# [LON-CAPA-cvs] cvs: loncom /html/adm/help/tex Domain_Configuration_LTI_Provider.tex

raeburn raeburn at source.lon-capa.org
Mon Feb 21 16:37:52 EST 2022

raeburn		Mon Feb 21 21:37:52 2022 EDT

Modified files:
Log:
- Update documentation for LTI Link Protection configuration in domain.

--- loncom/html/adm/help/tex/Domain_Configuration_LTI_Provider.tex:1.3	Mon Feb 21 21:29:11 2022
+++ loncom/html/adm/help/tex/Domain_Configuration_LTI_Provider.tex	Mon Feb 21 21:37:52 2022
@@ -18,7 +18,7 @@

\end{itemize}

-LTI employs a shared key and secret which the launcher (LTI Consumer) and the target (LTI Provider) will store locally. The key will be included in the (signed) payload included in a request created by the Consumer and sent to the Provider on launch.  The consumer will use the key and secret to verify that the contents of the payload has not been tampered with in transit.  As the payload can include the user's identity, which LON-CAPA can be configured to use to establish a session for that user, it is important that the secret for a particular LTI launch item remain private.  To assist with that, LON-CAPA offers the option to encrypt a secret when storing it on a domain's library server.
+LTI employs a shared key and secret which the launcher (LTI Consumer) and the target (LTI Provider) will store locally. The key will be included in the (signed) payload included in a request created by the Consumer and sent to the Provider on launch.  The Provider will use the key and secret to verify that the contents of the payload has not been tampered with in transit.  As the payload can include the user's identity, which LON-CAPA can be configured to use to establish a session for that user, it is important that the secret for a particular LTI launch item remain private.  To assist with that, LON-CAPA offers the option to encrypt a secret when storing it on a domain's library server.

Accordingly, an encryption key can be set on the primary library server in a LON-CAPA domain. That encryption key will be used to encrypt a shared secret when storing it, and to decrypt it when it needs to be used to verify payload integrity.