Using LTI for assessments
Through IMS Global Learning Consortium’s Learning Tool Interoperability (LTI) standard, LTI users of applications can make use of TAO-designed tests and deliver them to students through an LTI platform, such as the Moodle platform, which is also Open Source.
“The principal concept of LTI is to establish a standard way of integrating rich learning applications (often remotely hosted and provided through third-party services) with platforms like learning management systems, portals, learning object repositories, or other educational environments.” (IMS Global Learning Consortium)
To explain how to connect TAO to an LTI consumer, we will be utilizing the Moodle Open Source project though you could similarly attach TAO to any LTI compliant application.
In this scenario, test authors can use TAO to create their Items and Tests while using the Moodle platform (or any other LMS) to deliver the Tests.
As an administrator, you must have Administrator privileges for both TAO and the LMS. As a teacher, you must have Teacher privileges in the LMS and Test Delivery privileges in TAO.
The LTI interconnectivity must be set up prior to executing the delivery. TAO supports LTI 1.3 to deliver online assessments with greater security.
Follow the steps described below to connect TAO to an LTI platform.
Setting up a TAO delivery via LTI as an LTI Administrator
1. Ensure your TAO instance is configured to allow LTI connectivity.
Regardless of which LTI version you are using, you will need to verify that the ltiDeliveryProvider is installed. Instructions for accessing and installing an extension can be found on the Extensions Manager page.
To allow TAO to be accessed via LTI, hover over the cogs icon in the Assessment Builder Bar, as shown in the image below. If you wish to deliver a test via LTI 1.3, you will need to set up an LTI 1.3 Platform.
Note: In practice, an LTI Platform and an LTI Consumer are the same things.
Setting up TAO for LTI 1.3
To deliver a test via LTI 1.3, select LTI Platforms from the drop-down menu.
This will take you to the Platforms library. Select the LTI Platform class (folder), and click on Add Platform in the button bank under the library, and fill in the required information, as in the image below.
Because of the added security layers which LTI 1.3 offers, LTI Platforms in TAO require considerably more information than do LTI Consumers. The contents of each field is described below.
Label: As for LTI consumers, you will need to give the new platform a name. This can be anything you like.
Client ID: This can also be anything you like – the important thing is that it can serve as an identifier for your LMS system.
Deployment ID: The deployment ID is generated by the LMS platform, and identifies the specific registration of a tool on the LMS (LTI platform) end. The deployment of a tool defines the contexts in which a tool is made available. For example, a tool may be deployed by an instructor for a single course, or the institution may deploy a tool across the whole institution, both for present and future use.
Audience: This specifies who is allowed to access the TAO delivery. It represents the issuer of the LTI message – the LMS (LTI Platform). The platform sends this value as an “iss” field of the JSON Web Token it generates. The “iss” (issuer) claim identifies the principal that issued the JWT. The “iss” value is a case-sensitive string containing a StringOrURI value. StringOrUri value is a JSON string value, with the additional requirement that while arbitrary string values MAY be used, any value containing a “:” character MUST be a URI.
Oauth Access Token URL: Here, a URL must be provided which generates a short-term access token to the LMS (LTI platform), making it much harder to steal.
OIDC Authentication URL: Messages are redirected to this URL for authentication by the LMS (LTI Platform).
JSON Web Key Sets URL: This is used for a public key exchange, and can be rotated at any point, meaning that even if the private keys get stolen, they can be replaced without having to exchange the keys between the platform and the tool explicitly. It uses asymmetric signatures as it works in conjunction with the private key provided. JWKS is a set of keys containing the public keys used to verify any JSON Web Token (JWT) issued by the authorization server and signed using the RS256 signing algorithm.
The information provided in these fields enables a robust authentication process to take place. When an LTI platform sends a request to TAO in the form of a message, it sends identity information with each message, thus providing TAO with user authentication. This authentication relies on TAO and the LTI platform having various identifiers for each other, and also using public key encryption for signing the messages. The LTI platform cannot access the TAO delivery until this process has been completed.
When you have filled in all the fields, your LTI 1.3 Platform set-up for TAO is complete. Next, go to Step 2 below to configure your LMS – in this case, Moodle.
Configuring the LMS for LTI 1.3
If you’re using LTI 1.3, you’ll need to enter the same information you used in TAO:
- Client ID – same as on the LTI platform registration
- Audience – TAO_ROOT_URL
- Access token URL – TAO_ROOT_URL + /taoLti/Security/oauth
- OIDC initiation URL – TAO_ROOT_URL + /taoLti/Security/oidc
- JWKS URL – TAO_ROOT_URL + /taoLti/Security/jwks
Executing a TAO delivery in your LMS as an LTI Teacher
1. Create and compile a new Delivery within TAO.
Follow the steps used in Create a delivery to create your Delivery. Next, insert the link to the delivery in the corresponding field of your LMS.
If you’re using LTI 1.3 to deliver your test, use the link: TAO_ROOT_URL
+ /ltiDeliveryProvider/DeliveryTool/launch1p3?delivery=<delivery_resource_id>
. You’ll need to replace the <delivery_resource_id>
part of this link with the ID of your delivery, which is the Published Delivery Id from your TAO delivery, shown in the image below.
2. Deliver the test in your LMS.
If you’re using Moodle, open your course in edit mode, then click on Add an activity or resource. Select External Tool, and click Add.
Give the activity an appropriate name and then paste the URL taken from TAO in the previous step into the Tool URL field. This should produce a green check mark to the right of the URL.
Finally, click Save and then return to the course. Your TAO delivery should now have been added to the Moodle course.
If you’re using a different LMS, follow the instructions provided with it.
3. Test-run the Delivery in your LMS.
Log in using a test account, i.e. a test-taker profile set up for test purposes, to ensure that the delivery works as planned. Select the course and then click on the activity. If everything works as desired, no further action will be required. If not, then you will need to troubleshoot the delivery in TAO, ensuring that it is fully functional.