Integrating Learning Services on the Layers Box with OpenID Connect

Main impacts

  • Tracing learning across multiple tools and applications
  • Secure and trusted environment for sharing data

The situation before Layers


Before Layers, learners used different social networking apps and cloud providers to share learning artifacts such as photos amongst each other. All services required different login credentials and manual exchange of contact data to share artifacts. Additionally, users and companies had no control over where data resides, i.e. at which cloud provider.


Before Layers, the use of cloud technologies was scattered within and across SMEs. Learners did either not use any digital means to transfer knowledge, or did so using random, in vogue cloud providers such as Dropbox, Google Drive or simply Facebook. However, this kind of data is sticky, meaning it remains in the system that learners used. Furthermore learners could only use applications that implemented the APIs offered by such cloud providers. To communicate and share images, learners relied on Instant Messengers such as WhatsApp or Facebook Messenger, all with their private accounts. For every service, the learners had a different username, and if they wanted to share certain artifacts such as images or videos on Facebook, they first connected.

What Layers did


Layers started with a desk research collecting state-of-the-art technology. WP6 then extracted valuable requirements, and through our social requirements engineering approach identified the most important (non-)functional requirements. This resulted in the flexible and customizable Layers Box approach that allows learning services to be run inside a private, public or hybrid cloud provider. The industry-strength OpenID Connect system was established so all users may login to all services using their unique login credentials.


At the start of the Layers project, we analyzed available technologies in a desktop search and collected the results in the project’s wiki. We looked at the solutions of successful industry players like Google and Microsoft, but also at the offerings of Dropbox and last but not least at technologies that the research literature and own experiences suggested. For example, cloud-based services can be offered on public, private or hybrid cloud solutions.

We derived and conceptualized a flexible, customizable infrastructure for running learning services, called the Layers Box. For the implementation of the Layers Box, we took up the recent industry trend of containerization using Docker. Within the Layers Box as Docker host, all services developed within the project or by third parties run as containers and are accessible through the Layers Adapter, a uniform access point of any Layers Box instance that accepts any requests from client apps and forwards them to the respective services below. Authentication and authorization within the Layers Box is managed by OpenID Connect, an authentication technology based on the widely used OAuth2 API authorization specification. For end users, this results in having to remember only a single pair of login credentials to access any services. For developers, it eases the development of innovative new services, as user management functionality is taken care of centrally.

The situation after Layers


The Layers Box is out there to provide a novel infrastructure to host learning/networking/social services and to store/access/exploit underlying data for various tasks at hand, e.g., learning analytics.


The Layers Box is available as software artifact for learning, networking or social services to be hosted in-house or at a cloud provider. Additionally, the OpenID Connect account on the Layers sandbox instance is still maintained and supported actively after Layers. Most apps developed within the project, even if deployed outside the Layers Box sandbox instance, are using the Layers OIDC system to allow users to login. The technological management board has reinforced their willingness to support the Layers sandbox infrastructure well beyond the project runtime.


Impact that Layers created

Changed learning practices

Ability to work on various tools / learn, interact, communicate or collaborate and keeping/being able to track a user across all these tools. This represents a great opportunity for sharing, learning analytics, recommender systems, data mining, etc.

Extended trust building and personal networks

The Layers Box comes with the las2peer, which is great for establishing a P2P network of trust service agents and where all users can securely share data, having in the same time their privacy ensured.

Bridging learning contexts

Same user identification across contexts and services. This allows the identification of learners across applications, facilitating learning analytics endeavors.

Reflections on other effects

The OpenID Connect account may well be used beyond the project runtime, for example as a de-facto authentication and authorization provider for future European research projects. As such, the Layers login was already used within the WEKIT project for establishing a community platform of stakeholders interested in innovative Augmented Reality learning applications.

Further Reading

Deliverable D6.2: Customizable Architecture for Flexible Small-Scale Deployment [1]

Deliverable D6.3/Report 4: DevOpsUse - Scaling Continuous Innovation [2]

Distributed Software Engineering in Collaborative Research Projects, IEEE ICGSE [3]

Derntl, M., Kravcik, M., Klamma, R., Koren, I., Nicolaescu, P., Renzel, D., Hannemann, A., Shahriari, M., Purma, J., Bachl, M., Bellamy, E., Elferink, R., Tomberg, V., Theiler, D., and Santos, P. (2014). Customizable Architecture for Flexible Small-Scale Deployment. Deliverable D6.2, Learning Layers Project.

Klamma, R., Koren, I., Nicolaescu, P., Renzel, D., Kravcik, M., Shahriari, M., Derntl, M., Peffer, G., and Elferink, R. (2015). DevOpsUse - Scaling Continuous Innovation. Deliverable D6.3/ Report 4, Learning Layers Project.

Derntl, M., Renzel, D., Nicolaescu, P., Koren, I., Klamma, R. (2015). Distributed Software Engineering in Collaborative Research Projects. In: Proceedings of 10th International Conference on Global Software Engineering, ICGSE 2015, Spain.


  1. M. Derntl, M. Kravcik, R. Klamma, I. Koren, P. Nicolaescu, D. Renzel, A. Hannemann, M. Shahriari, J. Purma, M. Bachl, E. Bellamy, R. Elferink, V. Tomberg, D. Theiler, and P. Santos, “Customizable Architecture for Flexible Small-Scale Deployment,” Learning Layers Project, Deliverable D6.2, 2014.
  2. R. Klamma, I. Koren, P. Nicolaescu, D. Renzel, M. Kravčík, M. Shahriari, M. Derntl, G. Peffer, and R. Elferink, “DevOpsUse - Scaling Continuous Innovation,” Learning Layers Project, Deliverable D6.3/Report 4, 2015.
  3. M. Derntl, D. Renzel, P. Nicolaescu, I. Koren, and R. Klamma, “Distributed Software Engineering in Collaborative Research Projects,” in 2015 IEEE 10th International Conference on Global Software Engineering, ICGSE 2015, Ciudad Real, Spain, July 13-16, 2015, Los Alamitos, CA, USA, 2015, pp. 105–109. DOI: 10.1109/ICGSE.2015.12