Privacy implications of installing an LTI 1.3 tool in Canvas

As the stewards of your students’ data, we know you care deeply about the privacy and security implications of adopting new EdTech tools. With the depth of integration LTI tools can install, there are a lot of technical details which can affect what data is shared. This guide aims to help you understand the settings so that you can make informed decisions about what access to grant.

On the Developer Key under Additional Settings the key can be set to have a Privacy Level of Public or Private. Note that setting the value to something other than what is suggested by the tool provider may prevent services from working, for example if launches are Private then the tool will not be able to properly update the gradebook, even if the “Can create and view assignment data in the gradebook associated with the tool” permission is allowed.

The default information sent in all launches designated as Private includes:

  • Resource Link Request
    • The ‘title’ or the name of the account, course, or assignment the tool is being launched from
    • ID of the resource
    • Description of the resource
  • The deployment ID of the tool
  • The type of context the tool was launched from
  • Information about the context the tool was launched from (for example, if it is a course, the course’s name and title)
  • The user’s standard LTI role (Administrator, Instructor, User, etc., no custom roles)
  • The Canvas Placement Name from which the tool was launched

If the launch is designated as Public it will additionally include:

  • The user icon
  • The user’s email address
  • The username
  • The user’s given name
  • The user’s family name
  • The SIS ID of the user
  • The SIS ID of the course

In addition to this information, there are four main setting areas to keep an eye on which can impact what data is shared. We’ll go through each in depth below. The four areas are:

  • Permissions (Scopes)
  • Deployments
  • Placements
  • Variable Expansions

 

Permissions

The Permissions setting affects which LTI Advantage Services permissions a tool is allowed to use. The possible services as they are shown in Canvas are listed below with links to the 1EdTech technical specification they are based on as well as the general data this provides access to.

Permission Description 1EdTech Spec
Can create and view assignment data in the gradebook associated with the tool. Tools can create and view the maximum score set for an assignment, the date submissions will start being accepted and the date submissions will stop being accepted. 1EdTech Spec
Can view assignment data in the gradebook associated with the tool.

Tools can view the maximum score set for an assignment, the date submissions will start being accepted and the date submissions will stop being accepted.

 1EdTech Spec
Can view submission data for assignments associated with the tool. Tool can view a given assignment’s results including user IDs, users’ scores, and the maximum possible score, as well as any comments visible to a student about the score. 1EdTech Spec
Can create and update submission results for assignments associated with the tool. Tool can create and edit a given assignment’s results including user IDs, users’ scores, and the maximum possible score, as well as comments visible to a student about the score.
  1EdTech Spec
Can retrieve user data associated with the context the tool is installed in.
  • The tool can view the Course’s short name or code as well as the full name of the course
  • The tool can view information about members of the course the tool is available in. The data available is below:
  • All tools
    • Locale (language)
    • API ID
    • Primary login username
    • The user’s language and timezone
    • Membership state in the course
    • LTI ID
    • Roles in the current context 
  • Tools with privacy set to ‘public’ or ‘name_only’
    • Full name
    • Given name
    • Family name
    • SIS ID
  • Tools with privacy set to ‘public’ or ‘email_only’
    • Email address
    • Avatar
    • Tools with privacy set to ‘public’
 1EdTech Spec
Can update public jwk for LTI services.
  • Canvas specific scope, allows the tool to update the public JWT
  • No user data provided. This is used for authentication of the app with Canvas.
  
Can look up Account information. 
  • Allows access to Canvas LTI Account API
  • Tools can view the account ID, name, UUID, the account’s parent’s name, the root account ID, and the state of the account.
  

Can view Progress records associated with the context the tool is installed in.
  • Allows access to Canvas LTI Progress API
  • The tool can view the progress of asynchronous API operations such as when they started, updated, if they are complete, and if they were successful. No user data is provided.
  
Can view the content of a page the tool is launched from.

 
  • Allows use of the Canvas lti.getPageContent postMessage
  • This enables a tool to request the entire content of a page as HTML. This is currently only supported by the Top_Navigation placement when launched from Assignments and Wiki pages. It is typically used for AI enabled tools.
  • The user’s locale, timezone and high contrast settings are shared. 
  

 

Deployments

In general, tools only get access to information when they are launched, and only about the context from which they are launched and the user who launched them. If a tool is only installed in Course A, it will not get information about Course B. If a tool is only used on Assignment A, it will not get information about Assignment B. Similarly, tools will only have access to update information related to assignments they are used in. 

Additionally, tools will only have access to information about the user who launches the tool for any placement with the exception of launches from the Student Context Card placement, which will provide the ID of the student from whose card the tool is launched.

Placements

Many substitution variables are only available in certain placements. We’ve grouped the kinds of placements below to make it easier to understand which substitution variables work in which locations. A document showing screenshots of each placement can be found here.

Placements Substitution Variables
Course Placements
  • Course Navigation
  • Course Home Sub Navigation
  • Course Settings Sub Navigation
  • Assignment Index Menu
  • Course Assignments Menu (Supports Deep Linking)
  • Migration Selection (Supports Deep Linking)
  • Sync Grades
  • Editor Button (Supports Deep Linking)
  • Collaboration (Supports Deep Linking)
  • Discussions Topic Menu
  • Discussions Index Menu
  • Quiz Menu
  • Quizzes Index Menu
  • Page Menu
  • Pages Index Menu
  • Top Navigation
  • Assignments Group Menu
  • Link Selection (Supports Deep Linking)
  • Modules Index Menu (Tray)
  • Modules Index Menu (Modal) 
  • Module Menu 
  • Module Group Menu
  • Module Menu Modal (Supports Deep Linking)
File Management Placements
  • File Menu
  • Files Index Menu
Assignment placements
  • Assignment Edit
  • Assignment Selection (Supports Deep Linking)
  • Assignment view
  • Assignment menu
  • Homework Submission (Supports Deep Linking)
  • Submission Type Selection (Supports Deep Linking)
  • Editor Button (Supports Deep Linking)
Other placements
  • Global Navigation 
  • Account Navigation 
  • Tool Configuration
  • Student Context Card
  • User Navigation

 

Variable Expansions

The final way that data can be shared with tools is through variable expansions. To see technical documentation about all variables Canvas offers, see here. This list aims to provide general categories of variables and the types of information they provide, as well as the placements these variables work in.

Variable Details
Account information Provides data about the Canvas account. These variables work anywhere in Canvas
Analytics Information

Provides information used by xAPI and caliper for analytics.

  • Works in Courses
    • Canvas.xapi.url
  • Works anywhere
    • Caliper.url
Assignment information

Provides information about a specific assignment owned by the tool. Does not include user information related to the assignment. These variables only work within assignments.

  • com.instructure.Assignment.lti.id
  • com.instructure.Assignment.description
  • com.instructure.Assignment.allowedFileExtensions
  • com.instructure.Assignment.anonymous_grading
  • com.instructure.Assignment.restrict_quantitative_data
  • Canvas.assignment.id
  • Canvas.assignment.description
  • Canvas.assignment.title
  • Canvas.assignment.pointsPossible
  • Canvas.assignment.unlockAt.iso8601
  • Canvas.assignment.lockAt.iso8601
  • Canvas.assignment.dueAt.iso8601
  • Canvas.assignment.earliestEnrollmentDueAt.iso8601
  • Canvas.assignment.allDueAts.iso8601
  • Canvas.assignment.published
  • Canvas.assignment.lockdownEnabled
  • Canvas.assignment.allowedAttempts
  • ResourceLink.available.startDateTime
  • ResourceLink.available.endDateTime
  • ResourceLink.submission.endDateTime
Context information

These provide information about the context from which the tool is launched. They work anywhere in Canvas.

  • com.instructure.Course.allow_canvas_resource_selection
  • com.instructure.Course.available_canvas_resources
  • Context.title
  • Context.sourcedId
  • com.instructure.Course.accept_canvas_resource_types
  • com.instructure.Course.canvas_resource_type
  • com.instructure.Course.canvas_resource_id
  • Context.id
  • com.instructure.Context.globalId
  • com.instructure.Context.uuid
Course information

Information about the course the tool is launched from. This does not include information about individuals within the course. These only work within Course Placements, Assignment Placements, and File Management Placements when accessed within a course.

  • CourseOffering.sourcedId
  • Context.id.history
  • Canvas.course.id
  • vnd.instructure.Course.uuid
  • Canvas.course.name
  • Canvas.course.sisSourceId
  • com.instructure.Course.integrationId
  • Canvas.course.startAt
  • Canvas.course.endAt
  • Canvas.course.workflowState
  • Canvas.term.startAt
  • Canvas.term.endAt
  • Canvas.term.name
  • Canvas.term.id
  • CourseSection.sourcedId
  • Canvas.enrollment.enrollmentState
  • com.instructure.Course.gradingScheme
  • Canvas.course.previousContextIds
  • Canvas.course.previousContextIds.recursive
  • Canvas.course.previousCourseIds
  • com.instructure.contextLabel
File Management Information

Information about files within Canvas’ file management system. These only work within File Management Placements

  • Canvas.file.usageRights.name
  • Canvas.file.usageRights.url
  • Canvas.file.usageRights.copyrightText
  • Canvas.file.media.id
  • Canvas.file.media.type
  • Canvas.file.media.duration
  • Canvas.file.media.size
  • Canvas.file.media.title
Global Information

Technical information for tools, does not include user or account information. These work anywhere.

  • com.instructure.PostMessageToken
  • ToolConsumerInstance.guid
Group information

Information about a group. Does not include students who are members of the group.

  • Work in Courses and Assignments
    • com.instructure.Course.groupIds
    • Canvas.group.contextIds
  • Works in Assignments 
    • com.instructure.Group.id
    • com.instructure.Group.name
Module Information

Information about modules. Works within most Course and Assignment Placements when the object can be part of a module.

  • Canvas.module.id
  • Canvas.moduleItem.id
Observer Information

Information about users who are observing a course. Works only within Course and Assignment Placements.

  • com.instructure.User.observees
  • com.instructure.Observee.sisIds
Plagiarism detection information

Information used by plagiarism checkers. This does not include user specific information.

  • Work in assignments
    • com.instructure.OriginalityReport.id
    • vnd.Canvas.OriginalityReport.url
    • vnd.Canvas.submission.url
    • vnd.Canvas.submission.history.url
    • com.instructure.Submission.id
    • com.instructure.File.id
  • Work anywhere
    • LtiLink.custom.url
    • ToolProxyBinding.custom.url
    • ToolConsumerProfile.url
RCE information

Information about the Rich Content editor. The com.instructure.Editor.contents does include information provided by the user in the rich text editor, so if the user includes their name or personal information in that field it will be shared.

  • Works in the Editor Button placement
    • com.instructure.Editor.contents
    • com.instructure.Editor.selection
  • Works anywhere
    • com.instructure.RCS.app_host
Resource Link information

Information about resource links, which provide links to content. Tools can only access resources which they have created. No user information or account information is shared.

  • Work within Assignments only
    • ResourceLink.id
    • ResourceLink.description
  • Work anywhere
    • ResourceLink.title
Roles and Permissions information

Information about the permissions and roles both the types available in the account and for specific users if requested (tool must provide user ID to request for an individual user.) These variables work in all placements.

  • com.Instructure.membership.roles
  • Canvas.membership.roles
  • Canvas.membership.concludedRoles
  • Membership.role
  • Canvas.xuser.allRoles 
  • com.instructure.User.allRoles
  • Canvas.user.isRootAccountAdmin
Section information

Information about sections. Does not include a list of all users within a section, but can provide a section given a user. Works within Course and Assignment placements.

  • ​​com.instructure.User.sectionNames
  • Canvas.course.sectionIds
  • Canvas.course.sectionRestricted
  • Canvas.course.sectionSisSourceIds
Submission information

Information about the number of submissions a student has made on a specific assignment. Works within Assignments.

  • Canvas.assignment.submission.studentAttempts
Tool information

Information about how the tool is set up in Canvas. Works anywhere.

  • Canvas.externalTool.global_id
  • Canvas.externalTool.url
User Details

Information about the user including accounts they are an admin in, their pronouns, timezone, preference for high contrast, and timezone. These variables work anywhere.

  • Canvas.user.adminableAccounts
  • Message.locale
  • Canvas.user.prefersHighContrast
  • User.image
  • com.instructure.Person.pronouns
  • Person.address.timezone
User email

The user’s email address. These variables work anywhere.

  • Person.email.primary
  • vnd.Canvas.Person.email.sis
User ID

Various IDs representing a user. These variables work anywhere.

  • User.id
  • Canvas.user.id
  • vnd.instructure.User.uuid
  • vnd.instructure.User.current_uuid 
  • Canvas.user.globalId
  • Canvas.user.sisSourceId
  • Canvas.user.sisIntegrationId
  • Person.sourcedId
  • Canvas.masqueradingUser.id
  • Canvas.masqueradingUser.userId
  • User.username
  • Canvas.user.loginId
User Session

Information about the user’s Canvas session. These variables work anywhere.

  • com.instructure.User.student_view
  • Canvas.logoutService.url
User Name

The user’s name. These variables work anywhere.

  • Person.name.full
  • Person.name.display
  • Person.name.family
  • Person.name.given
  • com.instructure.Person.name_sortable
Labels (1)
Labels: