Suggested LTI Advantage Requirements for Institutional RFP & Procurement Agreements
- Relies on the security provided by TLS encrypted connections and uses a protocol with built-in defenses against man-in-the-middle attacks.
- Splits the server into two logical roles: (1) authorization server and (2) resource server. This separation fits naturally with enterprises where authorization concerns are spread across many servers responsible for different types of resources.
- Distinguishes between confidential and public clients, making it easier to secure implementations that suit the specific needs of client applications.
- Introduces multiple authorization grant types, each with its own protocol flow that makes OAuth 2.0 adaptable for multiple use cases and client types.
- Is designed to be extensible with new access token types, grant types, and protocol parameters.
- Gradable assignments shared with a tool
- Numeric scores returned to the platform gradebook
- Assessor’s comments returned if provided
- Multiple results supported in a single exchange
- Instructor override and history of attempts allowed
- Select and add course content in a few clicks
- Add playlists and tables of content
- Enable links and other HTML content
- Add pre-registered tools with a few clicks
- Exchange a list of users and their roles
- Provision a learner using LTI’s secure exchange
- Learn who has not yet accessed a tool
What is the difference between IMS certified LTI and LTI Advantage platforms and tools, and those that claim to "conform" to the LTI and LTI Advantage standards?
- Have successfully implemented LTI Advantage security policies,
- Are interoperable with other LTI Advantage certified tools and/or platforms, and
- Correctly implement LTI Advantage prescribed standards and services.
- Assignment and Grade Services
- Deep Linking
- Names and Role Provisioning Services
Suggested RFP Language and Resources for Procurement
- Suggested RFP wording and clauses (open inquiry to stringent specification):
Meets certification requirements as outlined in the LTI specification. Describe, including the implementation of the LTI Advantage extensions.
[Institution] is committed to a standards-based, interoperable teaching and learning technology ecosystem. We are requesting [vendor/product] obtain certification by IMS Global Learning Consortium as a [platform or tool] for LTI Advantage, including applicable extensions no later than [specific date]. Specify the LTI extensions that each tool or platform supports and holds certification.
[Institution] is requiring the support of LTI core and LTI Advantage and the [platform or tool] must be certified with IMS Global Learning Consortium. The vendor is required to provide a valid, current conformance certification registration number. See imscert.org. The vendor is also required to remain current with the subsequent LTI core versions and applicable extensions, and receive certification within a “reasonable” time period (see Statement of Intent to Adopt IMS Standards in a Timely Manner). Specify the LTI extensions that each tool or platform supports and holds certification.
Data generated by student/faculty interaction with LTI provider tools is student/faculty data, whose stewardship is the responsibility of the institution of which those individuals are members. The Platform and Tool providers will provide to the institution a copy of this data upon the request of the institution and in a format, such as Caliper, specified by the institution.
- Suggested Guidelines
Any features of the specified LTI version that are not supported by the tool, or if there are custom parameter substitution variables that are supported, these should be noted explicitly in the RFP response.
The vendor partner is required to disclose what parameters, variables, and services the tool requires so it can be matched and supported by the tool consumer or tool provider. The partner is also required to disclose optional services used.
- Sign FERPA agreement
- Is student identified data really necessary for the performance of the LTI tool?
- Learning platform and tool must provide an ISO security review
- Frequency and formatting of the data collected by the tool (ideally, daily and in Caliper Analytics format)
- Is there a need for real-time data exchange, and if not now in the foreseeable future?
- Is data synced between devices, cloud services, the client and the learning platform?
- Where data is stored and how long?
- When data is removed, how is the data removed, deleted or erased?
- Accessibility—not in the scope of LTI Advantage but always worth mentioning