Learn@UW - Using LTI and Valence for Third Party Tool Integrations with D2L
This document provides a common understanding of two common methods for integrating third-party tools with Desire2Learn:
- LTI (Learning Tools Interoperability)
- D2L Valence web-services API (Application Programming Interface)
These concepts are often discussed in different ways; it is important to have a good understanding of the concepts in order to correctly interpret information about D2L extensibility.
An API is a technical protocol for programmatically interacting with a software application to facilitate automation, extensibility or rich integration with other software tools. LTI is an extensibility API enabling lightweight integration between learning management systems and external learning tools, through exchange of data attributes in a standard, trusted manner. The LTI specification (also formerly known as "Basic LTI") is developed and published by the IMS Global consortium (http://www.imsglobal.org) - a non-profit partnership between higher education institutions and corporate vendors working in the academic technology space who collaborate to develop technical standards.
In the realm of LTI, an external learning application is referred to as the "tool provider" and the LMS or other educational space, such as D2L, is referred to as the "tool consumer."
The most common use-case for LTI is to enable single sign-on from the tool consumer to a tool provider (e.g., Piazza or CourseLoad). More advanced use cases can permit certain kinds of bidirectional data exchange, such as returning learning outcome information (grades; course completion information) from a remote tool to the LMS. It is important to note that LTI integrations by themselves do not provide a way to introduce controllable user interface elements into the LMS's visual content space.
LTI uses a security technology called "OAuth" (http://oauth.net) to enable trusted exchange of data attributes between the LMS and tool provider. LTI uses the OAuth framework of keys and shared secrets (explained below) to ensure the integrity of data exchanged between systems.
An LTI integration requires that a key and shared secret be agreed-upon in advance and exchanged out-of-band (that is, using a method other than email, such as a telephone call between the LMS administrator and the remote tool administrator). When an LTI application is launched, the desired data attributes are extracted from the LMS and assembled automatically into a specially formatted list. The list also includes the pre-agreed key as one of the attributes. Then a mathematical operation is applied to the entire list (including key), using the shared secret and the list of attributes to generate a unique digital signature. The signature is then appended to the list and the entire set of data is transmitted to the tool provider. When the LTI data is received, the remote tool provider looks up the shared secret associated with the key, calculates what signature should be expected, and compares the transmitted signature to the expected signature for verification.
LTI launch data is transmitted from the LMS to the tool provider via HTML form (delivered via HTTP over the internet). Although not required by the LTI specification, as a best-practice encryption (HTTPS) should be employed, because LTI attributes can include sensitive data.
LTI integrations do not present any performance or stability risks to the LMS. LTI attributes from the tool consumer are delivered to the tool through the user's web browser and do not involve a direct or persistent server-to-server integration.
LTI and D2L
LTI 1.0 (formerly also known as Basic LTI or BLTI):
- Standard method to create a single sign-on from a tool consumer to an external tool
- First supported in Desire2Learn LE 9.4.1
Figure 1. The flow of data attributes in LTI 1.0.
- Standard method to create a single sign-on from a tool consumer to an external tool
- Enables return of learning outcomes (e.g., grades) from external tool to tool consumer
- First supported in Desire2Learn LE 10.1
Figure 2. The flow of data attributes in LTI 1.1.
LTI enables delivery of data attributes from the tool consumer (LMS) to the third-party tool provider. As such, it is important to remember that the data being passed is transmitted to and commonly is stored on the third-party tool provider's servers. Data transmitted commonly includes student and employee data, which can be sensitive and may be subject to restrictions. When establishing an LTI integration, it is important not only to obtain the appropriate consent from your institution's data custodians (such as Registrar's office or office of Human Resources) and/or IT policymakers, but also to ensure that any agreements established with third parties (such as in click-through agreements specifying Terms of Service) are consistent with institutional requirements and approvals.
Before integrating with any externally hosted tool through LTI, it is important to determine:
- What user data is extracted from the LMS and transmitted?
- Is HTTPS used to transmit data securely to the third party?
- Does the third party adhere to all appropriate data security/privacy practices for the data received?
Common Source of Confusion with LTI
It is common for a third-party vendor to refer to an integration as LTI even if that integration also incorporates other integration technologies. For example, Cengage's MindLink service uses the LTI framework to allow for single sign-on to Cengage products from D2L. However, MindLink also provides users with controllable user-interface elements in the LMS and passes grade information from Cengage products back to D2L. (Although LTI 1.1 has the ability to pass learning outcomes from the tool provider to the tool consumer, this particular integration instead uses D2L's Valence API (described below) to do this.) This is sometimes referred to as a "deeper-than-LTI integration."
D2L's Valence API
Recall that LTI enables a standard method for the delivery of data attributes from the tool consumer (LMS) to the tool provider and an API is an application interface that allows other applications to communicate with it. LTI is an example of a lightweight API. Valence is D2L's proprietary extensibility API, which offers a fuller set of functionality to enable more-complex or sophisticated automation, extensions or integrations.
D2L's Assignment Grader application is built upon the Valence API. The Valence API could be used to deliver grade information or push notifications to a campus mobile application. It could be used to send course completion information to the registrar to determine whether a student can register for a new semester or to confirm completion of professional certification requirements.
Site administrators can establish LTI connections themselves through D2L's Admin Tools (Manage External Learning Tools), but should feel free to request assistance in doing so by submitting a service request to the Learn@UW Utility. Whether or not assistance is required, the Learn@UW Utility requests that D2L site administrators use the service request process to inform the Utility when a new LTI integration is established. This process enables the Utility to maintain records documenting that site administrators have obtained the appropriate approvals authorizing data to be extracted and released from the system.
To establish an LTI integration between D2L and an external tool, three pieces of information must be exchanged and used in the configuration: key, shared secret, and remote tool URL. The remote tool administrator commonly provides these attributes to the LMS administrator, although in some circumstances the LMS administrator may provide them to the remote tool administrator.
Many third-party learning applications provide test account information on their websites so that you can test the LTI integration between the tool and your tool consumer (D2L). (For example, Piazza provides integration information here: https://piazza.com/lti.) Once you are ready to establish the integration for actual classes, you must contact the vendor to obtain the appropriate credentials.
Campus site administrators are encouraged to update the table of UWS LTI integrations on the site administrator wiki (https://wiki.uww.edu/other/d2lsa/index.php/LTI_Integrations) when a new LTI integration is established.
D2L has documented the process for getting started with Valence at: http://docs.valence.desire2learn.com/#.
IMS Global Learning Consortium. (n.d.). Learning Tools Interoperability. Retrieved from http://www.imsglobal.org/toolsinteroperability2.cfm.
OAuth (n.d.). Retrieved from http://oauth.net/.
Thomson, J. and Voeks, D. (2012). LTI: Learning Tools Interoperability. Retrieved from http://blogs.uww.edu/ltdc/about-lti/.
Valence v2.2. Retrieved from http://docs.valence.desire2learn.com/#