Sharebar?

LTI Adoption Roadmap

Recommended LTI Adoption Roadmap and FAQ

 

Learning Tools Interoperability® (LTI®has emerged as the essential element for teaching and learning platform and tool interoperability. Through the experience of hundreds of implementations, four key principles have emerged for the future evolution of the LTI standard:

Recommend LTI Roadmap Effective March 2018

  • Maintain a compact core 
  • Well-defined extensibility through services and messages
  • Adopt an ecosystem-wide security model
  • Provide a smooth migration path for upgrade adoption
What is Changing and Why?
IMS Global Learning Consortium Contributing Members leading the evolution of LTI have responded to market concerns about student data privacy and security by adopting the industry standard protocol OAuth 2.0 for authenticating services along with JSON Web Tokens (JWT) for secure message signing.
 
During the security policy analysis, it was determined that the architecture of LTI 2.x as currently constituted was not the most suitable basis to upgrade. This conclusion—based on the key principles for future evolution—was reached by the LTI workgroup and supported by the LTI Product Steering Committee and IMS architects. It was decided that the best framework to build the updated security model upon would be the LTI 1.1 baseline, as a new version 1.3.  
 
A result of this decision is the designation of LTI 1.2 and LTI 2.0 as “legacy” specifications; both will still be supported and recertified but will not be on the recommended upgrade path. (see Figure 1 and the FAQ below for more information).
 
The recommended LTI upgrade path is from LTI 1.1 to LTI 1.3. Future versions will be built upon the updated LTI 1.x framework and which provides a compact core, well-defined feature based services, separate security model, and simpler migration from version to version moving forward.
 
In May 2019, in collaboration with our membership, the IMS Security Framework was published. With the publication and adoption of the IMS Security Framework, IMS formally deprecates the use of OAuth 1.0a across all IMS specifications. Therefore, certification to the LTI 1.0, 1.1, 1.2, and 2.0 specifications and related services are being deprecated. Read the complete LTI Security Update and Deprecation Schedule (July 2019) announcement for more information.
 
The separate security model is essential to allow for anticipated future updates that will be needed to keep up with the best student data privacy and security practices. The strength of the market demand for OAuth2/JWT is such that platform companies are indicating LTI 1.3 will be their minimum requirement for integrating with tools that exchange sensitive and personally identifiable information (PII).

View the Legacy Path


LTI Roadmap Frequently Asked Questions

Is the LTI 2.x series dead?

Is LTI 1.3 backward compatible?

Do I need LTI 2.0 to get all of the benefits of LTI?

What happens if I have already implemented LTI 1.2 or LTI 2.0?

How do I migrate from LTI 2.0 to the latest LTI core?

Isn’t the security model for LTI 2.0 better?

How long will the LTI 1.2 and LTI 2.0 specifications be supported by IMS?

What is the go-forward strategy for the evolution of LTI?

[top]

Is the LTI 2.x series dead?

IMS will support LTI 2.0 recertification at this time however LTI 2.0 and its predecessor LTI 1.2 will be deprecated in the near future, so IMS recommends planning for LTI 1.3 core adoption which features an IMS-wide security and identity framework based on OAuth2 and JSON web tokens. View the LTI Deprecation Schedule (updated July 2019).

[top]

Is LTI 1.3 backward compatible?

LTI 1.3 adopts the new IMS Security Framework, which is based on the industry standard protocol IETF OAuth 2.0 for authentication services along with JSON Web Tokens (JWT) for secure message signing and the Open ID Connect workflow paradigm. LTI 1.3 and the IMS Security Framework do not support backward compatibility.
 
Review the LTI 1.3 Migration Guide to understand the differences and strategies for integrating LTI 1.1 and 1.3 systems at https://www.imsglobal.org/spec/lti/v1p3/migr

Once you've implemented LTI 1.3, certification testing is available at https://www.imsglobal.org/lti-advantage-certification-suite.

[top]

Do I need LTI 2.0 to get all of the benefits of LTI?

You do not need LTI 2.0 to get all of the benefits of LTI services.  LTI 2.0 added automated tool registration and a tool provider profile. Most existing LTI implementations are based on LTI 1.1, which is now being updated to LTI 1.3 to include OAuth 2 security requirements including JSON Web Token (JWT) signed messagesLTI Advantage, with its improved security model, is available with 1.3 only.   
 

What happens if I have already implemented LTI 1.2 or LTI 2.0?

IMS supports current implementations of all LTI versions through its certification programHowever, in the future LTI 2.0 and its predecessor LTI 1.2 will be deprecated so IMS recommends planning for LTI 1.3 core adoption. 

 [top]

How do I migrate from LTI 2.0 to the latest LTI core?

The LTI technical workgroup has drafted a Developer's Guide to help developers make a smooth transition to the recommended version. In addition, a fully functioning Reference Implementation is available to members and a limited use free version is also available for non-members.

Isn’t the security model for LTI 2.0 better?

Industry best practices have indeed evolved and matured since the original publication of LTI and with the adoption of OAuth 2.0 and JSON Web Token for message signing, IMS is adopting current best practice for data privacy and security. OAuth 2 offers additional advantages in simplicity, support for mobile applications and server to server authentication—all increasingly important to IMS Global members

How long will the LTI 1.2 and LTI 2.0 specifications be supported by IMS?

As of this time existing implementations can recertify. Effective 3Q 2019, IMS will no longer certify new implementations of LTI 1.2 and LTI 2.0. We expect the market adoption of LTI 1.3 and its successors, based on 1.x architecture,  to encourage migration to the recommended path. Once the market has moved sufficiently away from LTI 1.2 and LTI 2.0 a deprecation date will be announced. View the LTI Deprecation Schedule (updated July 2019).
 

What is the go-forward strategy for the evolution of LTI?

The key principles of LTI evolution are to maintain a stable, compact core and to leverage well-defined optional extension services, adopt an ecosystem-wide security model and provide a smooth and predictable migration path for adoption of new extensions that align with your products' roadmap.