📚 Chapter 6: Phase 3 - Communication Protocol

This chapter defines the communication protocols for secure data exchange between education platforms, including LTI 1.3 integration, OAuth 2.0 authentication, and real-time updates.

---

6.1 LTI 1.3 Protocol Integration

Learning Tools Interoperability (LTI) 1.3 is the primary protocol for connecting LMS platforms with external tools. WIA EDU extends LTI with accessibility-specific claims.

6.1.1 LTI 1.3 Launch Flow

┌─────────────┐     ┌─────────────┐     ┌─────────────┐
│     LMS     │     │  WIA EDU    │     │ External    │
│  Platform   │     │   Service   │     │    Tool     │
└──────┬──────┘     └──────┬──────┘     └──────┬──────┘
       │                   │                   │
       │ 1. OIDC Login     │                   │
       │──────────────────►│                   │
       │                   │                   │
       │ 2. Auth Response  │                   │
       │◄──────────────────│                   │
       │                   │                   │
       │ 3. LTI Launch + Accessibility Claims  │
       │──────────────────────────────────────►│
       │                   │                   │
       │                   │ 4. Fetch Profile  │
       │                   │◄──────────────────│
       │                   │                   │
       │                   │ 5. Profile Data   │
       │                   │──────────────────►│
       │                   │                   │
       │ 6. Adapted Content│                   │
       │◄──────────────────────────────────────│
       │                   │                   │
        

6.1.2 WIA EDU LTI Claims

// LTI 1.3 ID Token with WIA EDU Claims
{
  "iss": "https://lms.example.edu",
  "sub": "user-12345",
  "aud": "tool-client-id",
  "iat": 1705312200,
  "exp": 1705315800,
  "nonce": "abc123",

  // Standard LTI Claims
  "https://purl.imsglobal.org/spec/lti/claim/message_type": "LtiResourceLinkRequest",
  "https://purl.imsglobal.org/spec/lti/claim/version": "1.3.0",
  "https://purl.imsglobal.org/spec/lti/claim/resource_link": {
    "id": "resource-001",
    "title": "Course Content"
  },

  // WIA EDU Accessibility Claims
  "https://wiastandards.com/edu/claim/profile_id": "EDU-2025-ABCD-1234",
  "https://wiastandards.com/edu/claim/profile_url": "https://api.wiastandards.com/edu/v1/profiles/EDU-2025-ABCD-1234",
  "https://wiastandards.com/edu/claim/preferences": {
    "screen_reader": true,
    "extended_time": 1.5,
    "captions": true,
    "text_to_speech": true,
    "high_contrast": true
  },
  "https://wiastandards.com/edu/claim/consent": {
    "share_profile": true,
    "timestamp": "2025-01-15T10:00:00Z"
  }
}

---

6.2 OAuth 2.0 Authentication

6.2.1 Supported Grant Types

Grant Type	Use Case	Token Lifetime
Authorization Code	User-facing applications	1 hour
Client Credentials	Server-to-server	1 hour
Refresh Token	Long-lived sessions	30 days

6.2.2 Token Request

// Client Credentials Flow
POST /oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
&client_id=your-client-id
&client_secret=your-client-secret
&scope=profile:read profile:write course:read

// Response
{
  "access_token": "eyJhbGciOiJSUzI1NiIs...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "profile:read profile:write course:read"
}

6.2.3 Scopes

Scope	Description	Access Level
profile:read	Read learner profiles	Learner, Admin
profile:write	Create/update profiles	Learner, Admin
course:read	Read course metadata	Instructor, Admin
course:write	Update course accessibility	Instructor, Admin
content:read	Read content metadata	All authenticated
assessment:configure	Configure accommodations	Instructor, Admin
admin:all	Full administrative access	Admin only

---

6.3 WebSocket Real-Time Updates

6.3.1 Connection Establishment

// Connect to WebSocket
const ws = new WebSocket('wss://api.wiastandards.com/edu/v1/ws');

ws.onopen = () => {
  // Authenticate
  ws.send(JSON.stringify({
    type: 'auth',
    token: 'Bearer eyJhbG...'
  }));

  // Subscribe to profile updates
  ws.send(JSON.stringify({
    type: 'subscribe',
    channel: 'profile:EDU-2025-ABCD-1234'
  }));
};

6.3.2 Event Types

// Profile Updated Event
{
  "type": "profile.updated",
  "profile_id": "EDU-2025-ABCD-1234",
  "changes": {
    "display_preferences.text_settings.font_size": "x-large"
  },
  "timestamp": "2025-01-15T10:30:00Z"
}

// Accommodation Configured Event
{
  "type": "assessment.configured",
  "session_id": "SESSION-001",
  "profile_id": "EDU-2025-ABCD-1234",
  "accommodations": {
    "extended_time": 1.5,
    "breaks_allowed": true
  },
  "timestamp": "2025-01-15T10:35:00Z"
}

---

6.4 Privacy and Security

6.4.1 FERPA Compliance (US)

6.4.2 GDPR Compliance (EU)

6.4.3 Consent Management

// Consent Record Schema
{
  "consent_id": "CONSENT-001",
  "profile_id": "EDU-2025-ABCD-1234",
  "consents": [
    {
      "type": "share_profile",
      "granted": true,
      "scope": ["institution", "instructors"],
      "timestamp": "2025-01-15T10:00:00Z"
    },
    {
      "type": "share_disability_info",
      "granted": false,
      "timestamp": "2025-01-15T10:00:00Z"
    },
    {
      "type": "analytics",
      "granted": true,
      "timestamp": "2025-01-15T10:00:00Z"
    }
  ],
  "audit_log": [
    {
      "action": "consent_updated",
      "field": "share_profile",
      "old_value": false,
      "new_value": true,
      "timestamp": "2025-01-15T10:00:00Z"
    }
  ]
}

6.4.4 Data Encryption

Layer	Encryption	Standard
Transport	TLS 1.3	Required
Token Signing	RS256 / ES256	JWT/JWS
Data at Rest	AES-256	Recommended
Field-level	Application-specific	For PII

---

6.5 Chapter Summary