Highlights from IMS Tech Congress 2021

IMS held its quarterly meeting last month focused on updating the membership on many of its initiatives. IMS members can access recordings and presentation materials from the day long virtual session here.

Here are some of the notable updates presented at the meetings:

Cross-Specification Initiatives

This past year, there have been noticeable new developments by the IMS architects around cross-specification work. As IMS specifications have continued to evolve and mature, the need to solve common requirements in a consistent manner has become more urgent. A number of initiatives in planning are already underway at IMS to help rationalize and systematically solve some of these requirements, including:

• A new Security Framework that includes better support for OAuth 2.0 and OIDC
• Versioning Framework to establish patterns for common versioning across all IMS specification documents and artifacts, conformance test systems, reference implementations, and the IMS common data model
• Extensibility Framework to define a common way to extend models and provide an improved process for capturing extensions being used by deployed solutions that then may be considered for inclusion in the official specification
• Vocabularies Framework to enable the community to evolve vocabularies without the need for localized profiles
• Privacy Framework to provide significantly enhanced capability to control and affect the privacy of data in motion by flagging attributes as PII, requiring the definition of mechanisms for anonymization and pseudonymization, and setting a default state for payloads in which all PII fields are suppressed, in addition to other capabilities
• REST/JSON API Framework to create a consistent synchronous API definition
• Pub/Sub API Framework is being developed to provide a consistent implementation of a publisher/subscriber architecture for specifications

Stay tuned for more in-depth blog posts from our team addressing specific areas and how they will apply across IMS specifications going forward.

EduAPI

Edu-API is a very important initiative for IMS. The goal is to modernize access to student data to enable the broader education ecosystem. This will improve all applications that serve students in some way, since they will work more effectively with key data about educational offerings and how students are participating in them. The Edu-API group has been working on an MVP specification focused initially on traditional rostering and provisional capabilities. We are nearing completion of a Candidate Final specification, with the next step to engage in at least 2 implementations. The following key changes have been incorporated in the latest specification:

• Alternative Asynchronous Pub/Sub binding (in addition to the Synchronous JSON REST API)
• Aligned with the Core Data Model
• Support for international use as defined by the Edu-API EU Task Force

The first implementations are getting underway now, starting with an in-flight POC implementation of the async Pub/Sub binding. Priorities for post-MVP work include expanding the model to support grade pass back (aligned with OneRoster 1.2), advising, career planning, advanced scheduling, and more. If you would like to join this important effort to modernize the education ecosystem, please reach out to get involved!

Migrating from LTI 1.1 to LTI 1.3

The IMS Technical Congress highlighted the differences between LTI 1.1 and LTI 1.3 for those looking to migrate as LTI 1.1 is becoming deprecated. The differences between LTI 1.1 and LTI 1.3 can be divided into two main categories: registration and launches.

The registration process for LTI 1.3 was improved over LTI 1.1 in several ways:

• Both the platform and the tool generate their own public/private key pair and then either share the public key with each other, or share a JWKS endpoint to allow for seamless key rotations.
• Platform provides an issuer and client_id value to the tool, which the institution can utarget_lise to deploy the tool and receive a deployment_id to share with the tool, indicating that the registration is complete and the tool is ready for the institution to use.
• Platforms can have multi-tenant registration, if they choose, meaning that some platform registration processes consist of the tool registering with the platform once while others consist of each customer registering the tool with the platform. Regardless, each customer may be identifiable to the tool and platform via the deployment_id.

For launch, there are several key distinctions between LTI 1.3 and LTI 1.1:

•  LTI 1.3 uses OIDC to launch, which is much more secure.
•  LTI 1.3 launch consists of multiple steps: receiving the login initiation request from the platform, sending an authorization request back to the platform, receiving the authorization response from the platform, and finally displaying or redirecting the user to their desired content. During this process, the URLs for the LMS always stay the same.
• The tool can direct users to their target page using custom parameters just as in LTI 1.1 or using the target_link_uri field. This means that the same URLs that were used for LTI 1.1 can be reused for LTI 1.3, including in common cartridge implementations.

More News From IMS

New Developments on LTI

In recent weeks, several exciting new developments have occurred on the LTI front that we want to highlight.

Dynamic Registration
Dynamic Registration is the latest LTI Advantage service, which was created to eliminate the cumbersome process of institutions having to fill out confusing forms to register an LTI tool with a platform. It does this by providing a specification for the tool to develop an endpoint that the platform can consume to complete the registration process, while still allowing for a simple configuration screen that lets the institution to personalize their experience. Dynamic Registration has been implemented by many of the major LMSs, including D2L Brightspace, Moodle, and Sakai.

LTI Cookie Solution
A specification for a standard solution to the problem of browsers blocking third-party cookies is well underway. This standard, known as the “cookie shim,” consists of the platform providing an additional iframe that the tool can access using a javascript POST message. This solution requires both platforms and tools to utilize javascript as it centers around using javascript storage instead of browser storage. This standard also includes a specification for the platform to provide a capabilities endpoint to indicate whether or not the platform supports the cookie shim solution among other LTI functionalities. This specification is being written with security at the forefront, ensuring that no LTI launch can be spoofed on behalf of a user in another browser. A proof of concept for this specification has been developed by TurnItIn, D2L Brightspace, and others.

LEARNING IMPACT 2021
Learning Impact is coming up in October. The conference will be held virtually from Oct 4-7, 2021. While we will miss seeing colleagues in person, the planned content looks very interesting and diverse. Here are a few sessions that look promising:

• “Leveraging Next Generation APIs to Enrich the Digital Ecosystem” (Oct 5, 10-15-10:45 a.m.) will provide an overview of the Edu-API standard and how it is being put into practice at institutions globally in a draft form.
• “Wellspring: APIs for CLR and CASE Alignment” (Oct 5, 2:15-3:00 p.m.) will demonstrate an open standards-based proof of concept using both the IMS Comprehensive Learner Record (CLR) and Competencies & Academic Standards Exchange specifications.
• “The Road Ahead for Learning Analytics in Higher Education” (Oct 6, 11-11:45 a.m.) will look at new areas for the application of data-informed decision making, including AI-based advising and connecting pedagogic intent to learning outcomes, and featuring a number of notable learning analytics experts.
• “Jump-Starting Learning Analytics with Data Ready Apps” (Oct 6, 4-4:45 p.m.) will highlight a new IMS program designed to facilitate the development and deployment of analytics ecosystems in a way that makes it easier for providers, especially those in the cloud, to offer up meaningful analytics offerings to institutions that don’t have the resources to spin up their own solutions.