show to the end user upon return to the platform.
It indicates some error as occurred during the interaction.
4.4.2.8 Error log claim
The optional
https://purl.imsglobal.org/spec/lti-ap/claim/errorlog
claim value is a plain text
string of a message the Proctoring Tool may log when processing this message.
It indicates some error as occurred during the interaction.
4.5 Resource Link Request
The LTI Core specification [LTI-13] defines a default message type of
LtiResourceLinkRequest
. The Assessment Platform MAY launch the Proctoring
Tool with this message type using non-Candidate roles for the purposes of configuring
the tool or to review the information collected by the tool during the assessment.
The corresponding launch messages satisfy the assessment-specific proctoring
options and external reviewer use cases.
The Proctoring Tool MAY provide a user interface to allow the setting of assessment-specific
configuration options in response to a resource link request message if the launch
role contains the value
http://purl.imsglobal.org/vocab/lis/v2/membership#Administrator
or the
abbreviated form
Administrator
.
The Proctoring Tool MAY provide a user interface to the candidate to check their
system meets the technology requirements in advance of the scheduled assessment time
in response to a resource link request message with a role of
http://purl.imsglobal.org/vocab/lis/v2/membership#Learner
or the abbreviated
form
Learner
. This could be a simple page provided by the Proctoring
Tool that lists the technology requirements or it could be a full 'dry-run' of the
assessment startup process.
The Proctoring Tool MAY provide a user interface to allow the review of information
collected during proctored assessment sessions in response to a resource link request
message if the launch role contains the value
http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#Reviewer
5. Assessment Control Service
An Assessment Platform MAY provide support for the Assessment Control Service (ACS).
An Assessment Platform indicates support for the ACS by passing the endpoint
and details of the service to the Proctoring Tool in the
Start Proctoring message in the
https://purl.imsglobal.org/spec/lti-ap/claim/acs
claim.
The ACS allows the Proctoring Tool to send messages to the Assessment Platform either during the assessment (in the case of Pause or Terminate commands) or afterwards to flag the result for further review.
All requests to the ACS MUST be secured by including a properly scoped access token
in the Authorization header as per the 1EdTech Security Framework [SEC-10]. This
requires the Proctoring Tool to obtain an access token from the Assessment Platform's
OAuth2 authorization server prior to making service calls. When requesting
an access token the scope of the token must be specified. This specification
defines a single scope:
https://purl.imsglobal.org/spec/lti-ap/scope/control.all
that MUST be used
in all client authentication requests.
The Proctoring Tool may retain the
assessment_control_url
,
resource_link
and
attempt_number
received in the
Start Proctoring message and call the service at any time, even after
the assessment session has ended. This allows the Proctoring Tool to carry
out more sophisticated analysis of the data collected for a group of Candidates or
even to record information for later subjective review flagging a result in response
to an incident identified after the fact by a human reviewer. The Assessment
Platform MUST accept requests to the ACS that pertain to completed assessment sessions
for as long as it remains reasonable to update information about the conduct of that
session.
All requests to the ACS must use HTTP POST with the following media type:
application/vnd.ims.lti-ap.v1.control+json
. The body of the request
is a simple JSON object with parameters defined in the following sections. The
Assessment Platform MUST ignore any unknown parameters passed to the ACS.
The Assessment Platform MUST return an HTTP status code of 200 if the request conforms
to this specification, the
user
,
resource_link
and
attempt_number
correspond to a valid assessment attempt and the requested
action is supported. The body of the response must also be of media type:
application/vnd.ims.lti-ap.v1.control+json
. The response object JSON
object contains information about the current status of the attempt.
5.1 Required Request Parameters
5.1.1 user parameter
An object that identifies the candidate using the data passed to the Proctoring Tool in the Start Proctoringmessage.
iss (required): the issuer identifier from the OpenID token describing the Assessment Platform that issued the user identity.
sub (required): the subject identifier from the OpenID token describing the user authenticated with the Assessment Platform.
5.1.2 resource_link parameter
As defined in the LTI Core specification [LTI-13], an object that identifies the assessment the candidate is attempting. This object can be copied from the Start Proctoring message though only the id parameter is required.
5.1.3 attempt_number parameter
The attempt number copied from the Start Proctoring message. Together with the resource_link and user objects the attempt_number uniquely identifies the candidate's assessment. A Proctoring Tool MAY receive multiple Start Proctoring messages for the same user, assessment and attempt, for example, if the launch flow was aborted following a technical failure. The ACS does not differentiate between multiple launches (if any): all control messages relating to the attempt are identified solely by these three require parameters.
5.1.4 action parameter
The action parameter instructs the Assessment Platform which action to take in relation to the candidate's assessment attempt. If the attempt is not in a statue compatible with the requested action the Assessment Platform MUST accept the request and indicate that no action was taken by returning the appropriate status in the response (see below).
The following values are permitted.
pauseRequest to pause a running attempt. While the attempt is paused the candidate SHOULD NOT be able to review the questions, enter responses or otherwise interact with the assessment. The behavior of the Assessment Platform when pausing timed assessments is not defined by this specification.
resumeRequest to resume a previously paused attempt.
terminateRequest to terminate an assessment attempt.
updateA special value indicating that the status of the attempt should be updated based only on the additional parameters, such as adding extra time or recording a message from the proctor. The Proctoring Tool MAY also use this action to poll the ACS for the current status of the attempt.
flagRequest to flag an attempt. A flag may be placed on an attempt
at any time and indicates the need to review the candidate's session to ensure that
the session was conducted fairly. The reason for flagging is given in the optional
reason_code
and
reason_msg
parameters.
5.1.5 incident_time parameter
The timestamp of the
incident that caused this request. This MAY differ from the time
of the request itself, for example, a Proctoring Tool may perform analysis of video
data captured during the assessment session at a later time. If an incident
is identified in the video data the
incident_time
is the timestamp of the incident, not the time at which
the video analysis system identified it.
5.1.6 Optional Request Parameters
The following optional parameters may be added to any of the control message actions. If an Assessment Platform receives a parameter that
5.1.7 extra_time parameter
The
extra_time
parameter, given in minutes, is used to add time to a timed
assessment. For example, this may be used to compensate a candidate for an
incident that was out of their control or to implement some other form of permitted
accommodation identified by the Proctor.
This represents the total amount of extra time granted for this session. If the Tool received multiple extra time messages, the most recent represents the amount of time granted.
5.1.8 incident_severity parameter
The
incident_severity
parameter is a numeric parameter indicating the
severity of the incident that triggered the request. The value MUST
be in the range 0 to 1 with 0 indicating very low severity and 1 indicating very
high severity. For example, if a live Proctor observes the candidate making
a call on their mobile telephone they might pause the assessment and use a high value
for the severity.
The following severity mapping is non-normative but MAY be used when displaying information about an incident to a Reviewer. A value less than 0.25 - information only, green flag incident; a value less than 0.75 but greater than or equal to 0.25 - warning, amber flag; value greater than or equal to 0.75 - severe, red flag.
5.1.9 reason_code parameter
The
reason_code
is an optional string (a URN or URI could be used) indicating
the reason for the request. The values of these codes are Proctoring Tool-specific.
5.1.10 reason_msg parameter
The
reason_msg
is an optional text string describing the reason for the
request in a human-readable form. For example, the value may be a comment entered
by a live proctor or a message generated by an automated system.
5.2 Response Parameters
5.2.1 status parameter
The status parameter informs the Proctoring Tool of the current status of the attempt and takes one of the following values:
none: the attempt has not been started yet
running: the attempt is currently running.
paused: the attempt is currently paused
terminated:the attempt was terminated by the Proctoring Tool.
complete: the attempt is complete
5.2.2 extra_time parameter
The total amount of
extra_time
currently given to the candidate, in minutes.
6. Example Deployment and Messages
In the following example messages the Assessment Platform has an issuer id of
https://assessment.org
- although this follows the guidance in [OPENID-CCORE]
where it is RECOMMENDED that only a single issuer be defined per host, OpenID Connect
does acknowledge that multi-tenanted systems may require multiple issuer ids per
host. For multi-tenanted Assessment Platforms (sharing the same host name)
it is RECOMMENDED that Issuer ids and service endpoints are differentiated by path,
e.g.,
https://assessment.org/tenant100
. The important thing is that the subject
identifiers that represent end users of the Assessment Platform MUST be unique within
the scope of the issuer id. The Assessment Platform also has a public/private
key corresponding to the issuer id.
The Assessment Platform defines an Authorization Service endpoint for the purposes
of OpenID Connect authorization flows at
https://assessment.org/auth.
It also exposes an OAuth2 access token
endpoint at
https://assessment.org/tokens
, the access token endpoint is used to obtain
access tokens for the Assessment Control Service.
The Proctoring Tool defines two service endpoints: a login endpoint used to initiate
the OpenID connect authorization flow:
https://proctor.org/login
and a launch endpoint used to send the
Start Proctoring message
https://proctor.org/launch
. The tool also has its own public/private
key associated with these endpoints.
Prior to the Assessment Launch Workflow the Proctoring Tool's endpoints and public
key are used to create a new tool deployment in the Assessment Platform. The
Assessment Platform allocates a unique
client_id
to the Proctoring Tool, in the example that follows this value
is
ptool009.
The client id MUST be unique within the scope of the issuer
id and service endpoints defined by the platform. The client id, along with
the issuer id, service endpoint URLs and platform public key are used to configure
the Proctoring Tool and complete the trust relationship between the two systems.
The Assessment Platform also internally allocates a deployment id to the integration,
see the
Start Proctoring message above for more details but bear in mind that
LTI supports a deployment model where the same Tool, using the same endpoints and
public key, can be deployed multiple times within the Assessment Platform (for example,
for different Assessment
Programs managed by different Program Managers within the same institution).
In the examples that follow the deployment id allocated to this integration
by the Assessment Platform is
23487
.
6.1 Assessment Launch Workflow
The Assessment Platform initiates the workflow by directing the candidate's browser to issue a GET or POST request to the Proctoring Tools login endpoint.
POST https://proctoring.org/login
Content-Type: application/x-www-form-urlencoded
iss=https%3A%2F%2Fassessment.org&login_hint=22375&target_link_uri=
https%3A%2F%2Fproctoring.org%2Flaunch<i_message_hint=398
The Proctoring Tool uses the iss parameter to identify the Assessment Platform and then performs an authentication request to the Assessment Platform's Authorization Service endpoint. This is done using a redirect in the candidate's browser.
GET
https://assessment.org/auth?client_id=ptool009&
login_hint=22375<i_message_hint=398&nonce=562d5142d4932cb6ae01&
prompt=none&redirect_uri=https%3A%2F%2Fproctoring.org%2Flaunch&response_mode
=form_post&response_type=id_token&scope=openid&state=cmkVeQ
The state parameter contains opaque data created by the Proctoring Tool to track
state across the OpenID connect flow and also plays the role of an anti-CSRF token
binding the Assessment Platforms next response to the same browser session. LTI
requires the OpenID prompt parameter to be
none
indicating that no user interaction will take place in the Assessment
Platform in response to this request. Instead, the Assessment Platform verifies
that the user indicated in the
login_hint
is logged in to the current browser session, confirms that
the
redirect_url
matches the registered launch endpoint for the Proctoring
Tool integration identified by the
client_id
and then returns the candidate to the Proctoring Tool with
a POST back to the
redirect_uri
containing the detailed
Start Proctoring message claims.
POST https://proctoring.org/launch
Content-Type: application/x-www-form-urlencoded
id_token=eyJhbGciOi...uDP6KuSMg&state=cmkVeQ
The state parameter is reflected back to the Proctoring Tool and MUST be validated to prevent CSRF attacks.
The id_token is a JWT signed using JWS [RFC7515] (abbreviated in the above example). The value consists of three base64 encoded fields separated by '.' - the first is the JOSE header describing the algorithm used, the second is the plaintext payload and the third is the signature calculated using the Assessment Platform's private key. The Proctoring Tool can verify the signature using the public key configured during deployment. The first two fields are decoded here:
{"alg":"RS256","kid":"hf8Sisblt0zj0KhjY8oAIH0ylU2PuYwnegc8Y9vJq9g"}
{
"iss": "https://assessment.org",
"aud": "ptool009",
"sub": "2047534b3cc6d7086909",
"exp": 1548871170,
"iat": 1548870870,
"nonce": "cc0d7b7f6cdc554bacc7",
"https://purl.imsglobal.org/spec/lti/claim/message_type":
"LtiStartProctoring",
"https://purl.imsglobal.org/spec/lti/claim/version": "1.3.0",
"https://purl.imsglobal.org/spec/lti/claim/deployment_id": "23487",
"https://purl.imsglobal.org/spec/lti/claim/target_link_uri":
"https://proctoring.org/launch",
"https://purl.imsglobal.org/spec/lti/claim/resource_link": {
"id": "398",
"title": "Algebra I",
"description": "Algebra I: End of module exam"
},
"https://purl.imsglobal.org/spec/lti-ap/claim/attempt_number":
1,
"given_name": "Jane",
"family_name": "Doe",
"name": "Jane Doe",
"https://purl.imsglobal.org/spec/lti/claim/roles": [
"http://purl.imsglobal.org/vocab/lis/v2/membership#Learner
],
"https://purl.imsglobal.org/spec/lti-ap/claim/start_assessment_url":
"https://assessment.org/examgo",
"https://purl.imsglobal.org/spec/lti-ap/claim/session_data":
"ZOG9BSUgweWxVMlB1WXduZWdjOFk5dkpxOWcif",
"https://purl.imsglobal.org/spec/lti/claim/context": {
"id": "115",
"label": "M01",
"title": "Math Part 1",
"type": [
"CourseOffering"
]
},
"https://purl.imsglobal.org/spec/lti/claim/launch_presentation": {
"document_target": "window",
"return_url": "https://assessment.org/home",
"locale": "en-US"
},
"https://purl.imsglobal.org/spec/lti-ap/claim/acs": {
"actions": [
"terminate",
"flag",
"update"
],
"assessment_control_url": "https://assessment.org/acs"
},
"https://purl.imsglobal.org/spec/lti-ap/claim/proctoring_settings":
{
"data": "video=on,audio=on,screencapture=off"
}
}
The Proctoring Tool validates this message according to the rules set out in [SEC-10] 5.1.3 Authentication Response Validation.
For the purposes of this example the Proctoring Tool starts an audio/video conference with the candidate and asks them to present government issued id and the candidate offers their passport to the webcam. A live Proctor validates that the given and family names on the passport match those in the Start Proctoring message and that the passport photo is a good likeness of the person presenting the document! Satisfied that the candidate's environment is secure the Proctoring Tool issues the Start Assessment message using an HTTP POST to the start_assessment_url.
POST https://assessment.org/examgo
Content-Type: application/x-www-form-urlencoded
JWT=eyJhbGciO...SkBN
As for the Start Proctoring message, the JWT is a signed token, for brevity only the payload is illustrated below. Notice that the iss and aud parameters are reversed indicating that the message is being sent from the Proctoring Tool to the Assessment Platform. The Proctoring Tool's private key is used to calculate the signature.
{
"iss": "ptool009",
"aud": "https://assessment.org",
"exp": 1548871178,
"iat": 1548870878,
"nonce": "c60cbd5dc4af7c57cbc7",
"https://purl.imsglobal.org/spec/lti/claim/message_type":
"LtiStartAssessment",
"https://purl.imsglobal.org/spec/lti/claim/version": "1.3.0",
"https://purl.imsglobal.org/spec/lti/claim/deployment_id": "23487",
"https://purl.imsglobal.org/spec/lti-ap/claim/session_data":
"ZOG9BSUgweWxVMlB1WXduZWdjOFk5dkpxOWcif",
"https://purl.imsglobal.org/spec/lti/claim/target_link_uri":
"https://proctoring.org/launch",
"https://purl.imsglobal.org/spec/lti/claim/resource_link": {
"id": "398"
},
"https://purl.imsglobal.org/spec/lti-ap/claim/attempt_number":
1,
"https://purl.imsglobal.org/spec/lti-ap/claim/verified_user": {
"given_name": "Jane",
"family_name": "Doe"
}
"https://purl.imsglobal.org/spec/lti/claim/launch_presentation": {
"document_target": "window",
"return_url": "https://proctor.org/stop",
"locale": "en-US"
}
}
At the end of the assessment the Assessment Tool checks what value it received from the
Start Assessment JWT for
end_assessment_return
. If the value was true the Assessment Platform launches
to the Proctoring Tool with the LtiEndAssessment
message. The launch follows the same
security protocol as the Start Proctoring message. The OIDC workflow preceding the message is not shown here because it mirrors the sample in the Start Proctoring message above.
{
"iss": "https://assessment.org",
"aud": "ptool009",
"sub": "2047534b3cc6d7086909",
"exp": 1548871170,
"iat": 1548870870,
"nonce": "cc0d7b7f6cdc554bacc7",
"https://purl.imsglobal.org/spec/lti/claim/message_type":
"LtiEndAssessment",
"https://purl.imsglobal.org/spec/lti/claim/version": "1.3.0",
"https://purl.imsglobal.org/spec/lti/claim/deployment_id": "23487",
"https://purl.imsglobal.org/spec/lti/claim/target_link_uri":
"https://proctoring.org/launch",
"https://purl.imsglobal.org/spec/lti/claim/resource_link": {
"id": "398",
"title": "Algebra I",
"description": "Algebra I: End of module exam"
},
"https://purl.imsglobal.org/spec/lti-ap/claim/attempt_number":
"1",
"given_name": "Jane",
"family_name": "Doe",
"name": "Jane Doe",
"https://purl.imsglobal.org/spec/lti/claim/roles": [
"http://purl.imsglobal.org/vocab/lis/v2/membership#Learner
],
"https://purl.imsglobal.org/spec/lti/claim/context": {
"id": "115",
"label": "M01",
"title": "Math Part 1",
"type": [
"CourseOffering"
]
},
"https://purl.imsglobal.org/spec/lti/claim/launch_presentation": {
"document_target": "window",
"return_url": "https://assessment.org/home",
"locale": "en-US"
},
"https://purl.imsglobal.org/spec/lti-ap/claim/proctoring_settings":
{
"data": "video=on,audio=on,screencapture=off"
}
}
The Proctoring Tool terminates the video conference between the Proctor and Candidate
and redirects the candidate's browser back to the
return_url
that
it received in the
End Assessment message.
GET https://assessment.org/home
6.2 Assessment Control
In the above example the Assessment Platform declares an endpoint for the Assessment Control Service and support for the “terminate”, “flag” and “update” actions. Suppose that the proctoring system recorded the audio during the session and that this audio is processed later and a loud noise is detected that the candidate may have found disturbing. The proctoring system decides to flag the disturbance using the Assessment Control Service.
Assuming the Proctoring Tool does not have a valid access token for the ACS the first request it makes is to the OAuth2 access token endpoint of the Assessment Platform. The request takes the form of a JWT signed using the Proctoring Tool's private key (as per the Start Assessment message above) but the OAuth parameters follow a different pattern according to [RFC7523], see below for details.
POST https://assessment.org/tokens
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_assertion_type=urn%3Aietf%3Aparam
s%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&
client_assertion=eyJ...CQQ&scope=https%3A%2F%2Fpurl.imsglobal.org%2F
spec%2Flti-ap%2Fscope%2Fcontrol.all
The JWT encoded in the the
client_assertion
parameters is expanded here:
{
"iss" : ""https://proctoring.org",
"sub" : "ptool009",
"aud" : ""https://assessment.org/tokens",
"exp" : 1548873478,
"iat" : 1548873178,
"jti" : "4ad4d0962a24037c9b00b70ef4e949c3"
}
The
iss
value used is an issuer identifier for the Proctoring Tool. The
Assessment Platform does not need to be provided with this value during deployment,
it is for information only. The subject (
sub
) is the
client_id
of the Proctoring Tool and the audience (
aud
) MUST be set to the URL of the token service endpoint being used. Finally,
to mitigate against replay attacks a unique id is provided in the jti parameter.
The response to this message contains the access token that the Proctoring Tool can use to call the ACS directly.
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
{
"access_token" : "2YotnFZFEjr1zCsicMWpAA",
"token_type" : "bearer",
"expires_in" : 3600,
"scope" : "https://purl.imsglobal.org/spec/lti-ap/scope/control.all"
}
Subsequent calls the ACS are then made using the access_token in the Authorization header.
The Proctoring Tool flags the noise event in the candidate's assessment attempt with a POST request to the ACS endpoint:
POST https://assessment.org/acs
Content-Type: application/vnd.ims.lti-ap.v1.control+json
Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA
{
"user" : {
"iss" : "https://assessment.org",
"sub": "2047534b3cc6d7086909"
},
"resource_link": {
"id": "398"
},
"attempt_number": 1,
"action": "flag",
"incident_time": "2018-02-01T10:45:33Z",
"incident_severity": "0.1",
"reason_code": "12056",
"reason_msg": "Excessive background noise outside candidate control"}
7. Implementation Guidance
7.1 Deployment
To ease deployment it is RECOMMENDED that Proctoring Tools expose their login endpoint and launch endpoint URLs along with their public key when provisioning the tool (or a tenant on multitenant tool).
It is further RECOMMENDED that the Assessment Platform is used to drive the deployment process. The system administrator or other authorized person might use a user interface that accepts the Proctoring Tool's URLs and public key as inputs and provides the client_id and the platform's public key in return along with the issuer id, authorization endpoint and token endpoint URLs.
Finally, the Proctoring Tool administrator can add these details using a similar interface in the Proctoring Tool to complete the trust relationship between the two systems.
7.2 Assessment Tools and Learning Management Systems
Some Assessment Platforms play the role of an LTI Tool in an LMS/Assessment Tool relationship. For LTI 1.3 this means the LMS must play the role of OpenID Provider to the Assessment Tool/Platform while, simultaneously, the Assessment Tool/Platform plays the role of OpenID Provider to the Proctoring Tool.
The Assessment Platform cannot pass the OpenID service endpoints and issuer information it receives from the LMS to the Proctoring Tool as LTI does not support simple delegation of the OP function. In particular, the OP MUST redirect the candidate's browser to the Proctoring Tool using the full Start Proctoring message encapsulated in the id_token: a role that the LMS would not be able to fulfil.
7.3 Proctoring Controls
A. Use Cases
This section is non-normative.
Use Case Title: | Launch the Assessment |
Use Case Local ID: | Proctoring-01/In-Session |
Brief Description: | Launch the assessment through the proctoring service |
Level: | Primary Task |
Actors: | Primary:Candidate |
Secondary: | |
Preconditions: | Assessment is available with proctoring tool enabled, all pre-registration and scheduling requirements have been satisfied |
Triggers: | Candidate made aware that assessment is now due |
Basic Flow of Events: | Candidate launches a proctored assessment in the Assessment Platform. Proctoring Tool launches and once proctoring arrangements are in place and any ID checks completed the candidate is returned to the Assessment Platform to launch the assessment. |
Alternative Flows: | Candidate launches the assessment to review previously completed assessment under proctored conditions |
The following use case is documented for completeness. The protocol documented by this specification does not cover the method by which the Proctoring Tool is made active for an assessment within the Assessment Platform.
Use Case Title: | Add Proctoring Requirement |
Use Case Local ID: | Proctoring-02/Pre-Exam |
Brief Description: | Add proctoring requirement to an assessment. |
Level: | Primary Task |
Actors: | Primary:Assessment Administrator (may be Instructor); |
Secondary:Program Manager/Administrator | |
Preconditions: | Assessment is available within the Assessment Platform system |
Triggers: | Assessment has been created ready for scheduling |
Basic Flow of Events: | Assessment Administrator makes assessment available, e.g., as a resource (with optional context) within the Assessment Platform, enables the Proctoring Tool for use in conjunction with this assessment before opening it to candidates |
The following use case presupposes that the Proctor is able to interact with the Proctoring Tool through their own device. This does not exclude local 'in person' proctoring as a local proctor may still have access to a device used to manage the assessment session. A local proctor may also be able to intervene directly, e.g., by powering off the Candidate's computer to prevent them cheating or stealing assessment content.
Use Case Title: | Proctor intervenes |
Use Case Local ID: | Proctoring-03/In-Session |
Brief Description: | Control a running assessment to protect integrity of the process |
Level: | Sub-function |
Actors: | Primary:Proctor |
Secondary:Candidate | |
Preconditions: | Candidate is currently taking an assessment launched through the proctoring tool (Proctoring-08/In-Session) |
Triggers: | An exceptional event occurs during the candidate's assessment that requires that the session be paused or terminated. |
Basic Flow of Events: | Proctor opens a control panel for the Candidate's assessment in the Proctoring Tool; proctor uses controls to pause, terminate or add extra time to the candidate's test. Candidate's test may be aborted and they are returned to an appropriate page in the assessment platform. |
Alternative Flows: | Candidate's test is resumed and they continue with the assessment (incident is noted in audit log) |
Notes: | Optional as only some assessment systems provide this type of capability. Split out: automated flagging in real time of issues detected by proctoring service as an alternative (and/or) way of controlling running tests. |
Most Proctoring Tools do some form of technical system checking process to ensure that the necessary software and hardware is available during the assessment launch. In addition to these just-in-time checks some Proctoring Tools provide a way for candidates to 'dry run' their technology well in advance of the scheduled assessment to give them plenty of time to install required software or change system configuration. This use case refers to these advanced checks only.
Use Case Title: | Validate User System |
Use Case Local ID: | Proctoring-04/Pre-Exam/In-Session |
Brief Description: | Check technology requirements for a specific PC, laptop or other device prior to the scheduled assessment time |
Level: | Sub-function |
Actors: | Primary:Candidate |
Secondary:Test Center Administrator | |
Preconditions: | Assessment is available with proctoring tool enabled in the platform. |
Triggers: | Candidate made aware that assessment is available |
Basic Flow of Events: | Candidate launches a proctored assessment through the assessment resource in the platform and is presented with technical requirements and system diagnostics suitable for checking that their device is suitable for taking the assessment |
Alternative Flows: | Candidates may also complete this step before assessment is available. |
Notes: | This could be implemented as an extension to any platform systemcheck. Would typically be implemented as a launch into the proctoring tool. |
Use Case Title: | Site-wide Proctoring Options |
Use Case Local ID: | Proctoring-05/Pre-Exam |
Brief Description: | Configure proctoring options that will apply to all assessments delivered within the institution. |
Level: | User |
Actors: | Primary:Program Manager/Administrator; |
Secondary:Examinations Officer, Academic Integrity Officer | |
Preconditions: | Proctoring tool provider is already registered with a platform system using LTI. |
Triggers: | After initial provisioning of the proctoring tool; following reviews of testing program performance and policies |
Basic Flow of Events: | The administrator launches into the proctoring tool to be able to set platform system wide settings. |
Notes: | Some proctoring tools may not support any customization at this level so this use case is optional. |
Use Case Title: | Assessment Specific Proctoring Options |
Use Case Local ID: | Proctoring-06/Pre-Exam |
Brief Description: | Modify default proctoring options for an individual assessment |
Level: | Sub-function |
Actors: | Primary:Assessment Administrator (may be Instructor) |
Secondary:Program Manager/Administrator | |
Preconditions: | Assessment is available within the platform system and proctoring tool has been enabled for it |
Triggers: | Assessment has proctoring enabled |
Basic Flow of Events: | Test Administrator launches the proctoring tool for the assessment resource and is able to control options provided by that tool. |
Notes: | Optional, some systems may not support configuration options. |
Use Case Title: | External Reviewer Launch of Proctoring System |
Use Case Local ID: | Proctoring-07 |
Brief Description: | Review audit information for entire assessment program |
Level: | Sub-function |
Actors: | Primary:Reviewer |
Secondary:Examinations Officer, Academic Integrity Officer | |
Preconditions: | One or more candidates have completed an assessment with proctoring tool |
Triggers: | Assessment session ended; routine audit requirement or incident response |
Basic Flow of Events: | Reviewer launches the proctoring tool from the consumer (no context required) and is presented with all audit information collected by the proctoring tool. |
B. Use Cases Placed Out Of Scope
This section is non-normative.
These use cases were documented but voted out of scope by workgroup participants for the first version of this specification. These and other new use cases will be considered for future iterations.
Use Case Title: | External Proctor Launch of Proctoring System |
Use Case Local ID: | Proctoring-08/In-Session |
Brief Description: | Users in the consumer system (e.g., LMS) act as (live - but online) proctors in the proctoring tool if agent is providing their own proctors |
Level: | Primary Task |
Actors: | Primary:Proctor |
Secondary: | |
Preconditions: | Proctoring tool has been provisioned in the consumer |
Triggers: | Proctor comes on shift or is notified of a pre-arranged time for a remote proctoring session they are scheduled to proctor. |
Basic Flow of Events: | Proctor launches the proctor tool from the consumer system (no context necessary) and is able to use the proctoring tool to remotely proctor a candidate taking an assessment. |
Alternative Flows: | Proctor launches the proctor tool from an assessment resource in the consumer system made available with proctoring enabled and is able to proctor a candidate taking that assessment |
Use Case Title: | External Reviewer Launch of Proctoring System (limited) |
Use Case Local ID: | Proctoring-09/Post-Exam |
Brief Description: | Review exceptions for an individual assessment from proctoring system |
Level: | User |
Actors: | Primary:Reviewer (not primary proctor) |
Secondary: | |
Preconditions: | One or more candidates have completed an assessment with proctoring tool |
Triggers: | Assessment session ended; routine audit requirement or incident response |
Basic Flow of Events: | Reviewer launches the proctoring tool in the context of the assessment in the consumer system and is presented with a list of exceptions collected by the proctoring tool for all candidates that have taken the assessment |
Alternative Flows: | Reviewer sees exceptions for all assessments associated with this consumer or context (course). |
Use Case Title: | Schedule an Appointment |
Use Case Local ID: | Proctoring-10/Pre-Exam |
Brief Description: | Pre-register and/or schedule an appointment with a live proctor or other type of resource-limited proctoring service |
Level: | Sub-function |
Actors: | Primary:Candidate |
Secondary: | |
Stakeholders & Interest: | Stakeholder: |
Interest: | |
Preconditions: | Assessment is available with proctoring tool enabled |
Triggers: | Candidate made aware assessment is available and pre-registration/scheduling requirement |
Basic Flow of Events: | Candidate launches the proctoring tool through the consumer and is presented with registration and/or appropriate scheduling forms to complete |
Notes: | Optional, some services may not require any scheduling or pre-registration |
Use Case Title: | Schedule Blocking |
Use Case Local ID: | Proctoring-11 |
Brief Description: | Request a booking from proctoring system for a given number of candidates in a given time slot. Individual tests must still be scheduled |
Level: | Sub-function |
Actors: | Primary:Test Administrator (may be Instructor); aka Program Manager/Administrator |
Secondary: | |
Basic Flow of Events: | Consumer calls an API in the proctoring system with specification for capacity/time of desired test(s); proctoring system replies with one or more available bookings; Test Administrator selects a booking in consumer-provided user interface and booking is confirmed with proctoring system |
Notes: | Capacity planning for larger tests would happen out of band using the relationship between the assessment provider and the proctoring service |
C. Revision History
This section is non-normative.
C.1 Version History
Spec Version No. | Document Version No. | Release Date | Comments |
IMS Candidate Final Public v1.0 | 1 | July 2019 | The first public draft release. |
IMS Candidate Final Public v1.0 | 2 | Nov 2022 | Add clarifying language for extra_time parameter. |
C.2 Changes in this version
Changes in this version are detailed below.
8 April 2021:
- Revised example explanation to clarify that at the end of the assessment the Assessment Tool uses the value in the received "end_assessment_return" claim, and not the "start_assessment_return" claim.
- Corrects miscellaneous typos and incorrect term usage.
4 March 2021:
- Updates the document with additional language around attempt number; alters the JWT claims to use an integer value (1 instead of "1").
- Adds new message type "LtiEndAssessment" to manage the Assessment Platform transitioning back to Proctoring Tool.
20 May 2020:
- updates the json schema list and URLs,
- formats the code examples for better display,
- other minor corrections.
D. References
D.1 Normative references
- [LTI-13]
- 1EdTech Learning Tools Interoperability (LTI)® Core Specification v1.3. C. Vervoort; N. Mills. 1EdTech Consortium. April 2019. 1EdTech Final Release. URL: https://www.imsglobal.org/spec/lti/v1p3/
- [OPENID-CCORE]
- OpenID Connect Core 1.0. Nat Sakimura; John Bradley; Michael B. Jones; Breno de Medeiros; Chuck Mortimore. The OpenID Foundation. URL: https://openid.net/specs/openid-connect-core-1_0.html
- [OWASP-CSRF]
- Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet. OWASP Cheat Sheet Series. URL: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html
- [RFC2119]
- Key words for use in RFCs to Indicate Requirement Levels. S. Bradner. IETF. March 1997. Best Current Practice. URL: https://tools.ietf.org/html/rfc2119
- [RFC7159]
- The JavaScript Object Notation (JSON) Data Interchange Format. T. Bray, Ed.. IETF. March 2014. Proposed Standard. URL: https://tools.ietf.org/html/rfc7159
- [RFC7515]
- JSON Web Signature (JWS). M. Jones; J. Bradley; N. Sakimura. IETF. May 2015. Proposed Standard. URL: https://tools.ietf.org/html/rfc7515
- [RFC7519]
- JSON Web Token (JWT). M. Jones; J. Bradley; N. Sakimura. IETF. May 2015. Proposed Standard. URL: https://tools.ietf.org/html/rfc7519
- [RFC7523]
- JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants. M. Jones; B. Campbell; C. Mortimore. IETF. May 2015. Proposed Standard. URL: https://tools.ietf.org/html/rfc7523
- [SEC-10]
- 1EdTech Security Framework v1.0. C. Smythe; C. Vervoort; M. McKell; N. Mills. 1EdTech Consortium. April 2019. 1EdTech Final Release. URL: https://www.imsglobal.org/spec/security/v1p0/
E. List of Contributors
The following individuals contributed to the development of this document:
Name | Organization | Role |
---|---|---|
Mallory Dyer | Proctorio | |
Darrick Jensen | PearsonVue | |
Steve Lay | Questionmark | Editor |
Mark McKell | 1EdTech | Editor |
Mark Molenaar | OAT | |
Mike Olsen | Proctorio | |
Shea Silverman | UCF | |
Colin Smythe | 1EdTech | |
Claude Vervoort | Cengage | |
Diane Virgil | ETS | |
David Kraines | Blackboard |