Kantara Initiative
Kantara Initiative, Inc. a 'commons' ethos and ethics operated 501 c(6) non-profit industry professional trade association has a stated mission of "improving trustworthy use of identity and personal data through innovation, standardization and good practice in the domain of digital identity management and data privacy."
Founded | 2009 |
---|---|
Type | Information Technology and Services – Industry consortium and professional trade organization |
Focus | Trust framework conformity assessment, assurance and Trust Mark operations for digital identity management and personal data privacy |
Origins | Founded by private sector identity management industry vendors, later joined by government agencies and individual subject matter experts |
Method | Programs, Recommendations, Conferences, Publications |
Key people | Colin Wallis (Executive Director) Ruth Puente (Executive Programs Manager) Andrew Hughes (Chair of the Leadership Council) |
Website | kantarainitiative |
Description
The initiative was established in 2009[1] by a group of identity management (IDM) technical interoperability organizations using a bi-cameral system of governance. Responding to industry consortia fragmentation, Kantara aimed to form a unified, transparent and inclusive member organization for digital identity community stakeholders. It marked its 10th Anniversary in 2019.
Kantara translates to “wooden bridge” in Kiswahili, a hybrid language between Arabic and Bantu, and that’s showcased in the bridge of Kantara’s logo. The name is attributed to Nat Sakimura, a Kantara founding Board Director and Open ID Foundation Chair, as he spent his childhood in Africa.
In 2011, Kantara focused on serving the needs of relying parties. Kantara did so by developing assessment, assurance and Trust Marks for federated trust frameworks, as well as developing urgently needed specifications quicker than the lengthy processes undertaken by Standards Development Organizations (SDOs). Private and public sector relying party organizations (initially from the United States, but now worldwide) joined the initiative to develop identity and credential requirements and operate conformance & assurance programs, thus complementing the missions and outputs of other industry consortia, such as PDEC (Personal Data Ecosystem Consortium), Customer Commons the CARIN Alliance[2], Identity Commons[3], FIDO Alliance and IDESG (assets transitioned to Kantara Educational Foundation in June 2018[4]).
Formerly an affiliate program under IEEE-ISTO, Kantara Initiative self-incorporated[5] as a 501(c)6 nonprofit organization in January 2016. This change reflected the growing influence and stature of the organization, the need to expand globally and broaden its technical and legal innovation and trust framework operations in digital identity management and personal data privacy. In 2018 two financially separate but similarly missioned and branded organizations were established - Mittetulundusuhing Kantara Initiative Europe, an Estonian based Trade Association, and Kantara Initiative Educational Foundation Inc, a US incorporated 501(c)3 in the US.
What Kantara Does
Kantara drafts technical specifications and recommendations for industry use and submits them to SDOs such as Organization for the Advancement of Structured Information Standards (OASIS), World wide Web Consortium (W3C[6]), Internet Engineering Task Force (IETF)[7]) and SC27 (Security Techniques) Working Group 5 (Identity Management and Privacy) of the International Organization for Standardization (ISO) .
Kantara provides input to policy bodies such as OECD via its seat on the ITAC, UNCITRAL Working Group IV (Electronic Commerce) as well as some inter-government initiatives related to identity management and personal data agency.
Kantara operates two distinct programs for the digital identity and personal data privacy community - Applied R&D (called KIPI - Kantara Identity & Privacy Incubator) and Trust Framework Assurance. The Trust Framework Assurance program involves the creating assessment criteria for publicly available and industry sector standards and specifications, undertaking conformity assessment of a provider's service seeking compliance and subsequent granting of Trust Marks, along with the associated governance.
Current projects
The Kantara Assurance Framework remains focussed on facilitating the 3rd party assessment and assurance of providers services seeking conformance to NIST 800-63-3 at IAL 2 and AAL2[8][9], expected to extend to FAL2 later this year.
The Kantara Consent Receipt specification v1.1[10][11] is undergoing a minor revision while simultaneously a more generic broader based information sharing framework (from which the Consent Receipt was partly derived) is being developed in response to community feedback interested in standardizing an expanding suite of profiles. An example of the Consent Receipt is referenced in the standard ISO/IEC 29184 Online privacy notices and consent. According to the initiative's executive director, the idea behind the consent receipt is for individuals and companies to both be able to maintain and manage permissions for personal data.[12]
The Kantara User-Managed Access (UMA) specification - a set of standardized extensions to OAuth 2.0 aimed at asynchronous user permissioning and delegated authorization - has stabilized at V2.0[13][14] with the early adopter implementers now standardizing profiles and extensions. A Business and Legal framework is being developed to complement the technical protocol framework already completed. UMA received the Best Innovation Security Award from the European Identity & Cloud Conference 2014.
Of completed projects; the following are noteworthy;
Kantara completed the project of incubating the IDPro project in 2017[15][16]. ID Pro is now a 501 (c) 6 industry association for digital identity professionals. Kantara will continue to develop the Body of Knowledge for the good of ID Pro and the community. This effort was kicked off in 2016 with an electronic pledge where digital identity professionals signify their support for a digital identity professional association and Kantara’s principles.[17]
Kantara has all but completed the Applied R&D project with Rutgers University’s Command, Control and Interoperability Center for Advanced Data Analysis (CCICADA), a US Department of Homeland Security University Center of Excellence, a main component of the KIPI (Kantara Identity and Privacy Incubator) program. Two projects to progress through all three phases to transition to commercialization are Mobile Device Attribute Verification (MDAV[18]) and NFC4PACS[19]. Kantara's R&D grant funding currently centers around NGI_Trust (a project under the European Commission's H2020 program) where Kantara Europe is a consortium partner. Kantara's publishes the outputs from its workgroups on its website where they are free to download.
References
- "The Kantara Initiative–– A New Organization for Identity Management Technology | NTT Technical Review". www.ntt-review.jp. Retrieved 2019-08-14.
- "Kantara Initiative And The CARIN Alliance Sign Affiliated Alliance Agreement". finance.yahoo.com. Retrieved 2019-08-14.
- "ID Related Standards - IdCommons". wiki.idcommons.org. Retrieved 2019-08-14.
- "IDESG absorbed into Kantara Initiative". SecureIDNews. Retrieved 2019-08-14.
- "Kantara Initiative autonomous corporation".
- Lizar, Mark. "Position Statement from Kantara to the W3C regarding Privacy Data Controls".
- Maler, Eve; Machulak, Maciej; Hardjono, Thomas; Richer, Justin. "User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization". tools.ietf.org. Retrieved 2019-08-14.
- "ID.me Strengthens Digital Identities for Government and Healthcare". www.kmworld.com. 2018-08-17. Retrieved 2019-08-14.
- Experian. "Kantara Initiative approves Experian's CrossCore® platform for conformance with NIST 800-63-3 IAL2". www.prnewswire.com. Retrieved 2019-08-14.
- Michele, Nati (September 2016). "Researching the transparency of PD sharing" (PDF). Cite journal requires
|journal=
(help) - "Kantara Initiative Releases Consent Receipt Form for GDPR | SecurityWeek.Com". www.securityweek.com. Retrieved 2019-08-14.
- "Kantara Initiative Releases Consent Receipt Form for GDPR | SecurityWeek.Com". www.securityweek.com. Retrieved 2019-10-03.
- "Kantara Initiative Releases User-Managed Access Version 2.0 Specifications". www.businesswire.com. 2018-02-13. Retrieved 2019-08-14.
- "A Quick Guide To User-Managed Access 2.0". wso2.com. Retrieved 2019-08-14.
- Fontana, John. "Identity experts forming non-profit professional organization". ZDNet. Retrieved 2019-08-14.
- "IDPro, the First-Ever Digital Identity Professionals Organization, Launches with Over 400 Pledged Members". www.businesswire.com. 2017-06-28. Retrieved 2019-08-14.
- "Principles – Kantara Initiative". kantarainitiative.org. Retrieved 2018-11-05.
- "Episode 163: Kantara Initiative receives grants to develop smartphone solutions for digital ID". SecureIDNews. Retrieved 2019-08-14.
- "Incubator Program Yields BLE and NFC Credentialing - 2018-12-07 - Page 1 - RFID Journal". www.rfidjournal.com. Retrieved 2019-08-14.