MNV Gateway

Security and Data Storage

Security

Communication with the Gateway from the LMS is secured by OAuth 1.0 as outlined in the LTI 1.1 specification. The Gateway and LMS must exchange shared secrets prior to placing Gateway links in an LMS.

Communication to the Tool Providers is secured by HTTPBasic or OAuth 2.0 depending on the Tool Provider's implementation.

Data Storage

The Gateway stores minimal, non-identifiable user data as required to map LMS uses to Tool Provider users. The following information is collected about a user and stored in the Gateway:

  • Tool Consumer User Id - A unique value in the Tool Consumer/LMS that identifies the user. Generally a hash or unique number.
  • Tool Consumer Id - The LMS or system that the user is coming from. This is a numeric field.
  • Tool Provider User Id - A unique value in the Tool Provider that identifies the user. Generally this is a hash or unique number.
  • Tool Provider Id - The Id of the Tool Provider that the user is attempting to access. This is a numeric field.

As the Gateway does not store any user identifiable information, Tool Providers should not need to change their security/data storage messaging when talking with institutions.