Kantara Initiative

Kantara Initiative

Founded	2009
Type	Information Technology and Services – Industry consortium and professional trade organization
Focus	Trust framework conformity assessment, assurance and Trust Mark operations for digital identity management and personal data privacy
Origins	Founded by private sector identity management industry vendors, later joined by government agencies and individual subject matter experts
Method	Programs, Recommendations, Conferences, Publications
Key people	Kay Chopard (Executive Director) Lynzie Adams (Executive Programs Manager) Andrew Hughes (Chair of the Leadership Council)
Website	kantarainitiative.org

Kantara Initiative, Inc. is a non-profit trade association that works to develop standards for identity and personal data management. It focuses on improving the trustworthy use of identity and personal data in digital identity management and data privacy.

Kantara translates to “wooden bridge” in Kiswahili, which is the inspiration for the bridge of Kantara’s logo. The name is attributed^{[by whom?]} to Nat Sakimura, a Kantara founding board director and Open ID Foundation chair, who spent his childhood in Africa.

Kantara drafts technical specifications and recommendations for industry use and submits them to standards development organizations, such as Organization for the Advancement of Structured Information Standards (OASIS), Worldwide Web Consortium (W3C),^[1] Internet Engineering Task Force (IETF)^[2] and SC27 (Security Techniques) Working Group 5 (Identity Management and Privacy) of the International Organization for Standardization (ISO).

Kantara provides input to policy bodies such as OECD as well as some inter-government initiatives related to identity management and personal data agency.

Projects

• The Kantara Assurance Framework facilitates the 3rd party assessment and assurance of providers' services seeking conformance to NIST 800-63-3 at IAL 2 and AAL2, which was expected to extend to FAL2 later in 2019.^[3][4]
• The Kantara Consent Receipt specification v1.1 underwent a minor revision, and simultaneously a more generic broader-based information-sharing framework (from which the Consent Receipt was partly derived) was s being developed in response to community feedback interested in standardizing an expanding suite of profiles.^[5][6] An example of the Consent Receipt is referenced in the standard ISO/IEC 29184 Online privacy notices and Consent. According to the initiative's executive director, the idea behind the consent receipt is for individuals and companies to both be able to maintain and manage permissions for personal data.^[7]
• The Kantara User-Managed Access (UMA) specification—a set of standardized extensions to OAuth 2.0 aimed at asynchronous user permissioning and delegated authorization—has stabilized at V2.0^[8][9] with the early adopter implementers now standardizing profiles and extensions. A Business and Legal framework is being developed to complement the technical protocol framework already completed. UMA received the Best Innovation Security Award from the European Identity & Cloud Conference 2014.

Of completed projects, the following are noteworthy:

• Kantara completed the project of incubating the IDPro project in 2017.^[10][11] IDPro is now a 501(c)6 industry association for digital identity professionals. Kantara will continue to develop the Body of Knowledge for the good of IDPro and the community. This effort was kicked off in 2016 with an electronic pledge where digital identity professionals signify their support for a digital identity professional association and Kantara’s principles.^[12]
• Kantara has all but completed the Applied R&D project with Rutgers University’s Command, Control, and Interoperability Center for Advanced Data Analysis (CCICADA), a US Department of Homeland Security University Center of Excellence, a main component of the KIPI (Kantara Identity and Privacy Incubator) program. Two projects to progress through all three phases to transition to commercialization are Mobile Device Attribute Verification (MDAV)^[13] and NFC4PACS.^[14] Kantara's R&D grant funding currently centers around NGI_Trust (a project under the European Commission's H2020 program) where Kantara Europe is a consortium partner. Kantara's publishes the outputs from its workgroups on its website where they are free to download.

History

The initiative was established in 2009 by a group of identity management (IDM) technical interoperability organizations using a bi-cameral system of governance.^[15] Responding to industry consortia fragmentation, Kantara aimed to form a unified, transparent and inclusive member organization for digital identity community stakeholders.

In 2011, Kantara focused on serving the needs of relying parties. Kantara did so by developing assessment, assurance, and trust marks for federated trust frameworks, as well as developing urgently needed specifications quicker than the lengthy processes undertaken by Standards Development Organizations (SDOs). Private and public sector relying party organizations (initially from the United States, but globally as of 2024) joined the initiative to develop identity and credential requirements and operate conformance and assurance programs, thus complementing the missions and outputs of other industry consortia, such as PDEC (Personal Data Ecosystem Consortium), Customer Commons the CARIN Alliance,^[16] Identity Commons,^[17] FIDO Alliance and IDESG (assets transitioned to Kantara Educational Foundation in June 2018^[18]).

Formerly an affiliate program under IEEE-ISTO, Kantara Initiative self-incorporated as a 501(c)6 nonprofit organization in January 2016.^[19] In 2018, two financially separate but similarly missioned and branded organizations were established—Mittetulundusuhing Kantara Initiative Europe, an Estonian based Trade Association, and Kantara Initiative Educational Foundation Inc, a US incorporated 501(c)3 in the US.^{[citation needed]}

References

1. Lizar, Mark. "Position Statement from Kantara to the W3C regarding Privacy Data Controls".
2. Maler, Eve; Machulak, Maciej; Hardjono, Thomas; Richer, Justin (13 February 2019). "User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization". tools.ietf.org. Retrieved 2019-08-14.
3. "ID.me Strengthens Digital Identities for Government and Healthcare". KMWorld. 2018-08-17. Retrieved 2019-08-14.
4. Experian. "Kantara Initiative approves Experian's CrossCore platform for conformance with NIST 800-63-3 IAL2". www.prnewswire.com. Retrieved 2019-08-14.
5. Michele, Nati (September 2016). "Researching the transparency of PD sharing". {{cite journal}}: Cite journal requires |journal= (help)
6. "Kantara Initiative Releases Consent Receipt Form for GDPR | SecurityWeek.Com". SecurityWeek. Retrieved 2019-08-14.
7. "Kantara Initiative Releases Consent Receipt Form for GDPR | SecurityWeek.Com". SecurityWeek. Retrieved 2019-10-03.
8. "Kantara Initiative Releases User-Managed Access Version 2.0 Specifications". Business Wire. 2018-02-13. Retrieved 2019-08-14.
9. "A Quick Guide To User-Managed Access 2.0". wso2.com. Retrieved 2019-08-14.
10. Fontana, John. "Identity experts forming non-profit professional organization". ZDNet. Retrieved 2019-08-14.
11. "IDPro, the First-Ever Digital Identity Professionals Organization, Launches with Over 400 Pledged Members". www.businesswire.com. 2017-06-28. Retrieved 2019-08-14.
12. "Principles – Kantara Initiative". kantarainitiative.org. Retrieved 2018-11-05.
13. "Episode 163: Kantara Initiative receives grants to develop smartphone solutions for digital ID". SecureIDNews. Retrieved 2019-08-14.
14. "Incubator Program Yields BLE and NFC Credentialing - 2018-12-07 - Page 1 - RFID Journal". www.rfidjournal.com. 7 December 2018. Retrieved 2019-08-14.
15. "The Kantara Initiative–– A New Organization for Identity Management Technology | NTT Technical Review". www.ntt-review.jp. Retrieved 2019-08-14.
16. "Kantara Initiative And The CARIN Alliance Sign Affiliated Alliance Agreement". Yahoo! Finance. Retrieved 2019-08-14.
17. "ID Related Standards - IdCommons". wiki.idcommons.org. Retrieved 2019-08-14.
18. "IDESG absorbed into Kantara Initiative". SecureIDNews. Retrieved 2019-08-14.
19. Team, Kantara Initiative (2016-04-05). "Kantara Initiative Establishes New Status as Autonomous Corporation". Kantara Initiative: Trust through ID Assurance. Retrieved 2023-10-11.