Versions Compared

Old Version 1

changes.mady.by.user Phil McGachey

Saved on

compared with

New Version 2

changes.mady.by.user Phil McGachey

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Stopgap: Require all LTI users to have an account on the OpenEdX installation

This does not meet the requirements from the MVP spec, but it will allow us to make some initial progress while we iron out the details of the user model. For now, we can require that students first go through the sign-up process to get regular edX accounts, and then on the first launch we associate their LTI user_id with that account. There are two possible paths:

 

  1. The user has an existing cookie for the edX installation. In that case we can link IDs behind the scenes with no additional user actions.
  2. The user does not have a cookie. We can redirect to the login/account creation page, and have the user log in. At that point we link the accounts.

While this will be a short-term solution, much of the code that we will use for this functionality will be re-usable later when we come to link anonymous and edX accounts. We may also want to enable this behavior as a course-level option long-term, allowing instructors to require that students have an edX account (assuming that is a valid approach at their institution).

 

Requirement: Anonymous ID linked to the campus LMS identity.

This requirement implies that we may need to create a second type of user in edX. A user who signs up through the edX registration process has at minimum the following attributes:

  1. Email address
  2. Full name
  3. Public user name
  4. Country
  5. Password

The user has also agreed to the T&C ToS and the honor code.

A user who enters the edX site through LTI is not guaranteed to have any of these things. There are no required user-specific attributes in the LTI 1.2 spec (even the user ID is only recommended). We can of course require a minimal set before we will allow a user to access edX (see the LTI launch page), but since one of our other requirements is to allow for a launch with no Personally Identifiable Information (due to various national privacy laws), we can be certain that there are circumstances in which we will not have this information available.

...

LTI provides us with a user identifier that is determined by the tool consumer. Per the LTI spec:

user_id=0ae836b9-7fc9-4060-006f-27b2066ac545                                                                                     (Recommended)
Uniquely identifies the user.  This should not contain any identifying information for the user.  Best practice is that this field should be a TC-generated long-term “primary key” to the user record – not the “logical key".  At a minimum, this value needs to be unique within a TC.

Since we will eventually have multiple campus systems, we can't rely on the user_id field being globally unique. LTI also includes a recommended tool_consumer_instance_guid that can be combined to create a (hopefully) globally-unique identifier.

tool_consumer_instance_guid=lmsng.school.edu
This is a unique identifier for the TC.  A common practice is to use the DNS of the organization or the DNS of the TC instance.  If the organization has multiple TC instances, then the best practice is to prefix the domain name with a locally unique identifier for the TC instance.  In the single-tenancy case, the tool consumer data can be often be derived from theoauth_consumer_key.  In a multi-tenancy case this can be used to differentiate between the multiple tenants within a single installation of a Tool Consumer. This parameter is strongly recommended in systems capable of multi-tenancy.


Requirement: Identity linking between edX account and campus LMS account

We would like to allow a student with an existing edX account to associate their anonymous account with their complete profile. There are two levels of linking:

  1. Maintain separate edX and anonymous accounts, but create a connection between them so that students (and researchers) can track their activities together.
  2. Merge the anonymous and edX accounts, so that a user always works in the context of the same account regardless of how they get into the edX system.

 

 

One user, multiple campus systems

Multiple edX installations. Not transparent to the user where their account is.

 

Cookie issues:

  1. User has an existing cookie on LTI launch. Do they get logged out? Merge accounts? May not want to.
  2. User logged in anonymously via LTI. Next time they visit edx.org will they automatically log in?
  3. Cookie from campus system A, visits using campus system B.