SlideShare a Scribd company logo

Code Your Own: Tool Integration using the Basic Learning Tools Interoperability (LTI) Standard

Download as PPTX, PDF
Dan Rinzel
Dan Rinzel

Originally presented by Jim Riecken and Dan Rinzel of Blackboard Learn Product Development on Monday, July 11th at 10AM Pacific Time in Titian 2310B at the Sands Expo Center in the Venetian hotel, Las Vegas, Nevada, USA as part of the Blackboard Developers’ Conference 2011. This presentation covers Blackboard Learn's capabilities as a Tool Consumer according to the IMS specificiations for Learning Tools Interoperability, beginning with the Service Pack 4 release of Learn 9.1 in December of 2010.

Technology
1 of 29
Code Your Own Tool Integration Using the Basic Learning Tools Interoperability (LTI) Standard#blticode Jim Riecken & Dan Rinzel Blackboard Learn Product Development
Basic Learning Tools Interoperability with Blackboard Learn™, Release 9.1 SP4
Q’s we will try to A What is LTI? What is Basic LTI? What does being a Tool Provider mean? What does being a Tool Consumer mean? What does that look like in Learn? What does it look like for Blackboard Building Blocks? Hungry yet? Code your own Tool Provider
What is LTI? “a single framework or standard way of integrating rich learning applications...to allow the seamless connection of web-based, externally hosted applications and content…to platforms that present them to users”  http://www.imsglobal.org/toolsinteroperability2.cfm
What is Basic LTI? Simplify, Simplify, Simplify one launch mechanism with one security policy no access to run-time services on the platform
What’s a Tool Provider? A (typically centrally hosted) service that interacts with users who are “launched” from inside their platform Launch mechanism and authN as specified, including extra data in the launch “payload”
What’s a Tool Consumer? A LMS, VLE or portal environment Sets policy about the payload privacy, who can provision links
What does that look like in Blackboard Learn?
Basic LTI & Blackboard Building Blocks™
Why use a Blackboard Building Block? More seamless integration Tool placement Content Handler placement Bypass global provider settings Permissions declared in bb-manifest.xml Instructors don’t need to deal with URLs, Keys, and Secrets They might not even know that the tool is running on another server!
How to use Basic LTI in a Blackboard Building Block Two Parts Declare permissions in bb-manifest.xml Use blackboard.platform.blti.BasicLTILauncher In your Tool page or Content Handler view page
Basic LTI Permissions New “basiclti” permission type. Name is the domain you intent to launch to. Use “*” if you want to launch to any domain Specifying a domain allows subdomains as well Value is some combination of “sendroles” – Allow user’s role to be sent. “sendname” – Allow user’s full name to be sent. “sendemail” – Allow user’s email address to be sent. If the value is empty, you will just be able to launch to that domain.
Basic LTI PermissionsExample <permission type="basiclti" name="example.com" actions="" /> <permission type="basiclti" name="foo.example.com" actions="sendroles" /> <permission type="basiclti" name="bar.example.com" actions="sendname,sendemail" /> <permission type="basiclti" name="baz.example.com" actions="sendemail" />
BasicLTILauncher Encapsulates the logic for performing a Basic LTI launch. blackboard.platform.blti.BasicLTILauncher blackboard.platform.blti.BasicLTIConstants Simple API Can add user/course information Can add custom parameters Does OAuth signing and redirects to an automatic launch page.
BasicLTILauncher Constructor BasicLTILauncher(String url, String key, String secret, String resourceLinkId) Data Population (all return BasicLTILauncher) addResourceLinkInformation(String title, String description) addCurrentUserInformation(booleanincludeRoles, booleanincludeName, booleanincludeEmail) addUserInformation(User user, CourseMembership membership, booleanincludeRoles, booleanincludeName, booleanincludeEmail) addCurrentCourseInformation() addCourseInformation(Course course) addLaunchPresentationInformation(Map<String,String> params) addCustomToolParameters(Map<String,String> params) Launch Map<String,String> prepareParameters() void launch(HttpServletRequestreq, HttpServletResponse res, booleanuseSplashScreen, FormattedTextsplashScreenMessage)
BasicLTILauncher - Examples Simple Launch BasicLTILauncherlauncher=newBasicLTILauncher( "http://url.to.my.tool","my.key","s3cr3t","resourceId_1"); launcher.launch(req,res,false,null); Launch with current user and current course (from Context) and a splash message BasicLTILauncherlauncher=newBasicLTILauncher( "http://url.to.my.tool","my.key","s3cr3t","resourceId_1") //Send roles and name, but not email .addCurrentUserInformation(true,true,false) .addCurrentCourseInformation(); launcher.launch(req,res,true,newFormattedText("You are launching my tool. Click Submit.",FormattedText.Type.PLAIN_TEXT));
BasicLTILauncher - Examples The kitchen sink Useruser=...;// Get user somehow Coursecourse=...;// Get course somehow CourseMembershipmembership=...;// Get user membership in course Map<String,String>launchPresentation=newHashMap<String,String>(); launchPresentation.put(BasicLTIConstants.PARAM_LAUNCH_PRESENTATION_DOCUMENT_TARGET, BasicLTIConstants.PARAM_LAUNCH_PRESENTATION_TARGET_WINDOW); launchPresentation.put(BasicLTIConstants.PARAM_LAUNCH_PRESENTATION_RETURN_URL, PlugInUtil.getUri("vendor","handle","/path/to/my/return")); Map<String,String>customParams=newHashMap<String,String>(); customParams.put("param1","value1"); customParams.put("param2","value2"); BasicLTILauncherlauncher=newBasicLTILauncher( "http://url.to.my.tool","my.key","s3cr3t","resourceId_1") .addResourceLinkInformation("resourceTitle","resourceDescription") .addUserInformation(user,membership,true,true,true) .addCourseInformation(course) .addCustomToolParameters(customParams) .addLaunchPresentationInformation(launchPresentation); launcher.launch(req,res,true,newFormattedText("You are launching my tool. Click Submit.", FormattedText.Type.PLAIN_TEXT));
Hungry yet? Let’s make a sandwichTool Provider
Tool Provider… Tool Provider?HOW DO I WRITE A TOOL PROVIDER!!! You could: Go to http://www.imsglobal.org/lti Download the Basic LTI spec Read the spec Implement the Tool Provider side of the spec Find bugs, tear out hair, fix bugs. Rinse, Repeat until working. Benefit: You can use any language to do this Like Ruby? Ok. Like PHP? Ok. Like Node.js? Ok.
BLTI-sandwich to the Rescue! But… If you like Java I’ve done this for you! BLTI-sandwich http://projects.oscelot.org/gf/project/blti-sandwich/ Simple Java library that implements the glue between Tool Consumers and Tool Providers Implements Basic LTI 1.0 Mostly for creating Tool Providers Can also use to help create a Tool Consumer
BLTI-Sandwich Two main classes to deal with BLTIMessage Contains all of the Basic LTI launch data in an easy to use format BLTIProvider Allows you to pull a BLTIMessage off of an HttpServletRequest and validate it.
BLTIMessage Container for Basic LTI Launch Data E.g. msg.getKey() msg.getResourceLink().getId() msg.getUser().getFullName() msg.getUser().isInRole( Role.CONTEXT_NAMESPACE, Role.MENTOR ) msg.getContext().getLabel() msg.getLaunchPresentation().getReturnUrl() msg.getCustomParameters().get("the-custom-param")
BLTIProvider Static methods to grab Basic LTI launch data and validate it. BLTIMessagegetMessage(HttpServletRequest request) Pulls launch data off the request. booleanisValid(BLTIMessagemsg, String secret) Checks whether the message contains all of the required Basic LTI fields and was signed using the specified shared secret.
Let’s make a tool Simple polling tool Let instructor create an ad-hoc poll Let students vote (and see results) Let instructors see detailed results (who voted on what) What we’ll use blti-sandwich Spring MVC Google App Engine Objectify (App Engine Datastore ORM)
Demo Time http://blti-sandwich.appspot.com Running on App Engine
Code Walkthrough
/** * Performs the Basic LTI launch using blti-sandwich. */ @RequestMapping("/blti/tool") publicStringlaunch(HttpServletRequestrequest) { // Parse out the BLTI launch BLTIMessagemsg=BLTIProvider.getMessage(request); // Load the consumer that matches the key passed in the launch Consumerconsumer=consumerDAO.get(Consumer.generateKey(msg.getKey())); // Validate the message (make sure the message was signed by the shared secret) if(consumer==null||!BLTIProvider.isValid(msg,consumer.getSharedSecret())) { returnerrorRedirect(msg,"Error: Not Authorized!"); } // [More validation edited out here...] else { // Provision a user object provisionUser(msg,consumer); // Set up the HTTP session for the user HttpSessionsession=request.getSession(false); if(session!=null) { session.invalidate(); } session=request.getSession(); // Keep the BLTI message in session for use in other pages. session.setAttribute("bltiSessionMsg",msg); // Redirect to the tool (Poll) display page return"redirect:/blti/tool/index"; } }
Resources IMS http://www.imsglobal.org/toolsinteroperability2.cfm Learn Help Center http://help.blackboard.com blti-sandwich library on OSCELOT http://projects.oscelot.org/gf/project/blti-sandwich/ This presentation and example code will be available via http://edugarage.com at some point after the conference ends. jim.riecken@blackboard.com dan.rinzel@blackboard.com
Please provide feedback for this session by emailingDevConFeedback@blackboard.com. The title of this session is: Code Your Own: Tool Integration Using the Basic Learning Tools Interoperability (LTI) Standard

Recommended

Reading the .explain() Output
Reading the .explain() OutputReading the .explain() Output
Reading the .explain() OutputMongoDB
 
Bypassing nac solutions and mitigations
Bypassing nac solutions and mitigationsBypassing nac solutions and mitigations
Bypassing nac solutions and mitigationsSuraj Khetani
 
ORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORMORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORMMikhail Egorov
 
Access Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource AuthorizationAccess Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource AuthorizationMark Niebergall
 
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK
 
Taking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryTaking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryJoe Desimone
 
Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Jorge Orchilles
 
Setting Your CTI Process In Motion - ENISA CTI-EU 2022
Setting Your CTI Process In Motion - ENISA CTI-EU 2022Setting Your CTI Process In Motion - ENISA CTI-EU 2022
Setting Your CTI Process In Motion - ENISA CTI-EU 2022Andreas Sfakianakis
 

Recommended

Reading the .explain() Output
Reading the .explain() OutputReading the .explain() Output
Reading the .explain() OutputMongoDB
 
Bypassing nac solutions and mitigations
Bypassing nac solutions and mitigationsBypassing nac solutions and mitigations
Bypassing nac solutions and mitigationsSuraj Khetani
 
ORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORMORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORMMikhail Egorov
 
Access Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource AuthorizationAccess Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource AuthorizationMark Niebergall
 
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK
 
Taking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryTaking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryJoe Desimone
 
Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Jorge Orchilles
 
Setting Your CTI Process In Motion - ENISA CTI-EU 2022
Setting Your CTI Process In Motion - ENISA CTI-EU 2022Setting Your CTI Process In Motion - ENISA CTI-EU 2022
Setting Your CTI Process In Motion - ENISA CTI-EU 2022Andreas Sfakianakis
 
MongoDB .local Toronto 2019: Aggregation Pipeline Power++: How MongoDB 4.2 Pi...
MongoDB .local Toronto 2019: Aggregation Pipeline Power++: How MongoDB 4.2 Pi...MongoDB .local Toronto 2019: Aggregation Pipeline Power++: How MongoDB 4.2 Pi...
MongoDB .local Toronto 2019: Aggregation Pipeline Power++: How MongoDB 4.2 Pi...MongoDB
 
Distributed Transaction in Microservices.pdf
Distributed Transaction in Microservices.pdfDistributed Transaction in Microservices.pdf
Distributed Transaction in Microservices.pdfrony setyawansyah
 
Semantic Versioning with GitVersion
Semantic Versioning with GitVersionSemantic Versioning with GitVersion
Semantic Versioning with GitVersionGary Park
 
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKThreat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKElasticsearch
 
Upping the APT hunting game: learn the best YARA practices from Kaspersky
Upping the APT hunting game: learn the best YARA practices from KasperskyUpping the APT hunting game: learn the best YARA practices from Kaspersky
Upping the APT hunting game: learn the best YARA practices from KasperskyKaspersky
 
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxiOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxdeepikakumari643428
 
193799553 amar-chitra-katha-bahubali
193799553 amar-chitra-katha-bahubali193799553 amar-chitra-katha-bahubali
193799553 amar-chitra-katha-bahubaliJosephite
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdfMAHESHUMANATHGOPALAK
 
Monitoraggio di mac address in lan
Monitoraggio di mac address in lanMonitoraggio di mac address in lan
Monitoraggio di mac address in lanCe.Se.N.A. Security
 
SQL Injection and Clickjacking Attack in Web security
SQL Injection and Clickjacking Attack in Web securitySQL Injection and Clickjacking Attack in Web security
SQL Injection and Clickjacking Attack in Web securityMoutasm Tamimi
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
CyberOps Associate Modul 28 Digital Forensics and Incident Analysis and Response
CyberOps Associate Modul 28 Digital Forensics and Incident Analysis and ResponseCyberOps Associate Modul 28 Digital Forensics and Incident Analysis and Response
CyberOps Associate Modul 28 Digital Forensics and Incident Analysis and ResponsePanji Ramadhan Hadjarati
 
Winzip and winrar
Winzip and winrarWinzip and winrar
Winzip and winraroxford international school
 
Updates from the Center for Threat-Informed Defense
Updates from the Center for Threat-Informed DefenseUpdates from the Center for Threat-Informed Defense
Updates from the Center for Threat-Informed DefenseMITRE ATT&CK
 
Windows Live Forensics 101
Windows Live Forensics 101Windows Live Forensics 101
Windows Live Forensics 101Arpan Raval
 
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...MITRE ATT&CK
 
ACM DBPL Keynote: The Graph Traversal Machine and Language
ACM DBPL Keynote: The Graph Traversal Machine and LanguageACM DBPL Keynote: The Graph Traversal Machine and Language
ACM DBPL Keynote: The Graph Traversal Machine and LanguageMarko Rodriguez
 
Hexagonal And Beyond
Hexagonal And BeyondHexagonal And Beyond
Hexagonal And BeyondThomas Pierrain
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
IMS Learning Tools Interoperability @ UCLA
IMS Learning Tools Interoperability @ UCLAIMS Learning Tools Interoperability @ UCLA
IMS Learning Tools Interoperability @ UCLACharles Severance
 
IMS Basic LTI Overview
IMS Basic LTI OverviewIMS Basic LTI Overview
IMS Basic LTI OverviewCharles Severance
 

More Related Content

What's hot

MongoDB .local Toronto 2019: Aggregation Pipeline Power++: How MongoDB 4.2 Pi...
MongoDB .local Toronto 2019: Aggregation Pipeline Power++: How MongoDB 4.2 Pi...MongoDB .local Toronto 2019: Aggregation Pipeline Power++: How MongoDB 4.2 Pi...
MongoDB .local Toronto 2019: Aggregation Pipeline Power++: How MongoDB 4.2 Pi...MongoDB
 
Distributed Transaction in Microservices.pdf
Distributed Transaction in Microservices.pdfDistributed Transaction in Microservices.pdf
Distributed Transaction in Microservices.pdfrony setyawansyah
 
Semantic Versioning with GitVersion
Semantic Versioning with GitVersionSemantic Versioning with GitVersion
Semantic Versioning with GitVersionGary Park
 
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKThreat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKElasticsearch
 
Upping the APT hunting game: learn the best YARA practices from Kaspersky
Upping the APT hunting game: learn the best YARA practices from KasperskyUpping the APT hunting game: learn the best YARA practices from Kaspersky
Upping the APT hunting game: learn the best YARA practices from KasperskyKaspersky
 
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxiOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxdeepikakumari643428
 
193799553 amar-chitra-katha-bahubali
193799553 amar-chitra-katha-bahubali193799553 amar-chitra-katha-bahubali
193799553 amar-chitra-katha-bahubaliJosephite
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdfMAHESHUMANATHGOPALAK
 
Monitoraggio di mac address in lan
Monitoraggio di mac address in lanMonitoraggio di mac address in lan
Monitoraggio di mac address in lanCe.Se.N.A. Security
 
SQL Injection and Clickjacking Attack in Web security
SQL Injection and Clickjacking Attack in Web securitySQL Injection and Clickjacking Attack in Web security
SQL Injection and Clickjacking Attack in Web securityMoutasm Tamimi
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
CyberOps Associate Modul 28 Digital Forensics and Incident Analysis and Response
CyberOps Associate Modul 28 Digital Forensics and Incident Analysis and ResponseCyberOps Associate Modul 28 Digital Forensics and Incident Analysis and Response
CyberOps Associate Modul 28 Digital Forensics and Incident Analysis and ResponsePanji Ramadhan Hadjarati
 
Updates from the Center for Threat-Informed Defense
Updates from the Center for Threat-Informed DefenseUpdates from the Center for Threat-Informed Defense
Updates from the Center for Threat-Informed DefenseMITRE ATT&CK
 
Windows Live Forensics 101
Windows Live Forensics 101Windows Live Forensics 101
Windows Live Forensics 101Arpan Raval
 
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...MITRE ATT&CK
 
ACM DBPL Keynote: The Graph Traversal Machine and Language
ACM DBPL Keynote: The Graph Traversal Machine and LanguageACM DBPL Keynote: The Graph Traversal Machine and Language
ACM DBPL Keynote: The Graph Traversal Machine and LanguageMarko Rodriguez
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 

What's hot (20)

MongoDB .local Toronto 2019: Aggregation Pipeline Power++: How MongoDB 4.2 Pi...
MongoDB .local Toronto 2019: Aggregation Pipeline Power++: How MongoDB 4.2 Pi...MongoDB .local Toronto 2019: Aggregation Pipeline Power++: How MongoDB 4.2 Pi...
MongoDB .local Toronto 2019: Aggregation Pipeline Power++: How MongoDB 4.2 Pi...
 
Distributed Transaction in Microservices.pdf
Distributed Transaction in Microservices.pdfDistributed Transaction in Microservices.pdf
Distributed Transaction in Microservices.pdf
 
Semantic Versioning with GitVersion
Semantic Versioning with GitVersionSemantic Versioning with GitVersion
Semantic Versioning with GitVersion
 
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKThreat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
 
Upping the APT hunting game: learn the best YARA practices from Kaspersky
Upping the APT hunting game: learn the best YARA practices from KasperskyUpping the APT hunting game: learn the best YARA practices from Kaspersky
Upping the APT hunting game: learn the best YARA practices from Kaspersky
 
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxiOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptx
 
193799553 amar-chitra-katha-bahubali
193799553 amar-chitra-katha-bahubali193799553 amar-chitra-katha-bahubali
193799553 amar-chitra-katha-bahubali
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
Monitoraggio di mac address in lan
Monitoraggio di mac address in lanMonitoraggio di mac address in lan
Monitoraggio di mac address in lan
 
SQL Injection and Clickjacking Attack in Web security
SQL Injection and Clickjacking Attack in Web securitySQL Injection and Clickjacking Attack in Web security
SQL Injection and Clickjacking Attack in Web security
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
CyberOps Associate Modul 28 Digital Forensics and Incident Analysis and Response
CyberOps Associate Modul 28 Digital Forensics and Incident Analysis and ResponseCyberOps Associate Modul 28 Digital Forensics and Incident Analysis and Response
CyberOps Associate Modul 28 Digital Forensics and Incident Analysis and Response
 
Winzip and winrar
Winzip and winrarWinzip and winrar
Winzip and winrar
 
Updates from the Center for Threat-Informed Defense
Updates from the Center for Threat-Informed DefenseUpdates from the Center for Threat-Informed Defense
Updates from the Center for Threat-Informed Defense
 
Windows Live Forensics 101
Windows Live Forensics 101Windows Live Forensics 101
Windows Live Forensics 101
 
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build...
 
ACM DBPL Keynote: The Graph Traversal Machine and Language
ACM DBPL Keynote: The Graph Traversal Machine and LanguageACM DBPL Keynote: The Graph Traversal Machine and Language
ACM DBPL Keynote: The Graph Traversal Machine and Language
 
Hexagonal And Beyond
Hexagonal And BeyondHexagonal And Beyond
Hexagonal And Beyond
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
 

Similar to Code Your Own: Tool Integration using the Basic Learning Tools Interoperability (LTI) Standard

IMS Learning Tools Interoperability @ UCLA
IMS Learning Tools Interoperability @ UCLAIMS Learning Tools Interoperability @ UCLA
IMS Learning Tools Interoperability @ UCLACharles Severance
 
IMS Basic Learning Tools Interoperability
IMS Basic Learning Tools InteroperabilityIMS Basic Learning Tools Interoperability
IMS Basic Learning Tools InteroperabilityCharles Severance
 
LTI Update at the IMS QUarterly Meeting, Utrecht, NL
LTI Update at the IMS QUarterly Meeting, Utrecht, NLLTI Update at the IMS QUarterly Meeting, Utrecht, NL
LTI Update at the IMS QUarterly Meeting, Utrecht, NLCharles Severance
 
Just fire lti at it!
Just fire lti at it!Just fire lti at it!
Just fire lti at it!kingmook
 
Ef Poco And Unit Testing
Ef Poco And Unit TestingEf Poco And Unit Testing
Ef Poco And Unit TestingJames Phillips
 
Php My Sql Security 2007
Php My Sql Security 2007Php My Sql Security 2007
Php My Sql Security 2007Aung Khant
 
Blackboard DevCon: Introducing IMS Learning Tools Interoperability
Blackboard DevCon: Introducing IMS Learning Tools InteroperabilityBlackboard DevCon: Introducing IMS Learning Tools Interoperability
Blackboard DevCon: Introducing IMS Learning Tools InteroperabilityCharles Severance
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009mirahman
 
Overview of entity framework by software outsourcing company india
Overview of entity framework by software outsourcing company indiaOverview of entity framework by software outsourcing company india
Overview of entity framework by software outsourcing company indiaJignesh Aakoliya
 
jBPM5 in action - a quickstart for developers
jBPM5 in action - a quickstart for developersjBPM5 in action - a quickstart for developers
jBPM5 in action - a quickstart for developersKris Verlaenen
 
Automated Testing Of Web Applications Using XML
Automated Testing Of Web Applications Using XMLAutomated Testing Of Web Applications Using XML
Automated Testing Of Web Applications Using XMLdiongillard
 
Tellurium 0.7.0 presentation
Tellurium 0.7.0 presentationTellurium 0.7.0 presentation
Tellurium 0.7.0 presentationJohn.Jian.Fang
 
Manageable Robust Automated Ui Test
Manageable Robust Automated Ui TestManageable Robust Automated Ui Test
Manageable Robust Automated Ui TestJohn.Jian.Fang
 
Microsoft Enterprise Search Products
Microsoft Enterprise Search ProductsMicrosoft Enterprise Search Products
Microsoft Enterprise Search Productsjareckib
 

Similar to Code Your Own: Tool Integration using the Basic Learning Tools Interoperability (LTI) Standard (20)

IMS Learning Tools Interoperability @ UCLA
IMS Learning Tools Interoperability @ UCLAIMS Learning Tools Interoperability @ UCLA
IMS Learning Tools Interoperability @ UCLA
 
IMS Basic LTI Overview
IMS Basic LTI OverviewIMS Basic LTI Overview
IMS Basic LTI Overview
 
Ofbiz Guy Gershoni 20060621
Ofbiz Guy Gershoni 20060621Ofbiz Guy Gershoni 20060621
Ofbiz Guy Gershoni 20060621
 
IMS Basic Learning Tools Interoperability
IMS Basic Learning Tools InteroperabilityIMS Basic Learning Tools Interoperability
IMS Basic Learning Tools Interoperability
 
LTI Update at the IMS QUarterly Meeting, Utrecht, NL
LTI Update at the IMS QUarterly Meeting, Utrecht, NLLTI Update at the IMS QUarterly Meeting, Utrecht, NL
LTI Update at the IMS QUarterly Meeting, Utrecht, NL
 
Just fire lti at it!
Just fire lti at it!Just fire lti at it!
Just fire lti at it!
 
Ef Poco And Unit Testing
Ef Poco And Unit TestingEf Poco And Unit Testing
Ef Poco And Unit Testing
 
Php My Sql Security 2007
Php My Sql Security 2007Php My Sql Security 2007
Php My Sql Security 2007
 
Blackboard DevCon: Introducing IMS Learning Tools Interoperability
Blackboard DevCon: Introducing IMS Learning Tools InteroperabilityBlackboard DevCon: Introducing IMS Learning Tools Interoperability
Blackboard DevCon: Introducing IMS Learning Tools Interoperability
 
2011 03-03-blti-umass
2011 03-03-blti-umass2011 03-03-blti-umass
2011 03-03-blti-umass
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
 
.Net template solution architecture
.Net template solution architecture.Net template solution architecture
.Net template solution architecture
 
Overview of entity framework by software outsourcing company india
Overview of entity framework by software outsourcing company indiaOverview of entity framework by software outsourcing company india
Overview of entity framework by software outsourcing company india
 
Sso every where
Sso every whereSso every where
Sso every where
 
jBPM5 in action - a quickstart for developers
jBPM5 in action - a quickstart for developersjBPM5 in action - a quickstart for developers
jBPM5 in action - a quickstart for developers
 
Automated Testing Of Web Applications Using XML
Automated Testing Of Web Applications Using XMLAutomated Testing Of Web Applications Using XML
Automated Testing Of Web Applications Using XML
 
Tellurium 0.7.0 presentation
Tellurium 0.7.0 presentationTellurium 0.7.0 presentation
Tellurium 0.7.0 presentation
 
Manageable Robust Automated Ui Test
Manageable Robust Automated Ui TestManageable Robust Automated Ui Test
Manageable Robust Automated Ui Test
 
C#Portfolio
C#PortfolioC#Portfolio
C#Portfolio
 
Microsoft Enterprise Search Products
Microsoft Enterprise Search ProductsMicrosoft Enterprise Search Products
Microsoft Enterprise Search Products
 

Recently uploaded

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 

Recently uploaded (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 

Code Your Own: Tool Integration using the Basic Learning Tools Interoperability (LTI) Standard

  • 1. Code Your Own Tool Integration Using the Basic Learning Tools Interoperability (LTI) Standard#blticode Jim Riecken & Dan Rinzel Blackboard Learn Product Development
  • 2. Basic Learning Tools Interoperability with Blackboard Learn™, Release 9.1 SP4
  • 3. Q’s we will try to A What is LTI? What is Basic LTI? What does being a Tool Provider mean? What does being a Tool Consumer mean? What does that look like in Learn? What does it look like for Blackboard Building Blocks? Hungry yet? Code your own Tool Provider
  • 4. What is LTI? “a single framework or standard way of integrating rich learning applications...to allow the seamless connection of web-based, externally hosted applications and content…to platforms that present them to users”  http://www.imsglobal.org/toolsinteroperability2.cfm
  • 5. What is Basic LTI? Simplify, Simplify, Simplify one launch mechanism with one security policy no access to run-time services on the platform
  • 6. What’s a Tool Provider? A (typically centrally hosted) service that interacts with users who are “launched” from inside their platform Launch mechanism and authN as specified, including extra data in the launch “payload”
  • 7. What’s a Tool Consumer? A LMS, VLE or portal environment Sets policy about the payload privacy, who can provision links
  • 8. What does that look like in Blackboard Learn?
  • 9. Basic LTI & Blackboard Building Blocks™
  • 10. Why use a Blackboard Building Block? More seamless integration Tool placement Content Handler placement Bypass global provider settings Permissions declared in bb-manifest.xml Instructors don’t need to deal with URLs, Keys, and Secrets They might not even know that the tool is running on another server!
  • 11. How to use Basic LTI in a Blackboard Building Block Two Parts Declare permissions in bb-manifest.xml Use blackboard.platform.blti.BasicLTILauncher In your Tool page or Content Handler view page
  • 12. Basic LTI Permissions New “basiclti” permission type. Name is the domain you intent to launch to. Use “*” if you want to launch to any domain Specifying a domain allows subdomains as well Value is some combination of “sendroles” – Allow user’s role to be sent. “sendname” – Allow user’s full name to be sent. “sendemail” – Allow user’s email address to be sent. If the value is empty, you will just be able to launch to that domain.
  • 13. Basic LTI PermissionsExample <permission type="basiclti" name="example.com" actions="" /> <permission type="basiclti" name="foo.example.com" actions="sendroles" /> <permission type="basiclti" name="bar.example.com" actions="sendname,sendemail" /> <permission type="basiclti" name="baz.example.com" actions="sendemail" />
  • 14. BasicLTILauncher Encapsulates the logic for performing a Basic LTI launch. blackboard.platform.blti.BasicLTILauncher blackboard.platform.blti.BasicLTIConstants Simple API Can add user/course information Can add custom parameters Does OAuth signing and redirects to an automatic launch page.
  • 15. BasicLTILauncher Constructor BasicLTILauncher(String url, String key, String secret, String resourceLinkId) Data Population (all return BasicLTILauncher) addResourceLinkInformation(String title, String description) addCurrentUserInformation(booleanincludeRoles, booleanincludeName, booleanincludeEmail) addUserInformation(User user, CourseMembership membership, booleanincludeRoles, booleanincludeName, booleanincludeEmail) addCurrentCourseInformation() addCourseInformation(Course course) addLaunchPresentationInformation(Map<String,String> params) addCustomToolParameters(Map<String,String> params) Launch Map<String,String> prepareParameters() void launch(HttpServletRequestreq, HttpServletResponse res, booleanuseSplashScreen, FormattedTextsplashScreenMessage)
  • 16. BasicLTILauncher - Examples Simple Launch BasicLTILauncherlauncher=newBasicLTILauncher( "http://url.to.my.tool","my.key","s3cr3t","resourceId_1"); launcher.launch(req,res,false,null); Launch with current user and current course (from Context) and a splash message BasicLTILauncherlauncher=newBasicLTILauncher( "http://url.to.my.tool","my.key","s3cr3t","resourceId_1") //Send roles and name, but not email .addCurrentUserInformation(true,true,false) .addCurrentCourseInformation(); launcher.launch(req,res,true,newFormattedText("You are launching my tool. Click Submit.",FormattedText.Type.PLAIN_TEXT));
  • 17. BasicLTILauncher - Examples The kitchen sink Useruser=...;// Get user somehow Coursecourse=...;// Get course somehow CourseMembershipmembership=...;// Get user membership in course Map<String,String>launchPresentation=newHashMap<String,String>(); launchPresentation.put(BasicLTIConstants.PARAM_LAUNCH_PRESENTATION_DOCUMENT_TARGET, BasicLTIConstants.PARAM_LAUNCH_PRESENTATION_TARGET_WINDOW); launchPresentation.put(BasicLTIConstants.PARAM_LAUNCH_PRESENTATION_RETURN_URL, PlugInUtil.getUri("vendor","handle","/path/to/my/return")); Map<String,String>customParams=newHashMap<String,String>(); customParams.put("param1","value1"); customParams.put("param2","value2"); BasicLTILauncherlauncher=newBasicLTILauncher( "http://url.to.my.tool","my.key","s3cr3t","resourceId_1") .addResourceLinkInformation("resourceTitle","resourceDescription") .addUserInformation(user,membership,true,true,true) .addCourseInformation(course) .addCustomToolParameters(customParams) .addLaunchPresentationInformation(launchPresentation); launcher.launch(req,res,true,newFormattedText("You are launching my tool. Click Submit.", FormattedText.Type.PLAIN_TEXT));
  • 18. Hungry yet? Let’s make a sandwichTool Provider
  • 19. Tool Provider… Tool Provider?HOW DO I WRITE A TOOL PROVIDER!!! You could: Go to http://www.imsglobal.org/lti Download the Basic LTI spec Read the spec Implement the Tool Provider side of the spec Find bugs, tear out hair, fix bugs. Rinse, Repeat until working. Benefit: You can use any language to do this Like Ruby? Ok. Like PHP? Ok. Like Node.js? Ok.
  • 20. BLTI-sandwich to the Rescue! But… If you like Java I’ve done this for you! BLTI-sandwich http://projects.oscelot.org/gf/project/blti-sandwich/ Simple Java library that implements the glue between Tool Consumers and Tool Providers Implements Basic LTI 1.0 Mostly for creating Tool Providers Can also use to help create a Tool Consumer
  • 21. BLTI-Sandwich Two main classes to deal with BLTIMessage Contains all of the Basic LTI launch data in an easy to use format BLTIProvider Allows you to pull a BLTIMessage off of an HttpServletRequest and validate it.
  • 22. BLTIMessage Container for Basic LTI Launch Data E.g. msg.getKey() msg.getResourceLink().getId() msg.getUser().getFullName() msg.getUser().isInRole( Role.CONTEXT_NAMESPACE, Role.MENTOR ) msg.getContext().getLabel() msg.getLaunchPresentation().getReturnUrl() msg.getCustomParameters().get("the-custom-param")
  • 23. BLTIProvider Static methods to grab Basic LTI launch data and validate it. BLTIMessagegetMessage(HttpServletRequest request) Pulls launch data off the request. booleanisValid(BLTIMessagemsg, String secret) Checks whether the message contains all of the required Basic LTI fields and was signed using the specified shared secret.
  • 24. Let’s make a tool Simple polling tool Let instructor create an ad-hoc poll Let students vote (and see results) Let instructors see detailed results (who voted on what) What we’ll use blti-sandwich Spring MVC Google App Engine Objectify (App Engine Datastore ORM)
  • 27. /** * Performs the Basic LTI launch using blti-sandwich. */ @RequestMapping("/blti/tool") publicStringlaunch(HttpServletRequestrequest) { // Parse out the BLTI launch BLTIMessagemsg=BLTIProvider.getMessage(request); // Load the consumer that matches the key passed in the launch Consumerconsumer=consumerDAO.get(Consumer.generateKey(msg.getKey())); // Validate the message (make sure the message was signed by the shared secret) if(consumer==null||!BLTIProvider.isValid(msg,consumer.getSharedSecret())) { returnerrorRedirect(msg,"Error: Not Authorized!"); } // [More validation edited out here...] else { // Provision a user object provisionUser(msg,consumer); // Set up the HTTP session for the user HttpSessionsession=request.getSession(false); if(session!=null) { session.invalidate(); } session=request.getSession(); // Keep the BLTI message in session for use in other pages. session.setAttribute("bltiSessionMsg",msg); // Redirect to the tool (Poll) display page return"redirect:/blti/tool/index"; } }
  • 28. Resources IMS http://www.imsglobal.org/toolsinteroperability2.cfm Learn Help Center http://help.blackboard.com blti-sandwich library on OSCELOT http://projects.oscelot.org/gf/project/blti-sandwich/ This presentation and example code will be available via http://edugarage.com at some point after the conference ends. jim.riecken@blackboard.com dan.rinzel@blackboard.com
  • 29. Please provide feedback for this session by emailingDevConFeedback@blackboard.com. The title of this session is: Code Your Own: Tool Integration Using the Basic Learning Tools Interoperability (LTI) Standard

Editor's Notes

  1. Originally presented Monday, July 11th at 10AM Pacific Time in Titian 2310B at the Sands Expo Center in the Venetian hotel, Las Vegas, Nevada, USA as part of the Blackboard Developers’ Conference 2011.
  2. The first release of Blackboard Learn to provide Tool Consumer support forthe Basic LTI standard from IMS was Service Pack 4 of Release 9.1, which was released on December 29, 2010.The features and techniques covered in this presentation apply to that release and any subsequent Service Pack release of Learn 9.1.
  3. Agenda for the presentation.
  4. The goal is to transform the cobbling-together of interfaces between tools and platforms, by promoting a standard “plug” mechanism. Our situation today is very much like the “bag of adapters” on the left – a tool has to identify which platforms (and sometimes which versions of which platforms) it can support, with different installation and configuration instructions for each. What LTI proposes is that we move to a world more like the Universal Serial Bus world, where everybody uses the same connector.Yes this analogy is imperfect, USB isn’t always a power source, there are a couple different kinds of USB connectors, but hopefully you get the idea 
  5. The full LTI specification includes a whole set of two-way communication – ways for the tool to query the platform for information about what it supports, and to negotiate various levels of security and integration and notification on various events that might take place on the platform.The basic LTI specification is vastly simpler. A user is “launched” from the platform to the tool, with some information passed in the launch payload that allows a trust relationship to be established and some contextual data passed to the tool that can allow a personalized experience of the tool for the user, including facilitating their return to the platform.
  6. A tool provider doesn’t have to be centrally hosted, but that’s generally the case and we think it will continue to grow in that direction
  7. Learning management system, virtual learning environment, etcetc – really any “platform” for teaching and learning.Blackboard Learn peforms this role in two waysAn on-board tool consumer that the administrator can configureA Building Block accessible framework to do launches Both approaches are currently in use, the Wimba Voice tools and the McGraw-Hill integration between Learn and the McGraw-Hill Connect service both leverage Basic LTI
  8. If enabled, the on-board default tool consumer is baked directly into the existing Create URL workflow, by means of a simple checkbox with field-level help. &gt; Choosing the checkbox will treat the URL as a Basic LTI launch instead of a “plain” URL&gt; If the provider is not yet registered on the system, as in the screenshot here, the system “reveals” an additional set of fields to configure the credentials and optional custom parameters required by the tool&gt; These must be negotiated beforehand outside the software&gt; If the provider has already been registered at the system level, this additional configuration work is usually unnecessaryI’ll show how this works on a live system now, and we’ll talk about the various configuration options available at the global level, as well as additional tools available at the course levelThen, I’ll hand it over to Jim to cover the additional options available with deployment via Building Block, and how to code the tool provider end of things.SWITCH TO DEMO SCRIPT
  9. Turn it over to Jim
  10. You might be asking “Why would I use a Building Block” when instructors can create links themselves?Having to know keys and secrets and urls can be confusing for some users. They just want to be able to use a toolThey need not even know that the tool is on another server.You can create a more seamless integration by using the placement points B2s allowE.g. A Tool placement – allows you to launch from the course menu, or even a system admin tool.E.g. A Custom content handler – allows you to launch to a specific piece of custom contentCustom create/edit page – set custom paramters for launch
  11. In order to use BLTI in a B2 you have to indicate what servers you are going to access and what user data (if any) you are going to send to the server.The admin will see these permissions when activating the B2 and can decide not to install the B2 because they do not want information to be sent. So, only request permissions you actually need.
  12. Pause for questions
  13. BasicLTI launcher lets you easily perform a Basic LTI launch from a Bulding BlockCan add information about user/courseCan add custom parametersCan add launch information parametersWill automatically add information about the BbLearn instance (e.g. admin email, current locale, etc)You don’t have to use the automatic launch page. It’s possible to get the signed parameters and create your own launch.
  14. Note that for the addUser methods, SecurityExceptions will be thrown if you do not have the appropriate permissions in your bb-manifest.xmlThe population methods all return the instance of BasicLTILauncher (so you can chain them together)For launching you can either use the automatic launch (with the launch method) or manually construct a launch page of your own.If you are creating a custom launch JSP, make sure that you either:Submit the form using JavaScriptOr make sure the submit button has no &quot;name&quot; attributeOtherwise, the text of the submit button will be added as a POST parameter and cause OAuth validation to fail (as the parameter value was not included in the signature).
  15. First example is a minimal launch – only data strictly required by the specSecond adds the current user and course from Context and uses a splash screen confirmation.
  16. Finally we have the kitchen sink which does a bit of everythingAdd a specific user and courseAdd information about the resourceAdd custom parametersAdd launch presentation informationPause for questions
  17. Jim’s DemoBLTI-sandwich Java library – source code released on OSCELOTDemo tool provider &amp; show source code built on the sandwich
  18. To create a tool provider you need to implement the tool provider side of the Basic LTI spec.You can use any language to do this – it doesn’t matter (as long as you can service HTTP requests and do Oauth signatures)You also need an external server – as this does not run inside of Learn like a Building BlockBonus is that your tool will work for any Basic LTI consumer – you don’t have to rewrite plugin code for each new LMS that comes out. Write once, launch anywhere.
  19. If you’re using Java on your server, I’ve written a simple library called blti-sandwich that implements the Basic LTI specIt’s open source and up on OSCELOT right now – download away!Can be used to help create a Tool Consumer, but I’m going to focus on the Tool Provider side.
  20. There are two main classes to deal with in BLTI Sandwich for creating a Tool ProviderBLTIMessage – this is a data object that contains all of the launch data from the BLTI request – e.g. resource info, context info, user info, custom parameters, etc. It’s serializable so you can for example put it into an HttpSession attribute.BLTIProvider – this allows you to pull a BLTIMessage off of an HttpServletRequest, and then validate it (with a shared secret)So all in all to process + validate a BLTI request you need to make 2 method calls. Simple!
  21. Serializable
  22. Pause for questions
  23. So, let’s use blti-sandwich to create a Tool Provider!A simple polling toolWe’ll use:blti-sandwich for Basic LTI processingSpring MVC for our application logicGoogle App Engine to host the toolAnd Objectify for storing data in the App Engine datastore.Mostly I’m just going to focus on the BLTI stuff – not going into super detail on appengine or spring stuff.
  24. It’s up and running right now on App Engine at http://blti-sandwich.appspot.comShow demo of toolAs instructor creating link to tool – show that poll title + description are autopopulated – also separate pages for instructor vs studentCreate a poll as instructorAs student(s) answer pollGo back as instructor and see resultsTool requires user data to be sent (name + role at least)Poll is linked to consumer key + resource id – users are linked to consumer key + user id
  25. Code walkthrough time. Open up eclipseOverview the projectModels – Consumer, User, Poll, PollResultDAOs – persistenceControllers – focus mostly on the launch controller and how it does the blti-sandwich stuff.
  26. Covered this in detail from inside eclipse. Placeholder slide in case of IDE fail.
  27. IMS for the spec, examples and conformance testing tools (to get your IMS badge)Learn help center for the instructor and admin “onboard” tools used with Create URLOSCELOT for the source code of the sandwich library