[Permissions] Course-Level LTI Tool Installation Permissions When Importing Content

Problem statement:

When importing or copying a course in Canvas, course-level LTI tools (Apps) can be installed without requiring the necessary permissions. This presents a potential security and accessibility loophole as certain tools need to undergo reviews and training before they can be used. Additionally, this behavior allows instructors to bypass these requirements and potentially include malicious tools that could compromise student data.

Impact to Workflow:

  • Security and accessibility reviews for LTI tools may be circumvented.
  • Training requirements for limited-availability tools may be bypassed.
  • Risk of including malicious tools that could compromise student data.

As Case #09665860 establishes, this is currently the intended behavior in Canvas.

Proposed solution:

Two possible solutions seem viable:

Solution 1: Check User Permissions during Import

This solution ensures that only users with the necessary permissions can import or copy course content that includes LTI tools. By checking user permissions during the import process, we prevent unauthorized installation of tools, mitigating security and accessibility risks. It enforces the institution's requirement for security and accessibility reviews before enabling LTI tools in courses, ensuring compliance and protecting student data. This solution promotes a controlled and accountable workflow to institutions who want it, safeguarding the integrity of the learning environment.

Solution 2: Install LTI Tools in a "Disabled" State

This solution offers flexibility to instructors while maintaining control over the usage of LTI tools. By installing tools in a "disabled" state upon import or course copy, instructors can include the necessary tools in their courses without automatically enabling them. This approach allows instructors with the "Manage LTI" permission to enable the tools as needed, or the relevant support personnel if instructors don't have that permission.

During the disabled state, any embedded links to the tools must be non-functional, ensuring that they do not accidentally launch or compromise student data. This solution strikes a balance between instructor autonomy and institutional oversight, reducing potential risks while preserving the ability to utilize LTI tools effectively.

User role(s):

admin,instructor,ta,designer

4 Comments
AlexisNast
Instructure
Instructure
Status changed to: Added to Theme

Added to theme for further consideration

nathanatkinson
Community Team
Community Team
Status changed to: New
 
nathanatkinson
Community Team
Community Team
Status changed to: New
 
nathanatkinson
Community Team
Community Team
Status changed to: Open