Occam's Razor now shaves even closer. What if we just had an SIS with an API that you could address with anything you had lying

Occam's Razor now shaves even closer. What if we just had an SIS with an API that you could address with anything you had lying around. Then you wouldn't need to populate another system with data that you had elsewhere (which is bad data management practice), and you would just assume that authentication could be handled by the students transmitting a unique personal key via this API.

LTI is just a kludgy fix for fitting things onto an LMS - if activities could just talk direct to the SIS via the API then there is no need for it.

Sure, you'd need a much smarter and more stable SIS, and a commonly used AND secure API, so I'm still in the realms of science fiction. But if the LMS is a way of connecting activity data to the SIS then there is a layer of redundancy....