LTI provider database schema?

[Tom Salyers]

Hi, all .

As the subject says--we're putting in an instance of the Numbas LTI provider at our institution, and we've got some security paperwork to run through first. The form wants to know what kind of user information is stored, if any, in particular. Does anyone have a schema document lying around? (I could go digging through PostgreSQL, but I figured this might be faster.)  Thanks in advance!

[Christian Lawson-Perfect]

Ah, I saw the email you sent to num...@ncl.ac.uk before this one!

For everyone else's benefit, here's the reply I just sent Tom:

The information that the LTI tool receives about each user depends on how you configure the LTI link. The LTI consumer must at least send a unique ID for the user, which might or might not correspond to their username on the consumer.

There are a few other optional fields that the consumer can send; there's a good list of these at https://www.edu-apps.org/code.html. The potentially personally identifiying fields are the email address, and the name fields: given, family and full. The lis_person_sourcedid field is a unique identifier that the consumer can understand, and might be readable on its own or might need to be linked to the consumer's database to make sense.

The LTI launch data is saved in the temporary session table; this is deleted when the session expires. The username, email address and full name are stored permanently in the Numbas LTI provider's auth_user table. For each resource launched by a user, an LTIUserData record is created. This stores: the lis_result_sourcedid, a unique identifier generated by the consumer linking the user and resource; the lis_person_sourcedid and user_id described above; and whether the user is an instructor.

Finally, everything the student does inside a Numbas exam, such as submitted answers, is stored in the SCORM data model, in the numbas_lti_scormelement table.

I think that's everything that could be personally-identifying.

On Mon, 22 Feb 2021 at 12:51, Tom Salyers <t.sa...@sheffield.ac.uk> wrote:

Hi, all .

As the subject says--we're putting in an instance of the Numbas LTI provider at our institution, and we've got some security paperwork to run through first. The form wants to know what kind of user information is stored, if any, in particular. Does anyone have a schema document lying around? (I could go digging through PostgreSQL, but I figured this might be faster.)  Thanks in advance!

--
You received this message because you are subscribed to the Google Groups "Numbas Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to numbas-users...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/numbas-users/f8c75afd-5f6a-4ace-8861-5f228b754b1fn%40googlegroups.com.