LTI (Learning Tools Interoperability) is a standard that allows external applications to integrate securely with learning management systems (LMS). It uses OAuth authentication to pass user and course data between the LMS (consumer) and external tool (provider). This allows tools to be integrated more quickly and cheaply compared to custom integrations. The presentation provided an overview of LTI versions 1.0, 1.1 and 2.0, examples of data passed between the LMS and tool, and code samples for implementing LTI in PHP and Ruby. Examples of LTI tools from Brock University and commercial providers like Piazza were also shown.

1. Presentation Title
Org/ Contact
Just Fire LTI at it!
Mike Brousseau, Brock University

2. Me
Mike Brousseau
Educational Technologies Developer
Centre for Pedagogical Innovation
Brock University
Brock
Brock University
St Catharines, Ontario, Canada
Student Population ~18,688

3. Objectives
● What?
● Why?
● Basics concepts of LTI
● Available Libraries
● Example Apps

4. What’s an LTI?
A simple and cheap
way to connect your
LMS to external tools
without complicated
integrations or double
authentication.
Via: http://www.edu-apps.org/coding/tool_launch.png

5. LTI Consumer (LMS)
LTI Provider (Tools)
Two main components of LTI
http://www.google.com/doodles/30th-anniversary-of-pac-man

6. Why LTI?
● Writing integrations for third-party tools is a nightmare
o Allows for faster and cheaper integration
● Seamless user experience
o Users stay in the LMS while accessing external tools
● Central ITS processes often can’t keep up with great external tools
o Allows easier piloting or small scaling

7. A Hash of user data and environmental info is
sent from the Consumer to the Provider
The Provider verifies the OAuth connection with
the sent key and the agreed upon secret
The Provider then allows the Consumer
access to it’s resources based on the user and
environmental data sent
LTI 1.0 is one way OAuth 1.0 vouching for passing standardized structured data
LTI 1.0

8. Same as LTI 1.0
-Hash is sent
-OAuth is verified
-Access is granted
LTI 1.1 is two way OAuth 1.0 vouching for sending standardized structured data to the Provider and Grades
back to the Consumer
LTI 1.1
But now the Provider can pass Grades back to
the Consumer typically based on the user and
environmental data initially sent to the provider
jdhancock - Pin Pals - https://flic.kr/p/6qhgF1

9. Newest version of LTI
Final specs released Jan 2014
Similar initial launch as LTI 1.0 & 1.1
Supports rich and complex REST based two way communication between your Consumer and
Provider
Allows provisions space for Providers to store data in your Consumer
LTI 2.0?
Via: http://developers.imsglobal.org/tutorials.html#lti2

10. What is the Consumer Sending?
context_id=Mikes_Test_Course
context_label=Mikes_Test_Course
context_title=Mikes_Test_Course
context_type=CourseSection
ext_basiclti_submit=Press to continue to external tool.
ext_lms=sakai-2.9-SNAPSHOT
ext_sakai_eid=mbrousseau
ext_sakai_privacy=visible
ext_sakai_role=Instructor
ext_sakai_server=https://lms.brocku.ca
ext_sakai_serverid=LMS-APP2
launch_presentation_css_url=https://lms.brocku.ca/library/skin/default/tool.css
launch_presentation_locale=en_US
launch_presentation_return_url=https://lms.brocku.ca/imsblis/service/return-url/site/Mikes_Test_Course
lis_person_contact_email_primary=mbrousseau@brocku.ca
lis_person_name_family=Brousseau
lis_person_name_full=Michael Brousseau
lis_person_name_given=Michael
lis_person_sourcedid=mbrousseau
lti_message_type=basic-lti-launch-request
lti_version=LTI-1p0
oauth_callback=about:blank
oauth_consumer_key=47ydhsg6d5taycbdgf
oauth_nonce=18346351683108960
oauth_signature=ela19juj55e7q1n0slf594f7/V4=
oauth_signature_method=HMAC-SHA1
oauth_timestamp=1401478569
oauth_version=1.0
resource_link_description=Kaltura Categories
resource_link_id=cd52ed80-ccdd-4781-9e6e-5c19c0aca6d2
resource_link_title=Kaltura Categories
roles=Instructor,Administrator,urn:lti:instrole:ims/lis/Administrator,urn:lti:sysrole:ims/lis/Administrator
tool_consumer_info_product_family_code=sakai
tool_consumer_info_version=2.9-SNAPSHOT
user_id=c43a6cbc-bc94-4f6d-acca-c980ef37cb9c
user_image=https://lms.brocku.ca/direct/profile/c43a6cbc-bc94-4f6d-acca-c980ef37cb9c/image
In Sakai 2.9.3 using the LTI 1.1 Spec
Tony Hisgett - Vortex - https://flic.kr/p/2TFRT4

11. Message Signing
oauth_consumer_key=47ydhsg6d5taycbdgf - Agreed plain-text shared key
oauth_nonce=18346351683108960 - Unique value to ensure unique connections
oauth_signature=ela19juj55e7q1n0slf594f7/V4 - Consumer computed signature
oauth_signature_method=HMAC-SHA1 - Signature hashing method
oauth_timestamp=1401478569 - Signature timestamp
oauth_version=1.0 - The version of OAuth used
● Check for the agreed key
● Record nonce and compare against stored nonces
● Check timestamp is within a reasonable window (IMS suggests 90 minutes)
● Generate signature based on hashing method (with key and secret) and compare with sent
signature
Oliver Tacke- checked_tick - https://flic.kr/p/jBYsvd

12. ● context_id=Mikes_Test_Course - The name of the course site launching the tool
● lis_person_contact_email_primary=mbrousseau@brocku.ca - User’s email
● lis_person_name_family=Brousseau - User’s last name
● lis_person_name_full=Michael Brousseau - User’s full name
● lis_person_name_given=Michael - User’s first name
● lis_person_sourcedid=mbrousseau - User’s username
● roles=Instructor,Administrator - User’s role in the consumer
● oauth_consumer_key=47ydhsg6d5taycbdgf - Agreed plain-text shared key
Basic Info for a Simple Tool
Who they are, what they’re doing here and if they’re allowed to be here.

13. Basic PHP
<?php
require_once 'ims-blti/blti.php'; //Make sure you include the LTI library (http://developers.imsglobal.org/imsphpexample.zip)
$lti_auth = array('key' => 'key', 'secret' => 'secret'); //The LTI credentials as we know them
$context = new BLTI('secret', false, false); //Build the LTI object with the credentials as we know them
if ($context->info['oauth_consumer_key'] == $lti_auth['key']){ //Check if the correct key is being sent
if ($context->valid ){ //Make sure our LTI object's OAuth connection is valid
echo 'Valid LTI Connection. Output passed data:';
echo '<pre>',print_r($context->info),'</pre>'; //Print out the passed data
}
else{ //We already checked the key so it's likely the user is using the wrong secret to generate their OAuth object
echo "Bad OAuth. Probably sent the wrong secret";
}
}
else{ //Wrong key
echo "Wrong key passed";
}
?>

14. Basic Ruby
#Need the basic rubygems and the sinatra gems (for this example) #We must include the ims/lti and OAuth gems (regardless of environment)
require 'rubygems'
require 'sinatra'
require 'ims/lti'
require 'oauth/request_proxy/rack_request'
lti_auth = {"key" => "key", "secret" => "secret"} #LTI key and secret hash declaration
post '/' do #Define index path in Sinatra
if lti_auth["key"] == params[:oauth_consumer_key] #Check if the correct key is being sent
provider = IMS::LTI::ToolProvider.new(lti_auth["key"], lti_auth["secret"], params) #Build our LTI object with our credentials
if provider.valid_request?(request) #Make sure our LTI object's OAuth connection is valid
"Successful LTI connection made. Here's what we got: <br /><hr />" +params.inspect
else #We already checked the key so it's likely the user is using the wrong secret to generate their OAuth object
"Bad OAuth. Probably sent wrong secret"
end
else #Wrong key
"Wrong key passed"
end

15. Example LTI Apps (built at Brocku)
Etherpad Request Facility
Library Research Guides by Subject
Google maps
with custom
marker placed
by students

16. Example LTI Apps (Commercial)
Piazza
Via: https://gigaom2.files.wordpress.com/2012/01/piazzascreenshot.jpg
EBSCO Reading List

17. LTI App Store - Edu Apps
http://www.edu-apps.org/index.html

18. More?
http://developers.imsglobal.org/ - IMS Standards
http://www.dr-chuck.com/csev-blog/ - Dr. Chuck
http://www.edu-apps.org/code.html - Basic Coding

19. Thanks
Email: mbrousseau@brocku.ca
Twitter: @mcbrousseau
GitHub: https://github.com/kingmook
Web: michaelbrousseau.ca